1. Acceptance of Terms
These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer," "you," or "your") and Etellect Ltd, trading as eSortcode ("Etellect," "we," "us," or "our"), governing your access to and use of the eSortcode web services, APIs, and data products (collectively, the "Services").
By accessing or using our Services, registering for an account, or clicking "I Accept" or similar acknowledgment, you agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use the Services.
If you are accepting these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms, and "you" and "your" shall refer to such entity.
2. Definitions
- "API"
- means the application programming interface provided by Etellect for accessing the Services programmatically.
- "Confirmation of Payee & Payer (CoP)"
- means the real-time name verification service for validating payee account details against registered account holder names.
- "Credits"
- means the prepaid units purchased by Customer for consuming API requests and data services.
- "EISCD"
- means the Extended Industry Sort Code Directory, a comprehensive database of UK financial institution data covering Bacs, CHAPS, Cheque and Credit Clearing, and Faster Payments schemes.
- "Modulus Checking"
- means the algorithmic validation service for UK sort codes and account numbers using industry-standard modulus algorithms.
- "Portal"
- means the customer portal accessible at https://portal.esortcode.com for account management, credit purchases, and usage monitoring.
- "Vocalink"
- means Vocalink Limited, a Mastercard company and operator of UK payment infrastructure, the original provider of EISCD data.
3. Description of Services
Etellect provides the following web-based validation and data services:
3.1 Modulus Checking Service
Real-time validation of UK sort codes and account numbers using BACS-approved modulus algorithms, including:
- Modulus 10 and Modulus 11 weight algorithms
- Double Alternate algorithm
- Sort code validation against UK banking directory
- Account number format verification
- Bank and branch information retrieval
3.2 Confirmation of Payee & Payer (CoP) Service
Real-time name verification service providing:
- Payee name matching against registered account holder names
- Payer name verification (Confirmation of Payer - PNV)
- Match result status (Full Match, Close Match, No Match, Unavailable)
- Fraud prevention and misdirected payment reduction
- Regulatory compliance support for APP fraud prevention
3.3 EISCD Data Extracts
Comprehensive UK and Irish banking data files including:
- Complete sort code directory for UK and Republic of Ireland
- Bank and branch names, addresses, and contact information
- Payment scheme participation (Bacs, CHAPS, Faster Payments)
- Modulus algorithm specifications
- Available formats: CSV, Excel (XLSX), JSON, XML
- Regular updates reflecting banking industry changes
3.4 API Access
RESTful API endpoints providing programmatic access to all services with:
- HTTPS encryption for all requests
- API key-based authentication
- JSON response format
- Rate limiting and usage monitoring
- Comprehensive API documentation
4. EISCD Data Authorization
4.1 Authorized Distributor Status
Etellect Ltd is an authorized distributor of the Extended Industry Sort Code Directory (EISCD), which is maintained and provided by Vocalink Limited, a Mastercard company. The EISCD is a comprehensive database of payments-related information for financial institutions participating in the United Kingdom's:
- Bacs payment schemes
- CHAPS (Clearing House Automated Payment System)
- Cheque and Credit Clearing
- Faster Payments Service
4.2 Vocalink Partnership
As a Vocalink partner, Etellect has been granted the rights to:
- Access and process EISCD data for commercial purposes
- Distribute EISCD data to authorized customers and end users
- Provide API services utilizing EISCD information
- Incorporate EISCD data into validation and verification services
4.3 Data Usage Restrictions
Customer acknowledges and agrees that:
- EISCD data remains the intellectual property of Vocalink and is licensed, not sold
- Customer's use of EISCD data is subject to these Terms and applicable Vocalink licensing requirements
- Customer shall not redistribute, resell, or sublicense EISCD data without explicit written authorization
- Customer shall use EISCD data solely for internal business purposes and payment validation activities
- Customer shall not reverse engineer, decompile, or attempt to derive the source data structure of EISCD
4.4 Data Accuracy
While Etellect and Vocalink endeavor to maintain the accuracy and currency of EISCD data:
- EISCD data is provided "as is" and reflects information available at the time of distribution
- Banking industry changes may occur between update cycles
- Customer is responsible for implementing appropriate validation and error handling in their applications
- Etellect is not liable for losses arising from outdated or inaccurate data
5. Account Registration & Security
5.1 Account Creation
To access the Services, you must:
- Create an account through our website or Portal
- Provide accurate, current, and complete registration information
- Maintain and promptly update your account information
- Be at least 18 years of age or the age of legal majority in your jurisdiction
- Have the legal capacity to enter into binding contracts
5.2 Account Security
You are responsible for:
- Maintaining the confidentiality of your account credentials and API keys
- All activities that occur under your account, whether authorized or not
- Notifying us immediately of any unauthorized access or security breach
- Using strong passwords and implementing appropriate security measures
- Restricting access to your API keys and preventing unauthorized use
5.3 API Key Management
API keys are sensitive credentials that must be:
- Stored securely and never embedded in publicly accessible code or repositories
- Transmitted only over secure (HTTPS) connections
- Rotated regularly and immediately upon suspected compromise
- Used only for authorized purposes within your organization
6. License Grant & Restrictions
6.1 License Grant
Subject to these Terms and payment of applicable fees, Etellect grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to:
- Access and use the Services for your internal business purposes
- Integrate the API into your applications and systems
- Use EISCD data for payment validation and verification activities
- Store API responses and validation results for reasonable operational periods
6.2 License Restrictions
You shall not:
- Reverse engineer, decompile, or disassemble any portion of the Services
- Remove, alter, or obscure any proprietary notices or attributions
- Resell, redistribute, or provide access to the Services to third parties
- Use the Services to develop competing products or services
- Scrape, harvest, or systematically collect data beyond authorized API usage
- Circumvent usage limits, rate limiting, or other technical restrictions
- Use the Services in any manner that violates applicable laws or regulations
- Share, publish, or disclose your API keys to unauthorized parties
- Cache or store EISCD data beyond reasonable operational requirements
- Create derivative databases based on EISCD data
6.3 White-Label and Reseller Licensing
If you wish to resell, white-label, or incorporate the Services into commercial offerings provided to third parties, you must:
- Contact Etellect to discuss reseller or partner arrangements
- Execute a separate written agreement with appropriate licensing terms
- Comply with additional restrictions and requirements for commercial distribution
Please contact sales@esortcode.com for reseller inquiries.
7. Service Level Agreement (SLA)
Important Note: This standard SLA applies to our regular service. Customers requiring higher availability should consider our Enterprise SLA which offers a 100% uptime guarantee with duplicated infrastructure, additional API endpoints, and enhanced support.
7.1 Standard Service Uptime Commitment
For standard service customers, Etellect commits to maintaining a 99.9% monthly uptime guarantee for the Services, calculated as follows:
Monthly Uptime % = (Total Minutes in Month - Downtime Minutes) / Total Minutes in Month × 100
Example: For a 30-day month (43,200 minutes), 99.9% uptime allows up to 43 minutes (0.72 hours) of downtime.
7.2 Uptime Definition
"Uptime" means the Services are operational and accessible via the API. "Downtime" means:
- Complete unavailability of API endpoints resulting in inability to process requests
- Error rates exceeding 5% of all requests within a 5-minute period
- API response times exceeding 10 seconds for 95th percentile of requests
7.3 Exclusions from Downtime
The following do not count as Downtime:
- Scheduled Maintenance: Announced at least 48 hours in advance, performed during off-peak hours (typically 01:00-05:00 GMT), limited to 4 hours per month
- Emergency Maintenance: Critical security patches or urgent bug fixes, with prior notice when reasonably possible
- Force Majeure Events: Natural disasters, acts of war, terrorism, pandemics, government actions, or other events beyond Etellect's reasonable control
- Third-Party Failures: Issues with Vocalink infrastructure, internet backbone providers, DNS services, or customer's own infrastructure
- Customer-Caused Issues: Downtime resulting from customer's misuse, abuse, or violation of these Terms
- Beta or Preview Services: Services explicitly designated as beta, preview, or experimental
7.4 Performance Targets
In addition to uptime guarantees, Etellect targets the following performance metrics:
- API Response Time: <200ms for 95th percentile of requests
- Request Success Rate: >99.9% of properly formatted requests return valid responses
- Data Freshness: EISCD data updated within 48 hours of receiving updates from Vocalink
7.5 Service Credits for SLA Breaches (Enterprise SLA Only)
Service Credits Apply to Enterprise SLA Customers Only
The service credit tiers below are only available to customers with an active Enterprise SLA subscription (£99+VAT/month flat rate). Credits are applied as a percentage of both the monthly Enterprise SLA subscription fee (£99+VAT) and the monthly credit usage in the month that experiences the outage. Uptime is measured monthly, not annually. Standard pay-as-you-go customers are not eligible for service credits.
If Monthly Uptime (measured within the calendar month) falls below the Enterprise SLA guarantee, Enterprise customers may claim service credits as follows:
| Monthly Uptime % |
Max Downtime per Month |
Service Credit |
| 99.5% - 99.89% |
48 minutes - 3 hours 36 minutes |
10% of £99 subscription + 10% of monthly usage |
| 99.0% - 99.49% |
3 hours 40 minutes - 7 hours 12 minutes |
25% of £99 subscription + 25% of monthly usage |
| 95.0% - 98.99% |
7 hours 16 minutes - 36 hours |
50% of £99 subscription + 50% of monthly usage |
| Below 95.0% |
More than 36 hours (1.5 days) |
100% of £99 subscription + 100% of monthly usage |
Enterprise SLA Service Credit Procedures:
- Eligibility: Only available to active Enterprise SLA subscribers
- Measurement Period: Uptime is measured monthly (within each calendar month), not annually
- Credit Calculation: Credits are calculated as the applicable percentage of both the £99+VAT monthly subscription fee and the total API usage charges for the affected month
- Example: If monthly uptime is 99.3% (triggering 25% credit) with £99 subscription + £500 usage, credit would be (25% × £99) + (25% × £500) = £24.75 + £125.00 = £149.75
- Application: Credits are applied to the next monthly invoice
- Claim Period: Credits must be claimed within 30 days of the end of the month in which the SLA breach occurred
- Claim Process: Submit via email to support@esortcode.com with evidence of impact and downtime duration
- Credit Type: Credits are applied directly to the next monthly invoice, not as cash refunds
- Expiration: Unused credits expire 12 months from issuance
- Exclusivity: Service credits are the sole and exclusive remedy for SLA breaches
Note: Standard pay-as-you-go customers operate under a 99.9% uptime target but are not eligible for service credits. For guaranteed uptime with financial compensation, please upgrade to our Enterprise SLA.
7.6 Monitoring and Reporting
Etellect maintains internal monitoring systems and publishes:
- Real-time system status at https://status.esortcode.com
- Historical uptime statistics available upon request
- Incident reports for significant outages
7.7 Enterprise SLA Option
For mission-critical applications requiring higher availability, Etellect offers an Enterprise SLA with:
- 100% Uptime Guarantee: Zero tolerance for downtime with financial penalties for any service interruption
- Duplicated Infrastructure: Separate servers and endpoints completely duplicated from standard service
- Additional API Endpoints: Private endpoints for enhanced reliability and performance
- 24/7 Priority Support: Direct line to senior engineers with 15-minute emergency response time
- Multi-Region Failover: Automatic failover between UK datacenters with sub-second switching
- Dedicated Account Manager: Personal point of contact for all service matters
- 30-Day Invoice Terms: Flexible payment terms for improved cash flow management
Enterprise SLA is available as an add-on with flexible payment options:
- Monthly: £99 + VAT per month
- Annual: £999 + VAT per year (save £189 annually - equivalent to 2 months free)
Enterprise SLA can be added to any modulus checking or Confirmation of Payee (CoP) subscription.
Service Coverage: Enterprise SLA applies to Modulus Checking and Confirmation of Payee (CoP) services. For CoP services, the Enterprise SLA covers eSortcode's infrastructure and service provision only. CoP verification relies on the Open Banking network and participating banks' systems, which are outside our control. The 100% uptime guarantee applies to our API availability, not to the underlying Open Banking service resilience. EISCD extracts are not covered by the Enterprise SLA and remain on standard service terms.
For full details and to add Enterprise SLA to your account, visit our Enterprise SLA page.
7.8 Service Availability and Right to Discontinue
Important: Service Dependency and Continuity
The provision of eSortcode services is subject to Etellect Ltd continuing to be in receipt of the necessary permissions, licences, and access to third-party data and services required to provide a commercially viable service offering.
Service Dependencies
The services provided by eSortcode depend on the following:
- Modulus Checking: Access to the Extended Industry Sort Code Directory (EISCD) provided by Vocalink Limited (a Mastercard company) and the continued authorization to distribute this data commercially
- EISCD Data Extracts: Ongoing licensing arrangements with Vocalink Limited for the provision and distribution of EISCD data files
- Confirmation of Payee & Payer (CoP): Access to the UK Open Banking network, participating financial institutions' CoP endpoints, and any necessary gateway or partner network connections required to facilitate CoP verification services
Right to Discontinue Services
If Etellect cannot continue to provide access to the data, services, or partnerships necessary to deliver a commercially viable and properly licensed service offering, Etellect reserves the right to discontinue the service without further notice for any reason whatsoever, including but not limited to:
- Loss of EISCD distribution rights or authorisation from Vocalink
- Changes to EISCD licensing terms that make commercial provision unviable
- Loss of access to Open Banking network or partner CoP services
- Regulatory or legal changes preventing service provision
- Changes to third-party terms that make continued service provision commercially impractical
- Withdrawal of necessary data feeds, APIs, or technical infrastructure by third parties
Refund Policy Upon Service Discontinuation
Refund Eligibility Depends on Service Level
Enterprise SLA Customers:
- If service is discontinued, customers with an active Enterprise SLA subscription at the time of discontinuation are eligible for refunds
- Service credits (prepaid API usage credits) purchased within the last 6 months prior to the discontinuation date can be claimed and are eligible for a pro-rata refund
- The refund will be calculated based on the unused portion of credits purchased within the 6-month window
- Refunds are subject to the claim procedures outlined in Section 7.5 and must be claimed within 30 days of the service discontinuation notice
- Enterprise SLA subscription fees for any unused portion of the current month will be refunded on a pro-rata basis
Standard SLA Customers:
- For clarity, under the terms of the Standard SLA, no refund of prepaid service credits will be provided in the event of service discontinuation
- Customers operating under the Standard SLA acknowledge and accept that prepaid credits are non-refundable
- This clause applies regardless of the reason for service discontinuation or the amount of unused credits remaining
Customer Acknowledgement
By using the Services, Customer acknowledges and accepts that:
- Service availability is subject to third-party dependencies outside Etellect's direct control
- Etellect may discontinue services without prior notice if necessary permissions or access are revoked
- Refund eligibility is determined solely by the Customer's service level (Enterprise SLA vs. Standard SLA) at the time of discontinuation
- Standard SLA customers accept the risk of non-refundable credits in exchange for lower service costs
- Enterprise SLA customers receive additional protections including potential refunds for recently purchased credits
Note: This clause does not affect Customer's statutory rights under applicable consumer protection laws. Where Etellect voluntarily ceases to provide services for reasons within its control (rather than due to loss of third-party access or permissions), Etellect will use reasonable efforts to provide advance notice and may consider discretionary refund arrangements on a case-by-case basis.
8. Fees & Payment Terms
8.1 Pricing Structure
Services are provided on a prepaid credit basis:
- Modulus Checking: From 2.5p per validation check
- Confirmation of Payee & Payer: From 15p per name verification
- EISCD Data Extracts: From £49 per download
Current pricing is available at https://www.esortcode.com/#pricing. Volume discounts apply automatically based on purchase quantity.
8.2 Payment Methods
We accept:
- Major credit and debit cards (Visa, Mastercard) via ePayment Services
- PayPal
- Direct Debit (UK customers)
- Bank transfer for enterprise accounts (upon approval)
8.3 Billing and Invoicing
- Credits are purchased in advance and deducted per transaction
- Invoices are provided electronically via the Portal
- VAT is charged where applicable at prevailing UK rates
- Payment is due immediately upon purchase unless alternative terms are agreed in writing
8.4 Credit Expiration
Purchased credits do not expire, subject to minimum monthly usage criteria. Accounts with no API activity for 12 consecutive months may have unused credits forfeited. Active accounts retain credits indefinitely.
8.5 Price Changes
Etellect reserves the right to modify pricing with 30 days' written notice. Price changes do not affect credits already purchased.
8.6 Taxes
All fees are exclusive of taxes. Customer is responsible for all applicable taxes, duties, and government charges.
9. Data Protection & Privacy
9.1 Privacy Policy
Our collection, use, and protection of personal data is governed by our Privacy Policy, incorporated by reference into these Terms.
9.2 Data Protection Legislation Compliance
Etellect Ltd complies with all applicable data protection legislation, including:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018 (DPA 2018)
- Privacy and Electronic Communications Regulations (PECR)
- Any successor or replacement legislation
Both parties shall comply with all applicable data protection legislation in connection with the performance of their obligations under this Agreement.
9.3 Roles and Responsibilities
For the purposes of data protection legislation:
- Customer acts as Data Controller for any Personal Data submitted to the Services, including but not limited to names, account numbers, and other identification information included in API requests
- Etellect acts as Data Processor when processing Personal Data on Customer's instructions through the provision of validation, verification, and data services
- Etellect acts as Data Controller for Customer account information, billing data, usage analytics, and other data collected for the administration of the Services and contractual relationship
9.4 Data Processing Agreement (DPA)
Where Etellect processes Personal Data as a Data Processor on behalf of the Customer, the following terms apply:
9.4.1 Processing Instructions
- Etellect shall process Personal Data only on documented instructions from the Customer, which are set out in these Terms and any subsequently agreed written instructions
- The Customer instructs Etellect to process Personal Data for the purpose of providing the validation, verification, and data services described in Section 3
- Etellect shall immediately inform the Customer if, in its opinion, an instruction infringes applicable data protection legislation
9.4.2 Nature and Purpose of Processing
Etellect processes Personal Data for the following purposes:
- Modulus Checking: Validation of sort codes and account numbers, including processing of account holder names where provided
- Confirmation of Payee & Payer: Real-time verification of payee and payer names against bank account details
- Service Delivery: Processing requests, returning validation results, and maintaining service quality
- Security and Fraud Prevention: Monitoring for suspicious activity and preventing service abuse
- Support and Troubleshooting: Investigating and resolving technical issues and service queries
9.4.3 Types of Personal Data
Personal Data processed may include:
- Account holder names (individual and business names)
- UK sort codes and account numbers
- Timestamps and transaction identifiers
- IP addresses and API access metadata
- Any other data submitted via API requests
9.4.4 Categories of Data Subjects
Data Subjects may include:
- Payees and payers in financial transactions
- Bank account holders
- Individuals conducting business with the Customer
- Employees and representatives of business entities
9.4.5 Duration of Processing
- Personal Data is processed in real-time for the duration of each API request
- Standard SLA: Request logs containing Personal Data are retained for 90 days for security, debugging, and support purposes
- Enterprise SLA: Request logs are retained for up to 12 months for enhanced audit trail and compliance requirements
- Upon termination of Services, Personal Data in logs will be deleted or anonymized within 30 days unless legal retention obligations apply
9.5 Data Processor Obligations
9.5.1 Confidentiality
- Etellect shall ensure that persons authorized to process Personal Data are subject to confidentiality obligations
- Access to Personal Data is restricted to personnel who require it to perform their duties
- All personnel receive appropriate data protection training
9.5.2 Security Measures
Etellect implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption: TLS 1.3 encryption for all data in transit, AES-256 encryption for data at rest
- Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA), and principle of least privilege
- ISO Certifications: ISO 27001 (Information Security Management) and ISO 9001 (Quality Management) certification maintained
- Network Security: Firewalls, intrusion detection systems (IDS), and DDoS protection
- Monitoring and Logging: Continuous security monitoring, automated threat detection, and comprehensive audit logging
- Vulnerability Management: Regular security assessments, penetration testing, and prompt patching of vulnerabilities
- Physical Security: UK-based data centers with 24/7 physical security, biometric access controls, and environmental controls
- Incident Response: Documented security incident response procedures with designated response team
- Business Continuity: Regular backups, disaster recovery procedures, and business continuity planning
9.5.3 Sub-Processors
Customer provides general authorization for Etellect to engage sub-processors for the provision of Services. Current sub-processors include:
- Infrastructure Providers: Cloud hosting and infrastructure services located in the United Kingdom
- Vocalink Limited (Mastercard): EISCD data provider for sort code directory information
- Open Banking Service Providers: For Confirmation of Payee verification services
- Payment Processors: For processing Customer payments and subscriptions
Etellect shall:
- Impose data protection obligations on sub-processors that are no less protective than those in these Terms
- Maintain an up-to-date list of sub-processors, available upon request
- Notify Customer of any intended changes concerning the addition or replacement of sub-processors, giving Customer the opportunity to object
- Remain fully liable to Customer for the performance of sub-processor obligations
9.5.4 International Data Transfers
- All Personal Data is processed and stored within the United Kingdom
- Data is not transferred to any country outside the UK without appropriate safeguards in place
- Where international transfers are necessary, Etellect shall ensure compliance with UK GDPR Chapter V requirements, including use of Standard Contractual Clauses (SCCs) where applicable
- Customer may request details of international transfer safeguards at any time
9.5.5 Assistance with Data Subject Rights
Etellect shall, taking into account the nature of processing, provide reasonable assistance to Customer to enable Customer to respond to requests from Data Subjects exercising their rights under data protection legislation, including:
- Right of access (Article 15 UK GDPR)
- Right to rectification (Article 16 UK GDPR)
- Right to erasure ("right to be forgotten") (Article 17 UK GDPR)
- Right to restriction of processing (Article 18 UK GDPR)
- Right to data portability (Article 20 UK GDPR)
- Right to object to processing (Article 21 UK GDPR)
Where Etellect receives a Data Subject request directly, Etellect shall promptly notify Customer and shall not respond to the request without Customer's prior authorization, except where legally required to do so.
9.5.6 Data Protection Impact Assessments
Etellect shall provide reasonable assistance to Customer in conducting Data Protection Impact Assessments (DPIAs) where Customer's use of the Services requires such assessment under Article 35 UK GDPR, including providing information about the processing operations, security measures, and risks.
9.5.7 Deletion and Return of Data
Upon termination of Services or at Customer's request, Etellect shall, at Customer's choice:
- Delete all Personal Data processed on Customer's behalf, or
- Return all Personal Data to Customer in a commonly used electronic format
Etellect may retain Personal Data to the extent required by applicable law or for legitimate business purposes (e.g., financial records retention), provided such data remains subject to confidentiality obligations.
9.6 Data Breach Notification
9.6.1 Notification to Customer
In the event of a Personal Data Breach affecting Customer's Personal Data, Etellect shall:
- Notify Customer without undue delay and, where feasible, within 24 hours of becoming aware of the breach
- Provide Customer with sufficient information to enable Customer to meet any obligations to report or inform Data Subjects of the breach under applicable data protection legislation
- Provide regular updates on investigation progress and remediation efforts
9.6.2 Breach Information
Notifications shall include, to the extent possible:
- Nature of the Personal Data Breach including categories and approximate number of Data Subjects and Personal Data records concerned
- Name and contact details of Etellect's Data Protection Officer or other contact point for information
- Likely consequences of the Personal Data Breach
- Measures taken or proposed to be taken to address the breach and mitigate its possible adverse effects
- Timeline of the breach and discovery
9.6.3 Breach Response and Remediation
Etellect shall:
- Take immediate steps to contain and remediate the breach
- Cooperate with Customer in investigating the breach
- Implement measures to prevent recurrence
- Provide Customer with reasonable assistance in complying with notification obligations to supervisory authorities and Data Subjects
- Document all Personal Data Breaches and make records available to Customer upon request
9.7 Audit Rights
Customer may, upon reasonable notice and subject to confidentiality obligations:
- Request information from Etellect to demonstrate compliance with data protection obligations
- Review Etellect's ISO 27001 and ISO 9001 certifications and related audit reports
- Request third-party audit reports (e.g., SOC 2 Type II) subject to confidentiality agreements
- Conduct audits or inspections (including on-site audits) where required by supervisory authorities or where reasonable concerns exist about compliance, provided such audits:
- Are conducted no more than once per year except where triggered by a reported breach or regulatory requirement
- Are scheduled with at least 30 days' notice
- Do not unreasonably disrupt Etellect's operations
- Are subject to appropriate confidentiality protections
- Are conducted at Customer's expense
9.8 Customer Responsibilities as Data Controller
When using Services involving Personal Data, Customer must:
- Legal Basis: Ensure a valid legal basis exists for processing Personal Data submitted to the Services under Article 6 UK GDPR
- Fair Processing: Process Personal Data fairly, lawfully, and transparently
- Privacy Notices: Provide appropriate privacy notices to Data Subjects informing them of data processing activities, including the use of third-party validation services
- Consent: Obtain necessary consents where consent is the legal basis for processing
- Purpose Limitation: Use the Services only for the purposes for which Personal Data was collected
- Data Minimization: Submit only Personal Data that is necessary for the validation or verification purpose
- Accuracy: Ensure Personal Data submitted is accurate and, where necessary, kept up to date
- Security: Implement appropriate security measures to protect data in transit and at rest, including secure API key management
- Compliance: Comply with all applicable data protection laws and regulations
- Data Subject Rights: Respond to Data Subject requests in accordance with legal timeframes
- Instructions: Ensure all instructions to Etellect for processing Personal Data comply with applicable data protection legislation
9.9 Data Retention and Storage
- Request Data: Personal Data contained in API requests is processed in real-time and not permanently stored
- Operational Logs:
- Standard SLA: Logs retained for 90 days for security, debugging, and support
- Enterprise SLA: Logs retained for up to 12 months for enhanced audit trail and compliance
- Account Data: Customer account information, billing records, and contract data retained for the duration of the contractual relationship plus applicable legal retention periods (typically 6 years for financial records under UK law)
- Anonymized Data: Etellect may retain anonymized, aggregated usage statistics indefinitely for service improvement and analytics
- Storage Location: All data stored in secure, ISO 27001 certified data centers located in the United Kingdom
9.10 Data Protection Officer
Etellect has appointed a Data Protection Officer (DPO) who can be contacted regarding data protection matters:
Data Protection Officer
Email: dpo@etellect.com
Address: Etellect Ltd, Merlin House, 20 Mossland Road, Hillington Park, Glasgow, Scotland, G52 4XZ
9.11 Supervisory Authority
Etellect's lead supervisory authority for data protection matters is:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Data Subjects have the right to lodge a complaint with the ICO regarding the processing of their Personal Data.
9.12 Indemnification for Data Protection Breaches
Each party shall indemnify the other against all claims, liabilities, costs, and expenses arising from breaches of their respective data protection obligations under this Section 9, except to the extent caused by the other party's breach or negligence. This indemnity is subject to the general limitation of liability provisions in Section 13, except where such limitations are prohibited by law.
10. Acceptable Use Policy
10.1 Prohibited Activities
You agree not to:
- Use the Services for any unlawful purpose or in violation of any laws
- Engage in fraudulent activities or money laundering
- Attempt to gain unauthorized access to systems, accounts, or networks
- Introduce viruses, malware, or malicious code
- Overload or disrupt Services through excessive requests or denial-of-service attacks
- Impersonate any person or entity or misrepresent your affiliation
- Violate intellectual property rights of Etellect, Vocalink, or third parties
- Use Services to spam, harass, or harm others
- Circumvent usage limits, authentication, or security measures
10.2 Rate Limiting
To ensure fair usage and system stability:
- API requests are subject to rate limits based on your account tier
- Excessive requests may result in temporary throttling or blocking
- Enterprise customers can request higher rate limits
10.3 Enforcement
Violation of this Acceptable Use Policy may result in:
- Warning and request for corrective action
- Temporary suspension of Services
- Immediate termination of account without refund
- Legal action where appropriate
11. Intellectual Property Rights
11.1 Ownership
Etellect and its licensors (including Vocalink) retain all rights, title, and interest in:
- The Services, APIs, and all related technology
- EISCD data and all derivative works
- Trademarks, logos, and brand elements
- Documentation, code, and proprietary algorithms
- Patents, copyrights, and trade secrets
11.2 Customer Data
Customer retains all rights to data submitted to the Services. Etellect does not claim ownership of customer data but requires a license to process it for service delivery.
11.3 Feedback
Any feedback, suggestions, or ideas provided to Etellect become our property and may be used without compensation or attribution.
12. Warranties & Disclaimers
12.1 Limited Warranty
Etellect warrants that:
- Services will perform substantially in accordance with documentation
- We will use commercially reasonable efforts to maintain the SLA uptime commitment
- EISCD data will be provided as received from Vocalink without material alteration
12.2 Disclaimer
EXCEPT AS EXPRESSLY PROVIDED IN SECTION 12.1, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:
- IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT
- WARRANTIES THAT SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE
- WARRANTIES REGARDING ACCURACY, RELIABILITY, OR COMPLETENESS OF DATA
12.3 No Financial Advice
The Services provide technical validation only and do not constitute financial, legal, or professional advice. Validation results should be used as one factor in decision-making processes.
13. Limitation of Liability
13.1 Exclusion of Damages
TO THE MAXIMUM EXTENT PERMITTED BY LAW, ETELLECT SHALL NOT BE LIABLE FOR:
- INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
- LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES
- COST OF SUBSTITUTE SERVICES
- DAMAGES ARISING FROM UNAUTHORIZED ACCESS OR DATA BREACHES CAUSED BY CUSTOMER'S SECURITY FAILURES
- DAMAGES RESULTING FROM RELIANCE ON VALIDATION RESULTS
13.2 Liability Cap
ETELLECT'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS SHALL NOT EXCEED THE GREATER OF:
- (a) The fees paid by Customer in the 12 months preceding the claim; or
- (b) £500 (five hundred pounds sterling)
13.3 Exceptions
Nothing in these Terms limits liability for:
- Death or personal injury caused by negligence
- Fraud or fraudulent misrepresentation
- Gross negligence or willful misconduct
- Matters that cannot be excluded or limited under applicable law
13.4 Customer Indemnification
Customer shall indemnify, defend, and hold harmless Etellect from claims arising from:
- Customer's violation of these Terms
- Customer's violation of laws or third-party rights
- Customer's misuse of Services
- Customer's failure to implement adequate security measures
14. Term & Termination
14.1 Term
These Terms commence when you first access the Services and continue until terminated by either party.
14.2 Termination by Customer
You may terminate at any time by:
- Closing your account via the Portal
- Contacting support@esortcode.com
- Ceasing to use the Services
14.3 Termination by Etellect
We may suspend or terminate your access immediately if:
- You breach these Terms or Acceptable Use Policy
- Your account shows signs of fraudulent activity
- Required by law or legal process
- You fail to pay fees when due
14.4 Effect of Termination
Upon termination:
- Your license to use Services immediately ceases
- Access to API and Portal will be revoked
- Unused credits are forfeited without refund (except where prohibited by law)
- You must cease using any EISCD data obtained through Services
- Sections 6.2, 9, 11, 12, 13, 14.4, and 15 survive termination
15. General Provisions
15.1 Governing Law
These Terms are governed by the laws of Scotland, without regard to conflict of law principles. Any disputes shall be subject to the exclusive jurisdiction of the courts of Scotland.
15.2 Modifications to Terms
Etellect may modify these Terms at any time by:
- Posting updated Terms on our website with a new "Last Updated" date
- Providing email notice to registered customers for material changes
Continued use of Services after modifications constitutes acceptance of updated Terms. If you disagree, you must cease using Services.
15.3 Entire Agreement
These Terms, together with the Privacy Policy and any executed service agreements, constitute the entire agreement and supersede all prior understandings.
15.4 Severability
If any provision is found unenforceable, the remaining provisions continue in full force and effect.
15.5 No Waiver
Failure to enforce any provision does not constitute a waiver of future enforcement.
15.6 Assignment
You may not assign these Terms without our prior written consent. Etellect may assign these Terms at any time.
15.7 Force Majeure
Neither party is liable for delays or failures due to events beyond reasonable control, including natural disasters, war, terrorism, strikes, or government actions.
15.8 Notices
Notices must be sent to:
Etellect Ltd
Email: legal@etellect.com
Registered Address:
Merlin House, 20 Mossland Road
Hillington Park, Glasgow
Scotland, G52 4XZ
15.9 Export Compliance
Services may not be exported or re-exported to countries subject to UK or international sanctions.
15.10 Third-Party Beneficiaries
Vocalink Limited is an express third-party beneficiary of these Terms with respect to EISCD data provisions.
Questions About These Terms?
If you have questions about these Terms of Service or require clarification on any provisions, please contact us:
Phone
+44 (0)20 4577 0019
Etellect Ltd (Trading as eSortcode)
Company Registration Number: SC204571
Registered in Scotland
Registered Office: Merlin House, 20 Mossland Road, Hillington Park, Glasgow, Scotland, G52 4XZ
ISO 27001 & ISO 9001 Certified