Last update: August 3, 2023
“Errors” shall have the meaning ascribed to it in Section 3(e).
Unless otherwise defined herein, all capitalized terms carry the definitions ascribed to them in the Master Terms, or Order Form, as applicable.
Pursuant to the Flinks Master Terms and Conditions set forth at https://flinks.com/terms-conditions/, and the applicable Order Form between Flinks and Client, Flinks shall provide Client with the following Service:
a) The core functions of Connectivity include, without limitation:
b) Where Client wishes to consume End-Customer Data from Data Sources through Flinks’ “Open Banking” APIs with applicable Data Sources, Client shall comply with the obligations set forth in Schedule A-1 attached hereto entitled “Schedule A-1 – End-Customer Data via Data Access Method (Canada)”.
c) Should Client anticipate a temporary increase in the number of End-Customers using the Embedded Service, or Accounts established through the Services (each a “Volume Spike”) for reasons including, but not limited to, marketing campaigns or activations, Client will provide Flinks with no less than forty-eight (48) hours prior written notice of an anticipated Volume Spike specifying the anticipated (i) commencement of such Volume Spike, (ii) duration of such Volume Spike, and (iii) approximate number of End- Customers using the Connection Method or Data Access Method during such Volume Spike (the “Volume Spike Notice”). Flinks shall not be responsible for any reduction in the Connection Method Availability, or unavailability thereof, including as relates to the Data Access Method, Flinks Connect’s availability, and Flinks’ general ability to deliver the Services during the Volume Spike where Client fails to provide Flinks with a Volume Spike Notice, as applicable.
d) The above Service do not include any professional, technical, consulting or integration services.
Flinks shall set up and deploy the Service so that it is operational for Client at no cost or charge to Client.
Client shall be solely responsible for (i) providing, operating and maintaining the Application ii) hosting the Application on the Client’s site, and (ii) hosting, operating and maintaining the Integrated Service, all pages on which the Integrated Service is displayed or made available for use by End-Customers, and the Client’s website.
All Data Sources that are generally available to all Flinks clients operating in the Territory will be available to Client. Flinks will be entitled to remove any Data Source from the Services for any reason in its reasonable discretion.
Connection Method Availability and Flinks Connect Availability are monitored on a 24/7 basis and assessed on a monthly basis. Flinks commits to deploy its best efforts to ensure 99% Connection Method Availability and Flinks Connect Availability, excluding Scheduled Maintenance, Emergency Maintenance and any Data Source malfunction outside of Flinks’ control.
In the event that any bugs, defects, delays, hindrances, or other errors (collectively, “Errors”) occur, Client will report to Flinks the Error in accordance with the Severity Levels (to be reasonably determined by Client) as set forth in Schedule A hereto. Flinks commits to deploy its best efforts to respond to an Error, depending on the Severity Level, within the time frames set forth in Schedule A entitled “Schedule A – Support”, starting from the time Client notifies Flinks of the Error.
1. Technical support times for the Service described in this Service Schedule are as follows during the Term:
| Severity Level | Acknowledgement Time | Engagement Method |
|---|---|---|
| “Severity Level 1” is an emergency condition which makes the use or continued use of any one or more functions of the Software impossible or significantly impaired. The condition requires an immediate solution that is not already available to Client. | Upon reception of report from the Client. | If found by Flinks: Flinks shall call or email the Client business lead. If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA) and shall immediately call or email Flinks’ relationship manager assigned to Client. |
| “Severity Level 2” is, other than any Severity Level 1 problem, any condition which makes the use or continued use of any one or more functions of the Software difficult and which Client cannot reasonably circumvent or avoid on a temporary basis without the expenditure of significant time or effort. | < 1 hour | If found by Flinks: Flinks shall email the Client business lead. If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA) and shall call or email Flinks’ relationship manager assigned to Client. |
| “Severity Level 3” is, other than any Severity Level 1 problem or Severity Level 2 problem, any limited condition which is not critical in that no loss of Client Data occurs and which Client can reasonably circumvent or avoid on a temporary basis without the expenditure of significant time or effort. | < 4 hours | If found by Flinks: Flinks shall update the Status Update website (status.flinks.com). If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA). |
| “Severity Level 4” is, other than any Severity Level 1 problem, Severity Level 2 problem or Severity Level 3 problem, a minor condition or Documentation error which Client can easily circumvent or avoid. Additional requests for new feature suggestions, which are defined as new functionality in existing Software, are also classified as Severity Level 4. | < 1 day | If found by Flinks: Flinks shall contact Client to schedule an ad hoc meeting or a quarterly business review. If found by Client: Client shall contact Flinks’ relationship manager assigned to Client. |
a) Client shall complete the security, privacy and compliance questionnaire attached to Client’s applicable Order Form as Appendix 1 to Schedule A-1 (the “Questionnaire”) in order to access End-Customer Data from Data Sources through Flinks’ “Open Banking” APIs with applicable Data Sources (each an “OBE Data Source”). Flinks will thereafter determine, at its sole discretion, whether the answers provided meet the minimum security, privacy, and compliance requirements necessary to access the Data Access Method (the “Minimum Requirements”).
b) Where Client meets the Minimum Requirements, Client shall be entitled to access all Data Source(s) available to Clients through the Data Access Method for a period of one (1) year, and thereafter for recurring periods of one (1) year subject to Client continuing to meet the Minimum Requirements for the duration of the previous one (1) year period.
a) Annual Attestation of Compliance. Once annually, Flinks shall re-issue the Questionnaire to Client to assess whether Client continues to meet the Minimum Requirements. If at any time the Client becomes aware of any change to the information or documentation it provided or its ability to meet the Minimum Requirements, it shall immediately provide Flinks with written notice identifying such change in detail.
b) Flinks Compliance Audit Right. Once annually, Flinks may re-assess Client’s ongoing eligibility to access the OBE Data Sources, such re-assessment may include some, or all, of the following:
c) Events Triggering Additional Compliance Investigation by Flinks. Flinks shall make inquiries into Client’s ongoing eligibility to access the OBE Data Sources where Flinks becomes aware of one, or more, of the following triggering events:
(each an “Event”).
Flinks will immediately suspend Client’s access to the Data Access Method if Flinks determines, at its sole discretion, that Client fails to meet the Minimum Requirements to access Data Sources available through the Data Access Method.
Data Access Method Availability is monitored on a 24/7 basis and assessed on a monthly basis. Flinks commits to deploy its best efforts to ensure 99% Data Access Availability, excluding Scheduled Maintenance, Emergency Maintenance and any Data Source malfunction outside of Flinks’ control. For the purpose of this Section 4 to Schedule A-1: i) “Data Access Method” means the data distribution channel(s) or method(s) made available by Flinks to or on behalf of Client and through which Applicable End-Customer Data (as hereinafter defined) is transmitted to or on behalf of Client on a read-access basis pursuant to this Agreement, as further described in Schedule A; and ii) “Data Access Method Availability” means stable access by the End-Customers to the Connection Method without substantial degradation of responsiveness.
b) If an End-Customer expressly revokes consent for Client to access and/or use of their End-Customer Data in connection with a Client Service then Client shall no longer access and/or use the Data Access Method to access End-Customer Data associated with such End-Customer attributable to such Client Service.
c) Where Client is consuming Services solely through Flinks Technology, Client may download a copy of Applicable End-Customer Data for the sole purpose of use within the Client Systems. Client acknowledges and agrees that any such downloaded copy or copies of Applicable End-Customer Data be permanently deleted from all Client Systems no later than five (5) days after such copy was made.
Client shall promptly inform Flinks of any changes to the answers provided in response to the Questionnaire.
Client represents and warrants that, at the time of submission to Flinks, all information provided pursuant to Sections 1(a) and 2(a) to Schedule A-1 is true, accurate and complete in all material respects, and does not omit any material fact necessary for Flinks to assess Client’s eligibility to access and use the Data Access Method.
Where Client is consuming Services solely through the integration of Flinks Technology to Client Systems, Client represents and warrants that it shall maintain, for the duration of time it wishes to access the Data Access Method, insurance coverage (or alternate financial safeguards) and security, privacy and compliance controls equal to those in place at the time the information was provided (i) as part of the onboarding and accreditation process set forth in Section 1 to this Schedule A-1 and (ii) the annual attestation of compliance thereafter, as set forth in Section 2 to this Schedule A-1. Client represents and warrants that it has, and shall keep in place for the Term, i) drive encryption and anti-virus protection for all endpoints utilized by Client personnel, and ii) the ability to remotely wipe all such Client personnel utilized endpoints.
Client shall deploy appropriate technical and organizational safeguards to ensure the confidentiality and security of Personal Data consumed by Client through the Data Access Method, taking into consideration the nature, scope, context, purpose and risks inherent to such Personal Data. Without limiting the generality of the foregoing, Client must (a) encrypt all such Personal Data at rest with AES 256 bit encryption; (b) use HTTPS 256-bit encryption (TLS 1.2, or such cryptographic protocol equivalent to, or exceeding, the functionality of same) for communication protocols for such Personal Data in transit; d) enforce access controls on a need-to-know basis and following the principle of least privilege; e) provide its Personnel with information security awareness and training.
Where Client is consuming Services solely through the integration of Flinks Technology to Client Systems, at least annually, Client will have a certified independent public accounting firm or another independent, certified, industry-recognized third party conduct a review and provide a full report under SOC 2 Type II (or a successor or replacement thereof) or, if a SOC 2 Type II report is not an available option, then a review and certification reasonably satisfactory to Flinks to demonstrate compliance with systems and operational controls.
Without limiting the foregoing, Client acknowledges and agrees that the registration and onboarding of the Client, and this Agreement, shall not constitute any form of direct or indirect endorsement of any Client Service by Flinks.