Effective from July 2025

-
Agreement
- This Service Agreement (“Agreement”) is between NameScan, a division of Member Check Pty Limited (ABN 64 129 012 344) of Suite 213, 7 Railway Street, Chatswood NSW 2067, Australia (“MemberCheck”) and the Client registered with MemberCheck as a user of the NameScan Service (as described in Schedule 1) (“Client”).
- This Agreement governs the Client’s use of the NameScan Service. The Client may not receive the
NameScan
Service unless and until the Client has:
- been registered by MemberCheck as a Client; and
- agreed to this Agreement, (which includes any Addenda), when registering for the NameScan Service on the Website.
- Any individual who enters into this Agreement on behalf of the Client warrants that he or she is authorised to enter into this Agreement on behalf of the Client and to bind the Client to this Agreement.
- This Agreement commences on the date it is agreed to by the Client (“Commencement Date”).
- MemberCheck may amend this Agreement from time to time and will publish the amended Agreement on the Website and/or give notice of such amendments to the Client. The Client’s continued use of the NameScan Service after such amendments are made constitutes acceptance of the amendments by the Client.
-
Client’s use of the NameScan Service
- MemberCheck will supply the NameScan Service to the Client in accordance with this Agreement.
- During this Agreement, MemberCheck grants to the Client a non-exclusive, non-transferable, revocable licence to access and use the NameScan Service only for the purposes, and subject to any restrictions, specified in this Agreement, including in any Addenda.
-
The Client must:
-
use the NameScan Service only for the purpose of:
- assisting in complying with legal duties and regulations which apply to the Client;
- performing a statutory role as a Governmental organisation;
- performing law enforcement duties; or
- assisting a third party entity in relation to the obligations set out in (A) to (C) above.
- only allow Permitted Users to access and use the NameScan Service;
- safeguard (and not share) Client’s user IDs or passwords and prevent any unauthorised access to and use of the NameScan Service and related systems and networks;
- inform MemberCheck immediately of any actual or potential unauthorised access to the Client’s account, or to any part of the NameScan Service.
- deactivate a Permitted User’s access to the NameScan Service immediately the Permitted User is no longer authorised to access or use the NameScan Service on behalf of the Client; and
- comply with all Federal, State, Territory and local laws and regulations applicable to the Client.
-
use the NameScan Service only for the purpose of:
-
The Client must not:
- reproduce, distribute, display, sell, publish, broadcast or circulate the NameScan Service or any information retrieved from the NameScan Service to any third party (other than a Permitted User or as required by law), nor make the NameScan Service available for any such use, unless authorised in writing by MemberCheck;
- use any device, software or routine to interfere or attempt to interfere with the proper working of the NameScan Service or any activity conducted through the Website or API or attempt to disable or circumvent any security mechanism used by the NameScan Service;
- introduce any harmful code or malware into the NameScan Service or transmit any malicious code through the NameScan Service (such as a virus, Trojan Horse, worm, logic bomb, or other software routine or hardware component designed to permit unauthorized access, to disable, erase or otherwise harm software, hardware or data, or to perform any such actions);
- use the NameScan Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights;
- take any action which imposes an unreasonable or disproportionately large load on the MemberCheck infrastructure or otherwise interferes with or disrupts the integrity or performance of the NameScan Service or any of the servers or networks that are connected to the NameScan Service or data contained in the NameScan Service (for example, via unauthorized benchmark testing or penetration testing);
- and must not permit any other person (including a Permitted User) to adapt, reverse engineer or assemble, decompile, disassemble, alter, modify or make corrections to or make derivative works from the whole or any part of the NameScan Service or data derived from the NameScan Service or documentation provided as part of the NameScan Service or demonstrate, translate, or otherwise attempt to discover the source code of the NameScan Service or any part of it.
- The Client allows the use of its name and logo in any NameScan Service marketing material, including references to the Client as a user of the NameScan Service, on the Website. MemberCheck will cease the use of the name and logo of the Client as permitted by this clause, if requested to do so in writing by the Client.
- Where the Client is an authorised reseller of the NameScan Service (Reseller), the licence granted to the Reseller under clause 2(b) permits the Reseller to provide access to the NameScan Service to end user customers provided that the Reseller passes through to its customers the requirements of this Agreement (and Addendum A) including the restrictions, limitations and exclusions applicable to Clients and Permitted Users. For the avoidance of doubt, the Reseller is responsible for implementing such measures as it considers necessary and appropriate if its customers require compliance with the EU GDPR, UK GDPR or DORA. Addendum B to this Agreement is provided for the benefit of MemberCheck’s clients only and is not to be relied on by the Reseller for its legal, compliance and/or risk management decisions.
-
Term
This Agreement commences on the Commencement Date and continues unless terminated in accordance with this Agreement. -
Fees
- The Client must pay to MemberCheck the fees specified on the Website.
- Fees are exclusive of all taxes, levies, or duties imposed by taxing authorities in connection with this Agreement. Fees are payable in full without deduction. The Client is responsible for paying any taxes, levies, or duties applicable to the Agreement or its use of the NameScan Service in addition to the Fees.
-
Privacy
- Each party agrees to comply with all privacy and other data protection laws that apply to it.
- If the EU GDPR or UK GDPR is applicable to the Client’s processing of personal data using the NameScan Service the Client must notify MemberCheck.
- If the Client has given MemberCheck a notice under clause 5(b) then to the extent MemberCheck processes personal data subject to the EU GDPR and or UK GDPR on behalf of the Client, the Client acknowledges and agrees that terms and conditions of the Data Processing Addendum set out in Addendum B will apply to the processing of that personal data.
-
Intellectual Property Rights
- The intellectual property rights in all software, content, and functionality of the NameScan Service and all data and information supplied through the NameScan Service are owned by MemberCheck or another third party (“MemberCheck IP”). MemberCheck grants to the Client a non-exclusive, revocable licence to use the MemberCheck IP solely for the purpose of, and in accordance with, this Agreement.
- The Client retains all intellectual property rights in all information and other materials the Client supplies to MemberCheck under this Agreement. The Client grants to MemberCheck a non-exclusive licence to use such information and materials for the purpose of MemberCheck supplying the NameScan Service to the Client.
-
Client Warranties
-
The Client warrants and undertakes that:
- this Agreement creates legally binding obligations of the Client; and
- if the Client subscribes for or uses the PEP/Sanction & Adverse Media Screening Service it will comply with the terms and conditions of Addendum A to this Agreement.
-
The Client warrants and undertakes that:
-
Warranties
- The Client may have rights under statutory consumer protection laws in its jurisdiction (including the Australian Competition and Consumer Act 2010 (Cth)), which cannot be excluded, restricted, limited or modified. The exclusions of warranties below and elsewhere in this Agreement, and the limitations of liability in clause 9 below, apply subject to any non-excludable rights the Client may have under such laws.
- Subject to clause 8(a), all representations, warranties, conditions, terms, guarantees and other provisions implied or imposed by or under statute or common law or otherwise including, without limitation, warranties, guarantees or other terms as to suitability, merchantability, satisfactory or acceptable quality and fitness for a particular purpose, are excluded to the maximum extent permitted by law.
- Unless expressly provided, the NameScan Service is delivered “as is” without warranty of any kind. MemberCheck does not warrant or represent that the NameScan Service (or data, information or material supplied to MemberCheck on which all or part of the NameScan Service depends) will be delivered free of any inaccuracies, interruptions, delays, omissions or errors (“Faults”), or that all Faults will be corrected. MemberCheck shall not be liable for any loss, damages or costs resulting from any such Faults. The Client assumes sole responsibility and entire risk as to the suitability and results obtained from use of the NameScan Service, and any decisions made or actions taken based on the information contained in or generated by the NameScan Service.
- If the Client is in New Zealand, the parties agree that any goods or services supplied or acquired under this Agreement are supplied or acquired in trade as defined in the Consumer Guarantees Act 1993 (NZ) (CGA). The parties agree to contract out of the provisions of the CGA to the extent permitted by the CGA and that it is fair and reasonable that the parties are bound by this provision. The Client agrees that any provisions of the CGA that apply to a non-contracting supplier of services are excluded to the extent permitted by the CGA.
- The Client acknowledges that it is acquiring the NameScan Service relying solely on the Client’s skill and judgement and not on MemberCheck’s representations or other conduct, except as expressly provided by MemberCheck in writing. The purpose of this clause is to, among other things, expressly contract out of the Fair Trading Act 1986 (NZ) to the maximum extent possible and the parties agree that it is fair and reasonable to do so.
- The Client acknowledges that MemberCheck is an aggregator and provider of information for general information purposes only and does not provide financial, tax, accounting or legal advice. MemberCheck is also not responsible for any loss, damages or costs resulting from any decisions of the Client, or anybody accessing the NameScan Service (or information derived from it) through the Client, that are made in reliance on the NameScan Service, including decisions relating to legal, compliance and/or risk management decisions. The Client agrees that it uses the NameScan Service at its own risk.
-
Limitation of liability
- If any term, condition, warranty, guarantee or other provision is implied into to this Agreement or applies to goods or services supplied by MemberCheck (whether by legislation, common law or otherwise) and it cannot be excluded, restricted or modified (a “Non-Excludable Term”), but MemberCheck is able to limit its liability for a breach of such Non-Excludable Term, then, to the extent permitted by law, MemberCheck’s liability for breach of the Non-Excludable Term is limited to one or more of the following at MemberCheck’s option, the supplying of the services again or the payment of the cost of having the services supplied again.
- Subject to clause 9(a) above and clause 4 of Addendum A in relation to the PEP/Sanction & Media
Screening
Service, MemberCheck’s liability, whether arising in contract, tort (including negligence), statute
or otherwise
under or in connection with the NameScan Service or this Agreement:
- is limited to an amount equal to 50% of the total Fees paid by the Client in the 12 months preceding such claim.; and
- is excluded in respect of all Consequential Loss.
- Subject to clause 10, the Client’s liability whether arising in contract, tort (including negligence), statute or otherwise under or in connection with the NameScan Service or this Agreement is excluded in respect of all Consequential Loss.
- Nothing in this Agreement limits liability that cannot be limited under law (including in relation to Non-Excludable Terms).
-
Indemnity
- The Client agrees to indemnify MemberCheck and its related entities, representatives, partners,
directors, agents
and employees from and against any and all liabilities, claims, costs, losses, damages and expenses,
including
reasonable legal fees on a full indemnity basis, suffered or incurred by MemberCheck, its related
entities,
representatives, partners, directors, agents and employees as a result of:
- the use of the NameScan Service for a purpose or in a manner other than as permitted by this Agreement (including an Addenda) or a breach of this Agreement (or an Addenda);
- a failure of the Client to give a notice to MemberCheck when required by clause 5(b);
- any negligent, unlawful or willful act or omission of the Client or its related entities, Permitted Users, representatives, partners, directors, agents or employees; or
- any claim by a third party (including a Permitted User) arising out of or in connection with the use of the NameScan Service by the Client or Permitted Users.
- The Client agrees to indemnify MemberCheck and its related entities, representatives, partners,
directors, agents
and employees from and against any and all liabilities, claims, costs, losses, damages and expenses,
including
reasonable legal fees on a full indemnity basis, suffered or incurred by MemberCheck, its related
entities,
representatives, partners, directors, agents and employees as a result of:
-
Termination
- Either party may terminate this Agreement at any time. If the Client terminates the Agreement, any unused scans or fees paid in advance are not refundable.
- If this Agreement is terminated, the Client must:
- cease using the NameScan Service by the effective date of termination;
- remove and delete all Client data, including current and historical scans, from the NameScan Service;
- pay to MemberCheck all fees for use of the NameScan Service supplied up to the effective date of termination; and
- return to MemberCheck, or at MemberCheck’s direction, destroy, all copies of all information, content and other materials obtained by the Client from the NameScan Service, except to the extent the Client is required by law to retain any such information, content or other materials.
-
Confidentiality
- Each party must keep confidential and not use or disclose any Confidential Information of the other party, except as permitted by this Agreement.
- The obligation of confidence in clause 12(a) extends to Confidential Information provided to or obtained by a party before entering into this Agreement. For the avoidance of doubt, any non-disclosure or confidentiality agreement entered into prior to the Commencement Date is terminated and superseded by this Agreement.
- The obligation of confidence in clause 12(a) does not apply to Confidential Information that is:
-
required to be disclosed by law, as long as the recipient:
- discloses the minimum amount of Confidential Information required to satisfy the law; and
- before disclosing any information gives a reasonable amount of notice to the discloser and takes all reasonable steps (whether required by discloser or not) to maintain that Confidential Information in confidence;
- in the public domain otherwise than as a result of a breach of this Agreement or another obligation of confidence; or
- already known by the recipient independently of its interaction with the other party and free of any obligation of confidence.
-
required to be disclosed by law, as long as the recipient:
- Each party must take all reasonable steps and do all things reasonably necessary, prudent or desirable in order to safeguard the confidentiality of the Confidential Information of the other party.
- Each party acknowledges that the value of the other party’s Confidential Information is such that an award of damages or an account of profits may not adequately compensate if this clause 12 is breached.
- The obligations of confidentiality in this clause 12 survive the termination of this Agreement.
-
Assignment
The Client may not assign any rights arising out of this Agreement without the prior written consent of MemberCheck which consent is not to be unreasonably withheld. -
Entire Agreement
This Agreement is the entire agreement between the parties in respect of its subject matter. It supersedes all prior discussions, negotiations, understandings and agreements whether oral or in writing (including electronically or by email) in respect of its subject matter and the use of the NameScan Service. If MemberCheck and the Client have entered into any other agreements (each Another Agreement), by way of example only, a confidentiality agreement, then to the extent there is any inconsistency between Another Agreement and this Agreement, this Agreement prevails. -
Severance
Part or all of any clause of this Agreement that is unenforceable or illegal will be severed from this Agreement and will not affect the enforceability of the remaining provisions of this Agreement. -
Notice
Any notice under this Agreement must be given in writing. MemberCheck may provide notice to the Client via email or through the Client’s account. The Client agrees that any such electronic communication will satisfy any applicable legal communication requirements, including that such communications be in writing. MemberCheck’s notices to the Client will be deemed given upon the first business day in Sydney, Australia after MemberCheck sends the electronic communication. The Client will provide notice to MemberCheck by email to support@namescan.io. The Client’s notices to MemberCheck will be deemed given upon receipt. -
Waiver
- A party’s failure to insist that the other party perform any obligation under this Agreement is
not a waiver of
that right:
- to insist the other party perform, or to claim damages for breach of, that obligation; or
- to insist the other party perform any other obligation,
- A party’s failure to insist that the other party perform any obligation under this Agreement is
not a waiver of
that right:
-
Dispute Resolution
- If a dispute arises out of or relates to this Agreement, or the breach, termination, validity or
subject matter of
this Agreement, or as to any claim in tort, in equity or pursuant to any domestic or international
statute or law,
the parties to this Agreement and to the dispute expressly agree to try to settle the dispute by
mediation
administered by the Australian Disputes Centre (“ADC”) or similar body before
having recourse to litigation:
- A party claiming that a dispute has arisen, must give written notice to the other party to the dispute specifying the nature of the dispute.
- On receipt of the notice specified in paragraph (1) the parties to the dispute must within seven (7) days of receipt of said notice seek to resolve the dispute.
- If the dispute is not resolved within seven (7) days or within such further period as the parties agree in writing then the dispute is to be referred to ADC for mediation.
- The mediation shall be conducted in accordance with ADC Guidelines for Commercial Mediation operating at the time the dispute is referred to ADC.
- If mediation fails to resolve the dispute within thirty (30) days of the dispute being referred to ADC, either party may give notice to the other to end the mediation.
- If a dispute arises out of or relates to this Agreement, or the breach, termination, validity or
subject matter of
this Agreement, or as to any claim in tort, in equity or pursuant to any domestic or international
statute or law,
the parties to this Agreement and to the dispute expressly agree to try to settle the dispute by
mediation
administered by the Australian Disputes Centre (“ADC”) or similar body before
having recourse to litigation:
-
Governing law and jurisdiction
This Agreement is governed by the law in force in New South Wales, Australia. Each party irrevocably submits to the exclusive jurisdiction of courts exercising jurisdiction in New South Wales, Australia and courts of appeal from them in respect of any proceedings arising out of or in connection with this Agreement. Each party irrevocably waives any objection to the venue of any legal process in these courts on the basis that the process has been brought in an inconvenient forum. - Definitions and interpretation
The meanings of terms used in this Agreement not otherwise defined are as follows:Agreement means this Service Agreement including all Schedules, Addenda and Annexures.Confidential Information means in relation to a party means any information:- regarding the business or affairs of that party;
- regarding the customers, employees or contractors of, or other persons doing business with that party;
- regarding the terms of this Agreement, or the commercial arrangements between the parties;
- which is by its nature confidential or which is designated as confidential by that party;
- which is designated as confidential in this Agreement;
- which the other party knows or ought to know is confidential; and
- in relation to MemberCheck including data and documentation pertaining to the NameScan Service.
Consequential Loss means loss of revenues, profits, goodwill, bargain or loss of opportunities, anticipated savings, loss of or corruption of data, and any indirect, incidental, special or consequential loss or damage or loss which does not arise naturally or in the ordinary course, howsoever caused (regardless of whether or not the possibility of the loss or damage was contemplated or communicated when this Agreement was entered into).DORA means the Digital Operational Resilience Act (Regulation (EU) 2022/255).EU GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.UK GDPR means the Data Protection Act 2018 and the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018.Permitted User means an individual who is authorised by the Client to access and use the NameScan Service via the Client’s account, API, user IDs and or passwords.Website means www.namescan.io, namescan.com.au, namescan.ai or other domains under which the NameScan Service has been provided.
SCHEDULE
Schedule 1 - The NameScan Service
The NameScan Service provides users with the ability to carry out checks in order to assist with their Anti-Money Laundering and Counter-Terrorism Financing Act obligations. The NameScan Service provides access to various data sources for carrying out these checks, which may include the following:
- PEPs (Political Exposed Persons), their relatives and close associates
- Sanctions and Official Lists
- Persons of Special Interest
- Adverse Media
Access to these sources is governed by this Service Agreement and various Addenda annexed to the Service Agreement.
The NameScan Service consists of reporting and research material, scanning and matching algorithms provided through a web-based user interface.
ADDENDA
Table of contents
Addendum A - PEP/Sanction & Adverse Media Screening Service Addendum
Addendum B - Data Processing Addendum
ADDENDUM A - PEP/SANCTION & ADVERSE MEDIA SCREENING SERVICE ADDENDUM
The following terms and conditions apply to the Client’s use of the NameScan Service to the extent the Client subscribes for or uses the PEP/Sanction & Adverse Media Screening Service. If there is any inconsistency between this Addendum and clauses 1 to 20 of the Agreement, this Addendum prevails in so far as it relates to the PEP/Sanction & Adverse Media Screening Service. By using the PEP/Sanction & Adverse Media Screening Service, the Client agrees to be bound by and comply with this Addendum A. Terms used in this Addendum are defined in the Agreement unless defined in clause 1 of this Addendum. Unless otherwise specified clause references are to clauses in this Addendum.
-
Definitions
- Data means data requested from the Database by a Permitted User as part of a Data Request.
- Database means the PEP/Sanction & Adverse Media Screening Service data service.
- Data Request means a request made by a Permitted User through the PEP/Sanction & Adverse Media Screening Service, being a Search Request and/or a Monitor Request.
- Monitor Request means a request made through the PEP/Sanction & Adverse Media Screening Service to monitor an individual or entity against the Database.
- Search Request means a request made through the PEP/Sanction & Adverse Media Screening Service to search for information relating to an individual or entity in the Database.
-
The PEP/Sanction & Adverse Media Screening Service
- The Client acknowledges that MemberCheck provides the Database under licence from third party suppliers and it is a requirement of those licences that certain terms and conditions are included in the Client’s Agreement in relation to the use of the Database and Data.
- MemberCheck grants a non-transferable, non-assignable, non-sublicensable and non-exclusive licence to Client to allow Client’s Permitted Users to access and use the Database to retrieve the Data identified in a Data Request. The Client must not resell, redistribute or relicense the NameScan Service in whole or in part unless the Client is a reseller authorised in writing by MemberCheck (and only to the extent authorised) and the Client complies with clause 2(f) of the Agreement and clause 3.4 of this Addendum.
-
Scope of Use
- The Client undertakes that it must, and must procure that each Permitted User shall at all
times:
- not use Data in any way which might infringe any licence granted to MemberCheck or a third party supplier, any law (including criminal and/or data protection law) and/or use any Data for any unlawful and/or unauthorised purpose;
- only allow Permitted Users to make use of and have access to the Database;
- not remove any copyright or other notice contained or included in any Data;
- acknowledge that the Data is licensed, not sold, and that it obtains no ownership of the Data;
- not access or use the NameScan Service, Database and/or Data to build a competitive product or service or to compete in any way with MemberCheck or a third party supplier and must not copy any features, functions or user interfaces of the NameScan Service or any part of it;
- not copy, frame or mirror any part or content of the MemberCheck Service;
- not cache or store any Data in order to reuse the Data;
- not in any circumstances use nor allow any third party to use, any automated software, process, programme, robot, web crawler, spider, data mining, trawling, screen scraping or other similar software (regardless of whether or not the resulting information would then be used for its internal purposes);
- comply with any specific standards, legal and regulatory obligations advised to Client in relation to its use of the NameScan Service;
- promptly upon becoming aware of any breach of this clause 3.1 notify MemberCheck of the breach, and promptly provide such details as MemberCheck may reasonably request.
- The Client acknowledges and accepts as reasonable that the undertakings given in clause 3.1 above are of material importance to MemberCheck and that MemberCheck has entered into the Agreement and provided the NameScan Service in reliance on these undertakings. The Client acknowledges that without affecting any rights or remedies that MemberCheck may have, damages would not be an adequate remedy for any breach by the Client of clause 3.1 and that MemberCheck shall be entitled to apply for the remedies of injunction, specific performance and other equitable relief for any breach of clause 3.1.
-
The Client acknowledges that:
- the Database and Data are licensed to the Client, not sold; and
- it obtains no ownership of the Database or Data;
- it has no right (and shall not permit any third party) to adapt, reverse engineer, decompile, disassemble, modify or make error corrections to the Database or Data; and
- if and to the extent MemberCheck or a third party supplier is liable to the Client in respect of the Database or the PEP/Sanction & Adverse Media Screening Service liability is limited in accordance with Clause 4 of this Addendum.
- If the Client is an approved reseller of MemberCheck, clause 2(d)(1) of the Agreement does not prohibit the Client from reselling a PEP/Sanction & Adverse Media Screening Service to its own customers (Third Party) provided that the Third Party is required to comply with terms and conditions at least as protective as this Addendum in particular, without limitation, clauses 3.1, 3.2, 3.3 and 4 of this Addendum. For the avoidance of doubt, the Client cannot resell, redistribute or relicense Data only.
- The Client undertakes that it must, and must procure that each Permitted User shall at all
times:
-
Liability
- Notwithstanding any other provision of the Agreement or this Addendum, no liability is excluded or limited to the extent that the same may not be excluded or limited by any applicable law.
- THE CLIENT ACKNOWLEDGES THAT MEMBERCHECK AND ITS THIRD PARTY SUPPLIERS (“SUPPLIERS”) COMPILE DATA BUT DO NOT ORIGINATE IT. ACCORDINGLY, THE DATABASE, ANY SERVICE AND/OR DATA ARE PROVIDED ON AN AS IS AND AS AVAILABLE BASIS AND THE SUPPLIERS DO NOT MAKE ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, AND WHETHER STATUTORY, EXPRESS OR IMPLIED, RELATING TO DATA (INCLUDING RELATING TO THE TIMELINESS, CURRENCY, CONTINUITY, ACCURACY, COMPLETENESS, MERCHANTABILITY, ACCEPTABLE QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE THEREOF.) IN PARTICULAR, THE CLIENT ACKNOWLEDGES THAT DATA MAY BE OBTAINED FROM SOURCES INCLUDING THE DARKWEB, AND ACCORDINGLY NO REPRESENTATION AND/OR WARRANTY IS GIVEN THAT THE PROVISION OF DATA BY SUPPLIERS COMPLIES WITH ANY LAW.
- THE CLIENT ACKNOWLEDGES THAT EVERY BUSINESS DECISION INVOLVES THE ASSUMPTION OF A RISK AND THAT THE SUPPLIERS, IN FURNISHING THE DATA TO THE CLIENT, DO NOT AND WILL NOT UNDERWRITE THAT RISK, IN ANY MANNER WHATSOEVER. NEITHER THE SUPPLIERS NOR ANY OTHER DATA SUPPLIER, SHALL BE LIABLE TO EITHER THE CLIENT OR ANY THIRD PARTY FOR ANY LOSS CAUSED IN WHOLE OR IN PART BY THE SUPPLIERS PROCURING, COMPILING, COLLECTING, INTERPRETING, REPORTING, COMMUNICATING, SUPPLYING OR DELIVERING THE DATA AND THE CLIENT AGREES NOT TO BRING ANY CLAIM AGAINST MEMBERCHECK, A THIRD PARTY SUPPLIER AND/OR OTHER DATA SUPPLIERS IN RESPECT THEREOF.
- THE CLIENT ACKNOWLEDGES THAT (A) USE OF THE DATABASE BY IT AND/OR ANY PERMITTED USER IS AT THE CLIENT’S SOLE RISK, (B) WHILST THE SUPPLIERS OBTAINS DATA IN GOOD FAITH FROM SOURCES WHICH THE SUPPLIERS CONSIDER TO BE RELIABLE, THE CONTENTS OF THE DATABASE ARE BASED ON DATA SUPPLIED BY THIRD PARTIES AND ARE NOT INDEPENDENTLY VERIFIED, (C) THE SUPPLIERS DO NOT GUARANTEE THE SEQUENCE, ACCURACY, COMPLETENESS AND/OR TIMELINESS OF THE DATABASE, (D) THE SERVICE IS NOT INTENDED TO AND DOES NOT PROVIDE TAX, LEGAL OR INVESTMENT ADVICE, (E) THE CLIENT SHOULD SEEK INDEPENDENT TAX, LEGAL AND/OR INVESTMENT ADVICE BEFORE ACTING ON DATA OBTAINED FROM THE DATABASE, AND (F) THE SUPPLIERS SHALL NOT BE UNDER, AND EXCLUDE TO THE FULLEST EXTENT PERMITTED BY LAW ALL LIABILITY TO THE CLIENT FOR, ANY LIABILITY WHATSOEVER IN RESPECT OF (i) ANY MISTAKES, ERRORS, INACCURACIES OR OMISSIONS IN, OR INCOMPLETENESS OF, THE DATABASE, (ii) DELAYS IN UPDATING THE DATABASE OR NON-AVAILABILITY THEREOF (iii) LOSS OF PROFIT, BUSINESS REVENUE, GOODWILL AND ANTICIPATED SAVINGS (WHETHER DIRECT OR INDIRECT) INCURRED THROUGH THE USE OF THE DATABASE; (iv) TRADING, INVESTMENT OR OTHER LOSSES WHICH CLIENT MAY INCUR AS A RESULT OF USE OF OR RELIANCE UPON THE DATABASE AND/OR DATA AND/OR (v) INTERNET FAILURE, AND/OR FAILURE OF THE CLIENT TO HAVE IN PLACE ANY NECESSARY SOFTWARE OR EQUIPMENT; AND/OR (vi) ANY CLAIM THAT THE PROVISION OF DATA INFRINGES ANY LAW.
- For the avoidance of doubt MemberCheck and its licensors may disclose the identity of the Client, its Permitted Users and employees to meet any requirement of any obligation of law. The Client warrants and represents that it has secured the consent of each Permitted User or other person whose personal data is disclosed to MemberCheck to the use and disclosure of that information by MemberCheck and its licensors as may be required under any applicable law.
ADDENDUM B - DATA PROCESSING ADDENDUM
Revision as at July 2025
This Data Processing Addendum (DPA) applies to Client Personal Data Processed by MemberCheck Pty Ltd ACN 129 012 344 (MemberCheck) on behalf of the Client and is incorporated into and forms part of the Agreement.
Capitalised terms used in this DPA have the meanings set out in this DPA. Capitalised terms not otherwise defined in this DPA have the meaning given to them in the Agreement. Unless otherwise specified clause references are to clauses in this Addendum. Except as modified below, the terms of the Agreement remain in full force and effect and govern this DPA.
- Effective Date of DPA:
- If the Client gives MemberCheck notice under the Agreement that the EU GDPR and/or UK GDPR is applicable to the Client, then this DPA becomes legally binding on the date the Client gives MemberCheck the notice (Notification Date).
- If after the Notification Date, MemberCheck updates the DPA at any time, the updated DPA supersedes and replaces any DPA in effect and the updated DPA becomes effective from the time MemberCheck gives the Client notice of the update. The Client agrees to the updated DPA by continuing to use the NameScan Service.
-
Definitions
-
In this DPA, the following terms have the meanings set out below:
- Agreement means the NameScan Service Agreement between the Client and MemberCheck for access to and use of the NameScan Service by the Client which the Client agreed to when registering for the NameScan Service;
- Client means the entity/organisation that has registered for the NameScan Service;
- Client Personal Data means any data that is Personal Data, to which the EU GDPR or UK GDPR applies, Processed by MemberCheck on behalf of the Client pursuant to or in connection with the Agreement;
- Contract Details means the details specified by the Client when registering for the NameScan Service;
- Effective Date means the date the DPA becomes effective in accordance with clause 1.
- EU GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation);
- Restricted Transfer means a transfer of Client Personal Data to a third country where the transfer is prohibited by the EU GDPR or UK GDPR (as applicable);
- SC Clauses means the following standard contractual clauses, as
applicable:
- Controller to Processor Standard Contractual Clauses adopted pursuant to the European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021 on Standard Contractual Clauses for the transfer of personal data to third countries; or
- Processor to Processor Standard Contractual Clauses adopted pursuant to the European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021 on Standard Contractual Clauses for the transfer of personal data to third countries;
- Subprocessor means any person (excluding an employee of MemberCheck or any of its sub-contractors) appointed by or on behalf of MemberCheck to Process Client Personal Data in connection with the Agreement;
- UK GDPR means the Data Protection Act 2018 and the EU GDPR as it forms part of the the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018.
- The terms, “Controller”, “Processor”, "Data Subject", "Personal Data", "Personal Data Breach", and "Processing" have the same meaning as in the EU GDPR or the UK GDPR (as applicable), and their cognate terms are to be construed accordingly.
-
In this DPA, the following terms have the meanings set out below:
-
Processing of Client Personal Data
- MemberCheck will Process Client Personal Data on the Client’s documented instructions (including as set out in the Agreement and this DPA). Client represents to MemberCheck that it has all rights and authorisations necessary for MemberCheck to Process Client Personal Data and that Client’s instructions comply with applicable law.
- The Client instructs MemberCheck (and authorises MemberCheck to instruct each Subprocessor) to Process Client Personal Data as necessary for the provision of the NameScan Service and as otherwise documented in this DPA and the Agreement. Additional instructions for the Processing of Client Personal Data must be prior agreed in writing. MemberCheck may charge a reasonable fee to comply with additional instructions.
- Unless prohibited by applicable law, MemberCheck will inform Client if MemberCheck is subject to a legal requirement to Process Client Personal Data in contravention of the Client’s instructions.
- Where Client is a Controller, Client is responsible for compliance with the requirements of laws including the EU GDPR or UK GDPR (as applicable) applicable to Controllers.
- The Client must notify MemberCheck if the Client is a Processor on behalf of other
Controllers, and Client:
- acknowledges it is the single point of contact for MemberCheck;
- represents and warrants it has obtained all necessary authorisations and instructions from the Controllers;
- must issue all instructions and exercise all rights on behalf of such other Controllers; and
- is responsible for compliance with the requirements of laws including the EU GDPR or UK GDPR (as applicable) applicable to Processors.
- Taking into account the nature of the Processing, Client agrees that it is unlikely
MemberCheck:
- will know the identity of the Controller if Client is a Processor and Client agrees to fulfil MemberCheck’s Processor obligations to Client’s Controllers where there is a Restricted Transfer;
- can form an opinion on whether an instruction infringes the EU GDPR or UK GDPR (as applicable) or other applicable law. However, if MemberCheck forms such an opinion it will immediately inform Client.
- Client is responsible for, and warrants that it is in, compliance with all applicable laws including EU GDPR and UK GPDR (as applicable).
-
Details of Processing
- The subject matter of the Processing is Client Personal Data. The duration, nature and purpose of the Processing, the types of Client Personal Data and categories of Data Subjects Processed are specified in Annex I to this DPA. The obligations and rights of Client are set out in the Agreement and this DPA.
-
MemberCheck Personne
- MemberCheck will take steps to ensure that access to Client Personal Data is limited to those individuals who need to know or access the relevant Client Personal Data, for the purposes of the Agreement or this DPA, ensuring that all such individuals are subject to obligations of confidentiality.
-
Security
- Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, MemberCheck will in relation to the Client Personal Data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures listed in Annex II. These measures may be modified from time to time.
- The Client acknowledges that the security measures in Annex II are appropriate and will notify MemberCheck prior to any intended Processing for which the security measures may not be appropriate.
- In assessing the appropriate level of security, MemberCheck will take account of the risks that are presented by Processing, in particular from a Personal Data Breach.
-
Subprocessing
- The Client authorises MemberCheck to engage (and to permit each Subprocessor appointed in accordance with this clause 7 to engage) Subprocessors. Where the Client is a Processor, the Client warrants it is authorised to allow Subprocessing.
- MemberCheck will make available to the Client on request or on its Website a list of Subprocessors. MemberCheck may continue to use those Subprocessors already engaged by MemberCheck at the Effective Date. MemberCheck will inform the Client of any intended changes to Subprocessors. The Client may object to the change on reasonable grounds by providing written notice to MemberCheck within 10 days of receiving the notice. MemberCheck and the Client will consult in good faith to address the Client’s concerns.
- MemberCheck will enter into a written contract (which may be electronic) with each Subprocessor including data protection obligations. MemberCheck remains liable to the Controller for the Subprocessor’s performance of its data protection obligations.
- Client Personal Data may be disclosed to Subprocessors engaged in accordance with this clause 7.
-
Data Subject Rights
- Taking into account the nature of the Processing, MemberCheck will assist the Client (at Client’s cost) by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the obligations to respond to requests to exercise Data Subject rights under the EU GDPR or UK GDPR (as applicable).
-
Personal Data Breach
- MemberCheck will notify the Client without undue delay if MemberCheck becomes aware of a Personal Data Breach affecting Client Personal Data.
-
Deletion or return of Client Personal Data
- Subject to clause 10.2, MemberCheck will after the date of termination of the Agreement where it involves the Processing of Client Personal Data, at the option of the Controller, delete or return Client Personal Data.
- Client Personal Data may be retained if required or permitted by applicable law.
-
Assistance and Audit rights
- MemberCheck will assist the Client in ensuring compliance with its obligations in relation to the security of personal data under the EU GDPR or UK GDPR (as the case may be) taking into account the nature of processing and the information available to MemberCheck. MemberCheck may charge a reasonable fee for assistance.
- Subject to clause 11.3, MemberCheck will make available to the Client on reasonable request all information necessary to demonstrate compliance with this DPA, and allow for and contribute to audits, including inspections, by the Client or an auditor mandated by the Client (not being a competitor of MemberCheck) in relation to the Processing of the Client Personal Data. Unless required by applicable law, audits will be carried out not more than once every 12 months.
- The Client will give MemberCheck reasonable notice of any audit or inspection to be conducted
under clause
11.2 and will make (and ensure that its mandated auditor makes) reasonable endeavours to avoid
causing (or, if
it cannot avoid, to minimise) any damage, injury or disruption to premises, equipment, personnel
and business of
MemberCheck (and Subprocessors, if applicable) while its personnel are on those premises in the
course of
such an audit or inspection. MemberCheck need not give access to its premises for the purposes
of such an
audit or inspection:
- to any individual unless he or she produces reasonable evidence of identity and authority;
- unless the auditor agrees to comply with MemberCheck’s reasonable confidentiality, access and security requirements; or
- outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Client has given prior notice to MemberCheck that this is the case.
-
Restricted Transfers
-
Restricted Transfer of EU Client Personal Data
The Client (as "data exporter") and MemberCheck (as "data importer") agree that any Restricted Transfer under the EU GDPR from the Client to MemberCheck will be subject to the SC Clauses which are deemed entered into by the Client and MemberCheck and incorporated by reference into this DPA and accordingly form part of this DPA completed as follows (clause references in the below paragraphs are to clauses in the SC Clauses unless otherwise specified):
- the provisions of Module Two and Module Three of the SC Clauses apply (as applicable);
- in clause 7, the optional docking clause applies;
- in clause 9(a), Option 2 applies, and the time period for prior notice is as set out in clause 7.2 of this DPA;
- in clause 11 the optional language does not apply;
- in clause 13 all square brackets are removed;
- in clause 17, Option 1 applies and the SC Clauses will be governed by the law of Ireland;
- in clause 18(b), disputes will be resolved before the courts of Ireland;
- Annex 1 of the Appendix to the SC Clauses is deemed completed with the information set out in Annex 1 to this DPA, as applicable;
- Annex II of the Appendix to the SC Clauses is deemed completed with the information set out in Annex II to this DPA.
- Restricted Transfer of UK Client Personal Data
The Client (as "data exporter") and MemberCheck (as "data importer") agree that any Restricted Transfer under the UK GDPR from the Client to MemberCheck will be subject to the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (UK Addendum), which UK Addendum is attached to and incorporated in this DPA as Exhibit A and accordingly is deemed entered into by the Client and MemberCheck.
- Other Requirements
- The parties agree that where the SC Clauses are or the UK Addendum is replaced or superseded by new standard contractual clauses or a new addendum, as applicable (New SCCs) for the purposes of the EU GDPR or the UK GDPR respectively, the data importer may give notice to the data exporter and, with effect from the date specified in such notice, the New SCCs specified in such notice apply going forward. To the extent that the use of the New SCCs require the parties to complete additional information for compliance with the EU GDPR or the UK GDPR as applicable, the parties agree to reasonably and promptly work together to complete such additional information.
- If any means of legitimizing Restricted Transfers set out in the DPA (or incorporated by reference) becomes invalid, the data importer may by notice to the data exporter, with effect from the date specified in the notice, amend or put in place alternative arrangements to enable Restricted Transfers.
-
Restricted Transfer of EU Client Personal Data
-
General Terms
- Other than as required by the SC Clauses, the UK Addendum or other applicable law:
- the liability of each party under this DPA is subject to the exclusions and limitations of liability in the Agreement;
- this DPA is governed by and to be construed in accordance with the governing law and jurisdiction provisions of the Agreement.
- Nothing in this DPA is intended to vary or modify the SC Clauses or the UK Addendum, where to
do so would be
illegal or invalid. In the event of any conflict between:
- this DPA and the SC Clauses, the SC Clauses prevail in relation to a Restricted Transfer subject to the EU GDPR; and
- this DPA and the UK Addendum, the UK Addendum prevails in relation to a Restricted Transfer subject to the UK GDPR.
- Subject to clause 13.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties (including the Agreement) and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail but only in relation to the Processing of Client Personal Data.
-
Subject to clause 12.3(b), should any provision of this DPA be invalid or unenforceable, then
the remainder of
this DPA remains valid and in force. The invalid or unenforceable provision will be either:
- amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible,
- construed in a manner as if the invalid or unenforceable part had never been contained in the DPA.
- Other than as required by the SC Clauses, the UK Addendum or other applicable law:
ANNEX I
- LIST OF PARTIES
Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]Name: ClientAddress: Contact details as belowContact person’s name, position and contact details: As specified in the Contract DetailsActivities relevant to the data transferred under the SC Clauses: The activities specified in clause 4 of the DPA and Annex I, Part B below of the DPA.Signature and date: When this DPA becomes legally binding in accordance with clause 1 of this DPA, the data exporter is deemed to have signed this Annex 1Role (controller/processor): Controller unless the Client notifies MemberCheck under clause 3.5 of the DPA or otherwise.Data importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]Name: Member Check Pty Ltd ACN 129 012 344Address: Suite 213, 7 Railway Street, Chatswood NSW 2067 AustraliaContact person’s name, position and contact details: Compliance and Services Team, compliance@membercheck.comActivities relevant to the data transferred under the SC Clauses: The activities specified in clause 4 of the DPA and Annex I, Part B below of the DPA.Signature and date: When this DPA becomes legally binding in accordance with clause 1 of this DPA, the data importer is deemed to have signed this Annex 1Role (controller/processor): Processor
-
DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferredThe Client determines the Data Subjects which could include Client’s employees, contractors, end users, customers and potential customers and other third parties.Categories of personal data transferredThe Client Personal Data uploaded to the NameScan Service may include name, date of birth, address or country of residence, gender and other information considered appropriate to assist in identifying a Data Subject.The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).Continuous depending on the use of the NameScan Service by the Client.Nature of the processingThe provision of the NameScan Service and as otherwise set out in the Agreement and this DPA.Purpose(s) of the data transfer and further processingTo provide the NameScan Service.The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that periodThe duration of the provision of the NameScan Service to the Client.For transfers to (sub-) processors, also specify subject matter, nature and duration of the processingAs for the data importer.
-
COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13 of the SC ClausesWhere the data exporter is established in an EU Member State: The supervisory authority applicable to the data exporter in its EEA country of establishment shall act as competent supervisory authority.Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State where data exporter’s representative is established shall act as competent supervisory authority.Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the data subjects relevant to the transfer are located shall act as competent supervisory authority.
ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
- Measures of pseudonymisation and encryption of personal data
- Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
- Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
EXHIBIT A
Start date | The Effective Date of the Data Processing Addendum to which this Addendum is attached (DPA). | |
The Parties | Exporter (who sends the Restricted Transfer) | Importer (who receives the Restricted Transfer) |
Parties’ details |
Full legal name: Client named in the Contract
Details
Trading name (if different): As specified in the
Contract Details (if applicable)
Main address (if a company registered
address): Client contact details are as
specified in the Contract Details or below
Official registration number (if any) (company
number or similar identifier): As specified in
the Contract Details (if applicable)
|
Full legal name: Member Check Pty Ltd ACN
129 012 344
Trading name (if different): NameScan
Main address (if a company registered
address): Suite 213, 7 Railway Street,
Chatswood, NSW 2067 Australia
Official registration number (if any) (company
number or similar identifier): ACN 129 012
344
|
Key Contact |
Full Name (optional):
Job Title:
Contact details including email:
|
Full Name (optional):
Job Title:
Contact details including email:
|
Signature (if required for the purposes of Section 2) | The Exporter has agreed to be bound to this Addendum and is deemed to have signed it when this DPA becomes legally binding in accordance with clause 1 of this DPA. | The Importer has agreed to be bound to this Addendum and is deemed to have signed it when this DPA becomes legally binding in accordance with clause 1 of this DPA. |
Addendum EU SCCs |
The version of the Approved EU SCCs which this Addendum is appended to, detailed below,
including the Appendix Information:
Date: N/A
Reference (if any): N/A
Other identifier (if any): N/A
Or
the Approved EU SCCs, including the Appendix Information and with only the following modules,
clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of
this Addendum:
|
Module | Module in operation |
Clause 7
(Docking Clause)
|
Clause 11
(Option)
|
Clause 9a
(Prior Authorisation or General Authorisation)
|
Clause 9a
(Time period)
|
Is personal data received from the Importer combined with personal data collected by the Exporter? |
1 | ||||||
2 | Applies | Applies | Not applicable | Option 2 | As set out in clause 7.2 of the DPA | No |
3 | Applies | Applies | Not applicable | Option 2 | As set out in clause 7.2 of the DPA | No |
4 |
Annex 1A: List of Parties: As specified in Table 1. |
Annex 1B: Description of Transfer: As described in clause 4 and Annex I of the DPA |
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: As set out in Annex II of the DPA |
Annex III: List of Sub processors (Modules 2 and 3 only): As provided to the Exporter on request |
Ending this Addendum when the Approved Addendum changes |
Which Parties may end this Addendum as set out in Section 19 of the Mandatory Clauses:
Importer
Exporter
neither Party
|
Mandatory Clauses | Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses. |