SERVICES AGREEMENT
Last updated on Mon, 31 Mar 2025 09:38:44 GMT
INTRODUCTION
Welcome to Duffel’s Services Agreement and thank you for using our Services! By creating a Duffel account and/or using the Services, you are agreeing to be bound by the terms of this Agreement.
Duffel's details
We are Duffel Technology Limited (“Duffel”, “us”, ”our”, “we”) incorporated and registered in England and Wales with company number 11188295, and registered office at 3rd Floor, 100 Clifton Street, London EC2A 4TP, United Kingdom. Our registered VAT number is GB 308 8210 16. Duffel has subsidiaries around the world, and we may subcontract some services to these subsidiaries in other countries or regions outside the United Kingdom. If you have any questions, please get in touch with us at legal@duffel.com and we will be happy to assist.
Key definitions
- “Agreement”: this Services Agreement and any order form signed with us (“Order Form”).
- “Customer”, “you”: the entity or person using Duffel Services.
- “Duffel Platform”: our platform, as more particularly described on our website, which enables you to search, book and manage Travel Services.
- “Materialised Order”: each Order which has resulted in the actual provision of Travel Services (e.g. completion of last leg of flight or hotel check-out) as confirmed by the Supplier.
- “Order”: each order placed for Travel Services via the Duffel Platform as confirmed by the Supplier.
- “Services”: means access to the Duffel Platform and our additional services described in Section B. Please read the subsections of Section B that are relevant to you.
- “Supplier”: any travel service provider that Duffel connects to in order to make Travel Services available on the Duffel Platform, e.g. an airline or hotel.
- “Supplier Data”: all information of the Travel Services made available through the Duffel Platform, including fares and rates, hotel information, photos, metadata, cancellation policies and general terms and conditions of the Suppliers.
- “Travel Services”: flights, accommodation and other travel services available to book via the Duffel Platform.
- “Traveller”: the individual using the Travel Services i.e. taking the flight or staying in the hotel.
Other defined terms are as set out in the terms of this Agreement.
SECTION A: GENERAL TERMS AND CONDITIONS
1. Access to the Duffel Platform
1.1 Account registration: Before using the Services, you must register with Duffel and create a Duffel account (“Account”). To register for an Account, you must provide us with certain information to complete our know your customer (“KYC”) processes. You acknowledge and accept that information provided by you may be checked and/or verified by Duffel or a third party appointed by Duffel. Until we have reviewed and approved all such information (“Verification”), your Account will be available to you on a preliminary basis only, such that you can only access a test environment to create secure credentials to access the Duffel Platform e.g. username and password, test the Duffel Platform, and build an integration between your platform and the Duffel Platform. Subject to Verification, Duffel grants a non-exclusive, non-transferable right, without the right to grant sub-licences, for you and your Authorised Users to access and use the Duffel Platform during the term of the Agreement solely for your business operations. You warrant, represent and undertake that to the best of your knowledge all information provided to Duffel by you (or on your behalf) and kept in your Account is complete, accurate and up-to-date.
1.2 Account activation: Following Verification, Duffel will confirm that all steps have been completed to activate your Account and Duffel will enable you as a Customer within Duffel’s live production environment, such that you can start creating Orders. “Authorised Users” means your employees, agents and independent contractors who form part of your organisation or your group company who are authorised by you to access your Account. You shall use best endeavours to ensure your Authorised Users comply with the terms of this Agreement.
1.3 Account activity: You are solely responsible for reconciling the information generated by your use of the Duffel Platform with your records, and for identifying any errors. If you become aware that any information or activity in your Account is incorrect, you shall promptly notify us in writing. Duffel shall not accept any liability for any damage or loss caused by: (i) your failure to inform us of any suspected errors or inconsistencies in relation to your Account; (ii) errors or omissions in any information, instructions or scripts provided by (or on behalf of) you to Duffel in connection with the Services; or (iii) any actions taken by Duffel at your direction. You shall use best endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of becoming aware of any such unauthorised access or use, you shall immediately notify us in writing.
2. Using the Duffel Platform
2.1 Documentation: You shall use the Services solely in accordance with the documentation made available to you by Duffel, including the Duffel Platform documentation, any network and system specifications, and other pages on our website (collectively, “Documentation”). Except as expressly provided in the Agreement, you assume sole responsibility for results obtained from the use of the Services and the Documentation as provided by Duffel in accordance with the terms of this Agreement, and for conclusions drawn from such use.
2.2 Our obligations: Subject to you complying with your obligations in the Agreement, Duffel shall provide you the Services substantially, and to the greatest extent possible, in accordance with the terms of this Agreement and the Documentation. The foregoing shall not apply to the extent any non-conformance is caused by your use of the Services contrary to Duffel's reasonable instructions, or modification or alteration of the Duffel Platform by any party other than Duffel or its duly authorised representatives. We will provide you and your Authorised Users with support as set out in the Documentation to resolve issues with the use of the Duffel Platform. You can use the Documentation and your Account dashboard (“Dashboard”) to self-serve but if you still have questions please follow the support link on the Dashboard. Duffel shall use reasonable commercial endeavours to respond to your queries within a reasonable timeframe.
2.3 Fair usage: You shall not use the Services in such a way that Duffel believes (acting reasonably) has or is likely to have an adverse impact on the Services, including sending excessive calls to the Duffel Platform and an excessive Search-to-Order Ratio, where “Search-to-Order Ratio” means the ratio calculated by the total number of calls to the Offer Request end-points of the Duffel Platform (“Searches”) divided by the total number of Orders created in any given time period, and “Excess Search” means a Search above the Search-to-Order Ratio. Note the Search-to-Order Ratio is indicated on our pricing page (or your Order Form) and is calculated separately for the Flights API and the Stays API. For the avoidance of doubt, zero Orders shall be treated as one Order for the purposes of calculating the Search-to-Order Ratio. Duffel reserves the right to monitor and apply a cap on your usage in accordance with the Search-to-Order Ratio as this is necessary to facilitate our Agreement with our Suppliers.
2.4 Warranties: Each party warrants, represents and undertakes that: (i) it has full right, power and authority to enter into the Agreement; (ii) it has and shall maintain all licences, consents, accreditations and permissions necessary to offer the Travel Services and to perform its obligations under this Agreement; and (iii) it shall at all times comply with all applicable laws in its use, or provision of, the Services (as the case may be), including to offer the Travel Services.
2.5 Restricted activities: You shall not (except as allowed by any applicable law which is incapable of exclusion by agreement between the parties and/or except to the extent expressly permitted under the Agreement):
a. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services and/or Documentation (as applicable) in any form or media or by any means; or
b. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services; or
c. access all or any part of the Services in order to build a product or service which competes with the Services; or
d. access or use the Services for metasearch purposes (including to build a metasearch on top of the Duffel Platform and/or to redistribute to a metasearch platform); or
e. license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party (or assist third parties in obtaining access to the Services) except for the Authorised Users and to offer the Travel Services to your customers as envisaged by this Agreement; or
f. introduce or permit the introduction of: (i) any software code, file, virus, worms, trojan horses, malware or similar items which may prevent, impair or otherwise adversely affect access to, or the operation of, any computer software, hardware, device, network, or any other service, any programme or data, or the user experience; or (ii) a weakness in the computational logic (e.g. code or architecture of the system) found in software and hardware components that when exploited, results in a negative impact to confidentiality, integrity, or availability to the relevant network and information systems; or
g. access, store, distribute or transmit any unlawful, harmful, defamatory or obscene material during the course of your use of the Services, and shall not do, cause or authorise to be done anything that in Duffel’s reasonable opinion would adversely affect the reputation or goodwill associated with Duffel or its Suppliers or otherwise bring Duffel or its Suppliers into disrepute; or
h. use your Account and/or the Services for illegal or fraudulent transactions or in connection with illegal or fraudulent activity of any kind, including money laundering, trafficking, anti-bribery activity or tax evasion; or
i. use any Services to order from, or on behalf of, persons or entities in a country embargoed, blocked, or defined by any government, including those on sanction lists identified by the United Kingdom, the European Commission or by the United States Office of Foreign Asset Control (OFAC); or
j. use the Services to create speculative or sham Orders, reserve Travel Services in anticipation of demand, and/or do any other abusive practice, including repeat hold orders without subsequent booking;
k.conduct, undertake, use, perform or exercise any form of marketing activities, directly or indirectly in respect of the Intellectual Property Rights (as defined in clause 6) of the Supplier or Supplier Data, unless such Supplier has given its prior written consent for your specific use,
and if you become aware of any restricted activity, you shall immediately notify us in writing.
2.6 Co-operation: You acknowledge that Duffel’s ability to provide the Services at the agreed standard is dependent upon your full and timely cooperation. Accordingly, you shall provide accurate and complete information and data as reasonably required by Duffel to provide the Services and you shall carry out all your responsibilities as set out in the Agreement in a timely and efficient manner. Upon reasonable prior written notice from Duffel, you shall provide a demo of how your platform presents Supplier Data in a production environment where the Duffel Platform is integrated to ensure compliance with this Agreement (for example, to ensure we are meeting display requirements from Suppliers).
3. Travel Services
3.1 Suppliers: You acknowledge and agree that the Suppliers and Supplier Data available via the Services are subject to change. Duffel may immediately suspend or limit your access to a particular Supplier and/or Supplier Data upon request from such Supplier. You shall only make available the Supplier and Supplier Data as authorised (e.g. adhere to closed-user group restrictions). You shall comply with the relevant Supplier’s rules and policies (as made available to you by Duffel) for using Supplier Data and for searching, booking, ticketing, changing and cancelling Orders, and you shall rectify any non-compliance within five (5) days of Duffel’s notification.
3.2 Supplier Data: Except to the extent expressly set out in the Agreement, Duffel makes no representation or warranty and shall have no liability or obligation whatsoever in relation to the Supplier Data. Without limiting the generality of the foregoing, you acknowledge and agree that Duffel shall not be held liable for inaccurate, incomplete, out-of-date, misleading, unlawful, abusive, offensive or obscene Supplier Data. You shall: (i) refresh or update content and information provided about Travel Services via the Duffel Platform no less frequently than weekly; and (ii) display all relevant images and not directly or indirectly download and/or host any images or source files acquired via the image link URL as part of the Supplier Data on your own platform or servers. You shall promptly notify Duffel and correct any errors or omissions on your platform and in the information relating to the Travel Services after becoming aware of such errors or omissions or after being notified of the errors or omissions by Duffel and/or the Supplier.
3.3 Responsibility for Travel Services: The contract for the provision of the Travel Services is between the Traveller and the Supplier and subject to the standard terms and conditions of the Supplier (“Travel Service T&Cs”). You shall ensure the Travel Service T&Cs are prominently and accurately displayed to, and accepted by, the Traveller prior to completion of the Order, and you shall provide a timely booking confirmation following completion of the Order. At all times, the relevant Supplier shall be responsible for providing the Travel Services to the Traveller. Duffel shall not be responsible for any default, defect, delay or failure in any supply of the Travel Services by any Supplier or for any losses suffered or incurred by you or any Traveller (directly or indirectly) as a result of any act or omission of the Supplier. Except to the extent expressly set out in the Agreement, Duffel makes no representation or warranty and shall have no liability or obligation whatsoever in relation to the Suppliers, the Travel Services provided by the Suppliers, and Orders. You acknowledge and agree that special requests for Orders cannot be guaranteed.
3.4 Bring Your Own (“BYO”): Unless you are using Duffel’s Managed Content (see Section B) you acknowledge and agree that: (i) Duffel shall not operate as your agent and neither party shall be authorised to make or enter into any commitments for and on behalf of the other party; and (ii) you shall have, and adhere to, all necessary accreditations, ticketing authority and contracts with Suppliers required to offer the Travel Services.
3.5 First line support: Unless you are using Duffel’s Traveller Support (see Section B), you are responsible for providing “first line” customer support (i.e. directly engaging with Travellers on their support requests) and you shall at all times adhere to the Supplier’s reasonable instructions and requirements with respect to such support. In the event that the Supplier experiences higher than average customer contact or customer service costs in connection with your Orders, it may apply a charge to attempt to recoup such costs which you shall be responsible for paying.
4. Payment
4.1 Fees: means the fees payable by you for all Services you are consuming through the Duffel Platform, as detailed in your Dashboard. Unless an Order Form has been signed between the parties, the fees payable for access to the Duffel Services will be based on our standard pricing which we may revise at any time upon thirty (30) days’ prior written notice. Unless agreed otherwise in writing, Duffel shall charge the card on file in your Account on a monthly basis for the Fees due.
4.2 “Profit Share”: means the amount payable to you for each Materialised Order, calculated as a percentage of the gross revenue actually received or retained by Duffel for Travel Services after an Order becomes a Materialised Order, exclusive of any amounts paid to the Suppliers, taxes, fees and other government charges, processing or service fees, discounts, refunds, credit card processing fees, rebates, and adjustments due to credit card fraud or bad debt or any other reason for a chargeback. For the avoidance of doubt, no Profit Share is payable to you where Duffel has not received any revenue for the Order e.g. if it is a non-commissionable rate. The Profit Share shall be as agreed between the parties in an Order Form. Subject to Duffel’s receipt of commission from the Suppliers, Duffel shall pay you the Profit Share on a monthly basis within 10 working days of the beginning of the calendar month. Duffel shall not be required to pay any Profit Share to you unless the total amount owing to you in the relevant calendar month is greater than or equal to USD $25. The Duffel Platform shall be conclusive evidence in respect of the Orders generated and the amount of Profit Share (and any other taxes or fees) owed during any given period.
4.3 Late payment: If Duffel has not received payment of the Fees on the due date, and without prejudice to any other rights and remedies we may have, interest shall accrue on a daily basis at an annual rate equal to two per cent (2%) over the then current base lending rate of Duffel's bankers in the UK from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
4.4 Taxes: Our Fees are exclusive of any applicable taxes such as value added tax, goods and services tax, sales tax and applicable indirect and transactional taxes, or other charges which shall be added to your invoice, where appropriate and at the appropriate rate. You shall pay all taxes, fees and other charges imposed by any governmental authority in connection with the Services provided under the Agreement.
4.5 Fines: Duffel excludes our liability for chargebacks, disputes, refunds, fraudulent transactions and Supplier insolvency in relation to any Order, and we reserve the right to pass on to you any fees, leakages, fines or penalties incurred by us on your behalf for your Orders, save where caused solely by Duffel’s negligence or wilful misconduct. Note refunds are subject to the Supplier’s refund policy and Duffel has no control over the processing of refunds, including the time it takes for a Supplier to process a refund and how a refund is paid (e.g. money or credit/voucher).
5. Settling the Orders
5.1 Duffel settlement (only available for Managed Content): If you have opted to use Duffel’s settlement service whereby we pay the Suppliers on your behalf, you shall ensure there are sufficient funds in your “Balance” as shown in your Dashboard to cover the costs of the Orders (note any top-up is subject to normal bank processing timelines). Duffel reserves the right to reject any order requests where there are insufficient funds. All offers for Travel Services will be presented via the Duffel Platform in the “Balance Currency” you selected when creating your Account or set out in the Order Form, and Duffel will identify, at the time of the Order, the conversion rate that will apply to each Order. Duffel reserves the right to include a transaction fee for currency conversion services as part of Duffel’s settlement to ensure that we limit the financial risk associated with foreign exchange transactions to the greatest extent possible. Duffel will only issue refunds to you for voided, changed or cancelled Orders if and once the sums have been received by Duffel from the Supplier.
5.2 Pay by card (requires pre-approval by Duffel): If you have opted to settle the Orders via pay by card, the following terms apply:
a. This clause 5.2 applies to all payments irrespective of the card used, the name of the cardholder and who authorises the payment. They apply to you, the Traveller and cardholder as applicable and you shall require the cardholders to accept terms that are consistent with the contents of this clause 5.2 before using the payment functionalities. Duffel does not control how or when the card is charged by a Supplier (including when there is a series of transactions). A payment is subject to the terms and conditions of the Order as set by the Supplier, and a card is used subject to the terms and conditions of the card provider.
b. Duffel provides the functionality to store cards for future use. Storing a card requires upfront approval from the cardholder at the time the card is stored, to confirm the card can be used to settle future Orders. It is strictly your responsibility to manage access to, and use of, a stored card. We are not responsible or liable for any transaction made using a stored card.
c. If you settle an Order using a card, your collection, and provision to us and the Supplier, of such card details shall be in accordance with all applicable laws. You warrant that each user providing the card details is duly authorised and has the right and power to: (i) share the card data with Duffel and the Supplier; and (ii) authorise the charging of the card by the Supplier or its service provider with the applicable amount to cover the Order and associated fees.
d. In the event a card is used to guarantee an Order, the payment card may not be charged but the card owner may see an authorisation for the price which is part of the transaction flow controlled by the card provider. A Supplier may charge a card provided as a guarantee in the event of a no-show (or other reasons in accordance with the Travel Service T&Cs) and we are not responsible or liable for such charges.
e. Upon Duffel’s notice, you may be required to implement specific requirements, for example 3DS, as required by Suppliers. You assume all fraud liability and are required to fraud screen all booking attempts. Fraud screening procedures shall be documented in writing and may be approved by Duffel in advance.
f. Save where you are using Duffel’s Managed Content (see Section B), you shall be solely responsible for the management and resolution of any chargebacks, fraud disputes and associated losses incurred in connection with your Orders made with pay by card. Whilst we may, in our sole discretion, offer assistance in investigating chargebacks or fraud disputes, we are under no obligation to intervene or resolve such matters on your behalf.
5.3 Stays Payment Instruction (requires pre-approval by Duffel): If you have opted to settle the Stays Orders on behalf of the Traveller, the following terms apply:
a. Duffel only offers Stays Payment Instruction on accommodation and rates where Duffel deems it possible to offer customer service in accordance with good industry practice.
b. The Stays Payment Instruction payment may be fulfilled either by programmatic transmission, a credit card authorisation form or via a payment link sent by the Supplier, and Duffel shall forward the payment link to you for completion where we are unable to handle the card data in accordance with our PCI-DSS compliance. You shall make available to Duffel a support contact team via email or phone to resolve payment failure issues via the Stays Payment Instruction and keep Duffel informed of any changes to the contact details.
c. Duffel has no control over the processing of the payment. The processing is by the Supplier and is subject to the Supplier’s policies. For the avoidance of doubt, Duffel shall not chase the Supplier for invoices on your behalf.
d. If you settle an Order using the Stays Payment Instruction, your provision to us and the Supplier, and your handling of, the card details shall be in accordance with all applicable laws. You warrant that each user providing the card details is duly authorised and has the right and power to: (i) share the card data with Duffel and the Supplier; and (ii) authorise the charging of the card by the Supplier or its service provider with the applicable amount to cover the Order and associated fees.
5.4 Pricing variations: Duffel uses reasonable endeavours to supply accurate pricing for Travel Services, but there can be variations in the actual amount charged by a Supplier which is not in our control, including: (i) surcharges, for example in relation to using a specific form of payment; and (ii) exchange rate fluctuations, fees applied to a currency conversion transaction, and FX charges. Duffel is not responsible or liable for price discrepancies and/or additional charges applied to settle an Order.
6. Intellectual Property Rights
6.1 “Intellectual Property Rights”: means (i) patents, rights to inventions, designs, copyright and related rights, database rights, trade marks, related goodwill and the right to sue for passing off and/or unfair competition and trade names, in each case whether registered or unregistered; (ii) proprietary rights in domain names; (iii) rights to use, and protect the confidentiality of, knowhow, trade secrets and confidential information; (iv) applications for, and rights to apply for and be granted registrations, including extensions and renewals of, and rights to claim priority from, any of the foregoing rights; and (v) all other rights of a similar nature or having an equivalent effect now or in the future anywhere in the world. Except as expressly stated herein, the Agreement does not grant either party any rights to, under or in, the other party’s Intellectual Property Rights and either party may not use, copy, adapt, modify, distribute, license, sell, transfer, publicly display, transmit, or otherwise exploit any of the other party’s Intellectual Property Rights, unless expressly permitted under this Agreement.
6.2 Duffel IPR: Duffel warrants that it is the owner or authorised licensee of the software contained in the Duffel Platform. You acknowledge and agree that all Intellectual Property Rights in and to the Duffel Platform and the other Services, the Documentation, the Duffel website and any other content or materials made available to you via the Services or otherwise in connection with this Agreement are the exclusive property of Duffel and/or its licensors.
6.3 Your IPR: You hereby grant Duffel a non-exclusive, revocable licence to use your branding (without alteration and in accordance with any guidelines communicated to Duffel by you) solely for the purposes of identifying you as a customer of Duffel, and any further use of your branding shall be subject to prior written approval. Further, you hereby grant Duffel (and its authorised third party agents) a non-exclusive licence to use yours and/or your licensors documents, manuals, materials, software and data that you provide to us or give us access to or with (“Content”) and all Intellectual Property Rights therein solely to the extent necessary to perform our obligations under the Agreement, including to provide the Services. Duffel acknowledges and agrees that all Intellectual Property Rights in and to your branding and Content are the exclusive property of you and/or your licensors.
7. Indemnity
7.1 Customer indemnity: You shall defend and indemnify Duffel (including our affiliates, and each of their respective directors, officers, employees, agents, and representatives) from and against all third party claims, actions, proceedings, losses, damages, expenses and costs (including reasonable legal fees) arising out of or in connection with: (a) yours (or your Authorised Users’) breach of this Agreement; (b) claims made to or by the Travellers or other parties about your business, fees, your supporting of Orders or any other information not provided by Duffel; and/or (c) any taxes erroneously imposed on Duffel and/or Supplier on any amount you charge the Traveller in excess of the amount that is remitted to Duffel and/or the Supplier in connection with an Order, provided that: (i) Duffel gives you prompt notice of any claim and authority to defend or settle such claim; (ii) Duffel does make any admission of liability, agreement, settlement, or compromise in relation to any claim without your prior written consent; and (iii) Duffel provides all reasonable co-operation in the defence and settlement of such claim at your expense.
7.2 Duffel indemnity: Subject to clause 7.3, Duffel shall defend and indemnify you (including your affiliates, and each of their respective directors, officers, employees, agents, and representatives) from and against all third party claims, actions, proceedings, losses, damages, expenses and costs (including reasonable legal fees) arising out of or in connection with infringement of a third party’s Intellectual Property Rights arising out of your use of the Duffel Platform, provided that: (i) you give Duffel prompt notice of any claim and authority to defend or settle such claim; (ii) you do not make any admission of liability, agreement, settlement, or compromise in relation to any claim without Duffel’s prior written consent; and (iii) you provide all reasonable co-operation in the defence and settlement of such claim at Duffel’s expense.
7.3 The indemnity under clause 7.2 shall not apply if the infringement is based on: (i) an unauthorised modification of the Duffel Platform; (ii) your use of the Duffel Platform in a manner contrary to the terms of this Agreement or the instructions given by Duffel; or (iii) your use of the Duffel Platform after notice of the alleged or actual infringement from Duffel or any appropriate authority. In the defence or settlement of any claim, Duffel may at its sole expense and option: (i) procure the right for you to continue using the Duffel Platform; or (ii) replace or modify the Duffel Platform so that it becomes non-infringing without affecting the basic functionality of the Duffel Platform, provided, however, that if (i) and (ii) are not practicable (following Duffel’s best endeavours), Duffel may, in our sole discretion and without any additional liability, terminate this Agreement with respect to such Services by giving you thirty (30) days written notice and the indemnity set out in clause 7.2 shall cease to apply on the date of termination (save for any accrued rights, remedies, obligations or liabilities up to the date of termination).
8. Limitation of Liability: YOUR ATTENTION IS PARTICULARLY DRAWN TO THIS CLAUSE.
8.1 As-Is: Except as expressly provided in the Agreement, the Services and the Documentation are provided to you on an "as is" basis and all warranties, representations, conditions and all other terms of any kind whatsoever, whether implied, statutory, or arising out of custom are, to the fullest extent permitted by applicable law, excluded from the Agreement. Without limiting the generality of the foregoing, Duffel makes no representation or warranty: (i) that the Services will meet your requirements, be uninterrupted, error-free or free from vulnerabilities; (ii) in respect of the Suppliers, Supplier Data or Travel Services; and (iii) that the Services shall comply with any network and information security and other cybersecurity requirements at law which are not applicable to Duffel. Duffel is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and you acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such facilities.
8.2 Exclusions: Nothing in the Agreement excludes or limits the liability of either party for: (i) death or personal injury caused by its negligence; (ii) fraud or fraudulent misrepresentation; (iii) either party’s payment obligations hereunder; and/or (iv) anything else that cannot be excluded at law.
8.3 Consequential losses: Subject to clause 8.2, neither party shall be liable whether in contract (including under any indemnity), tort (including for negligence or breach of statutory duty), misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill, loss or corruption of data or information, or for any special, indirect or consequential loss however arising under the Agreement.
8.4 Cap: Except as otherwise provided in this clause 8, either party’s total aggregate liability in contract (including indemnities), tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Agreement shall be limited to the total Fees and/or Profit Share paid or payable by you to Duffel during the twelve (12) months immediately preceding the date on which the claim arose. Notwithstanding the foregoing, either party’s aggregate liability arising from breach of its obligations under the Data Processing Addendum shall not exceed $1,000,000.
9. Term & Termination
9.1 Term: The Agreement shall commence on the date you create an Account (“Pay as you go” or “PAYG”) or the Effective Date set out in an Order Form, and shall continue: (i) in the case of PAYG, until either party terminates the Account; or (ii) in the case of an Order Form, for the Initial Term set out in the Order Form during which you may not terminate for convenience, and following expiration of the Initial Term, the Agreement shall automatically renew until terminated by either party upon sixty (60) days prior written notice (unless a new Order Form is signed).
9.2 Suspension: Duffel may immediately suspend your access to all or any part of the Services without liability to you and without prejudice to any other rights or remedies we may have under the Agreement or otherwise if:
a. any information provided by you (or on your behalf) to Duffel is incomplete, inaccurate, out-of-date or has been misrepresented;
b. you fail to reduce your volume of Searches to the Search-to-Order Ratio within twenty-four (24) hours of Duffel’s written notice that you are exceeding the Search-to-Order-Ratio, or if you exceed the Search-to-Order Ratio on multiple occasions;
c. you use the Services in any manner which Duffel, acting reasonably, believes is unlawful, in breach of applicable privacy or security standards, and/or includes any restricted activity under clause 2.5;
d. Duffel is required to do so under applicable laws or upon request from a Supplier;
e. you fail to rectify the non-compliance notified by Duffel pursuant to clause 3.1 and/or 14.2;
f. you fail to pay the sums due under this Agreement within five (5) business days of Duffel’s late payment notice;
g. Duffel reasonably considers your fraud screening procedures for pay by card fail to meet industry standards (if applicable);
h. your use of the Services results in an unreasonable (in Duffel’s opinion) rate of chargebacks and/or fraudulent transactions via the Duffel Platform;
i. you breach this Agreement; or
j. you enter an Insolvency Event (as defined in clause 9.3).
9.3 Termination for cause: Either party may terminate this Agreement with immediate effect by giving written notice:
a. if either party commits a material breach of any term of the Agreement which is irremediable, or if such breach is remediable it fails to remedy that breach within a period of thirty (30) days after being notified in writing to do so (including if Duffel has not seen evidence of a remedy to enable us to resume any suspended Services within thirty (30) days);
b. upon the occurrence of an Insolvency Event, where “Insolvency Event” means it suspends, or threatens to suspend, its business or payment of its debts, or is unable to pay its debts as they fall due, it commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, steps are taken by it or a third party towards its winding up or the appointment of an administrator, or any event occurs, or proceeding is taken, with respect to it that has an effect equivalent or similar to any of the foregoing events.
9.4 Consequences of termination: On termination of the Agreement for any reason:
a. all licences and rights granted hereunder shall immediately terminate, you shall immediately cease all use of the Services, and Duffel may immediately suspend or terminate access to your Account;
b. all outstanding unpaid sums (and interest if applicable) become immediately payable;
c. subject to payment of all outstanding unpaid sums, Duffel shall return any funds in your “Balance” in the Dashboard, including any deposit for Duffel Payments (if applicable);
d. each party will return or delete (at the election of the owner) the other party’s property in its possession. Duffel may destroy or otherwise dispose of any of your data in its possession, unless Duffel receives, no later than ten (10) days after the effective date of the termination of the Agreement, a written request for the delivery of the then most recent back-up of your data. Duffel shall use reasonable commercial endeavours to deliver the back-up to you within thirty (30) days of its receipt of such a written request, provided that you have, at that time, paid all sums outstanding (whether or not due at the date of termination). You shall pay all reasonable expenses incurred by Duffel in returning or disposing of your data;
e. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced; and
f. all provisions which are intended by their nature to survive termination shall continue in full force and effect, including clause 6 (Intellectual Property Rights), clause 7 (Indemnity), clause 8 (Limitation of Liability) and clause 10 (Confidentiality).
10. Confidentiality
10.1 “Confidential Information”: means confidential or proprietary information disclosed by a party or its representatives to the other party relating to the provision or use of the Services, regardless of the format and whether designated as confidential, including any Order Form, the details of the Services, the results of any performance tests of the Services, and all statistics shared with you (including Order volume, usage statistics, ranking data, information in respect of rates/fares, product and availability parity, pricing policies, conversion data and volume of click-throughs), but shall exclude information that: (i) is or becomes publicly known other than through any act or omission of the receiving party; (ii) was in the other party's lawful possession before the disclosure; (iii) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or (iv) is independently developed by the receiving party, which independent development can be shown by written evidence.
10.2 Restricted access: Each party may be given access to Confidential Information from the other party in order to perform its obligations. Each party shall hold the other's Confidential Information in confidence and not make it available to any third party or use it for any purpose other than the implementation of the Agreement. Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed in violation of the Agreement.
10.3 Permitted disclosure: Each party shall be entitled to disclose Confidential Information of the other party to its affiliates, employees, officers, professional advisers and auditors solely on a need-to-know basis (“Representatives”), and provided such Representatives are bound by obligations of confidentiality. Each party shall be responsible at all times for the acts and omissions of such Representatives in respect of the Confidential Information as though they were its own acts or omissions.
10.4 Mandatory disclosure: A party may disclose Confidential Information to the extent it is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible. Where notice of disclosure is not prohibited and is given, each party shall take into account the reasonable requests of the other party in relation to the content of such disclosure.
11. Data & Privacy
11.1 Your data: You shall own all right, title and interest in and to all of your data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such data. In the event of any loss or damage to your data, your sole and exclusive remedy against Duffel shall be for Duffel to use reasonable commercial endeavours to restore the lost or damaged data from the latest back-up maintained by us in accordance with our Security Policy. Duffel shall not be responsible for any loss, destruction, alteration or disclosure of your data caused by any third party (except those third parties sub-contracted by Duffel to perform services related to data maintenance and back-up).
11.2 Your personal data: We are certain that the protection of personal data is as important to you as it is to us. Our Privacy Policy explains how and for what purposes we collect, use, retain, disclose, and safeguard your personal data that you provide to us in your Account and in your use of our website (it does not apply to any personal data associated with the Travel Services and Orders). You agree to the terms of our Privacy Policy, which we may update from time to time.
11.3 Order data: The parties agree to comply with the Data Processing Addendum attached to this Agreement in respect of personal data processed for the purposes of offering Travel Services and creating Orders.
11.4 Cardholder data: In accordance with the PCI-DSS requirements that apply to us, Duffel shall ensure the security of any cardholder data it handles, stores, processes, or transmits (or where it could impact the security of such cardholder data and the cardholder data environment). You shall comply with the PCI-DSS requirements that apply to you.
12. General
12.1 Exclusivity: Unless agreed otherwise in writing, this Agreement shall not prevent either party from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
12.2 Publicity: Neither party shall announce the Agreement publicly without the prior written consent of the other party (such consent not to be unreasonably withheld or delayed) and in the event of consent, the parties shall provide reasonable co-operation to each other to agree the wording and form of the announcement.
12.3 Force majeure: Neither party shall have any liability to the other party under the Agreement if it is prevented from or delayed in performing its obligations, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including strikes, lock-outs or other industrial disputes, failure of a utility service or transport or telecommunications network, act of God, war, natural disaster, epidemics or pandemics (including the ongoing effects of Covid-19), riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or subcontractors. In the event a force majeure event affecting a party’s performance continues for seven (7) days, the affected party shall be entitled to terminate the Agreement by giving the other party thirty (30) days written notice.
12.4 Variation: Duffel may make changes to the terms of the Agreement at any time upon written notice via email and your continued use of our Services after a change has been made will constitute your acceptance of such changes.
12.5 Waiver: A delay or failure to exercise, or the single or partial exercise of, any right or remedy shall not waive that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy.
12.6 Rights and remedies: Except as expressly provided in the Agreement, the rights and remedies provided are in addition to, and not exclusive of, any rights or remedies provided by law.
12.7 Severance: If any provision or part-provision of the Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of the Agreement. If any provision or part-provision of the Agreement is deemed deleted the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
12.8 Entire agreement: The Agreement and all documentation that is referenced constitute the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter. Each party acknowledges that in entering into the Agreement, it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that are not set out in the Agreement. Nothing in this clause shall limit or exclude any liability for fraud.
12.9 Assignment: Save as otherwise set out in the Agreement, neither party shall, without the prior written consent of the other party (such consent not to be unreasonably withheld or delayed), assign, transfer, charge or sub-contract all or any of its rights or obligations under the Agreement, provided, however, that either party may assign, transfer, charge or sub-contract all or any of its rights or obligations under the Agreement to an entity that acquires all or substantially all of the business or assets of such party to which this Agreement pertains, whether by merger, reorganization, acquisition, sale, or otherwise. This Agreement will be binding on, inure to the benefit of, and be enforceable by the parties and their permitted assigns.
12.10 Partnerships: Nothing in the Agreement is intended to or shall operate to create a partnership unless expressly agreed between the parties.
12.11 Third party rights: The Agreement does not confer any rights on any person or party (other than the parties to the Agreement and, where applicable, their successors and permitted assignees) pursuant to the Contracts (Rights of Third Parties) Act 1999, save that you agree that any losses incurred by an affiliate of Duffel under or in connection with the Agreement shall be deemed to have been suffered, and shall be recoverable, by Duffel, but where it is not possible for Duffel to recover the losses, the relevant affiliate may claim against you.
12.12 Notices: Any notice required to be given under the Agreement shall be provided to you via the email or physical address provided to us in your Account. Notices shall be deemed received within 24 hours of the email being sent, provided that no error message indicating failure to deliver has been received by the sender. All notices for Duffel shall be sent to legal@duffel.com.
12.13 Non-solicitation: During the term of this Agreement and for a period of 12 months from the expiry thereafter, neither party may directly or indirectly seek to employ or otherwise engage the employees of the other party, without express permission from the other prior to any such engagement. This clause shall not apply to employees who have applied for genuine vacancies advertised by such party without any enticement to do so by, or on behalf of, such party.
12.14 Interpretation: The headings to clauses and paragraphs are inserted for guidance only and shall not affect the meaning or interpretation of any part of this Agreement. In this Agreement. “including” means “including, without limitation,” and “include” and related expressions such as “in particular” shall be construed accordingly.
13. Governing Law & Jurisdiction
13.1 Governing law: The Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
13.2 Jurisdiction: Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Agreement or its subject matter or formation (including non-contractual disputes or claims).
SECTION B: TERMS AND CONDITIONS SPECIFIC TO SERVICES
Please read the subsections of this Section B that are relevant to your use of Duffel Services.
14. Managed Content
14.1 “Managed Content”: means Duffel acts as your licensed travel agent by: (i) creating Orders on your behalf under our (or our partner’s) agency accreditation e.g. International Air Transport Association (“IATA”) and/or Airlines Reporting Corporation (“ARC”), ticketing authority and Supplier contracts; and (ii) providing second line support to resolve issues with the Orders. For the avoidance of doubt, the licensed agent may be Duffel Technology Ltd (UK) or one of our subsidiaries (e.g. Duffel Travel US Inc.) depending on your point of sale.
14.2 “Governing Travel Agent Agreements:” means: (i) the terms and conditions of our contract with the Suppliers; and (ii) the relevant rules and regulations for our accreditation and ticketing authority, including the terms and conditions of the IATA Passenger Sales Agency Agreement, all IATA resolutions, ARC Agent Reporting Agreement and Billing and Settlement Plan (“BSP”) manual. You acknowledge and agree that Duffel’s authority to create Orders is limited to the rights granted to it under the Governing Travel Agent Agreements. Where Duffel notifies you that you are acting contrary to the Governing Travel Agent Agreements, you shall rectify this non-compliance within five (5) days of the notification date.
14.3 Second line support: As licensed agent, Duffel shall provide second line support i.e. liaise with Suppliers to resolve any issues with an Order as notified to us by an Authorised User.
a. Changes/Cancellations by You: You may void, change or cancel Orders within your Account. If you encounter difficulties or have questions, please open a support ticket through the Dashboard. If you request Duffel supports an Order where the functionality is available for you to action in your Account, Duffel may charge a reasonable fee for such support. Changes or cancellations can only be accepted in accordance with the Travel Service T&Cs, Governing Travel Agent Agreements, and/or any other rules stipulated by the Suppliers, and the Supplier may charge a void, change or cancellation fee. If you void, change or cancel an Order outside of the Duffel Platform, Duffel shall not be liable for any such void, change or cancellation and shall not be responsible for supporting such Order.
b. Changes/Cancellations by the Suppliers: Duffel shall inform you of any changes or cancellations made to an Order by the Supplier as soon as reasonably possible after Duffel becomes aware of such change or cancellation. Duffel does not warrant that any changes or cancellations shall be viewable on the Duffel Platform. As an agent, Duffel accepts no liability for any changes or cancellations made to any Order by the Supplier; however we shall use our best endeavours to support you in any way to resolve these changes or cancellations. If, as part of any such changed or cancelled Order, the Supplier offers alternative arrangements or a refund, you must let Duffel know whether you wish to accept the alternative arrangements within the timeframe stipulated by the relevant Supplier.
c. Duffel may assist in addressing any complaints to the Supplier before, during or after performance of the Travel Services; however, you acknowledge that Duffel is not responsible for managing or resolving any disputes between: (i) you and/or the Traveller; and (ii) the Supplier.
d. Following termination of the Agreement, Duffel may, at your request, provide second line support for existing Orders made prior to the date of termination until the final Order is fulfilled (e.g. the Traveller has completed the last leg of their flight).
14.4 Pay by card: If purchasing Travel Services under Managed Content with pay by card (see clause 5.2), you acknowledge and agree that: (i) Duffel only accepts cards issued to the Traveller and in the Traveller’s name, and physical or virtual cards issued in your business name are not permitted without Duffel’s prior written consent; and (ii) any chargebacks or fraudulent transactions may adversely affect Duffel’s rights, and give rise to liabilities, under the Governing Travel Agent Agreements and accordingly you shall use best endeavours to mitigate such risk. Notwithstanding clause 5.2(f) and subject to clause 4.5, as agent of record Duffel shall be responsible for the management of any chargebacks, fraud disputes and associated losses incurred in connection with your Orders made with pay by card, and you shall provide all assistance required by Duffel for such management.
15. Traveller Support
15.1 “Traveller Support:” means first line support provided by Duffel to the Traveller as mutually agreed in an Order Form. Duffel shall provide Traveller Support with reasonable skill and care but is not responsible for any limitations to the management of an Order controlled by the Suppliers. Note Traveller Support requires the use of Duffel Payments so please refer to clause 16 as well.
15.2 Users: This clause 15 applies to you and your Authorised Users, any third party user authorised by you to access Duffel’s Traveller Support, or the Traveller (“User”). You shall ensure a User has been authenticated before initiating access and ensure you are satisfied the User has permission to access and amend an Order on behalf of the Traveller(s). You shall ensure accurate User information is provided at all times as failure to do so may impact the quality of Traveller Support. Duffel is not responsible for the acts and omissions of the User, including the supply of inaccurate information and unauthorised access and/or mismanagement of an Order, except where caused by Duffel’s negligence or wilful misconduct.
15.3 Changes: Changes made to an Order are subject to the terms and conditions of the Supplier. By instructing a change to an Order using Traveller Support, the User grants Duffel permission to initiate the change with the Supplier. A change may trigger a notification to the Traveller(s) and by accessing Traveller Support, the User gives us explicit permission to send notifications to the User or to the Traveller as we deem essential to the Order. All changes to an Order shall be managed using Traveller Support. If changes are made to an Order not using Traveller Support (i.e. directly with the Supplier) it may limit how we can support an Order in the future.
15.4 Payment for changes: Some changes may incur a fee (for example, changing a flight). Fees are charged by the Supplier and are paid to the Supplier using an approved payment method. Duffel is not responsible for any discrepancies in fees charged or refunded by a Supplier. To collect the Traveller’s payment for the change, Duffel may issue a payment link via Duffel Payments (see clause 16), and you hereby authorise Duffel to generate payment links from your Stripe Connect account for these purposes.
16. Duffel Payments
16.1 “Duffel Payments”: means payment processing services to enable you to collect funds from Travellers via the Duffel Platform, provided in partnership with Stripe. Once the payment is processed the funds end up in the “Balance” in your Dashboard.
16.2 Stripe: Payment processing services used by you via the Duffel Platform are provided by Stripe and are subject to the Stripe Connected Account Agreement, which includes the Stripe Services Agreement (collectively, the “Stripe Agreement”). By agreeing to this Agreement or continuing to use our Services, you agree to be bound by the Stripe Agreement, which may be modified by Stripe from time to time. As a condition of us enabling payment processing services to you through Stripe, you agree to provide us with accurate and complete information about you and your business, and you authorise us to share business and transaction information related to your use of the payment processing services provided by Stripe. Please read the Stripe Agreement carefully as it includes information about additional responsibilities on you as a merchant using payment processing services (including PCI compliance and your relationship to Stripe).
16.3 Fees: You are responsible for ensuring that your fees are sufficient to cover: (i) any amounts due to Suppliers for Travel Services booked, including any associated FX charges; (ii) the Fees due to Duffel under this Agreement; and (iii) the Stripe processing fees. Duffel reserves the right to recover monies owed to us via your Balance or, if there are insufficient funds in your Balance, to charge the card on file or invoice you accordingly.
16.4 Chargebacks: You shall provide timely co-operation with Duffel in respect of any Orders processed via Duffel Payments. Duffel reserves its right to suspend your access to Duffel Payments, without liability to you and without prejudice to any other rights or remedies we may have under the Agreement or otherwise, if you do not respond to our queries and/or pay for chargebacks or other fines owed pursuant to clause 4.5 within a reasonable timeframe (as determined in our sole discretion).
16.5 Deposit: You shall provide a deposit, in the amount specified in the Order Form or agreed between the parties in writing, to cover the risk to Duffel for its payment processing services and to guarantee the performance of your obligations under this clause 16. In the event of non-compliance with clause 16.4, Duffel may use the deposit for chargebacks or other fines resulting from your use of Duffel Payments, following which you shall top-up the deposit to the original amount within five (5) days of Duffel’s written request.
17. Duffel Links
17.1 “Duffel Links”: means a white label solution that enables you to generate a link where Travellers will be able to access our shopping experience, customised to match your brand. Note Duffel Links automatically includes Duffel Payments for collecting funds from Travellers so please refer to clause 16 as well.
17.2 Access: Duffel grants you a non-exclusive, non-transferable licence to incorporate and display the Duffel Links on your platform. You shall use best endeavours to prevent any illegal, fraudulent or other unauthorised use (including the restricted activities under clause 2.5) of Duffel Links and if you become aware of any such use you shall notify Duffel immediately.
17.3 Liability: You shall provide the Traveller with all information required by law, including your contact information, booking terms and conditions and Travel Service T&Cs. Whilst Duffel provides the link to the shopping experience you acknowledge and agree that the contract of sale is directly between you and the Traveller. Duffel will not be the seller or merchant of record and shall have no responsibility or liability for your sale of Travel Services via Duffel Links.
DATA PROCESSING ADDENDUM (DPA)
1. General
1.1. Definitions:
- Controller, processor, data subject, personal data, personal data breach, processing and appropriate technical and organisational measures: are all as defined in the Data Protection Legislation;
- “Data Protection Legislation”: in each case to the extent applicable to the processing activities, the UK Data Protection Legislation, the General Data Protection Regulation ((EU) 2016/679 (“GDPR”) and Directive 2002/58/EC as amended or replaced from time to time, and all other applicable laws which apply to Duffel and/or the Customer relating to processing of personal data and privacy that may exist in any relevant jurisdiction, including, where applicable, the guidance and codes of practice issued by supervisory authorities;
- “UK Data Protection Legislation”: all applicable data protection and privacy legislation in force from time to time in the UK including GDPR as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended);
- “Security Breach” means any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the personal data that is processed in the course of providing or using the Services.
1.2 Both parties shall comply with all applicable requirements of the Data Protection Legislation. This DPA is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
1.3 The Annex to this DPA lists all third-party sub-processors appointed by Duffel to process personal data and sets out the scope, nature and purpose of processing by Duffel, the duration of the processing, the types of personal data and categories of data subject.
1.4 Each party shall comply with all the obligations imposed on it under Data Protection Legislation, and any material breach of the Data Protection Legislation by one party shall, if not remedied within thirty (30) days of written notice from the other party (where remedy is possible), give grounds to the other party to terminate this Agreement with immediate effect.
2. Data protection
2.1 The parties acknowledge that (save where you are using Managed Content, in which case the provisions of section 3 below shall apply), if Duffel processes any of your Traveller’s personal data on your behalf when performing its obligations under the Agreement, you are the controller and Duffel is the processor for the purposes of the Data Protection Legislation. To the extent your customer is the controller and you are a processor, it is agreed that the controller retains control of the personal data and remains responsible for its compliance obligations under the applicable Data Protection Legislation.
2.2 Without prejudice to the generality of section 1, you shall ensure that you have all appropriate consents and notices in place to enable lawful transfer of the personal data to Duffel for the duration and purposes of the Agreement, so that Duffel may lawfully use, process and transfer the personal data on your behalf. To the extent your customer is the controller and you are a processor, you shall ensure that the controller: (i) has any required notices and consents in place to enable lawful processing of the personal data by you and Duffel; and (ii) has provided written processing instructions to you.
2.3 Duffel shall, in relation to any personal data processed in connection with the performance by Duffel of its obligations under the Agreement:
a. only process personal data as required to carry out our Services and as per any instructions you share with us, unless Duffel is required by Data Protection Legislation to process the personal data for any other purpose, in which case Duffel shall promptly notify you of this before performing the processing required, unless the applicable laws prohibit Duffel from such notification;
b. assist you, at your cost, in responding to any request from a data subject and in ensuring compliance with obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
c. notify you without undue delay on becoming aware of a Security Breach;
d. at your written direction, securely delete or return personal data to you on termination of the Agreement and/or completion of our respective obligations under the Agreement unless required by Data Protection Legislation to store the personal data (and for these purposes the term "delete" shall mean to put such data beyond use);
e. maintain complete and accurate records and information to demonstrate its compliance with this DPA and immediately inform you if, in the opinion of Duffel, an instruction infringes the Data Protection Legislation;
f. allow the Customer and its respective auditors or authorised agents to conduct audits or inspections during the term of the Agreement to verify compliance with this DPA and provide all reasonable assistance in order to assist the Customer in exercising its audit rights; and
g. ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures. At a minimum these include the technical and organisational measures set out in the Security Policy.
2.5 International transfers: Both parties acknowledge that the personal data may be transferred or stored outside the European Economic Area (“EEA”) and the United Kingdom (“UK”) or the country where you are located in order to provide or use the Services and otherwise perform the respective obligations under the Agreement. Neither party shall transfer any personal data outside of the EEA and the UK unless the following conditions are fulfilled: (i) the transferor has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; and (iii) the transferor complies with its obligations under the Data Protection Legislation by providing an adequate level of protection. If the transfer of personal data is to a country which does not ensure an adequate level of protection within the meaning of the relevant Data Protection Legislation, the following transfer mechanisms (collectively the “Standard Contractual Clauses”) shall automatically apply to such transfers:
a. where personal data that is subject to Data Protection Legislation in EEA is transferred out of the EEA, the standard contractual clauses annexed to the European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, including the text from modules two and/or three as applicable and not including any clauses marked as optional (“EU SCCs”); or
b. where personal data that is subject to the UK Data Protection Legislation is transferred out of the UK, the International Data Transfer Addendum to the EU SCCs where the EU SCCs can still be lawfully relied on for the relevant transfer of personal data, or the International Data Transfer Agreement where the EU SCCs do not apply to the transfer, both issued by the Information Commissioner’s Office under section 119A(1) of the UK Data Protection Act 2018.
The parties agree to comply with the obligations set out in the Standard Contractual Clauses as though they were set out in full in this Agreement, with the parties’ signature of the Agreement being deemed to be the signature and dating of the Standard Contractual Clauses and with the Annexes and/ or Appendices to the Standard Contractual Clauses being as set out in the Annex to this DPA. The parties agree that the aggregate liability to each other under or in connection with the Standard Contractual Clauses shall be limited as set out in clause 8.4 of the Agreement.
2.6 Sub-Processors: You consent to Duffel appointing third-party processors (“Sub-Processors”) of personal data under the Agreement. Those Sub-Processors approved as at the date of this Agreement are as set out in the Annex to this DPA. Duffel confirms that:
a. it has entered or (as the case may be) shall enter with the Sub-Processors into a written agreement incorporating terms which are substantially similar to those set out in this condition;
b. it will update the DPA to reflect any changes or additions to our list of Sub-Processors and provide written notice of such update. You may reasonably object to the appointment of a new Sub-Processor within two (2) working days of the date of this Agreement or, Duffel providing you with details, as applicable. You acknowledge that an objection may result in us being unable to offer our Services, where such Sub-Processors are essential to the provision of our Services; and.
c. such terms reflect and shall continue to reflect the requirements of the Data Protection Legislation. As between you and Duffel, Duffel shall remain fully liable for all acts or omissions of any Sub-Processors appointed by it pursuant to this DPA.
2.7 Suppliers: You accept that the Suppliers are independent data controllers in relation to any personal data and are not Sub-Processors of Duffel. As such, Duffel is not liable for the acts, omissions or failures of any such Supplier. You shall ensure that you have all necessary notices (including full information of the nature of the processing) and consents in place to enable the lawful transfer of the personal data to the Suppliers for the purposes of the Suppliers providing the Travel Services.
3. Shared personal data
3.1 The parties acknowledge that where you are using the Managed Content, you share personal data (“Shared Personal Data”) for the purposes of ticketing and supporting Orders (“Agreed Purposes”), and that the parties are separate controllers for the purposes of Data Protection Legislation. The Shared Personal Data shall be confined to the categories of information that are relevant to the provision of Managed Content.
3.2 Particular obligations relating to data sharing: Each party shall, as appropriate:
a. ensure that it has all necessary notices and consents in place to enable lawful transfer of the Shared Personal Data to the other party (including its employees, subcontractors and representatives and any Authorised Users) in this Agreement, Travellers, third party users of your platform booking Travel Services (to the extent different to the Traveller), or any third party engaged to perform obligations in connection with this Agreement (“Permitted Recipients”) for the Agreed Purposes;
b. give full information to any data subject whose personal data may be processed under this Agreement of the nature of such processing. This includes giving notice that, on the termination of this Agreement, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees;
c. process the Shared Personal Data only for the Agreed Purposes;
d. not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
e. ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by this Agreement;
f. ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, which in Duffel’s case shall be the measures set out in the Security Policy; and
g. not transfer any personal data outside the EEA unless it complies with section 2.5 of this DPA.
3.4 Mutual assistance: Each party shall assist the other in complying with all applicable requirements of the Data Protection Legislation. In particular, each party shall:
a. consult with the other party about any notices given to data subjects in relation to the Shared Personal Data;
b. promptly inform the other party about the receipt of any data subject access request;
c. provide the other party with reasonable assistance in complying with any data subject access request;
d. not disclose or release any Shared Personal Data in response to a data subject access request without first consulting the other party wherever possible;
e. assist the other party, at the cost of the other party, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to a Security Breach, data protection impact assessments and consultations with supervisory authorities or regulators;
f. notify the other party without undue delay on becoming aware of any breach of the Data Protection Legislation;
g. use compatible technology for the processing of Shared Personal Data to ensure that there is no lack of accuracy resulting from personal data transfers;
h. maintain complete and accurate records and information to demonstrate its compliance with this section 3; and
i. provide the other party with contact details of at least one employee as point of contact and responsible manager for all issues arising out of the Data Protection Legislation, the procedures to be followed in the event of a Security Breach, and the regular review of the parties' compliance with the Data Protection Legislation.
Annex to the DPA
A: LIST OF PARTIES
Data exporter:
- Name: Customer as set out in the Agreement
- Address: Customer address as set out in the Agreement
- Contact: Customer contact as set out in the Agreement
- Activities relevant to the data transferred: Use of the Services
- Signature and date: This Annex shall be deemed executed upon execution of the Agreement.
- Role: Controller (or processor if your customer is controller)
Data importer:
- Name: Duffel as set out in the Agreement
- Address: As set out in the Agreement
- Contact: privacy@duffel.com
- Activities relevant to the data transferred: Provision of the Services
- Signature and date: This Annex shall be deemed executed upon execution of the Agreement.
- Role: Processor (or controller for Managed Content)
B: DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred:
- Your Authorised Users
- Third party users of your platform booking Travel Services (to the extent different to the Traveller)
- Travellers
Categories of data personal data transferred:.
Traveller details including:
- Given Name
- Family Name
- Date of Birth
- Gender
- Passport Number
- Passport Issuance Number
- Passport Issuing Country
- Passport Expiry Date
- Contact Email Address
- Phone Number
- Loyalty Programme Information
- Payment Card Information
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures:.
- Passport Information
- For some travellers, additional sensitive data may be processed, such as health data, special needs or dietary requirements relating to religion.
Frequency of transfer (e.g. whether on a one-off or continuous basis) (EU SCCs only):.
On a continuous basis for the term of the Agreement.
Purpose(s) of the data transfer and further processing (EU SCCs only):.
Duffel shall process personal data for the purposes of providing the Services as per the terms of the Agreement, including enabling you to create Orders for Travel Services and where applicable to support the Orders.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period (EU SCCs only):
Duffel shall process personal data on your behalf until the later of (i) termination of the Agreement; or (ii) the expiry of all of Duffel’s obligations under the Agreement that require Duffel to process personal data on your behalf. Duffel shall retain the personal data for as long as necessary to provide the Services and/or to comply with applicable laws.
For transfers to (sub-) processors, the subject matter, nature and duration of the processing (EU SCCs only):.
Providing Services for the term of the Agreement.
C. COMPETENT SUPERVISORY AUTHORITY (EU SCCs only).
For EU SCCs, the competent supervisory authority determined in accordance with Clause 13 of the EU SCCs, which for the UK International Data Transfer Addendum is the Information Commissioner’s Office.
D. TECHNICAL AND ORGANISATIONAL MEASURES.
See Duffel’s Security Policy
E. LIST OF CURRENT SUB-PROCESSORS.
You agree and acknowledge that Duffel and its group entities may be retained as Sub-Processors. Duffel will keep the list of Sub-Processors below up-to-date and available online.
| COMPANY NAME | DATA | PURPOSE | LOCATION |
|---|---|---|---|
| Active Campaign LLC | Customer data | Marketing email and automation | US |
| Evervault Limited | Cardholder data | Payment processing | EU |
| FullStory, Inc. | Customer data and customer's customer data | User interactions | US |
| Google Analytics | Customer data | User analytics | EU |
| Google Ireland Limited | Customer data and customers’ customer data | Processing and storage (cloud service provider) | EU |
| Mailgun Technologies, Inc. | Customer data | Transactional emails, e.g. password reset | US |
| Mixpanel Inc. | Customer data | User analytics | US |
| OpenAI OpCo, LLC | Customer / User / Traveller data | Customer / Traveller Support | US |
| Pegasus Business Intelligence LP d.b.a Onyx Centre Source | Customer data and customer's customer data | Payment collections | US |
| Posthog, Inc. | Customer data | User analytics | US |
| Segment.io, Inc. | Customer data | User analytics | US |
| Sentry (Functional Software, Inc.) | Customer data and customers’ customer data | Error reporting and application monitoring (including IP addresses) | US |
| Slack Technologies, Inc. | Customer data | Customer support communications | US |
| Stream.IO, Inc. | Customer data | Customer / Traveller Support | US |
| Stripe Payments Europe Limited / Stripe Payments UK, Ltd | Cardholder data and Customer data | Payment processing | EU |
| Very Good Security, Inc. | Cardholder data | Storage and encryption of cardholder data | US |
| Zendesk, Inc. | Customer / User / Traveller data | Customer / Traveller Support | US |