Employee benefits renewal coming up? Get a free benefits review ->
Products

Health insurance

Pension contribution

Life assurance

Flexible benefits

Flex spend card

New Product

Effortlessly issue and manage employee benefit allowances on debit cards with automated controls and payroll reporting.

Auto-Enrolment

New Product

Sidestep the complexity and set up an Auto Enrolment exempt pension scheme in minutes with Kota.

CoveragePricingEmbedded
Resources

Blog

Dive into the world of benefits with news, announcements and in-depth blogs

Case studies

See why People and finance teams are loving Kota

Help

Already a customer? Get the answers you need here.

Log inBook a demo
Log inBook a demo

Health insurance

Pension contribution

Life assurance

Flexible benefits

Flex spend card

New Product

Effortlessly issue and manage employee benefit allowances on debit cards with 
automated controls and payroll reporting.

Auto-Enrolment

New Product

Sidestep the complexity and set up an Auto Enrolment exempt pension scheme in minutes with Kota.

Coverage
Pricing
Developers

Blog

Effortlessly issue and manage employee benefit allowances on debit cards with 
automated controls and payroll reporting.

Case studies

Effortlessly issue and manage employee benefit allowances on debit cards with 
automated controls and payroll reporting.

Help

Effortlessly issue and manage employee benefit allowances on debit cards with 
automated controls and payroll reporting.

Login
Book a demo
Log inBook a demo
Book a demo

Terms of Service

INTRODUCTION

These Terms of Service (Terms) govern all access to and use of the Kota smartphone application, the Kota website at www.kota.io and any related services made available by Kota (together, the Platform) and take effect from August 2026.

These Terms apply both to (a) the entity to whom Kota provides the Services (the Customer, typically the employer), and (b) each individual authorised by the Customer to access the Platform (each a User, typically an employee). References in these Terms to “you” and “your” mean the Customer and (where the context permits) Users.

By accessing, using or interacting with the Platform you confirm that you have read, understand and agree to comply with these Terms. If you do not agree with these Terms, you must immediately stop using the Platform.

If you are signing up for, accessing, or using the Platform on behalf of a user or employer, you confirm that you have the legal authority to bind them to these Terms.

Variation

Kota may amend these Terms from time to time. Where any amendment is material (meaning an amendment that has a material adverse effect on the Customer’s use of, or rights under, the Platform), Kota will give the Customer at least 30 days’ prior notice of the amendment by email, in-app notification, or by posting an updated version of these Terms on the Kota website. Where the Customer does not agree to a material amendment, the Customer’s sole remedy is to terminate the Agreement by written notice within 30 days of the notice of the amendment, without further liability save in respect of accrued rights as at the date of termination. Continued use of the Platform following the expiry of the notice period shall constitute acceptance of the amendment. Amendments which are not material may be made by Kota at any time without notice. Notwithstanding the foregoing, Kota may make any amendment required by law, regulation or order of a regulator at any time without notice. 

Documents incorporated into these Terms

These Terms should be read in conjunction with the following documents, where relevant. All of these documents are made available before any Customer or User proceeds with the Services and can be found on Kota’s website:

  • the Fee Letter (where one has been issued)
  • Kota’s Regulatory Information (including its EU and UK Terms of Business)
  • Kota’s Schedule of Fees and Charges
  • Kota’s Privacy Policy
  • Kota’s Cookie Policy
  • Kota’s Remuneration Policy

In the event of any conflict or inconsistency between these Terms and any document referred to above (other than the Fee Letter), these Terms shall prevail. The Fee Letter shall prevail over these Terms in respect of the commercial particulars expressly addressed in it.

1. DEFINITIONS

In these Terms, the following defined terms apply (additional definitions appear in the relevant clause where used):

Affiliate: in respect of an entity, any other entity directly or indirectly controlling, controlled by, or under common control with, that entity.

Agreement: these Terms, together with any Fee Letter, the documents listed under “Documents incorporated into these Terms”, and any Schedule or Addendum referred to in these Terms.

Confidential Information: as defined in clause 8.

Customer: the entity to whom Kota provides the Services, identified in the Fee Letter (if any) or otherwise the entity that procures or makes use of the Platform.

Customer Data: all data, content and information uploaded to, or otherwise made available by or on behalf of the Customer to, the Platform, including personal data of Users that the Customer (or a User on the Customer’s behalf) submits to the Platform.

Data Protection Laws: all data protection and privacy laws applicable to a party from time to time in the course of its performance of these Terms, including (as applicable) the EU General Data Protection Regulation (Regulation 2016/679), the UK General Data Protection Regulation, the UK Data Protection Act 2018, the Irish Data Protection Acts 1988 to 2018, and any successor or replacement legislation.

Documentation: any user guides, help materials, technical documentation or other instructional materials made available to the Customer or Users by Kota in connection with the Platform from time to time, whether in electronic form or otherwise.

Fee Letter: the written document signed by or otherwise accepted by the Customer setting out the commercial particulars (including Fees and billing date) for the Customer’s access to the Platform.

Fees: the fees payable by the Customer for the Services as set out in the Fee Letter, or (where no Fee Letter has been issued) as set out in Kota’s Schedule of Fees and Charges.

Intellectual Property Rights: all intellectual and industrial property rights, including patents, know-how, registered and unregistered trade marks, registered and unregistered designs, copyright, database rights, domain names, and any other rights in any invention, discovery, process or work.

Kota: Yonder Technology Limited (a company incorporated in Ireland, registered number 711366, registered and/or Yonder Financial Technology Limited (a company incorporated in England and Wales, registered number 14135818, registered office 34-37 Liverpool St, London EC2M 7PP, United Kingdom, each trading as Kota, as applicable to the Customer’s jurisdiction.

Partner: Kota’s insurance, pension, card or other third party benefits providers.

Platform: the Kota smartphone application, the Kota website at www.kota.io, and any related services made available by Kota.

Services: the provision of access to the Platform and any related services provided by Kota under these Terms or as otherwise specified in the Fee Letter.

Term: the period during which these Terms apply, as set out in clause 17.

User: an individual authorised by the Customer to access and use the Platform, typically an employee, contractor or other authorised representative of the Customer.

References to clauses are to clauses of these Terms; references to a statute include any amendment, extension or re-enactment of it; words following “including”, “for example” or similar are illustrative and do not limit what precedes them.

2. SERVICES

2.1 Kota provides the Platform for Employee Benefits services.

2.2 Kota does not accept any responsibility or legal liability whatsoever for any act or omission of any Partner or the Customer, save as expressly set out in these Terms.

2.3 Insurance or Pension Partners may enforce additional terms on the Customer in relation to insurance or pensions. Such additional terms will be made available to the Customer before the relevant service is procured.

2.4 Service improvements. Kota may change or modify the Services from time to time. Kota will give the Customer reasonable prior notice of any change only where such change is material and would substantially adversely affect the Customer’s use of the Services. If such a change has a material adverse effect on the Customer’s use of the Platform, the Customer’s sole remedy is to terminate the Services in accordance with clause 17.

2.5 Not bespoke. Unless otherwise agreed in writing, the Customer acknowledges that the Services have not been developed to meet the Customer’s or any User’s individual requirements and it is the Customer’s responsibility to ensure that the facilities and functions of the Services meet its own requirements.

3. PROVISION OF THE PLATFORM

3.1 Right to access. Subject to the Customer paying the Fees and complying with these Terms, Kota grants the Customer (and its Users) a personal, non-exclusive, non-transferable, non-sub-licensable, revocable right to use the Platform solely for the Customer’s internal business operations during the Term.

3.2 Availability. Kota will use commercially reasonable endeavours to make the Platform available 24 hours a day, 7 days a week, except for: (a) planned maintenance; and (b) unscheduled emergency maintenance. Kota does not warrant that access to the Platform will be uninterrupted or error-free.

3.3 Acknowledgement of limitations. The Customer acknowledges that the Platform may be subject to limitations, delays and other problems inherent in the use of internet and other communications networks, and that Kota is not responsible for any delays, delivery failures or other loss or damage resulting from such matters.

4. ACCOUNTS, USERS AND SECURITY

4.1 In order to access the Platform, a User must create an account and register a profile on the Platform. The User must provide a valid login name and a password (Account Information).

4.2 A User may also create an account by providing access via a third party account (such as Google), in which case the User consents to Kota’s access to the third party account and access to the Platform remains subject to compliance with the terms and conditions of the third party account and applicable privacy settings.

4.3 The User is responsible for keeping their Account Information secure. Each User shall:

  • not share their Account Information with any third party;
  • not use another person’s account or share their account information;
  • take all reasonable measures to prevent third party access to their account, including without their knowledge;
  • not loan, share, exchange, donate, sell, transfer or otherwise dispose of any account (which is fully prohibited and not enforceable against Kota); and
  • use a personal or professional email address to create the account.

4.4 The Customer and each User is solely responsible for the use, security and confidentiality of their account, irrespective of who is using it, whether with or without their permission.

4.5 Kota shall not be responsible for any loss, damage, claim or liability (whether financial or otherwise) suffered or incurred by the Customer or any User arising from (a) the Customer's or any User's failure to keep Account Information secure; (b) unauthorised access to or use of an account by any person; or (c) the Customer's failure to comply with its obligations under this clause 4

4.6 The Customer shall (a) ensure that all Users are aware of and comply with these Terms; (b) be responsible for any User’s access to or use of the Platform as if it were the Customer’s own act; and (c) immediately disable any User’s access where the User no longer requires access (for example on leaving employment) or where the User has breached these Terms.

4.7 All organisations should ensure that access to their account is monitored and reviewed regularly and Users who no longer need access are removed immediately in order to protect personal and confidential information.

5. CUSTOMER OBLIGATIONS

5.1 The Customer shall be fully responsible for any tax and other liability, deduction, contribution, assessment or claim arising from or made in connection with use of the Platform.

5.2 The Customer shall indemnify Kota against all reasonable costs and expenses and any tax, penalty, fine or interest incurred or payable by Kota arising out of or in connection with any such liability, deduction, contribution, assessment or claim, except to the extent it arises directly from Kota’s breach of these Terms or Kota’s negligence or wilful default. 

5.3 The Customer must cooperate with Kota and comply with all reasonable requirements, including providing information and documents relating to its use of the Platform.

5.4 The Customer shall: (a) perform its obligations under these Terms in a timely and efficient manner; (b) comply with all applicable laws and regulations with respect to its activities under these Terms and its use of the Services; (c) be solely responsible for the Customer’s own equipment, network connections, telecommunications links and internet connectivity used to access the Platform, and for any problems, delays or failures arising from them; and (d) operate best practice and ensure appropriate security precautions are taken in connection with its use of the Platform, including operating firewalls and virus checks.

Profile and information

5.5 The Customer and each User acknowledges that Kota and its Partners rely on the accuracy and completeness of all information provided during the registration process, in completing the User’s profile and in updating it on the Platform. The Customer and User shall be responsible for keeping their account details and profile up to date.

5.6 The Customer and each User warrants and represents that all information provided to Kota is accurate, complete and not misleading and remains so. The Customer and User must notify Kota of any change to such information.

5.7 Where relevant, the Customer must provide Kota with any additions, changes and cancellations of insured persons or members (employees). Kota will take the required actions on a reasonable timeframe and as communicated to the Customer.

User duties

5.8 Each User agrees to:

  • be of legal age to enter into a contract;
  • provide Kota with the required profile information;
  • provide Kota with all material information required by the relevant Partner;
  • provide Kota with any relevant updates which may affect their cover.

6. ACCEPTABLE USE AND RESTRICTIONS

6.1 The Customer shall not (and shall procure that its Users shall not):

  • use the Platform to store, transmit or distribute any material, or otherwise act in any manner, that is unlawful, infringes any third party’s rights (including privacy or intellectual property rights), is defamatory or harassing, or that introduces any virus, worm, malware or other harmful code;
  • copy, reproduce, modify, create derivative works from, frame, mirror, republish, download, transmit, or distribute any part of the Platform in any form or by any means, except as expressly permitted under these Terms;
  • reverse compile, disassemble, reverse engineer or otherwise attempt to derive the source code of, or the underlying ideas, algorithms or trade secrets in, the Platform;
  • access or use the Platform to build a competing product or service, or to copy any features, functions or graphics of the Platform;
  • license, sell, rent, lease, transfer, assign, distribute, disclose or otherwise commercially exploit, or make the Platform available to, anyone other than authorised Users;
  • attempt to obtain, or assist any third party to obtain, unauthorised access to the Platform; or
  • use the Platform to provide services to third parties or for the benefit of any third party, except as expressly agreed in writing with Kota.

6.2 Kota reserves the right, without liability, to remove any material and to suspend or disable access to the Platform in accordance with clause 12 in the event of any breach of this clause 6. 

7. DATA AND DATA PROTECTION

7.1 Application of policies. The Customer has been made aware  (and shall ensure that its Users will be made aware) of Kota’s Privacy Policy and Cookie Policy, which describe how Kota processes personal data in connection with the Platform. The Privacy Policy and Cookie Policy are available on Kota’s website and may be amended in accordance with the Variation paragraph in the Introduction to these Terms.

Data ownership

7.2 The Customer shall own all Customer Data uploaded by or on behalf of the Customer to the Platform, and shall be solely responsible for the accuracy, completeness, legality and intellectual property rights in or to such Customer Data, including obtaining all necessary rights, consents and authorisations to upload Customer Data and to permit Kota to process it under these Terms. Kota shall own all non-personal data generated or collected by Kota in providing the Services, including aggregated and anonymised data. Where Kota processes personal data collected directly from Users for the purposes of administering the Services or for compliance with its own legal and regulatory obligations, Kota acts as a controller in accordance with clause 7.3 and the Privacy Policy. 

‍

Roles under Data Protection Laws

7.3 The Customer and Kota acknowledge that, in the course of providing the Services Kota acts as a controller in respect of personal data that Kota collects directly from Users, personal data Kota processes for the purposes of administering the Services or for compliance with Kota’s own legal and regulatory obligations, and personal data are processed in connection with insurance, pension or other regulated services where Kota is required by applicable law to act as a controller.

The detailed obligations of each party are set out in Kota’s Data Privacy Policy. In the event of any conflict between this clause 7 and the Data Privacy Policy, the Data Privacy Policy shall prevail. 

Where both parties process personal data as independent controllers in connection with the Services, the parties' respective obligations are further set out in the Data Sharing Addendum appended hereto. The Data Sharing Addendum forms part of and is incorporated into these Terms. In the event of any conflict between the Data Sharing Addendum and the body of these Terms in respect of controller-to-controller data sharing, the Data Sharing Addendum shall prevail.

Compliance

7.4 Compliance. Each party shall comply with applicable Data Protection Laws in respect of the personal data it processes under or in connection with these Terms.

8. CONFIDENTIALITY

8.1 Definition. “Confidential Information” means all information disclosed by a party (the “Disclosing Party”) to the other (the “Receiving Party”) that is either designated as confidential at the time of disclosure or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Customer Data is the Customer’s Confidential Information; the Platform, the Services and the Documentation are Kota’s Confidential Information; and the terms of any Fee Letter (including pricing) are the Confidential Information of both parties.

8.2 Exclusions. Confidential Information does not include information that: (a) is or becomes publicly available without breach of these Terms; (b) was lawfully known to the Receiving Party before disclosure; (c) is lawfully received from a third party without confidentiality restriction; or (d) is independently developed by the Receiving Party.

8.3 Protection and use. The Receiving Party shall use the same degree of care it uses to protect its own confidential information of like kind, but in any event no less than reasonable care, to: (a) not use the Disclosing Party’s Confidential Information for any purpose outside the scope of these Terms; and (b) limit access to those of its and its Affiliates’ employees, officers and contractors who need access for purposes consistent with these Terms and who are subject to confidentiality obligations no less protective than those in this clause. Kota may disclose Confidential Information to its sub-processors and Partners to the extent necessary to perform Kota’s obligations under these Terms, under terms of confidentiality no less protective than those in this clause.

8.4 Compelled disclosure. The Receiving Party may disclose Confidential Information to the extent compelled by law, court order or regulator, provided that the Receiving Party gives the Disclosing Party prior written notice (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.

8.5 Duration. The obligations in this clause 8 continue during the Term and thereafter for so long as the relevant Confidential Information remains confidential.

8.6 Equitable relief. Each party acknowledges that any actual or threatened breach of this clause 8 may cause irreparable harm to the Disclosing Party and that the Disclosing Party may seek injunctive or other equitable relief in addition to any other remedies available.

9. INTELLECTUAL PROPERTY

9.1 Ownership of the Platform. The Customer acknowledges and agrees that Kota and/or its licensors are the sole and exclusive owners of all Intellectual Property Rights and other proprietary rights in the Platform, the Services and any related documentation. Except as expressly set out in these Terms, no right, title or interest in any Intellectual Property Rights is transferred to the Customer or any User.

9.2 All content on the Platform is Kota’s copyright and property and may be used for any purpose relating to the Platform or Kota’s business. Without Kota’s express written permission, the Customer (and Users) shall not copy the Platform for the Customer’s own commercial purposes, including:

  • replicating or using the details and profiles of any Customer or Partner;
  • replicating all or part of the Services or Platform in any way;
  • using any “deep-link”, “robot”, “spider”, “page-scrape” or other automatic device, programme, algorithm or methodology, or any similar or equivalent manual process, to access, acquire, copy or monitor any portion of the Platform, profiles or content; or
  • incorporating all or part of the Platform in any other webpage, website, platform, application or other digital or non-digital format.

9.3 All content remains Kota’s Intellectual Property, including (without limitation) any source code, product recipes, usage data, ideas, enhancements, feature requests, suggestions or other information provided by any Partner or any Customer.

10. THIRD PARTY SERVICES AND INTEGRATIONS

10.1 The Platform may contain information and advertising from third party businesses, people and websites (Third Parties). The Customer (and Users) consent to receiving this information as part of their use of the Platform.

10.2 Kota is not responsible for any information transmitted by Third Parties or liable for any reliance the Customer (or any User) makes upon the services provided by, or information or statements conveyed by, Third Parties (or in relation to dealings with Third Parties), nor for the accuracy of any advertisements. This is described in more detail in Kota’s Privacy Policy.

10.3 Third Parties operate under their own terms and regulatory frameworks. Kota is not responsible for their actions, omissions or services, and use of such services is entirely at the Customer’s (or User’s) discretion and subject to those Third Parties’ own terms.

10.4 Platform integrations. Where the Platform offers the ability to integrate with third party products, software or applications, the Customer acknowledges that: (a) operation may depend on the Customer accepting and complying with the relevant third party terms; (b) such integrations may not operate reliably at all times and may impact the Platform; (c) Kota is not responsible for any losses arising from the use, operation or failure of such integrations; and (d) the relevant third party may at any time remove, disable or discontinue the integration.

11. FEES AND PAYMENT

11.1 The Customer agrees to pay the Fees as set out in the Fee Letter. Insurance and Pension contributions are separate to the Fees.

11.2 Payments will generally be collected on the 10th of each calendar month, with the exception of UK services, which will be collected on the 1st of each calendar month, or as otherwise specified in the Fee Letter. Customers may change their payment details via the “Billing” section of the Platform.

11.3 If a policy is cancelled, the direct debit will remain active to collect any monies owed.

11.4 Kota sets out its Schedule of Fees and Charges on its website, which includes additional fees and charges that are not addressed in the Fee Letter. Kota reserves the right to update these at any time and will notify the Customer of any material changes.

11.5 Kota sets out its Remuneration Policy on its website. This will be maintained on Kota’s website.

Late payment, defaults and cancellations

11.6 Kota will enforce cancellation proceedings if the Customer defaults on payments and the Customer’s access to the Platform may be revoked. Kota reserves the right to levy additional charges for missed payments.

11.7 Cancellations. Kota will enforce cancellation of a policy due to, but not limited to, non-payment, non-disclosure, provision of incorrect information or failure to submit necessary documentation within a required timeframe by the policyholder.

11.8 Nature of Fees. All Fees are non-cancellable and non-refundable, save where a refund is expressly required by these Terms or by applicable law. Fees are exclusive of VAT and any other applicable taxes, which shall be added at the appropriate rate.

Refunds

11.10 The Kota Platform fee is non-refundable. Where the Customer is due a return of premium or fees or charges, Kota will communicate the timelines accordingly and will refund through the original method of payment.

12. SUSPENSION

12.1 Grounds for suspension. Without limiting any of its other rights or remedies, Kota may suspend access to the Platform (in whole or in part) at any time and without liability to the Customer where Kota reasonably determines that:

  • the Customer or any User is using the Platform in breach of these Terms, including in breach of clause 6 (Acceptable Use and Restrictions);
  • the Customer or any User is using the Platform in a way that, in Kota’s judgement, threatens the security, integrity or availability of the Platform, or that poses a risk of harm or liability to Kota, the Platform or other users;
  • the Customer or any User is using the Platform in violation of applicable law;
  • the Platform is, or appears to be, the subject of any attack, unauthorised access or third-party manipulation;
  • Kota is required by law, regulator or court order to suspend access; or
  • Fees or other amounts owed by the Customer remain overdue beyond the periods set out in clause 11.

12.2 Customer cooperation. The Customer shall cooperate with any reasonable investigation Kota carries out in connection with a suspected breach. Failure to cooperate is itself a ground for suspension under clause 12.1.

12.3 Notice. Where the Platform is or appears to be subject to attack or unauthorised access, where suspension is required by law, regulator or court order, or where Kota reasonably determines immediate suspension is necessary, Kota may suspend access without prior notice and shall notify the Customer of the suspension as soon as reasonably practicable. In all other cases, Kota shall give the Customer reasonable prior notice and a reasonable opportunity to remedy the underlying issue, having regard to the nature and severity of the issue.

12.4 Restoration. Kota shall promptly restore access to the Platform once the cause of the suspension has been resolved to its reasonable satisfaction.

12.5 Effect on payment. Suspension of access (other than where caused directly by Kota’s breach of these Terms) does not relieve the Customer of its obligation to pay Fees during the period of suspension. 

13. PLATFORM AVAILABILITY

13.1 The Customer (and User) acknowledges that, save for Kota’s commitments under clause 3.2, Kota is not required to keep the Platform available at all times and makes no warranty that the Platform will operate continuously or error-free.

13.2 Subject to clause 16, Kota is not responsible for the unavailability of the Platform, or any interruption or malfunction caused by failures of Kota’s internet provider or web hosting service provider, third party intrusions or force majeure, and the Customer agrees that Kota is not liable for any loss or damage that results from inability to access the Platform in such circumstances.

14. AFFILIATES AND SUB-CONTRACTORS

14.1 The Customer’s Affiliates may use the Platform under the Customer’s account, provided that (a) such use is in accordance with these Terms and any applicable usage limits; (b) the Customer is liable for each Affiliate’s acts, omissions and breaches of these Terms; (c) any claims brought against Kota in connection with such use must be brought by the Customer; and (d) Kota shall have no direct contractual or other obligation to any Affiliate, and Kota’s liability to the Customer in respect of any Affiliate’s use of the Platform is in all respects subject to the limitations and exclusions in clause 16. 

15. INDEMNIFICATION

15.1 Customer’s indemnity to Kota. The Customer shall defend Kota and its Affiliates, officers, directors, employees and contractors from and against any third party claim, demand, suit or proceeding made or brought against Kota (each a “Claim Against Kota”) arising from or based on the Customer’s or any User’s use of the Platform, the Customer’s breach of these Terms, or the Customer’s or any User’s fraud, gross negligence or wilful misconduct, including (without limitation) any Claim Against Kota arising from or based on:

  • any Customer Data or the Customer’s or any User’s use of Customer Data in connection with the Platform;
  • any third-party application, integration or configuration provided by the Customer or used by the Customer with the Platform;
  • the Customer’s breach of any terms, conditions or policies of any Partner; or
  • any claim by a User who is the Customer’s employee, former employee or contractor relating to their entitlement to, or access to, benefits administered through the Platform,

and the Customer shall indemnify Kota for all damages, reasonable legal fees and costs finally awarded against Kota, or for any amounts paid by Kota in a settlement approved by the Customer in writing, in connection with such Claim Against Kota.

15.2 Kota’s IP indemnity to the Customer. Subject to clauses 15.4 and 15.7, Kota shall defend the Customer against any third party claim, demand, suit or proceeding made or brought against the Customer alleging that the Customer’s authorised use of the Platform infringes or misappropriates the intellectual property rights of that third party (an “IP Claim”), and shall indemnify the Customer from any damages, reasonable legal fees and costs finally awarded against the Customer, or for any amounts paid by the Customer in a settlement approved by Kota in writing, in connection with such IP Claim.

15.3 Procedure. Each party’s obligations under clauses 15.1 and 15.2 are conditional on the indemnified party (a) promptly giving the indemnifying party written notice of the relevant third party claim; (b) giving the indemnifying party sole control of the defence and settlement of that claim, except that the indemnifying party may not settle the claim unless the settlement unconditionally releases the indemnified party of all liability and does not admit fault on the indemnified party’s behalf; and (c) providing the indemnifying party with all reasonable assistance at the indemnifying party’s expense.

15.4 Exclusions to Kota’s IP indemnity. Kota shall have no obligation under clause 15.2 to the extent the alleged infringement arises from:

  • the Customer’s or any User’s breach of these Terms or applicable law (including any unauthorised modification of the Platform, or use of the Platform in combination with other software, hardware or data not provided or approved by Kota);
  • any Customer Data or content uploaded by or on behalf of the Customer or any User;
  • the Customer’s continued use of the Platform after notice of the alleged infringement; or
  • any element of the Platform provided to the Customer at no charge or under a free trial, free tier or beta.

15.5 Mitigation. If an IP Claim arises, or in Kota’s reasonable opinion is likely to arise, Kota may at its option and expense: (a) procure for the Customer the right to continue using the Platform; (b) modify or replace the affected parts of the Platform so they become non-infringing without materially diminishing the Platform’s functionality; or (c) terminate the Customer’s access to the affected parts of the Platform on 30 days’ written notice and refund any prepaid Fees covering the remainder of the then-current term that relate to the parts of the Platform terminated.

15.6 The Customer’s liability under this clause 15 is subject to the limitations and exclusions in clause 16. 

15.7 Kota’s total aggregate liability in respect of any and all claims arising under clause 15.2 shall not exceed €200,000.

16. LIMITATION OF LIABILITY

16.1 Disclaimers. Except as expressly and specifically provided in these Terms, the Services are provided “as is” and “as available”, and Kota makes no representation or warranty of any kind, whether express or implied, regarding the Services’ timeliness, error-free operation or fitness for any particular purpose. 

16.2 Liability that is not limited or excluded. Nothing in these Terms excludes or limits the liability of either party for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability which cannot lawfully be excluded or limited.

‍

16.3 General cap on liability

Subject to clauses 16.2 and 16.4, and except in respect of the Customer’s obligation to pay Fees under these Terms together with the Customer’s obligations under Clause 6.1 and Clause 9.2 and Kota’s liability under Clause 15.7, each party’s total aggregate liability arising under or in connection with these Terms in any 12-month period, whether in contract, tort (including negligence), breach of statutory duty, misrepresentation, restitution or otherwise, shall not exceed the greater of: (a) the total amount of Fees paid or payable by the Customer to Kota under these Terms in the twelve (12) months preceding the first event giving rise to the claim; or (b) €100,000.

16.4 Exclusion of consequential losses. Subject to clause 16.2, neither party shall be liable to the other, whether in contract, tort (including negligence), breach of statutory duty or otherwise, for: (a) loss of profits, revenue, business, goodwill or anticipated savings; (b) loss or corruption of data; or (c) any indirect, special, punitive, exemplary or consequential loss or damage, in each case howsoever arising. 

Additional liability provisions

16.5 Kota Spend. Kota makes no representations or warranties regarding the availability, accuracy or operation of the Kota Spend card, which is issued and managed by Stripe. Subject to clause 16.2, Kota shall not be liable for any direct or indirect losses or damages arising from or related to the operation of the card, including delays, declined transactions, or service outages, nor for any losses arising from unauthorised or fraudulent use of a card (including where such use occurs as a result of mismanagement or misuse by an employer, employee, organisation, administrator or User).

16.6 Acts and omissions of Partners. Subject to clause 16.2, Kota shall have no liability for any act or omission of any Partner or for any product or service provided by any Partner.

17. TERM AND TERMINATION

17.1 Term. These Terms apply from the date the Customer first accesses or uses the Platform (or, where there is a Fee Letter, from the date of that Fee Letter) and continue until terminated in accordance with this clause 17.

17.2 Termination for convenience. Either party may terminate these Terms (or any individual Service) for convenience on 30 days’ written notice to the other party, save where a longer or shorter notice period is set out in the relevant Fee Letter.

17.3 Termination for breach. Without affecting any other rights, either party may terminate these Terms by written notice without liability if the other party: (a) commits a material breach of these Terms and (if remediable) fails to remedy that breach within 30 days of being notified in writing of the breach; or (b) becomes subject to insolvency proceedings, has a receiver or administrator appointed, passes a resolution for winding up (other than for a solvent reconstruction), enters into a voluntary arrangement with its creditors, or ceases or threatens to cease to carry on business.

17.4 Kota’s additional termination rights. Without affecting any other rights, Kota may terminate these Terms for breach if (a) any Fees or other invoiced amount remains overdue (other than where disputed in good faith) for more than 7 business days after a further written notice from Kota; or (b) the Customer breaches clause 6 (Acceptable Use and Restrictions).

17.5 Cancellations by Kota. Kota will enforce cancellation of a policy due to, but not limited to, non-payment, non-disclosure, provision of incorrect information or failure to submit necessary documentation within a required timeframe.

17.6 Consequences of termination. On termination of these Terms:

  • all access to the Platform shall cease;
  • Kota shall delete Customer Data in its possession in accordance with applicable laws;
  • each party shall promptly return or destroy the other party’s Confidential Information in its possession or control, save that a party may retain (i) one archival copy for legal and compliance purposes; and (ii) copies required to be retained by applicable law;
  • the accrued rights and obligations of the parties as at termination shall not be affected; and
  • clauses that by their nature should survive termination (including clauses 5.1–5.2 (tax), 7 (Data), 8 (Confidentiality), 9 (IP), 15 (Indemnity), 16 (Liability), 17.6 (Consequences) and 22 (Governing law) and any related Schedule) and the Data Sharing Addendum shall survive termination.

18. MARKETING

18.1 Customer use of Kota brand. The Customer shall not produce any marketing material for Kota’s services or use Kota’s name, logo or trade marks on any marketing material for the Services without the prior written consent of Kota. Where Kota gives such consent, the Customer shall comply with all instructions Kota makes available regarding the use of Kota’s name, logo and trade marks.

18.2 Specific approvals. Kota will obtain the Customer’s prior written approval (not unreasonably withheld or delayed) before publishing case studies, testimonials, endorsements or customer quotes featuring the Customer’s brand assets. Generic use of the Customer’s logo or name to identify the Customer as a Kota customer does not require separate approval.

19. FORCE MAJEURE

Neither party shall have any liability under these Terms if it or its sub-contractor is prevented from or delayed in performing its obligations by acts, events, omissions or accidents beyond its reasonable control, including (without limitation) strikes or other industrial disputes, internet or telecommunications failures, denial of service attacks, compliance with any law or governmental order, fire, flood, storm, pandemic or other outbreak of disease (each a “Force Majeure Event”). The affected party shall notify the other party as soon as reasonably practicable, providing details and expected duration, and use commercially reasonable efforts to minimise impact. If a Force Majeure Event persists for more than 4 weeks, either party may terminate these Terms by written notice without liability, save in respect of accrued rights as at the date of termination. 

20. GENERAL

20.1 Entire agreement. The Agreement constitutes the entire agreement between the parties and supersedes any previous arrangement, understanding or agreement between them relating to its subject matter. Each party acknowledges that in entering into the Agreement it does not rely on any undertaking, promise, representation or warranty other than as expressly set out in the Agreement.

20.2 Assignment. Neither party may assign, transfer, charge, sub-contract or deal in any other manner with any of its rights or obligations under these Terms without the other party’s prior written consent (such consent not to be unreasonably withheld or delayed), provided that either party may assign these Terms in whole, without consent, to (a) an Affiliate; or (b) a successor in connection with a merger, sale of substantially all of its assets or business, reorganisation, or change of control, in each case on terms no less favourable to the Terms set out herein. 

20.3 Severance. If any provision (or part of a provision) of these Terms is found to be invalid, unenforceable or illegal, the other provisions shall remain in force.

20.4 Waiver. No failure or delay by a party to exercise any right or remedy shall constitute a waiver of that or any other right or remedy.

20.5 Third party rights. The Agreement does not confer any rights on any person or party other than the parties to it (and, where applicable, their successors and permitted assigns).

20.6 Relationship. Nothing in these Terms creates a partnership, joint venture, agency, franchise or employment relationship between the parties.

21. NOTICES

21.1 Any notice required to be given under these Terms shall be in writing and shall be delivered (a) by hand or sent by pre-paid first-class post or registered post to the addressee at the address set out for such party in any Fee Letter or, in the case of Kota, to its registered office; or (b) by email, in the case of notices to Kota, to legal@kota.io (as updated by Kota from time to time), and in the case of notices to the Customer, to the email address provided by the Customer.

21.2 A notice delivered by hand is deemed received when delivered (or if delivered outside business hours, at 9 a.m. on the next business day). A correctly addressed notice sent by post is deemed received at the time it would have been delivered in the normal course of post. A notice sent by email is deemed received at 9 a.m. on the next business day after sending.

22. GOVERNING LAW AND JURISDICTION

22.1 Governing law. These Terms and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with them or their subject matter or formation shall be governed by, and construed in accordance with, the law of Ireland.

22.2 Jurisdiction. Each party irrevocably agrees that the courts of Ireland shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or their subject matter or formation (including non-contractual disputes or claims).

23. CONTACT AND COMPLAINTS

If you wish to contact Kota in relation to these Terms or for any other reason, please contact support@kota.io. If you have a complaint, please see Kota’s help centre for details of how to complain.

REGULATORY ANNEX

This Regulatory Annex contains additional terms specific to Kota’s regulated activities and to particular jurisdictions or product lines. The provisions in this Annex form part of these Terms. In the event of any conflict between the main body of these Terms and this Annex in respect of the matters addressed in the Annex, the Annex shall prevail.

A1. CARDS — KOTA SPEND

Kota may provide access to a card, known as “Kota Spend”, issued and operated by Stripe.

For UK users:

Cards are issued by Stripe Payments UK Limited, which is an electronic money institution authorised by the Financial Conduct Authority (firm reference number: 900461) for the issuing of electronic money. Cards are issued under the Visa card scheme pursuant to a license from Visa Europe Limited.

For European users:

Cards are issued by Stripe Technology Europe Limited, an electronic money institution authorised by the Central Bank of Ireland (firm reference number: C187865). Cards are issued under the Visa card scheme pursuant to a license from Visa Europe Limited.

Kota Spend is designed to facilitate eligible employee benefit spending, such as wellness or flexible benefits, as permitted under the employer’s benefit policy.

Issuance and regulation

  • The card is issued by Stripe, who is responsible for its regulatory and compliance obligations as a regulated e-money and payment services provider.
  • Kota is not the issuer of the card, does not hold client money, and is not authorised as a payments or e-money institution.
  • Kota acts solely as an unregulated service provider in this context, offering the Platform through which the User may access the card and associated services.
  • All account management and transaction processing are handled by Stripe, under its own regulatory framework and terms.

Relationship with Stripe

By using the Kota Spend card, the User agrees to the Stripe Issuer Terms and any other related policies that govern the card’s use.

  • UK User Agreement: https://stripe.com/gb/legal/ssa
  • European User Agreement: https://stripe.com/ie/legal/ssa

Kota facilitates access to Kota Spend but does not at any point: hold, control, or manage funds; execute payments or authorise transactions; or provide payment or e-money services.

Employers and Users must comply with all applicable Stripe terms, including anti-fraud and anti-money laundering requirements. Kota may share relevant account and usage data with Stripe for fraud monitoring and compliance purposes.

Kota provides the software services enabling the User to view, manage and use their allocated benefits balance in connection with the Kota Spend.

Card access and security

Where the Platform provides access to a Kota Spend issued by Stripe, the Customer (and, where applicable, the User) is responsible for ensuring that access to card functionality and funds is strictly limited to authorised users.

Employers and administrators must ensure that only eligible employees may access or use the card. Each User must take reasonable steps to prevent misuse, loss or theft of any card details, credentials or login information.

Kota and Stripe rely on the accuracy of the information and user permissions configured by the Customer. Kota accepts no responsibility for losses, unauthorised spending, or fraud resulting from: misuse of the card or Platform by employers, employees or third parties; failure by the Customer to properly manage or restrict access; or any fraudulent or unauthorised activity carried out under the User’s account or by their representatives.

If the Customer or User suspects unauthorised use or fraud, they must immediately notify both Stripe and Kota via the contact details provided in their account.

Card payments

  • Funding allocations are determined by the employer and processed via Stripe.
  • Kota does not control or process these funds directly.
  • Refunds, chargebacks or payment reversals relating to the card are governed by Stripe’s policies.

A2. IRELAND PENSION SERVICES ADDENDUM

Effective: March 2026

Purpose and scope

This Pension Services Addendum supplements and forms part of the Kota Terms of Service. It applies to all Customers using the Platform in connection with occupational pension scheme (OPS) administration and, specifically, with maintaining OPS exemption from enrolment in MyFutureFund (MFF) under the Automatic Enrolment Retirement Savings System Act 2024 (the Act) and associated regulations, including the Section 52 Regulations signed December 2025 (“Section 52 Regulations”).

In the event of any conflict between this Addendum and the Terms in relation to pension services, this Addendum shall prevail. Capitalised terms not defined in this Addendum have the meanings given to them in the Terms.

Role of Kota — calculation and file generation only

  • Kota provides a software platform that: (a) calculates employer and employee pension contribution amounts based on data provided by the Customer; and (b) generates payroll contribution files for the Customer to incorporate into their payroll submissions to Revenue as set out in the Act.
  • Kota does not directly submit any data to the Office of the Revenue Commissioners (“Revenue”) or to the National Automatic Enrolment Retirement Savings Authority (“NAERSA”). Kota is not a payroll processor and does not operate as one.
  • Whether an employment is treated as exempt from MFF enrolment is determined by NAERSA based on Revenue payroll data submitted by the Customer (or their payroll provider). Kota’s calculations and file outputs do not themselves constitute a Revenue submission and do not establish or guarantee OPS exemption status. Kota’s calculations and file outputs are based solely on the information provided by the Customer, who shall ensure all relevant information is correct and up to date.
  • Kota makes no representation and gives no warranty that use of the Platform will result in OPS exemption from MFF for any employee or group of employees. OPS exemption is determined by NAERSA and is outside Kota’s control.

Customer obligations

Payroll submission responsibility

  • The Customer is solely responsible for incorporating Kota’s payroll contribution files into (i) the Customer’s payroll software and (ii) the Customer’s Revenue submissions, accurately and on time and in order to comply with the Act.
  • It is the Customer’s responsibility to ensure that each payroll submission to Revenue reflects the correct OPS contribution amounts generated by the Platform for that period. If a Customer submits a payroll return to Revenue without including the pension contributions as set out in Kota’s payroll file, Kota bears no responsibility for any resulting failure of OPS exemption, NAERSA enforcement action, or automatic enrolment in MFF or any non-compliance with the Act.
  • It is the Customer’s responsibility to incorporate any Supplementary Payroll File issued by Kota (including for new joiners or mid-period changes) into the relevant Revenue submission before that submission is made. Failure to do so may result in NAERSA determining that an employee is eligible for MFF enrolment and NAERSA issuing an Automatic Enrolment Payroll Notification (AEPN).
  • The Customer acknowledges that where an employee receives an AEPN and is enrolled into MFF, they will notify Kota as soon as reasonably practicable. The Customer acknowledges that in such circumstances, it is the obligation of the employee to opt out of this enrolment in accordance with the timelines set out in the Act, if the employee does not wish to be enrolled into MFF, and the Customer agrees to communicate this obligation to the employee.
  • The Customer acknowledges that under the Act, if an OPS falls below the minimum thresholds under NAERSA assessment, the employee may be enrolled into MFF in addition to the existing OPS (Dual Enrolment). The Customer agrees to notify Kota (where applicable) and the employee in these circumstances and acknowledges that Kota will not be held responsible for any Dual Enrolment.

Basic salary and gross pay data

  • The accuracy of Kota’s contribution calculations depends entirely on the accuracy and completeness of the data provided by the Customer. The Customer must provide Kota with all relevant pay data (Gross Pay Data) for each employee, which includes but is not limited to:
    • base salary or regular wages (“Basic Salary”);
    • bonuses, commissions, performance-related payments and other variable payments;
    • benefits in kind (BIK) where assessable for pension contribution purposes; and
    • any other variable or additional remuneration paid in the relevant period.
  • The Customer must provide Gross Pay Data to the Platform before the applicable billing run each month. Kota will calculate contributions based on the Gross Pay Data available at the time of each billing run. If Gross Pay Data is not provided in time, Kota will calculate contributions on the basis of the Basic Salary available and will not recalculate retrospectively for that period.
  • The Customer is responsible for any failure of OPS exemption that results from incomplete or inaccurate Gross Pay Data submitted to Kota. Kota accepts no responsibility or liability for any failure of OPS exemption resulting from inaccurate data provided by the Customer.

New joiners

  • Where an employee commences employment between the Primary Billing Run Date and the Customer’s payroll date they will be considered a New Joiner. The Customer’s obligation under the Act requires that an OPS contribution appears in that New Joiner’s first Revenue payroll submission.
  • Kota will generate a supplementary payroll file to capture New Joiners ahead of the Customer’s payroll date (‘Supplementary Payroll File’) and will notify the Customer of employees included. The Customer is responsible for ensuring this Supplementary Payroll File is incorporated into the relevant Revenue submission before it is made.
  • Where the Customer fails to act on the Supplementary Payroll File notification or submits payroll before incorporating Kota’s Supplementary Payroll File, Kota cannot guarantee that a new joiner’s first Revenue submission will include an OPS contribution. Kota accepts no responsibility or liability for any failure of OPS contribution where the Customer fails to act on the Supplementary Payroll File provided by Kota.

Onboarding and configuration

  • The Customer must provide Kota with necessary and accurate information at onboarding and keep that information updated, including but not limited to payroll date, contribution rates, and employee details.
  • The Customer is responsible for communicating to their employees the default contribution percentages applied by the Platform, the fact that employees may increase but not decrease contributions below the compliance floor, and the purpose of those defaults. In circumstances where an employee is either correctly or incorrectly auto enrolled in MFF, the Customer is responsible for notifying the employee of same and notifying the employee of their sole obligation to opt out of this enrolment in accordance with the timelines set out in the Act if they so wish.

Billing mechanics and post-billing adjustments

  • Pension contributions are currently billed on the Primary Billing Run Date (currently the 10th of each calendar month, or such other date as agreed between Kota and the Customer). A supplementary billing run is executed on the Customer’s payroll date to capture New Joiners and any payments not included in the primary run.
  • Once a billing run has been executed and contributions collected, and those contributions are sent to the relevant provider, Kota will not be in a position to apply any edits or refunds. In the event that any contributions have not yet been invested by the relevant provider, Kota may, in the event of an error, and on request from the Customer, arrange for such contributions to be returned in full to the Customer. If the Customer becomes aware of an overpayment or error after billing has run, any adjustment must be handled by the Customer directly in their payroll records. Kota may, at its discretion, accommodate a corrective adjustment in a subsequent billing period, but is under no obligation to do so.
  • Kota will add explicit disclosure of these billing mechanics at the point where the Customer configures their billing date on the Platform.

Limitation of liability — pension compliance

To the fullest extent permitted by applicable law, Kota shall not be liable for:

  • any failure by an employee’s employment to qualify for OPS exemption from MyFutureFund, where that failure results from the Customer’s failure to incorporate Kota’s payroll files into their Revenue submissions;
  • any NAERSA enforcement action, AEPN, or automatic enrolment in MFF arising from data submitted by the Customer to Revenue that does not reflect the contribution amounts calculated by Kota;
  • any Dual Enrolment that occurs after an AEPN has been issued; once issued, an AEPN cannot be reversed by Kota;
  • any contribution shortfall or compliance failure resulting from incomplete, inaccurate, or late Gross Pay Data provided by the Customer;
  • any regulatory changes made after the date of this Addendum that affect the minimum contribution standards or OPS exemption criteria, where Kota has not yet updated the Platform to reflect those changes; or
  • circumstances where a Customer fails to notify an employee of a miscalculation of pension contribution or incorrect data submitted to Revenue, which results in either enrolment in MFF or Dual Enrolment, and/or in circumstances where an obligation rests with an employee to opt out of an enrolment.

Nothing in this Addendum limits Kota’s liability for death or personal injury caused by its negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be excluded by law.

Regulatory framework and platform updates

  • The MyFutureFund scheme commenced on 1 January 2026. Certain aspects of NAERSA’s operational approach (including its methodology for assessing exemption, treatment of benefits in kind, and evidence requirements) continue to evolve. Kota’s Platform approach is based on the Act, the Section 52 Regulations, and applicable NAERSA guidance current at the time of implementation and may change from time to time.
  • Kota may update the Platform as regulatory requirements develop and as NAERSA’s guidance changes. However, Kota does not warrant that the Platform will at all times reflect the most current regulatory position, and Customers should monitor NAERSA guidance directly.
  • Where Kota identifies a material change to the minimum contribution standards or exemption criteria, it will endeavour to notify affected Customers as soon as reasonably practicable.

Scope limitation — multiple employments

  • Kota’s Platform applies to the employment relationship between the Customer (as employer) and each employee enrolled on the Platform. Kota does not assess, and has no visibility into or obligation in respect of, an employee’s other employments.
  • The €20,000 MFF eligibility threshold is assessed by NAERSA across all of an employee’s employments. OPS exemption applies per employment. Kota’s compliance tools apply solely to the employment managed through the Platform and do not consider contributions made on behalf of employees under any other employment.
  • Customers with employees in multiple employments should take independent advice on how the eligibility and exemption rules apply to those employees. Kota accepts no responsibility or liability for any miscalculation of contributions for an employee with multiple employments.

Customer acknowledgement

By continuing to use the Kota Platform for pension administration services, the Customer confirms that it has read and understood this Addendum and, in particular, acknowledges:

  • Kota generates contribution calculations and payroll files but does not submit data to Revenue on the Customer’s behalf; this is the responsibility of the Customer;
  • OPS exemption status is determined by NAERSA based on data submitted to Revenue, and this data along with notification is the Customer’s responsibility;
  • the Customer must provide Kota with complete Gross Pay Data, including all variable remuneration, before each billing run;
  • contribution adjustments or refunds will not be applied after a billing run has executed;
  • if the Customer submits data to Revenue in advance of incorporating Kota’s contribution calculations, the contribution will not appear for the pay period;
  • the regulatory framework governing MFF is evolving and Kota will update the Platform as regulatory requirements develop;
  • requirements and obligations under the Act apply to the Customer and Kota shall at no time accept responsibility for compliance with the Act; and
  • the Platform generates the payroll file and notifies the Customer, but cannot force incorporation into the Customer’s Revenue submission. If the Customer submits payroll without the pension contribution data provided by Kota, Revenue data will show no OPS for that employee, and NAERSA may issue an AEPN.

‍

DATA SHARING ADDENDUM

‍

This Data Sharing Addendum (the “Addendum”) is appended to, and forms part of, the Kota Terms of Service. It sets out the framework under which Kota and the Customer share Personal Data with each other as independent controllers in connection with the Services.

In the event of any conflict between this Addendum and the main body of the Kota Terms of Service in respect of controller-to-controller data sharing arrangements, this Addendum shall prevail. 

Capitalised terms not defined in this Addendum have the meaning given to them in the Kota Terms of Service.

1. Definitions

In this Addendum, the following definitions apply:

“Agreed Purposes”

the provision of the Services, and the performance by each party of its respective obligations, under the Kota Terms of Service.

“Controller”, “processor”, “data subject”, “personal data”, “personal data breach”, “processing”, and “appropriate technical and organisational measures”

have the meanings given to them in the Data Protection Laws.

“Data Discloser”

the party disclosing Shared Personal Data to the other party under this Addendum. Each of Kota and the Customer may, in respect of different categories of Shared Personal Data, act as Data Discloser.

“Data Protection Laws”

has the meaning given to it in the Kota Terms of Service, including (as applicable) the EU GDPR, the UK GDPR, the UK Data Protection Act 2018 and the Irish Data Protection Acts 1988 to 2018.

“EU GDPR”

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation).

“UK GDPR”

has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the UK Data Protection Act 2018.

“Permitted Recipients”

the parties to the Kota Terms of Service, the employees of each party who reasonably require access for the performance of the Kota Terms of Service, and any third parties engaged by either party to perform obligations in connection with the Kota Terms of Service (subject to clause 4(e) below).

“Shared Personal Data”

the Personal Data shared between the parties under this Addendum, confined to the categories of data identified in the relevant privacy notice or as otherwise notified by the Data Discloser to the other party from time to time.

 

2. Shared personal data

2.1 This Addendum sets out the framework for the sharing of Personal Data between the parties as independent controllers. Each party acknowledges that the other party (in its capacity as Data Discloser in respect of the relevant data) will from time to time disclose Shared Personal Data collected by it for the Agreed Purposes.

2.2 Each party shall act as a separate and independent controller in respect of the Shared Personal Data it processes under this Addendum and shall be individually responsible for compliance with the Data Protection Laws applicable to it.

3. Effect of non-compliance with Data Protection Laws

Each party shall comply with all the obligations imposed on a controller under the Data Protection Laws. Any material breach of the Data Protection Laws by one party shall, if not remedied within 30 days of written notice from the other party, give grounds to the other party to terminate the Kota Terms of Service with immediate effect (and where the material breach is irremediable, the other party may terminate immediately).

4. Particular obligations relating to data sharing

Each party shall:

(a) ensure that it has all necessary notices, consents and lawful bases in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;

(b) give full information to any data subject whose Personal Data may be processed under this Addendum of the nature of such processing, including notice that, on the termination of the Kota Terms of Service, Personal Data relating to them may be retained by, or transferred to, one or more of the Permitted Recipients, their successors and assignees;

(c) process the Shared Personal Data only for the Agreed Purposes;

(d) not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;

(e) where applicable, ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by this Addendum;

(f) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data; and

(g) not transfer any Personal Data received from the Data Discloser outside the United Kingdom or the European Economic Area unless the transferor ensures that: (i) the transfer is to a country approved under the applicable Data Protection Laws as providing adequate protection; (ii) there are appropriate safeguards or binding corporate rules in place pursuant to the applicable Data Protection Laws; (iii) the transferor otherwise complies with its obligations under the applicable Data Protection Laws by providing an adequate level of protection to any Personal Data that is transferred; or (iv) one of the derogations for specific situations in the applicable Data Protection Laws applies to the transfer.

5. Mutual assistance

Each party shall assist the other in complying with all applicable requirements of the Data Protection Laws. In particular, each party shall:

(a) consult with the other party about any notices given to data subjects in relation to the Shared Personal Data;

(b) promptly inform the other party of the receipt of any data subject rights request relating to the Shared Personal Data;

(c) provide the other party with reasonable assistance in complying with any data subject rights request;

(d) not disclose, release, amend, delete or block any Shared Personal Data in response to a data subject rights request without first consulting the other party wherever possible;

(e) assist the other party, at the cost of that other party, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Laws with respect to security, personal data breach notifications, data protection impact assessments and consultations with the Information Commissioner, the Data Protection Commission, or any other competent supervisory authority;

(f) notify the other party without undue delay upon becoming aware of a Personal Data Breach affecting the Shared Personal Data;

(g) at the written direction of the Data Discloser, delete or return Shared Personal Data and copies thereof to the Data Discloser on termination of the Kota Terms of Service, unless required by law to retain the Shared Personal Data;

(h) use compatible technology for the processing of Shared Personal Data so as to ensure that there is no lack of accuracy resulting from Personal Data transfers;

(i) maintain complete and accurate records and information to demonstrate its compliance with this Addendum and allow for audits by the other party or the other party's designated auditor; and

(j) provide the other party with the contact details of at least one employee as point of contact and responsible manager for all issues arising out of the Data Protection Laws, including the joint training of relevant staff, the procedures to be followed in the event of a data security breach, and the regular review of the parties' compliance with the Data Protection Laws.

6. Relationship with the Terms of Service

6.1 This Addendum forms part of, and is subject to, the Kota Terms of Service. Any limitation or exclusion of liability in the Kota Terms of Service applies to each party's liability under this Addendum, save to the extent any such limitation or exclusion is prohibited by the Data Protection Laws.

6.2 This Addendum shall remain in force for as long as either party processes Shared Personal Data received from the other party under or in connection with the Kota Terms of Service.

6.3 This Addendum is governed by, and shall be construed in accordance with, the law identified in the governing law clause of the Kota Terms of Service, and the parties submit to the exclusive jurisdiction of the courts identified in that clause.

‍

Benefits you and your employees will love using

Benefits

Critical illness coverDeath in service coverDental insuranceEmployee pensionEmployee spend cardFlexible benefitsHealth cash plansHealth insuranceIncome protectionLife insurance

Platform

Benefits administrationBenefits managementBenefits tracking

Company

CareersChangelogHelp centreSecurityTrust centre

Resources

BenchmarkBlogCustomersEventsReferral programme
© Copyright 2026
Built with love from Europe

Yonder Technology Limited, trading as Kota, is regulated by the Central Bank of Ireland. Registered in Ireland (Company No. 711366) with registered office at 21 Holles Street, Dublin 2, D02 HR94. Yonder Financial Technology Ltd, trading as Kota, is an appointed representative of Innovative Risk Labs Ltd, under Firm Reference Number 1006553. Innovative Risk Labs Ltd is authorised and regulated by the Financial Conduct Authority, under FRN 609155. Registered in England and Wales, under Company Number 14135818. Registered Office Address 34-37 Liverpool St, London EC2M 7PP, United Kingdom.

Terms of service
Privacy Policy
Terms of business
Schedule of fees and charges
Remuneration
Regulatory information