Términos de Compartición de Datos Multi-Entidad

1. Purpose and Scope

1.1. These Multi-Legal-Entity Data Sharing Terms ("Terms") govern the optional sharing of data between separate legal entities ("Customer Entities") using the Tiquo platform.

1.2. These Terms apply only to Customer-to-Customer data sharing through the platform and do not modify any other agreement between a Customer Entity and Tiquo, including the Tiquo Platform Terms, the Tiquo Data Processing Agreement ("DPA"), or any order form.

1.3. These Terms do not create any joint responsibility, joint controllership, or shared liability between Tiquo and any Customer Entity, nor between Customer Entities and Tiquo.

1.4. In the event of conflict, the order of precedence is: (a) the applicable order form or subscription agreement, (b) the Platform Terms, (c) the DPA, and (d) these Terms.

2. Roles and Responsibilities

2.1 Tiquo's Role

Tiquo provides a technical platform that Customer Entities may use to enable shared operational workflows. Tiquo acts solely as a service provider and does not participate in, direct, govern, validate, or approve any data sharing between Customer Entities.

In respect of any personal data processed by Tiquo on behalf of a Customer Entity, Tiquo acts as a processor under the DPA. Tiquo does not become a controller, joint controller, or data recipient by virtue of enabling Customer-to-Customer sharing.

2.2 Customer Entities' Role

Each Customer Entity:

• acts independently and is solely responsible for all data it uploads, accesses, shares, or receives;
• determines its own purposes and means of data use;
• is responsible for ensuring that its data-sharing arrangements comply with all applicable laws, including data protection, competition, and sectoral regulation; and
• is responsible for its own configuration of access controls, permissions, and visibility rules within the platform.

Customer Entities remain entirely separate and independent. Their use of the platform does not create any joint venture, partnership, agency, or fiduciary relationship between them, nor with Tiquo.

3. Customer-to-Customer Data Sharing

3.1. The platform may enable Customer Entities to share operational, transactional, or customer data with one another. All such sharing is optional and fully controlled by Customer Entities.

3.2. All sharing is initiated, authorised, and managed solely by Customer Entities through their own permissions, access controls, and configuration settings.

3.3. Tiquo does not:

• validate, review, or approve shared data;
• determine whether sharing is lawful or appropriate;
• monitor, supervise, or govern Customer sharing arrangements;
• mediate or resolve disputes between Customer Entities; or
• act as a clearing house, reseller, or aggregator of shared data.

3.4. Each Customer Entity is solely responsible for ensuring that it has the appropriate rights, permissions, and lawful basis to share data with another entity and to receive data from another entity.

4. Data Protection

4.1. Each Customer Entity acts as an independent controller for the purposes of applicable data protection legislation (including the UK GDPR, EU GDPR, the Swiss revFADP, and the CCPA/CPRA) in respect of any personal data it shares with or receives from another Customer Entity through the platform.

4.2. Before enabling data sharing, each Customer Entity shall:

• identify an appropriate lawful basis for the sharing under applicable data protection law;
• where Customer Entities intend to share personal data on an ongoing basis, put in place a written data sharing agreement between themselves that addresses, at a minimum: the categories of data shared; the purposes of processing; the lawful basis relied upon; handling of data subject rights; security measures; and retention and deletion arrangements;
• provide appropriate transparency information to affected data subjects under Articles 13 and 14 of the UK GDPR or EU GDPR (or equivalent);
• conduct a data protection impact assessment where required under Article 35 of the UK GDPR or EU GDPR (or equivalent); and
• ensure that appropriate cross-border transfer mechanisms are in place where Customer Entities are established in different jurisdictions.

4.3. Tiquo is not a party to any data sharing agreement between Customer Entities and has no obligation to verify that such agreements are in place. Tiquo may, however, require a Customer Entity to confirm compliance with this Section 4 before enabling certain sharing features.

4.4. Each Customer Entity will cooperate in good faith with any other Customer Entity to handle data subject requests, complaints, and regulatory enquiries relating to shared personal data.

5. No Liability for Tiquo

5.1. To the maximum extent permitted by law, Tiquo has no responsibility or liability whatsoever for:

• data shared between Customer Entities;
• access granted by one Customer Entity to another;
• misconfigurations, incorrect permissions, or over-permissive access controls set by a Customer Entity;
• the accuracy, content, or legality of any shared data;
• any operational, commercial, legal, regulatory, or financial consequences arising from Customer-to-Customer data sharing; or
• disputes, claims, or losses arising between Customer Entities.

5.2. All risks associated with inter-entity data sharing rest entirely with the Customer Entities involved. Each Customer Entity shall indemnify Tiquo against any claims, losses, or liabilities arising from that Customer Entity's sharing decisions, configuration, or breach of these Terms, to the extent permitted under the Platform Terms.

6. Access Controls and Permissions

6.1. Customer Entities are entirely responsible for configuring and maintaining their own roles, permissions, visibility rules, and access restrictions within the platform.

6.2. Tiquo provides access-control tooling and reasonable documentation but does not check, review, or verify how Customer Entities configure it.

6.3. Tiquo has no liability for outcomes resulting from:

• over-granting access;
• failing to restrict or revoke access in a timely manner;
• incorrect or misaligned permissions within or between Customer Entities; or
• use of shared credentials by Customer Entity personnel.

6.4. Customer Entities are responsible for reviewing their access configurations periodically and whenever there is a change in personnel, corporate structure, or commercial relationship.

7. Payment Data

7.1. Where the services include payment processing functionality, such processing is governed by the Platform Terms and the Tiquo PCI Attestation. Where Customer Entities choose to split or allocate payments across multiple legal entities, such arrangements are solely their responsibility.

7.2. Tiquo does not store, process, or transmit full payment card data on its own systems. Card data is handled by Tiquo's PCI DSS validated payment processor (Stripe). Any limited card metadata retained for operational purposes is handled in accordance with the Privacy Policy and the DPA.

8. Lawfulness and Compliance

8.1. Customer Entities are solely responsible for ensuring that any data shared between them is lawful, properly authorised, and compliant with all applicable requirements, including anti-money laundering, competition, consumer protection, and sector-specific regulation.

8.2. Customer Entities must not rely on Tiquo to assess the legality or appropriateness of their sharing arrangements.

8.3. Tiquo does not provide legal, compliance, governance, or regulatory advice regarding data sharing.

9. Data Accuracy and Use

9.1. Customer Entities are responsible for determining the accuracy, completeness, and suitability of any data they share or receive.

9.2. Tiquo is not responsible for verifying or validating shared data or its use by Customer Entities.

10. Security Responsibilities

10.1. Tiquo provides secure platform infrastructure in accordance with the DPA and Tiquo's security documentation, but does not control or govern how Customer Entities use the platform, configure sharing, or grant access.

10.2. Customer Entities are responsible for their own internal security practices, including user access management, device security, phishing awareness, and internal data handling.

10.3. Where a Customer Entity becomes aware of a security incident affecting shared data, it shall notify the relevant other Customer Entity or Entities without undue delay, and notify Tiquo at security@tiquo.co where the incident may involve the platform.

11. Termination of Sharing Arrangements

11.1. Customer Entities may modify or terminate data-sharing relationships at any time through their own platform settings.

11.2. On termination of a sharing arrangement, each Customer Entity is responsible for:

• revoking access to shared data through its own platform configuration;
• deleting, anonymising, or returning personal data received from another Customer Entity where it has no further lawful basis to retain it;
• notifying its own data subjects where required by applicable data protection law; and
• completing any data subject requests in flight at the time of termination.

11.3. Tiquo is not responsible for enforcing, validating, or monitoring the termination of Customer Entity access or sharing.

12. Changes to these Terms

12.1. Tiquo may update these Terms from time to time to reflect changes in the platform, applicable law, or regulatory guidance. Where a change is material, Tiquo will provide reasonable prior notice to the Customer administrator.

12.2. These Terms are reviewed at least annually.

13. Governing Law

13.1. These Terms are governed by and construed in accordance with the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

13.2. Disputes between Customer Entities arising from data sharing are a matter between those Customer Entities and are not subject to these Terms, except insofar as they relate to the operation of the platform.