Terms of Service

Updated at: 01-06-2026

e-Learning Terms and Conditions 

Effective: 1 June 2026 

These Terms and Conditions apply to the sale and supply of e-learning courses, learning materials, related digital content, and access to the online learning platform made available by Compliance Taxi Limited ("we", "us" or "our"). By placing an order, registering for an account, or accessing any course or portal, the customer agrees to be bound by these Terms and Conditions. 

1. Definitions and interpretation 
In these Terms and Conditions:  

"Business Customer" means a customer purchasing wholly or mainly for purposes of its trade, business, craft or profession;  

 "Courses" means the online courses, programmes, assessments, resources and related digital content offered by us;  

Consumer” means a customer who is an individual acting for purposes which are wholly or mainly outside that individual's trade, business, craft or profession; 

"Learner" means any individual user to whom access to a Course is provided;  

LMS” means the learning management system used by us to host and deliver the Portal and Courses from time to time; 

"Order" means a request to purchase Courses or Services, whether placed through the Portal, a checkout page, a proposal, an Order Form, email, or any other method accepted by us;  

"Order Confirmation" means our acceptance of an Order; 

Order Form” means a written or electronic proposal, quotation, or order document signed or accepted by both parties setting out the specific Courses, Services, pricing, access periods, and other terms applicable to a particular Order; 

 "Payment Processor" means Third-party payment provider used to process payments; and  

"Portal" means our branded online learning portal through which the Courses and related services are delivered, which is operated using third-party hosted LMS technology;  

"Services" means the supply of Courses, Learner access, support, reporting, and related services described in the Order. 

Headings are for convenience only and do not affect interpretation. References to legislation include amendments, re-enactments, and subordinate legislation in force from time to time. 

2. About us and contact details 
We are Compliance Taxi Limited, a company incorporated in United Kingdom with company number 11497121 and registered office at Elsley Court, 20-22 Great Titchfield Street, London, United Kingdom, W1W 8BE

Our contact email for customer service, billing, and legal notices is e-Learning@rqcgroup.com. Our normal support hours are 9am to 5.30pm Monday to Friday. 

Where the Portal is white-labelled or branded in our name, the contract for the sale of Courses is between you and us, not between you and the underlying LMS provider, payment processors or any other third-party service provider, except that their own platform terms may separately govern your use of their services.  We may change the underlying LMS provider or other third-party service providers from time to time, provided that any such change does not materially adversely affect the Services. 

3. Scope and order of precedence 
These Terms and Conditions apply to all Orders unless we agree otherwise in writing. 

If there is any inconsistency between these Terms and Conditions, an Order Form or proposal signed by the parties, a statement of work, and specific course information shown at checkout, the following order of precedence applies (with the document listed first prevailing over those listed after it) unless expressly stated otherwise: (a) signed Order Form or proposal; (b) these Terms and Conditions; (c) course-specific information; and (d) any purchase order terms or other customer terms, which are excluded unless we expressly accept them in writing. 

Any purchase order, acknowledgement, or similar document issued by the customer is for the customer’s internal administrative purposes only and does not form part of any contract between the parties. Our acceptance of, or our acting in accordance with, any such document shall not constitute acceptance of any terms and conditions contained in or referred to in that document. 

4. Eligibility, accounts, and authority 
Customers must provide complete and accurate registration, billing, and account information and keep it up to date. We may suspend or terminate access if any information provided is materially inaccurate, incomplete, or misleading. 

If an Order is placed on behalf of a company, partnership, charity, public body, or other organisation, the person placing the Order confirms that they have full authority to bind that organisation to these Terms and Conditions. 

You are responsible for maintaining the confidentiality and security of all account credentials, including usernames and passwords, and for ensuring that Learners do the same. You are liable for all activity carried out through your account credentials, whether or not authorised by you, and you must notify us immediately if you become aware of any unauthorised access or security breach. 

5. Formation of contract 
An Order constitutes an offer by the customer to purchase the relevant Courses or Services. 

The contract is formed only when we issue an Order Confirmation, activate access to the Course, or otherwise notify you that we accept the Order. 

We may decline any Order at our discretion, including where pricing information is incorrect, the requested Course is unavailable, eligibility checks are not met, or fraud or misuse is suspected. 

6. Course access and licence 
Subject to payment and compliance with these Terms and Conditions, we grant the customer and authorised Learners a limited, non-exclusive, non-transferable, revocable licence to access and use the purchased Courses for internal training and learning purposes only during the access period stated in the Order or course description. The licence is for online access through the Portal only, unless we expressly provide downloadable materials as part of the Course. The licence terminates automatically on expiry of the applicable access period, and the customer and Learners shall have no further right to access or use the Course thereafter. 

Access rights are personal to the named Learner unless the Order expressly allows reassignment. Shared logins are prohibited. 

Unless stated otherwise in the Order Form, access to any course is available for six weeks from the date of enrollment. 

Unless expressly stated otherwise, no sale, transfer, or assignment of intellectual property rights is made under these Terms and Conditions. All intellectual property rights in the Courses and any materials provided remain the exclusive property of Compliance Taxi Limited and/or its licensors. 

Any third-party LMS providers or processors engaged by us may process customer content and Learner data only to the extent necessary to provide the Services. Such data will not be used to train artificial intelligence or machine learning models, or for unrelated analytics or product development, unless you expressly authorise that use in writing or such use is required by law. 

7. Delivery of digital content 
Courses are delivered electronically through the Portal. Delivery takes place when access credentials are issued, a Learner is enrolled, or the Course is otherwise made available in the Portal. 

Course availability may depend on internet access, device compatibility, browser settings, and third-party integrations outside our reasonable control. 

We may update, improve, substitute, or withdraw minor features, resources, or presentation aspects of the Portal or a Course to reflect changes in relevant laws and regulatory requirements, to implement minor technical adjustments and improvements (for example, to address a security threat), or to update digital content, provided that the overall nature and core learning purpose of the purchased Course are not materially adversely affected. If we make a change that materially adversely affects a Consumer’s use of a Course, the Consumer may contact us to end the contract and receive a refund for any Courses paid for but not yet substantially delivered. 

8. Customer obligations 
The customer must: (a) ensure that all information supplied to us is accurate and up to date; (b) ensure Learners comply with these Terms and Conditions and any Portal rules; (c) use the Courses only for lawful purposes and in accordance with any usage guidelines we provide; (d) maintain suitable systems, devices, internet connectivity, and security arrangements; (e) cooperate with us where reasonably required for enrolment, support, or investigation of misuse; (f) ensure that the number of Learners accessing the Courses does not exceed the number of licences or seats purchased; (g) not permit any third party to access the Courses unless expressly authorised by us; and (h) comply with all applicable laws and regulations, including data protection legislation, in connection with any personal data provided to us or processed through the Portal. 

The customer is responsible for selecting Courses that meet its own requirements. It is the customer’s sole responsibility to determine that the Courses meet the needs of the customer’s business and are suitable for the purpose for which they are used. Unless expressly agreed in writing, we do not warrant that any Course will satisfy a particular regulatory, professional, or internal policy requirement of the customer. 

9. Acceptable use restrictions 
You must not allow any Learner or third party to: copy, reproduce, republish, distribute, sell, rent, sublicense, broadcast, or exploit any Course content except as expressly permitted; reverse engineer or attempt to extract source code from any software element of the Portal; upload malicious code; interfere with security or performance; use automated means to scrape or harvest content or user data; impersonate others; or use the Portal in a way that is unlawful, defamatory, infringing, abusive, discriminatory, or harmful. 

We may suspend or terminate access immediately where we reasonably believe there has been unauthorised use, a security risk, non-payment, or a breach of these Terms and Conditions. 

We may also suspend supply to deal with technical problems or make minor technical changes, to update the Courses to reflect changes in relevant laws and regulatory requirements, or to make changes to the Courses as described in section 7. We will contact you in advance to tell you we are suspending access, unless the problem is urgent or an emergency. If we suspend access for more than 30 consecutive days, you may contact us to end the contract and we will refund any sums you have paid in advance for Courses you will not receive. 

10. Pricing, taxes, and payment 
Prices are as displayed on the Portal, quotation, or Order Form at the time of purchase, unless an obvious error has occurred. 

Unless stated otherwise, prices are exclusive of VAT and any other applicable taxes, which shall be payable in addition where legally chargeable. If the rate of VAT changes between your Order date and the date we supply the Course, we adjust the rate of VAT that you pay, unless you have already paid in full before the change in the rate of VAT takes effect. 

Payment is due in accordance with the checkout process, invoice, or Order Form. For online purchases, payment must be made by an approved method accepted through the Portal. For offline purchases payment must be made via bank transfer, in accordance with the invoice provided. Invoices for offline purchases may be issued using our accounting platform. 

Payments processed by third-party payment providers are also subject to the relevant provider’s own terms, policies, verification requirements, acceptable use rules, and fraud controls. We are not responsible for acts or omissions of those providers, delays caused by them, or any separate contract between you and them. 

If payment is not made on time, we may suspend access, refuse new enrolments, charge interest and recovery costs where permitted by law, and/or terminate the contract after giving notice. 

If the customer disputes any invoice in good faith, the customer must notify us in writing within 14 days of the invoice date, specifying in reasonable detail the nature and basis of the dispute. The customer must pay all undisputed amounts by the due date. Failure to notify a dispute within the 14-day period shall constitute acceptance of the invoice. We will investigate disputed amounts promptly and in good faith, and if the dispute is resolved in the customer’s favour, we will credit or refund any overpayment. Pending resolution of any dispute, we shall not exercise our rights to suspend access or terminate the contract solely in respect of the disputed amount, provided that all undisputed amounts have been paid when due. 

11. Subscriptions, renewals, and bundles 
If any Course subscription is sold on a recurring or time-limited basis, the applicable term, renewal mechanics, course limits, expiry dates, and any non-use consequences will be stated in the Order Form. 

Unless expressly stated otherwise in the Order Form, unused courses, credits, or access rights do not roll over to any subsequent period and are non-refundable. The customer has no right to any refund, credit, or extension in respect of unused entitlements at the end of an access period or subscription term. 

12. Promotions and discounts 
Promotional pricing, discount codes, and discounts apply only on the terms stated with the offer, are personal to the original recipient, may be withdrawn or modified at any time before contract formation, and cannot be combined with other offers or discounts unless expressly stated otherwise. Promotional pricing applies only to the initial term and does not apply to any renewal period unless expressly stated. 

We may cancel or refuse any discount or promotional benefit where misuse, fraud, duplication, manipulation, or technical error is suspected, or where the customer does not meet any eligibility criteria for the promotion. 

13. Consumer cancellation rights 
If you are a Consumer, you have a legal right to change your mind within 14 days and receive a refund. 

Your legal right to change your mind. If you are a Consumer and purchase a Course online or otherwise at a distance, you have a legal right to change your mind about your purchase and receive a refund of what you paid for it. The cancellation period expires 14 days after the day on which we confirm acceptance of your Order. To cancel, please contact our e-Learning team at e-Learning@rqcgroup.com. We will refund you as soon as possible and within 14 days of you telling us you have changed your mind. We will refund you by the method you used for payment. We do not charge a fee for the refund. 

When you can’t change your mind. You cannot change your mind about an order for a Course after you have started to access or stream it, where you have given your express consent to immediate supply and acknowledged that you will lose your cancellation right. 

Giving your consent to immediate supply. Where you ask us to begin supplying a Course during the cancellation period, and confirm that you acknowledge that: 

  1. a) immediate access will start; and 
 
  1. b) you will lose your cancellation right once the Course has been fully supplied, you agree that access may begin immediately. Once the Course has been supplied in full after you have given the required consent and acknowledgment, you lose the statutory right to cancel. 

Nothing in these Terms and Conditions affects any non-excludable statutory rights. 

14. Refunds and business-customer cancellations 
For Business Customers, all purchases are final and non-refundable unless these Terms and Conditions, the Order Form, or a specific refund policy expressly states otherwise. 

If we agree in our sole discretion to offer a refund, we may deduct the value of any access already provided, administration costs, third-party fees, and any promotional discounts or credits previously applied. Any refund will be made using the same payment method used for the original purchase, unless otherwise agreed. 

Without limiting the foregoing, no refund is due for: (a) failure to complete a Course or any part of it; (b) change of mind by a Business Customer; (c) lack of compatible equipment, software, or browser; (d) internet connectivity issues or technical problems outside our reasonable control; (e) breach by the customer of these Terms and Conditions; (f) dissatisfaction with Course content, format, or outcomes; (g) failure to achieve any particular result, qualification, or accreditation; or (h) circumstances that would otherwise entitle the customer to terminate under these Terms and Conditions where we have offered a reasonable remedy or substitute. 

15. Course changes, postponement, and withdrawal 
We may make reasonable changes to Course titles, descriptions, content, format, release dates, duration, or supporting materials where needed to improve quality, correct errors, reflect changes in law or guidance, address operational or technical issues, or maintain platform functionality. 

If we discontinue a purchased Course before substantial delivery and cannot provide a reasonable substitute acceptable to us, we will notify the customer and refund any sums paid in advance for the affected undelivered Course. This refund shall be the customer’s sole and exclusive remedy in respect of any Course discontinuation or withdrawal, and we shall have no further liability to the customer in connection with such discontinuation. 

16. Certification and outcomes 
Where a Course includes a certificate, completion record, or assessment outcome, this will only be issued where the stated completion criteria are met and any applicable fees have been paid in full. We may withhold or revoke any certificate or completion record if we subsequently determine that the completion criteria were not genuinely met or that there was any fraud, cheating, or misrepresentation by the Learner. 

Unless expressly stated otherwise in writing, completion of a Course does not guarantee any external accreditation, professional qualification, employment outcome, regulatory approval, competence level, or business result. The customer acknowledges that any third-party accreditation, recognition, or CPD allocation is subject to the requirements of the relevant accrediting body and is outside our control. We accept no liability for any failure to obtain or maintain any external accreditation or recognition. 

17. Intellectual property rights 
All intellectual property rights in the Courses, Portal branding supplied by us, text, graphics, video, audio, assessments, downloadable materials, reports, and related content are owned by us and/or our licensors and remain vested in us and/or our licensors at all times. Nothing in these Terms and Conditions shall operate to transfer, assign, or grant to the customer or any Learner any intellectual property rights in any Course, Portal, or any materials provided by us. The customer’s rights to access and use the Courses are limited to the licence granted in section 6 and are subject to the acceptable use restrictions in section 9. 

The customer shall not remove copyright notices, trademarks, confidentiality legends, or other proprietary markings. 

If the customer or a Learner submits feedback, suggestions, reviews, comments, or ideas relating to the Courses or Portal, we may use, incorporate, sublicense, and exploit those materials without restriction, attribution, or payment, provided that this does not override applicable data protection law or confidentiality obligations. 

18. Data protection and privacy 
Each party shall comply with applicable data protection law. 

The customer acknowledges that use of the Portal involves the processing of personal data. Our handling of personal data is described in our privacy notice, which is made available on the Portal and at checkout and registration. Customers should review the privacy notice before placing an Order. 

The Business Customer is responsible for ensuring it has an appropriate lawful basis and has provided all necessary notices to Learners before providing their personal data to us for enrolment or administration. 

The processing of personal data in connection with the Services is governed by our Data Processing Agreement, which can be found in the appendix to these Terms and Conditions. By placing an Order, Business Customers agree to be bound by the terms of the Data Processing Agreement as in force at the time of the Order. 

19. Third-party services and platform dependencies 
The Portal is delivered using third-party infrastructure and services, including (as at the date of these Terms and Conditions), LearnUpon as the underlying LMS and payment providers such as Stripe and PayPal. We may change third-party providers from time to time in accordance with section 2.  

Certain features may also depend on email providers, browsers, identity systems, analytics tools, or cloud hosting services. 

We do not control third-party services and do not guarantee that they will be available without interruption at all times. We are not liable for outages, delays, or failures caused by third-party networks, software, payment gateways, telecommunications, hosting providers, or force majeure events, except to the extent liability cannot legally be excluded. 

Our LMS provider disclaims all warranties of fitness for a particular purpose and non-infringement in respect of the platform. Accordingly, we do not pass through any warranty from our LMS provider to the customer beyond the express warranties stated in section 21 of these Terms and Conditions 

Learners may also be required to comply with relevant third-party terms when interacting with those services. 

20. Support, maintenance, and availability 
We will use reasonable care and skill in making the Courses available and in providing any support expressly included with the purchase. 

Unless expressly agreed in writing, support does not include bespoke consultancy, custom content development, customer IT administration, or guaranteed response times. 

We may carry out maintenance, updates, and security changes from time to time. We will use reasonable efforts to minimise material disruption. 

Without limiting the foregoing, we do not guarantee that the Portal will be uninterrupted, error-free, or free from viruses or other harmful components at all times. It is the customer’s responsibility to implement appropriate IT security measures (including anti-virus and other security checks) in connection with their use of the Portal. 

21. Warranties and disclaimers 
We warrant that we will provide the Services with reasonable care and skill. Where the customer is a Consumer, the Services will comply with the requirements of applicable consumer protection legislation in respect of digital content, including the requirements that digital content must be as described, fit for purpose, and of satisfactory quality. 

Except as expressly stated in these Terms and Conditions, and to the fullest extent permitted by law, the Services and Courses are provided on an “as is” and “as available” basis. We exclude all other warranties, representations, conditions, and terms, whether express or implied, including any implied warranties of fitness for a particular purpose, merchantability, non-infringement, accuracy, completeness, reliability, availability, or uninterrupted access. 

Business Customers acknowledge that: (a) the Courses are educational resources and are not legal, regulatory, compliance, tax, or other professional advice unless expressly stated in writing; (b) Course content may become outdated, and we do not warrant that it reflects the current state of law, regulation, or best practice at the time of access; (c) third-party content, integrations, or links are provided for convenience only and we make no representations or warranties regarding their accuracy, availability, or suitability; and (d) Business Customers should obtain independent professional advice where appropriate before relying on any Course content. 

22. Limitation of liability 
Losses we never limit or exclude. Nothing in these Terms and Conditions shall limit or exclude our liability for:  

  1. a) death or personal injury caused by our negligence, or the negligence of our employees, agents or subcontractors (as applicable);  
  2. b) fraud or fraudulent misrepresentation;  
  3. c) breach of any implied term as to our right to supply the Course or Services to you; 
  4. d) any liability that cannot lawfully be excluded or restricted under applicable consumer protection legislation, including liability in respect of digital content which is not of satisfactory quality, not fit for a particular purpose, or not as described; or  
  5. e) any other matter in respect of which it would be unlawful for us to exclude or restrict liability. 

Our liability to Business Customers. If you are a Business Customer then, except in respect of the losses described in the paragraph above:  

  1. a) we shall not be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss of profit, or any indirect or consequential loss arising under or in connection with any contract between us; and 
  2. b) our total liability to you for all other losses arising under or in connection with any contract between us, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall be limited to the total sums paid by you for the relevant Course or Services giving rise to the claim. 

Our liability to Consumers. If you are a Consumer, we are not responsible for losses you suffer caused by us breaking this contract if the loss is:  

  1. a) unforeseeable, meaning it was not obvious that it would happen; 
  2. b) caused by a delaying event outside our control, as long as we have taken the steps set out in section 27 below; or 
  3. c) avoidable, meaning it was something you could have avoided by taking reasonable action, for example, damage to your own digital content or device, which was caused by digital content we supplied and which you could have avoided by following our advice to apply a free update or by having the minimum system requirements we advised. 

Nothing in this clause affects your statutory rights relating to faulty digital content or services. 

23. Indemnity for business customers 
The Business Customer shall indemnify and keep us indemnified against losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: (a) misuse of the Portal or Courses by the customer or its Learners; (b) breach of applicable law by the customer;  (c) unauthorised sharing of login credentials or Course content by the customer or its Learners by the customer or its Learners; or (d) any third-party claim arising out of the customer’s or its Learners’ use of the Courses, Portal, or any content uploaded or distributed. 

24. Suspension and termination 
We may suspend access immediately on notice, or without notice where reasonably necessary, if the customer: (a) fails to pay any amount when due; (b) breaches these Terms and Conditions; (c) creates or poses a security risk to the Portal, other customers, or Learners; (d) becomes insolvent, enters administration, liquidation, or any analogous process, or is unable to pay its debts as they fall due; (e) uses the Portal or Courses unlawfully, abusively, or in a manner that may bring us into disrepute; or (f) is the subject of any investigation, complaint, or proceeding by a regulatory or law enforcement authority that could affect our ability to provide the Services. During any suspension, the customer remains liable for all applicable fees. 

Either party may terminate a Business Customer contract for material breach not remedied within 14 days of written notice specifying the breach, or immediately on written notice if the other party becomes insolvent, enters administration, liquidation, or any analogous process, or is unable to pay its debts as they fall due. We may also terminate immediately on written notice if the customer fails to pay any amount within 30 days of the due date, or if continued provision of the Services would expose us to legal, regulatory, or reputational risk. 

On termination or expiry for any reason: (a) all access rights end immediately unless otherwise stated in writing; (b) the customer and all Learners must immediately cease using the Courses and Portal; (c) the customer must pay all outstanding fees and any other amounts owing to us; and (d) each party must return or destroy (at the other party’s option) any confidential information of the other party in its possession, except to the extent retention is required by law or for regulatory compliance purposes. 

25. Consequences of termination 
Termination does not affect: (a) accrued rights and remedies of either party; (b) payment obligations arising before or as a result of termination; or (c) clauses intended to survive termination, including clauses on intellectual property, confidentiality, liability, indemnity, payment, data protection, and governing law, which shall continue in full force and effect. 

Following termination or expiry, we may delete or anonymise customer and Learner data in accordance with our retention policies, legal obligations, and any applicable privacy notice or data processing agreement. We have no obligation to retain, return, or provide copies of any customer data, Learner data, or Course completion records after termination unless expressly agreed in writing or required by law. 

26. Confidentiality 
Each party shall keep confidential all confidential information disclosed by the other party in connection with the contract, including (in relation to information disclosed by us) non-public pricing, discounts, promotional offers, fee structures, or other commercial terms, and (in relation to information disclosed by a customer) non-public business or operational information, and shall not disclose it except to personnel, professional advisers, or subcontractors who need to know it and are bound by confidentiality obligations, or where disclosure is required by law. 

Confidential information does not include information that is or becomes public other than through breach, was lawfully known before disclosure, or is independently developed without use of the confidential information. 

27. Force majeure 
If our provision of Courses is delayed by an event beyond our reasonable control, including internet or telecommunications failure, cyberattack, utility outage, pandemic, industrial dispute, governmental action, failure of hosting or cloud providers, or other force majeure events, we will contact you as soon as possible to let you know and do what we can to reduce the delay.  

As long as we do this, we will not compensate you for the delay, but if the delay is likely to be substantial you can contact us to end the contract and receive a refund for any Courses you have paid for in advance but not received. Our obligations shall be suspended for the duration of the event. 

28. Notices 
Notices under these Terms and Conditions must be in writing and sent by email to the contact details specified by the parties, or by another method expressly agreed in writing. Notices to us must be sent to e-Learning@rqcgroup.com (or such other address as we notify to you). The customer must keep its contact details up to date and notify us promptly of any changes. 

Notices are deemed received: (a) if sent by email, at the time of transmission if sent during business hours (9.00 am to 5.30 pm Monday to Friday, excluding public holidays) at the recipient’s location, otherwise at 9.00 am on the next business day; or (b) if sent by post, on the second business day after posting (or the fifth business day if sent internationally). 

29. Complaints and dispute resolution 
Customers should first raise any issue with our e-Learning team using the contact details provided on the Portal or in these Terms and Conditions. 

We will use reasonable efforts to investigate complaints promptly and in good faith. 

If the customer is a Consumer, nothing prevents the customer from using any statutory rights or any alternative dispute resolution process that may be available. 

30. General 
These Terms and Conditions constitute the entire agreement between the parties in relation to their subject matter, except for fraud or fraudulent misrepresentation. If you are a Business Customer, you acknowledge that you have not relied on any statement, promise, representation, assurance or warranty made or given by us or on our behalf which is not set out in these Terms and Conditions and that you have no claim for innocent or negligent misrepresentation based on any statement in these Terms and Conditions. 

We may assign or subcontract our rights and obligations under these Terms and Conditions, provided that doing so does not reduce the customer’s legal protections. 

The customer may not assign, transfer, sublicense, or otherwise dispose of any rights under the contract without our prior written consent. 

This contract is between the customer and us. No other person shall have any rights to enforce any of its terms, whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise, unless expressly stated in these Terms and Conditions. 

If any provision is held invalid or unenforceable, the remaining provisions shall continue in full force and effect. 

No failure or delay in exercising any right shall constitute a waiver. 

These Terms and Conditions constitute the entire agreement between the parties in relation to their subject matter, except for fraud or fraudulent misrepresentation. 

We may update these Terms and Conditions from time to time. Where we make changes, we will publish the updated Terms and Conditions on the Portal. Changes will not affect Orders already accepted before the date of the change.  

31. Governing law and jurisdiction 
These Terms and Conditions and any dispute or claim arising out of or in connection with them shall be governed by the laws of England and Wales and the courts of England and Wales shall have exclusive jurisdiction, except that if the customer is a Consumer resident in another part of the United Kingdom, mandatory consumer jurisdiction rules may apply. 

 APPENDIX A – Data Processing Agreement 

The processing of personal data in connection with the Services is governed by our Data Processing Agreement. By placing an Order, Business Customers agree to be bound by the terms of the Data Processing Agreement as in force at the time of the Order. 

BETWEEN: 

(1) Business Customer (“Data Controller”) and 

(2) Compliance Taxi Limited, a company registered in England with company number 11497121, whose registered office is at Elsey Court, 20-22, Great Titchfield Street, London, W1W 8BE (“Data Processor”). And is registered with the Information Commission under reference ZB752940

WHEREAS:  

(1) Under an agreement between the Data Controller and the Data Processor (“the Service Agreement”) the Data Processor provides tothe Data Controller the Services described in Schedule 1. 

(2) The provision of the Services by the Data Processor involves it in processing the Personal Data described in Schedule 2 on behalf of the Data Controller. 

(3) Under the Data Protection Law (Article 28, paragraph 3), the Data Controller is required to put in place an agreement in writing between the Data Controller and any organisation which processes personal data on its behalf governing the processing of that data. 

(4) The Parties have agreed to enter into this Agreement to ensure compliance with the said provisions of the Data Protection Law in relation to all processing of the Personal Data by the Data Processor for the Data Controller. 

(5) The terms of this Agreement are to apply to all processing of Personal Data carried out for the Data Controller by the Data Processor and to all Personal Data held by the Data Processor in relation to all such processing. 

IT IS AGREED as follows:

1. Definitions and Interpretation  
In this Agreement, unless the context otherwise requires, the following expressions have the following meanings: 

Data Controller”, “Data Processor”, “processing”, and “data subject” shall have the meanings given to the terms “controller”, “processor”, “processing”, and “data subject” respectively in Article 4 of the Data Protection Law; 

Data Protection Law” means the United Kingdom (“UK”) General Data Protection Regulation (“GDPR”) or the EU (“European Union”) General Data Protection Regulation (“GDPR”) (whichever is applicable); 

ICO” means the Information Commissioner’s Office, the UK’s independent public authority established under Article 51 of the UK GDPR; or any subsequent body; 

Personal Data” means all such “personal data”, as defined in Article 4 of the Data Protection Law, as is, or is to be, processed by the Data Processor on behalf of the Data Controller, as described in Schedule 2; 

Services” means those services described in Schedule 1 which are provided by the Data Processor to the Data Controller and which the Data Controller uses for the purposes described in Schedule 1; 

Sub-Processor” means a sub-processor appointed by the Data Processor to process the Personal Data; and 

Sub-Processing Agreement” means an agreement between the Data Processor and a Sub-Processor governing the Personal Data processing carried out by the Sub-Processor, as described in Clause 9. 

Supervisory Authority” shall have the meaning given to it in Article 4 of the EU GDPR  (an independent public authority which is established by a member state pursuant to Article 51 of the EU GDPR) 

  1. 1.1 Unless the context otherwise requires, each reference in this Agreement to: 
    1. 1.1.1 “writing”, and any cognate expression, includes a reference to any communication effected by electronic or facsimile transmission or similar means; 
    2. 1.1.2 a statute or a provision of a statute is a reference to that statute or provision as amended or re-enacted at the relevant time; 
    3. 1.1.3“this Agreement” is a reference to this Data Processing Agreement and each of the Schedules as amended or supplemented at the relevant time; 
    4. 1.1.4 a Schedule is a schedule to this Agreement; and 
    5. 1.1.5 a Clause or paragraph is a reference to a Clause of this Agreement (other than the Schedules) or a paragraph of the relevant Schedule. 
    6. 1.1.6 a "Party" or the "Parties" refer to the parties to this Agreement. 
  2. 1.2 The headings used in this Agreement are for convenience only and shall have no effect upon the interpretation of this Agreement. 
  3. 1.3 Words imparting the singular number shall include the plural and vice versa. 
  4. 1.4 References to any gender shall include all other genders. 
  5. 1.5 References to persons shall include corporations. 

  7. 2. Scope and Application of this Agreement 
  8. 2.1 The provisions of this Agreement shall apply to the processing of the Personal Data described in Schedule 2, carried out for the Data Controller by the Data Processor, and to all Personal Data held or accessed by the Data Processor in relation to all such processing whether such Personal Data is held at the date of this Agreement or received afterwards. 
  9. 2.2 In the event of any conflict or inconsistency between this Agreement and any other arrangement, understanding or agreement between the Parties, including the Service Agreement, this Agreement shall prevail to the extent of such conflict or inconsistency, but only in relation to the processing of Personal Data. 
  10. 2.3 This Agreement shall continue in full force and effect for so long as the Data Processor is processing Personal Data on behalf of the Data Controller, and thereafter as provided in Clause 10. 

  12. 3. Provision of the Services and Processing Personal Data 
   The Data Processor is only to carry out the Services, and only to process the Personal       Data received from the Data Controller: 

  1. 3.1 for the purposes of those Services and not for any other purpose; 
  2. 3.2 to the extent and in such a manner as is necessary for those purposes; and 
  3. 3.3 strictly in accordance with the express written authorisation and instructions of the Data Controller (which may be specific instructions or instructions of a general nature or as otherwise notified by the Data Controller to the Data Processor). 

  5. 4. Data Protection Compliance 
  6. 4.1 All instructions given by the Data Controller to the Data Processor shall be made in writing and shall at all times be in compliance with the Data Protection Law and other applicable laws. The Data Processor shall act only on such written instructions from the Data Controller unless the Data Processor is required by law to do otherwise (as per Article 29 of the Data Protection Law). 
  7. 4.2 The Data Processor shall promptly comply with any request from the Data Controller requiring the Data Processor to amend, transfer, delete, or otherwise dispose of the Personal Data. 
  8. 4.3 The Data Processor shall transfer all Personal Data to the Data Controller on the Data Controller’s request in the formats, at the times, and in compliance with the Data Controller’s written instructions. 
  9. 4.4 Both Parties shall comply at all times with the Data Protection Law and other applicable laws and shall not perform their obligations under this Agreement or any other agreement or arrangement between themselves in such way as to cause either Party to breach any of its applicable obligations under the Data Protection Law. 
  10. 4.5 The Data Processor agrees to comply with any reasonable measures required by the Data Controller to ensure that its obligations under this Agreement are satisfactorily performed in accordance with any and all applicable legislation from time to time in force (including, but not limited to, the Data Protection Law and any best practice guidance issued by the ICO or other Supervisory Authority. 
  11. 4.6 The Data Processor shall provide all reasonable assistance to the Data Controller in complying with its obligations under the Data Protection Law with respect to the security of processing, the notification of personal data breaches, the conduct of data protection impact assessments, and in dealings with the ICO or other Supervisory Authority.  
  12. 4.7 When processing the Personal Data on behalf of the Data Controller, the Data Processor shall: 
    1. 4.7.1 not process the Personal Data outside the UK or European Economic Area (all EU member states, plus Iceland, Liechtenstein, and Norway) (“EEA”) without the prior written consent of the Data Controller and, where the Data Controller consents to such a transfer to a country that is outside of the UK or EEA, to comply with the obligations of Data Processors under the provisions applicable to transfers of Personal Data to third countries set out in Chapter 5 of the Data Protection Law by providing an adequate level of protection to any Personal Data that is transferred; 
    2. 4.7.2 not transfer any of the Personal Data to any third party without the written consent of the Data Controller and, in the event of such consent, the Personal Data shall be transferred strictly subject to the terms of a suitable agreement, as set out in Clause 9; 
    3. 4.7.3 process the Personal Data only to the extent, and in such manner, as is necessary in order to comply with its obligations to the Data Controller or as may be required by law (in which case, the Data Processor shall inform the Data Controller of the legal requirement in question before processing the Personal Data for that purpose unless prohibited from doing so by law); 
    4.  4.7.4 implement appropriate technical and organisational measures and take all steps necessary to protect the Personal Data against any unauthorised processing, including any accidental or unlawful loss, destruction, damage, alteration, disclosure or access. In assessing the appropriate level of security, the Parties shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks for Data Subjects. The Data Processor shall at least implement the technical and organisational measures specified in Schedule 3 and shall inform the Data Controller in advance of any material changes to such measures: 
    5. 4.7.5 if so requested by the Data Controller (and within the timescales required by the Data Controller) supply further details of the technical and organisational systems in place to safeguard the security of the Personal Data held and to prevent unauthorised access; 
    6. 4.7.6 keep detailed records of all processing activities carried out on the Personal Data in accordance with the requirements of Article 30(2) of the Data Protection Law; 
    7. 4.7.7 make available to the Data Controller any and all such information as is reasonably required and necessary to demonstrate the Data Processor’s compliance with the Data Protection Law; 
    8. 4.7.8 on reasonable prior written notice, provide the Data Controller with such information as is reasonably necessary to demonstrate compliance with this Agreement. The Data Processor may satisfy such request by providing relevant policies, procedures, certifications, audit reports, security questionnaires or other appropriate compliance information. Any audit shall be limited to the processing of Personal Data under this Agreement, conducted during normal business hours, no more than once in any 12-month period unless required by Data Protection Law or following a confirmed Personal Data Breach, and shall not unreasonably disrupt the Data Processor’s business. The Data Controller shall bear its own audit costs and reimburse the Data Processor for all reasonable costs incurred in assisting with any audit, including staff time, adviser costs and third-party provider costs, except to the extent the audit identifies a material breach of this Agreement by the Data Processor; ; and 
    9. 4.7.9 inform the Data Controller immediately if it is asked to do anything that infringes the Data Protection Law or any other applicable data protection legislation. 

  14. 5. Data Subject Rights, Complaints, and Breaches 
  15. 5.1 The Data Processor shall assist the Data Controller in complying with its obligations under the Data Protection Law. In particular, the following shall apply to data subject rights requests, complaints, and data breaches. 
  16. 5.2 The Data Processor shall notify the Data Controller without undue delay if it receives: 
    1. 5.2.1 a subject rights request from a data subject; or 
    2. 5.2.2 any other complaint or request relating to the processing of the Personal Data. 
  17. 5.3 The Data Processor shall cooperate fully with the Data Controller and assist as required in relation to any subject rights request, complaint, or other request, including by: 
    1. 5.3.3 providing the Data Controller with full details of the complaint or request; 
    2. 5.3.4 providing the necessary information and assistance in order to comply with a subject rights request; 
    3. 5.3.5 providing the Data Controller with any Personal Data it holds in relation to a data subject (within the timescales required by the Data Controller); and 
    4. 5.3.6 providing the Data Controller with any other information requested by the Data Controller. 
  18. 5.4 The Data Processor shall notify the Data Controller without undue delay after becoming aware of Personal Data breach, including any unauthorised or unlawful processing, loss of, damage to, or destruction of any of the Personal Data. 

  20. 6. Intellectual Property Rights 
All copyright, database rights, and other intellectual property rights subsisting in the Personal Data (including but not limited to any updates, amendments, or adaptations to the Personal Data made by either the Data Controller or the Data Processor) shall belong to the Data Controller or to any other applicable third party from whom the Data Controller has obtained the Personal Data under licence (including, but not limited to, data subjects, where applicable). The Data Processor is licensed to use such Personal Data under such rights only for the purposes of the Services, and in accordance with this Agreement. 

  1. 7. Confidentiality 
  2. 7.1 The Data Processor shall maintain the Personal Data in confidence, and in particular, unless the Data Controller has given written consent for the Data Processor to do so, the Data Processor shall not disclose any Personal Data supplied to the Data Processor by, for, or on behalf of, the Data Controller to any third party. The Data Processor shall not process or make any use of any Personal Data supplied to it by the Data Controller otherwise than in connection with the provision of the Services to the Data Controller. 
  3. 7.2 The Data Processor shall ensure that all personnel who are to access and/or process any of the Personal Data are contractually obliged to keep the Personal Data confidential. 
  4. 7.3 The obligations set out in in this Clause 7 shall continue for a period of 7 years after the cessation of the provision of Services by the Data Processor to the Data Controller. 
  5. 7.4 Nothing in this Agreement shall prevent either Party from complying with any requirement to disclose Personal Data where such disclosure is required by law. In such cases, the Party required to disclose shall notify the other Party of the disclosure requirements prior to disclosure, unless such notification is prohibited by law. 

  7. 8. Appointment of Sub-Processors 
  8. 8.1 General Written Authorisation: The Data Controller hereby provides the Data Processor with general written authorisation to engage Sub-Processors from an agreed list. The Data Processor shall specifically inform the Data Controller in writing of any intended changes to that list at least 30 days in advance, thereby giving the Data Controller sufficient time to object to those changes prior to the engagement of the Sub-Processors. The Data Processor shall provide the Data Controller with the information necessary for the Data Controller to object.   
  9. 8.2 In the event that the Data Processor appoints a Sub-Processor (with the written consent of the Data Controller), the Data Processor shall: 
    1. 8.2.1 enter into a Sub-Processing Agreement with the Sub-Processor which shall impose upon the Sub-Processor the same obligations as are imposed upon the Data Processor by this Agreement and which shall permit both the Data Processor and the Data Controller to enforce those obligations; and 
    2. 8.2.2 ensure that the Sub-Processor complies fully with its obligations under the Sub-Processing Agreement and the Data Protection Law. 
  10. 8.3 In the event that a Sub-Processor fails to meet its obligations under any Sub-Processing Agreement, the Data Processor shall remain fully liable to the Data Controller for failing to meet its obligations under this Agreement. 

  12. 9. Deletion and/or Disposal of Personal Data 
  13. 9.1 The Data Processor shall, at the written request of the Data Controller, delete (or otherwise dispose of) the Personal Data or return it to the Data Controller in the format(s) reasonably requested by the Data Controller within a reasonable time after the earlier of the following: 
    1. 9.1.1 the end of the provision of the Services; or 
    2. 9.1.2 the processing of that Personal Data by the Data Processor is no longer required for the performance of the Data Processor’s obligations under this Agreement or the Service Agreement. 
  14. 9.2 Following the deletion, disposal, or return of the Personal Data under sub-Clause 10.1, the Data Processor shall delete (or otherwise dispose of) all further copies of the Personal Data that it holds, unless retention of such copies is required by law, in which case the Data Processor shall inform the Data Controller of such requirement(s) in writing. 

  16. 10. Law and Jurisdiction 
  17. 10.1 This Agreement (including any non-contractual matters and obligations arising therefrom or associated therewith) shall be governed by, and construed in accordance with, the laws of England and Wales. 
  18. 10.2 Any dispute, controversy, proceedings or claim between the Parties relating to this Agreement (including any non-contractual matters and obligations arising therefrom or associated therewith) shall fall within the jurisdiction of the courts of England and Wales.  

Schedule 1 – Data Processing Servies 

Subject matter of processing: Provision of e-learning courses, learner access, platform administration, course completion tracking, reporting, support, certificates, training records, customer administration and related services. 

Duration of processing: For the duration of the Services and thereafter as required for retention, legal, regulatory, audit, accounting, dispute resolution, security and business record purposes. 

Nature of processing: Collection, recording, organisation, structuring, storage, hosting, access, retrieval, consultation, use, disclosure by transmission, reporting, restriction, deletion and destruction. 

Purpose of processing: To enrol Learners, provide access to online courses, administer training, monitor progress, provide support, generate completion records and certificates, provide reporting to the Customer, maintain security, and comply with legal or regulatory obligations. 

Categories of Data Subjects: Learners, Customer personnel, administrators, managers, training contacts, billing contacts and support contacts. 

Processing locations: United Kingdom, EEA and other locations used by Compliance Taxi, LearnUpon or authorised Sub-processors, subject to applicable transfer safeguards. 

Controller: Customer, where it purchases access for its Learners and determines the purposes and means of processing. 

Processor: Compliance Taxi Limited. 

Sub-processors: LearnUpon as LMS provider; hosting, email, payment, CRM, accounting, support, IT, cloud storage and professional service providers as reasonably necessary to provide and administer the Services. 

Schedule 2 - Personal Data Processed 
Types of Personal Data: Name, business activities, role, email address, telephone number, username, password or authentication details, IP address where required to facilitate access, login data, platform usage data, course progress, assessment results, completion status, certificate records, customer account details and support communications, financial data for payments. 

Special Category Data: Not intended to be processed unless expressly agreed in writing. 

Criminal Offence Data: Not intended to be processed unless expressly agreed in writing. 

Schedule 3 - Security Measures 
  1. 1. Security Measures Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks to Data Subjects, the Data Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The Data Processor shall implement the following, as appropriate: 
  2. a)the pseudonymisation and encryption of the Personal Data; 
  3. b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; 
  4. c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and 
  5. d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. 
  6. 2. In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. 
  7. 3. 1.       As a minimum, the Data Processor shall implement the following policies which are available for review on request:
    ·       Data Protection Policy
    ·       Information Security Policy
    ·       Business Continuity Policy
    The Data Processor shall ensure that all personnel that process and/or have access to Personal Data have data protection awareness training upon induction and regular refresher training thereafter
 
Schedule 4 - List of Approved Sub-Processors 

LearnUpon 
Purpose: Provision of the learning management system used to host and deliver the e-learning platform, enroll Learners, administer courses, record progress, support reporting and certification.  
Location: UK, EEA and/or other locations used by LearnUpon and its authorised Sub-processors, subject to applicable contractual and transfer safeguards. 
 
Stripe and Paypal 
Purpose: Processing customer payments.  
Location: As set out in the relevant provider’s terms and privacy documentation. 
 
Microsoft 365 Outlook, Sharepoint, Copilot, Zoho CRM, Xero Accounting, Online Support (IT MSP), Quant Fin (Fractional CTO), MHA (Auditors)
Purpose: Customer administration, billing, support, communications, storage, legal, audit and business operations.  
Location: UK, EEA and/or other locations subject to applicable safeguards.