BuyingStation burger menu
M
Home
About Us
Pricing
Features
Services
Events
Insights
Request a Demo
Contact Us
Sign Up
Log In
PlayBox
Legal Hub

Legal Hub

For any enquiries, please contact support@buyingstation.com.
i 3 Jump to:

Terms Of Service

These Terms of Service (the “Terms” or “Agreement”) together with any online subscription or registration form executed or agreed to by the customer on whose behalf you are accepting this Agreement (the “Customer” or “you”) form the agreement between Novo-K Limited trading as BuyingStation (referred to as “BuyingStation”, “we”, “us” or “SaaS Provider”), and the Customer, collectively referred to as the “Parties” or each a “Party”. By using our Services and subscribing on our Site, you acknowledge that you have read, understood, and accepted this Agreement and you have the authority to act on behalf of any person or entity for whom you are also delegating on using the Services on your behalf. This Agreement is binding on the Customer from the time the Customer completes the subscription or sign-up process for the Services, whether by submitting an online order, creating an account, clicking to accept, or otherwise indicating agreement to these terms (the “Effective Date”).

  1. Services
    1. On or from the Effective Date and during the Term, the SaaS Provider agrees to provide the Services in accordance with the terms of this Agreement.
    2. In consideration for payment of the Fees, the SaaS Provider grants to the Customer a non-exclusive, non-transferable (except as otherwise permitted under this Agreement), personal, revocable, license during the Term to access and use the SaaS Services solely for its business purposes (the “SaaS License”).
    3. The SaaS Provider may update, modify, enhance, or remove features of the SaaS Services from time to time. Where any such change results in a material alteration to the SaaS Services, the SaaS Provider will provide the Customer with at least thirty (30) days’ prior notice. The Customer acknowledges that material alterations may be made at the SaaS Provider’s fair and reasonable discretion; however, if a material alteration materially and adversely affects the Customer’s use of the Services, the Customer may terminate this Agreement in accordance with the termination provisions set out below. The SaaS Provider reserves the right to refuse or decline any Customer request relating to the Services where such request is, in the SaaS Provider’s reasonable opinion, inappropriate, unreasonable, outside the scope of the Services, or illegal.
    4. The Customer acknowledges that the SaaS Provider is responsible only for providing the Services made available through the platform and does not provide any additional services unless expressly stated in this Agreement.
  2. Use Guidelines
    1. The Customer acknowledges and agrees that this Agreement incorporates by reference the terms of any acceptable use policy as set out on the SaaS Provider’s website or as provided to the Customer from time to time.
    2. The Customer is responsible for all use of the SaaS Services by itself and its Personnel and Authorised Users, and must ensure that the Services are not used: (a) in breach of any applicable law, regulation, or legal right of any person in any jurisdiction; (b) to infringe or violate any Intellectual Property Rights, confidentiality rights, privacy rights, or other proprietary rights; (c) to upload, transmit, publish, or communicate any material that is defamatory, offensive, abusive, indecent, harmful, unwanted, or otherwise unlawful; (d) in any manner that damages, interferes with, disrupts, or compromises the performance, security, or integrity of the Services or any network, system, or data; (e) to introduce malicious code (including viruses, worms, trojans, or similar harmful items), conduct or attempt to conduct security breaches, unauthorised access, network attacks, denial-of-service activities, packet spoofing, forged routing, or any other malicious or disruptive acts; (f) to circumvent or attempt to circumvent authentication, account controls, or security measures, or to access data, accounts, servers, or systems without express authorisation; (g) to make fraudulent offers, engage in theft, fraud, phishing, identity theft, spam, unsolicited communications, harassment, or other deceptive or harmful practices; (h) to build or assist in building a competitive product or service, conduct benchmarking or security testing without the SaaS Provider’s prior written consent; (i) to copy, modify, create derivative works from, reproduce, distribute, resell, assign, transfer, frame, mirror, or otherwise provide access to the Services or Software to any third party except as expressly permitted by the SaaS License; (j) to reverse engineer, reverse assemble, reverse compile, disassemble, translate, or otherwise attempt to derive the source code, underlying ideas, algorithms, structure, or non-public APIs of the Services or Software; (k) to remove, alter, obscure, or tamper with any proprietary notices, copyright markings, trademarks, or other identification on or within the Services or Software; or (l) to share passwords, permit unauthorised account use, or otherwise allow access to any person who is not Personnel or an Authorised User.
    3. The Customer agrees that the SaaS License: (a) permits the Customer to use the SaaS Services in accordance with the SaaS Services’ normal operating procedures; and (b) permits the Customer to provide access and use of the SaaS Services to Authorised Users by embedding the SaaS Services into Customer’s services to its customers, as applicable. The Customer must ensure that all Authorised Users and any end-customers accessing the Services through such embedding comply with the provisions of this Agreement, and the Customer shall remain liable for their acts and omissions.
    4. SaaS Provider reserves the right to suspend or terminate Customer’s access to the platform or any portion thereof if SaaS Provider reasonably: (a) believes that suspension of the platform is necessary to comply with the law or requests of governmental entities; or (b) determines that there are material security or vulnerability risks to the platform, excessive fraudulent or abusive acts or omissions; or (c) your use of the platform is in violation of these Terms. In addition, the SaaS Provider may report any suspected illegal activity to the relevant authorities.
    5. The SaaS Provider does not screen or monitor content uploaded onto the SaaS Service, but has the right (but not the obligation) at its sole discretion to do so and to refuse or remove any content that is available via the Service that is deemed inappropriate, illegal, offensive, threatening, libellous, defamatory, obscene, or otherwise objectionable or violate any party’s Intellectual Property Rights or this Agreement.
    6. The SaaS Provider may alter, reset, or update any Customer account login credentials, including passwords, at any time during the Term where necessary to address a security threat, protect the integrity of the Services, or where reasonably requested by the Customer.
  3. Fees and Payment
    1. The Customer must pay the SaaS Provider: (a) the Fees; and (b) any other amount payable to the Provider under this Agreement, using the Payment Method in accordance with the Payment Terms. All Fees are in GBP (£) or USD ($) and are payable in advance.
    2. If the Customer requires the use of a purchase order, the Customer is responsible for providing the applicable purchase order at the time of purchase. The Customer acknowledges and agrees to the extent of any inconsistency between this Agreement and any terms and conditions attached to the Customer’s purchase order, the terms of this Agreement will prevail. The Parties acknowledge and agree that any pre-printed standard terms and conditions attached to or on the back of any purchase order will not apply to this Agreement. The Customer agrees that its subscription to the Services is neither contingent upon the delivery of any future functionality or features, nor is it dependent upon any oral or written public comments made by the SaaS Provider with respect to future functionality or service features.
    3. Customers are required to pay the Fees in advance, according to the chosen payment plan. The following payment options are available:
      1. Monthly Subscription: Customers may choose to pay on a monthly basis. The first month’s payment must be made in advance before the effective date of the agreement. Subsequent monthly payments are due on the same day each month, in advance of the upcoming month’s service. The subscription will auto-renew every 30 (thirty) days (see Clause 12) with payment made via the Payment Method registered at the point of the initial subscription purchase.
      2. Annual Subscription: Customers may choose to pay the entire subscription fee in advance for a 12-month period. Payment must be received in full before the Service are made available to the Customer. The subscription will auto-renew every 12 months (see Clause 12) with payment made via the Payment Method registered at the point of the initial subscription purchase.
    4. The payment of subscriptions via the online sign up is provided by Stripe under the Stripe Connected Account Agreement for your location which incorporates the relevant Stripe Services Agreement for your location (see https://stripe.com/legal/connect-account). The Stripe Connected Account Agreement and Stripe Services Agreement are between you and Stripe. The SaaS Provider is not a party to those agreements. We do not assume any responsibility for the processing of payments. If you use this method to subscribe and pay for the Services, you agree to the Stripe Connected Account Agreement for your location and enter into a direct relationship with Stripe who is the issuer of the product. You agree to indemnify us against all losses, costs (including legal costs), expenses, demands or liability that we incur arising out of, or in connection with, your breach of the Stripe Connected Account Agreement. This is so that we, as the SaaS Provider, can meet our obligations to Stripe, and means that you will be responsible if you breach your agreement between you and Stripe. You may also separately be responsible to Stripe. By using Stripe, you consent to us administering a Stripe account for you. We may decide to use a third party other than Stripe to process payments. If we do, we will notify you via the platform or email.
    5. The Saas Provider reserves the right to adjust pricing for its Services at any time to align with increases in operational costs and inflation; however, any price adjustments shall only take effect after the expiration of the Initial term or any Renewal Term (as the case may be) and not more frequently than once annually. Such price increases shall not exceed the greater of: (a) five percent (5%) of the Fees then in effect; or (b) the percentage increase in the UK Consumer Price Index (CPI) (or, if replaced, the Retail Price Index (RPI)) as published by the UK Office for National Statistics for the twelve (12) months preceding the adjustment. Notwithstanding the above, the exception to the above would only be only in such instances where pricing had to change due to circumstances outside the control of the Parties before each anniversary of the Agreement, such as legislated changes or inordinate inflationary implications, and such extraordinary exceptions would be subject to both Parties agreement before implementation in any event.
    6. The SaaS Provider will provide at least thirty (30) days’ written notice prior to any price adjustment, and such notice will be provided via email or through the platform. It is acknowledged and therefore agreed by the Customer that their continued use of the Services after the price change confirms their agreement to pay the new price(s) for the ongoing Services.
    7. If there is a Variation, any additional fees applicable due to that Variation will be invoiced after the Variation has been implemented and shall be payable in accordance with this Agreement.
    8. The Customer may withhold payment of any disputed amount only in the case of a genuine, good faith and bona fide dispute, provided that the Customer promptly notifies the SaaS Provider of the dispute in writing, specifying the nature of the dispute in reasonable detail. All undisputed amounts must be paid without set off or delay as they become due. If, following resolution of the dispute in accordance with Clauses 15.10 and 15.11, the dispute is upheld and the Customer has paid the disputed amount in advance, the SaaS Provider shall refund the overpaid amount within thirty (30) days of the dispute being resolved.
    9. If any payment has not been made in accordance with the Payment Terms, the SaaS Provider may (at its absolute discretion): (a) immediately suspend (or even totally cease) providing the Services until such amounts are paid in full, provided that it has given the Customer written notice of its failure to pay the relevant invoice (“Remedial Notice”) and Customer has failed to pay the invoices within ten (10) days of receipt of the Remedial Notice; or recover as a debt due and immediately payable from the Customer its Additional Costs of doing so; and notwithstanding any actions as described above charge interest at a rate equal to the Bank of England’s base rate from time to time plus 2% per annum, calculated daily and compounding monthly, on any such amounts unpaid after the due date; and/or (b) engage debt collection services and/or commence legal proceedings in relation to any such amounts; and/or (c) report the Customer to any independent credit data agencies.
  4. Confidentiality 
    1. Each Party must (and must ensure that its Personnel): (a) keep Confidential Information confidential; and (b) not use or permit any unauthorised use of all Confidential Information.
    2. The obligation of confidentiality does not apply where (a) such information is in, or comes into, the public domain (other than by a breach of this section 4 by the relevant Party); (b) the relevant Party has the prior written consent of the Party that disclosed the Confidential Information;(c) the disclosure is required by law; (d) the disclosure is required in order to comply with this Agreement, provided that the Party disclosing the Confidential Information ensures the recipient complies with the terms of this section 4; and (e) the disclosure is to a Party’s professional adviser in order to obtain advice in relation to matters arising in connection with this Agreement and provided that the Party disclosing the Confidential Information ensures such adviser complies with the confidentiality obligations set out herein.
    3. Each Party acknowledges and agrees that monetary damages may not be an adequate remedy for a breach of this section 4.  A Party is entitled to seek an injunction, or any other remedy available at law or in equity, at its discretion, to protect itself from a breach (or continuing breach) by the other Party of this section 4.
  5. Customer Data
    1. The Customer is responsible for uploading accurate and high-quality Data to the platform to achieve the desired output from the Services.
    2. The Customer represents and warrants that: (a) any and all Data supplied by it or otherwise accessed by the SaaS Provider through the provision of the Services is the sole and exclusive property of the Customer or the Customer has secured any and all authorisations and rights to use and sublicense the Data as applicable; (b) its Data does not breach any relevant laws, regulations or codes; (c) its Data does not infringe the Intellectual Property Rights of any third party; (d) it will comply with all applicable laws and regulations in the jurisdiction where the Customer accesses and publishes content using the SaaS Services; and (e) to the extent that the Data contains personal data, it has obtained the necessary consents in order to transfer or permit access to this Data by SaaS Provider in accordance with applicable privacy and Data Protection Laws. The Customer shall hold the SaaS Provider harmless for the corruption or loss of any Data controlled or stored by the Customer or any Affiliates, to extent the corruption or loss is not caused by the negligent act or omission of the SaaS Provider or its Personnel.
    3. By using the Services, the Customer acknowledges and agrees that certain Customer Data or inputs may be processed by AI-powered tools integrated into the platform for the purpose of enhancing functionality and user experience. The Customer agrees to: (a) use any AI-powered features responsibly and in compliance with applicable laws; (b) not rely solely on AI-generated outputs for decisions that may have legal, regulatory, financial, health, or safety consequences; and (c) review and verify all AI-generated content before using or acting upon it. To the fullest extent permitted by law, the SaaS Provider shall have no liability for any decisions made or actions taken by the Customer based on AI-generated output.
    4. The SaaS Provider shall maintain during the Term reasonable safety, technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, or disclosure of the Data. The SaaS Provider is not responsible for (a) for the integrity or existence of any Data on the Customer’s Environment, network or any device controlled by the Customer or its Personnel; or (b) any corruption or loss of any Data if such corruption or loss is due to an act or omission by the Customer, its Personnel, its Affiliates or any Authorised Users. The Customer acknowledges and agrees that while we take reasonable measures to protect its Data, there are inherent risks in transmitting information over the internet, and the Customer accepts these risks.
    5. Data shall be stored on UK or European Economic Area -based data centres. Backups shall be retained for a minimum of thirty (30) days and tested periodically for integrity and recoverability. TheSaaS Provider may relocate the Customer Data to another In such a case, the SaaS Provider will give the Customer 30 days’ notice (if practicable) and use all reasonable endeavours to minimise the effect of such change on the Customer’s access and use of the Services; however the Saas Provider will not relocate any UK or European Economic Area’s Customer Data to any other jurisdiction, outside of the United Kingdom or a Member country of the European Economic Area unless (i) such transfer is permitted under applicable Data Protection Laws, including through the use of an approved adequacy decision, Standard Contractual Clauses  or other appropriate safeguards recognised under applicable law, and (ii) the SaaS Provider has obtained the Customer’s prior written consent where required by such laws.
    6. The Customer may access and export its Customer Data at any time during the Term. The Customer is responsible for downloading or exporting all required Customer Data before the effective date of termination.
    7. All personal data processed through the platform shall be handled in accordance with applicable Data Protection Laws in force from time to time. The SaaS Provider’s role with respect to personal data shared through the platform is detailed in its Privacy Policy, available at https://www.novo-k.com/privacy-policy/, which forms an integral part of this Agreement.
  6. Technical Support and Service Levels
    1. During the Term, the SaaS Provider will provide the standard technical support services (“Support”) in accordance with the Service Levels as stated below. In the event that the Customer requests technical assistance, the Customer must provide all necessary and complete information, including relevant data, as is reasonably requested by the helpdesk team to facilitate effective support.
    2. The SaaS Provider shall use commercially reasonable efforts to ensure that the Services are available 99.5% of the time in each calendar month (the “Uptime Guarantee”), excluding: (a) planned maintenance notified at least forty-eight (48) hours in advance; (b) emergency maintenance or suspension; and (c) unavailability caused by a Force Majeure Event or issues within the Customer Environment.
    3. Incident response and resolution times are as follows: (a) Critical issues (full outage): response within two (2) hours and resolution within eight (8) Business Hours; (b) High issues (major degradation): response within four (4) hours and resolution within twenty-four (24) Business Hours; and (c) Medium or Low issues: response within one (1) Business Day.
    4. Standard Support is available via email and telephone during weekdays and standard support hours (09:00 to 17:00 GMT/BST, excluding public holidays in England). Support requests may be submitted via support@buyingstation.com or by telephone at 0330 139 7969.
    5. Support is limited to a maximum of five (5) hours per subscribing entity per month, regardless of the number of individual users. Any additional Support beyond this limit may be provided at the SaaS Provider’s discretion and may be subject to additional charges as agreed between the Parties.
    6. During Support Hours, the Customer must: (a) submit support requests using the processes and systems described on the Site; and (b) cooperate with the SaaS Provider to investigate and diagnose issues, including providing all relevant information about the fault and any actions taken by the Customer or its Personnel.
  7. Customer Responsibilities
    1. The Customer must, at its own cost, provide all information, materials, access and cooperation reasonably required by the SaaS Provider to provide the Services in an efficient and timely manner.
    2. The Customer must ensure its Customer Environment meets the technical requirements notified by the SaaS Provider and must implement any changes to the Customer Environment reasonably required to support the operation or delivery of the Services. Where required to provide or support the Services, the Customer must provide the SaaS Provider with reasonable access to the Customer Environment.
    3. The Customer must ensure that only its Personnel and Authorised Users access and use the Services and that such access complies with this Agreement and the SaaS Licence. The Customer is responsible for maintaining the security and confidentiality of its account credentials and for all activity under its account(s), including activity carried out by its Personnel or Authorised Users. The Customer must promptly notify the SaaS Provider of any actual or suspected unauthorised access.
  8. Intellectual Property Rights
    1. A Party’s ownership of, or any right, title or interest in, any Intellectual Property Rights in an item which exists prior to the Effective Date (the “Pre-Existing Material”) will not be altered, transferred or assigned by virtue of this Agreement.
    2. The Customer agrees the SaaS Provider owns or holds the applicable licenses to all Intellectual Property Rights including but not limited to copyright in the Software and SaaS Services and any documentation provided with the Services by the SaaS Provider to the Customer including any Customer configuration documentation. Subject to the limited rights expressly granted hereunder, the SaaS Provider reserves all rights, title and interest in and to the platform (and any enhancements, modifications, or derivative works thereof), including all related Intellectual Property Rights.
    3. The Customer grants to the SaaS Provider a non-exclusive, royalty free, non-transferable and revocable license to use any of the Customer’s Data and Intellectual Property Rights including any Pre-Existing Material as reasonably required for the SaaS Provider to: (a) to supply the Services including to enable the Customer, its Personnel and any Authorised Users to access and use the Services; (b) for diagnostic purposes; (c) to test, enhance and otherwise modify the Services whether requested by the Customer or not; however, the SaaS Provider warrants that such modifications are for the benefit of the Customer too; and (d) as reasonably required for the performance of the SaaS Provider’s obligations under this Agreement. The SaaS Provider shall also have a royalty-free, worldwide, transferable, sublicensable, irrevocable, perpetual license to use or incorporate into its products and services any suggestions, enhancement requests, recommendations or other feedback provided by Customer or its Authorised Users relating to the provision of the Services.
  9. Warranties And Disclaimers
    1. Each Party represents and warrants to each other that: (a) it has full legal capacity and power to enter into this Agreement, to perform its obligations under this Agreement to carry out the transactions contemplated by this Agreement, to own its property and assets and to carry on its business; (b) no Insolvency Event has occurred in respect of it; (c) this Agreement constitutes legal, valid and binding obligations, enforceable in accordance with its terms; and (d) the execution and performance by it of this Agreement and each transaction contemplated by it does not conflict with any law, order, judgment, rule or regulation applicable to it or any document binding on it.
    2. For the duration of a subscription to the Services, the SaaS Provider warrants that the Services, when used as permitted by the SaaS Provider and in accordance with the Documentation, will operate substantially as described in the Documentation. The SaaS Provider does not warrant or guarantee the performance, quality, or reliability of any Supplier or the accuracy of any information provided by the Supplier through the platform. The Customer acknowledges that all transactions, communications, and contracts formed between the Customer and any Supplier are entirely independent of the SaaS Provider.
    3. The SaaS Provider is not responsible for, and shall have no liability whatsoever in respect of, any disputes, claims, losses, non-performance, product defects, delays, misrepresentations, or other issues arising from the Customer’s interactions or contractual relationships with any Supplier. The Customer is solely responsible for verifying and assessing the credentials, suitability, reliability, and capabilities of any Supplier before entering into any agreement or transaction. The Customer acknowledges that any information provided by a Supplier on the platform is supplied by the Supplier alone, and the SaaS Provider does not validate, endorse, warrant, or guarantee such information or the performance of any Supplier.
    4. The Customer acknowledges and agrees that: (a) the SaaS Services are provided “as is” and that its provision will not be uninterrupted or error free; (b) the SaaS Provider does not make any representation regarding (i) results or use in terms of correctness, accuracy, reliability, or risk of injury, except as expressly set out in this Agreement, (ii) the Services will be endeavoured to be performed in the manner expected by the Customer or (iii) the Services will be endeavoured to be met by the SaaS Provider of the requirements of the Customer; (c) any collation, conversion and analysis of Data performed as part of the Services may be subject to human input and/or machine errors, omissions, that may lead to delays and losses including but not limited to any loss of Data. The SaaS Provider is not liable for any such errors, omissions, delays or losses. The Customer acknowledges and agrees it is responsible for adopting its own measures to limit the impact of such loss and errors where reasonably practicable.
    5. The Customer agrees that, to the maximum extent permitted by the law, this Agreement excludes all terms, conditions and warranties implied by statute, in fact or on any other basis, except to the extent such terms, conditions and warranties are fully expressed in this Agreement.
  10. Indemnity
    1. Each Party is liable for the acts and omissions of all its Personnel as if they were done by said Party.
    2. The SaaS Provider shall defend and indemnify the Customer against any third-party claim that the Services infringe that party’s registered intellectual-property rights, provided that Customer promptly notifies SaaS Provider and allows control of the defence. SaaS Provider shall have no liability where the alleged infringement arises from Customer Data, configuration, or combination with non-SaaS Provider products.
    3. If the Services become, or in the SaaS Provider’s opinion are likely to become, the subject of an infringement claim, the SaaS Provider may, at its option and expense, either: (i) procure for the Customer the right to continue using the relevant Services; (ii) replace or modify the Services so that they become non-infringing; or (iii) terminate the agreement as to the infringing Services and refund the Customer any unused, prepaid Fees for the infringing Services after the date of termination. This Clause states the SaaS Provider’s entire liability and the Customer’s exclusive remedy for any claims of infringement or misappropriation.
    4. Customer will defend and indemnify the SaaS Provider against any third-party claim alleging any unauthorised or unlawful receipt, processing, transmission or storage of personal data by SaaS Provider in the performance of its obligations as permitted under this Agreement, resulting from breach of the Customer’s obligations regarding such data.
    5. Each indemnity in this Agreement is a continuing obligation that is separate and independent from the other obligations of the Parties under this Agreement. A Party is not obliged to take any action, or incur any expense, before enforcing any indemnity under this Agreement.
  11. Limitation of Liability
    1. The SaaS Provider’s maximum aggregate Liability arising from or in connection with this Agreement (including the Services or the subject matter of this Agreement), whether in contract or tort or under any other theory of liability, will be limited to, and shall not exceed, the total amount of Fees paid or payable by Customer to SaaS Provider in the twelve (12) months leading up to the event giving rise to the claim or the Customer’s actual damages, whichever is lower.
    2. the SaaS Provider will not be liable to the Customer under or in connection with this Agreement, whether in contract, in tort (including negligence), for breach of statutory duty, or otherwise, for; (a) loss of revenue or profits; (b) loss of turnover; (c) loss of sales or business; (d) loss of anticipated savings; (e) loss of or damage to goodwill; (f) error or interruption of use, loss or inaccuracy or corruption of data; or (g) any indirect, punitive, exemplary special or consequential losses, in each case whether or not the SaaS Provider had been advised of the possibility of such damages.
    3. Nothing in this Agreement shall limit either Party’s liability: (a) with respect to a Party’s indemnification obligations set forth herein; (b) for anything which cannot be excluded or limited by applicable law, including fraud or criminal conduct; or death or personal injury.
  12. Term and Autorenewal
    1. The Term of this Agreement takes effect on and from the Effective Date and continues for the Initial Term, if specified, and any Renewal Term, or otherwise continues under the same terms, unless this Agreement is terminated earlier in accordance with the terms of this Agreement.
    2. For monthly subscriptions, this Agreement shall automatically renew for successive one-month billing terms unless either Party gives the other no less than thirty (30) days’ written notice of non-renewal prior to the commencement of the next billing term. Termination will take effect at the end of the monthly billing term following receipt of the required written notice.
    3. For annual subscriptions, this Agreement shall automatically renew for successive twelve-month billing terms unless either Party gives the other no less than ninety (90) days’ written notice of non-renewal prior to the commencement of the next annual billing term. Termination will take effect at the end of the annual billing term following receipt of the required written notice.
  13. Termination
    1. Either Party, without prejudice to its other rights or remedies, may terminate this Agreement with immediate effect, by written notice to the other Party if: (a) that Party breaches a material provision of this Agreement, which is either incapable of remedy, or where it is capable of remedy, is not remedied within thirty (30) days of receipt of written notice requiring it to do so; and/or (b) that Party suffers an Insolvency Event.
    2. The SaaS Provider may terminate this Agreement immediately by giving written notice to the Customer where: (a) the Customer undergoes a Change of Control to a competitor of the SaaS Provider as determined by the SaaS Provider.
    3. Either Party may serve notice to the other in writing of no less than ninety (90) days without prejudice and for reasons of convenience; such notice shall not be deemed to waive any right or remedy reserved to either Party, nor shall such termination waive any obligations applicable to either Party in the conduct or performance of this Agreement prior to such termination. In the event of termination under this Clause, any Fees payable by the Customer to the end of the relevant subscription term shall be non-refundable, or immediately payable, as the case may be.
    4. Any provisions that are by their nature intended to survive termination of this Agreement will continue to survive following termination. The expiry or termination of this Agreement for any reason will be without prejudice to any rights or liabilities which have accrued prior to the date of expiry or termination of this Agreement.
  14. Events Following Termination
    1. Upon termination of this Agreement, the SaaS Provider will: (a) immediately stop performing the Services; (b) the Customer will no longer have access to the Services; (c) immediately stop placing orders for supplies or services required in connection with the performance of the Services; (d) delete all property, including Confidential Information, Intellectual Property and Data in its possession that belongs to the Customer, excluding Customer Data, which the Customer may download or export from the platform in accordance with the terms hereof.
    2. Upon termination of this Agreement, the Customer will immediately: (a) cease and desist from any use of the Services; (b) return to the SaaS Provider or delete (where requested by the SaaS Provider which will have the same meaning as destroy) all property, including Confidential Information and Intellectual Property, in its possession that belongs to the SaaS Provider; (d) pay the Fees for all Services due and payable.
  15. General Provisions
    1. Relationship of Parties. This Agreement is not intended to create a partnership, joint venture or agency relationship between the Parties. Nothing in this Agreement gives a Party authority to bind any other Party in any way.
    2. Third party rights. A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 or any similar regional/territorial law to enforce any term of this Agreement.
    3. A notice or other communication given under this Agreement must be: (a) in writing, in English and (if posted) signed by the sender; and (b) addressed and delivered to the intended recipient either by hand, prepaid post, through the Customer’s account settings within the platform, or email, each in accordance with the notice details last notified by the recipient to the Parties. The Customer’s notice details are set out in the Customer’s account. The SaaS Provider’s notice details are set out on the Site. A Party may change its notice details by written notice to the other Party, which, for the Customer, is by updating their Account, and for SaaS Provider, is by updating the Site.  A notice or communication is taken as having been given: (a) when left at a Party’s current address for notices; (b) if mailed by tracked or signed-for postal service, on the third Business Day after posting (if delivered to an address within the same country) or on the tenth Business Day after posting (if delivered to an address within another country); or  (c) if sent through the Customer’s account settings within the platform or by email, if sent before 5 pm UK time on a Business Day then on the Business Day when it is sent, otherwise on the following Business Day.
    4. Any failure or delay by a Party in exercising a power or right (either wholly or partially) in relation to this Agreement does not operate as a waiver or prevent that Party from exercising that power or right or any other power or right.  A waiver must be in writing.
    5. If a provision of this Agreement is held to be void, invalid, illegal or unenforceable, that provision must be read down as narrowly as necessary to allow it to be valid or enforceable. If it is not possible to read down a provision (in whole or in part), that provision (or that part of that provision) is severed from this Agreement without affecting the validity or enforceability of the remainder of that provision or the other provisions in this Agreement.
    6. Third Party Services. The Services may interoperate with, access, or rely upon third-party services, data sources, or APIs. The SaaS Provider does not control such third-party services and makes no representation or warranty regarding their availability, accuracy, reliability, or performance. Any failure, unavailability, modification, or discontinuation of a third-party service may impact the functionality of the Services. The SaaS Provider shall not be liable for any loss, damage, delay, unavailability or outage, or any interruption arising from or relating to any such third-party service. Where the Services include an integration or API connection that is built, provided, or enabled by the SaaS Provider, the SaaS Provider is responsible for ensuring that its implementation of that integration or API operates materially as described in the Documentation.
    7. Third Party Sites. The Services may contain links to third-party web sites or services that are not owned or controlled by the SaaS Provider. The SaaS Provider has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third-party web sites or services. The Customer further acknowledges and agrees that the SaaS Provider shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
    8. The Parties agree the SaaS Provider may engage subcontractors to perform the Services on its behalf.
    9. Assignment, Change of Control and Novation. The Customer may not assign, transfer, or novate this Agreement or otherwise deal with all or any of its rights or obligations under this Agreement without the prior written consent of SaaS Provider, such consent not to be unreasonably withheld or delayed. The SaaS Provider may assign, transfer, or novate this Agreement (including any Customer subscriptions), in whole or in part, to: (a) any Affiliate; (b) any successor entity resulting from a merger, acquisition, corporate reorganisation, or change of control; or (c) any purchaser of all or substantially all of the SaaS Provider’s business or assets related to this Agreement, in each case without requiring the Customer’s prior consent, provided that the assignee assumes the SaaS Provider’s obligations under this Agreement. The SaaS Provider shall notify the Customer of any assignment, transfer, or novation hereunder as soon as reasonably practicable following the effective date thereof.
    10. The Parties shall attempt to resolve any dispute arising out of or relating to this Agreement through negotiations between their appointed representatives who shall have the authority to settle such disputes.
    11. Governing law and jurisdiction. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales. The Parties agree that the courts of England and Wales shall have exclusive jurisdiction to settle any such dispute or claim.
    12. Force Majeure. If performance of this Agreement or any obligation under this Agreement is prevented, restricted or interfered with by reasons of Force Majeure and the affected Party unable to carry out its obligations gives the other Party prompt written notice of such event, then the obligations of the affected Party invoking this provision shall be suspended to the extent necessary by such event. The affected Party shall use reasonable efforts under the circumstances to remove such prevention, restriction or interference or to limit the impact of the event on its performance and must continue to perform with reasonable dispatch when the Force Majeure is removed. If the period of delay or non-performance continues for sixty (60) days, the Party not affected may terminate this Agreement by giving seven (7) days’ written notice to the affected Party.
    13. In this Agreement, unless the context otherwise requires:  (a) the singular includes the plural and vice versa; (b) headings are for convenience only and do not affect interpretation; (c) a reference to a clause, paragraph, schedule or annexure is a reference to a clause, paragraph, schedule or annexure, as the case may be, of this Agreement; (d) if any act which must be done under this Agreement is to be done on a day that is not a Business Day then the act must be done on or by the next Business Day; (e) a reference to any legislation or law includes subordinate legislation or law and all amendments, consolidations, replacements or re-enactments from time to time; (f) where a word or phrase is defined, its other grammatical forms have a corresponding meaning; (g) a reference to a natural person includes a body corporate, partnership, joint venture, association, government or statutory body or authority or other legal entity and vice versa; (h) includes and similar words mean includes without limitation; (i) no clause will be interpreted to the disadvantage of a Party merely because that Party drafted the clause or would otherwise benefit from it; (j) a reference to a party to a document includes that party’s executors, administrators, successors, permitted assigns and persons substituted by novation from time to time; (k) a reference to this Agreement or any other document includes the document, all schedules and all annexures as novated, amended, supplemented, varied or replaced from time to time; (l) a reference to a covenant, obligation or agreement of two or more persons binds or benefits them jointly and severally; (m) if a period of time is specified and dates from a given day or the day of an act or event, it is to be calculated exclusive of that day; (n) a reference to time is to local time in England (GMT); and (o) a reference to £ or sterling or GBP refers to British Pounds from time to time.
    14. Independent legal advice. Each Party acknowledges and agrees that it has had an opportunity to read this Agreement, it agrees to its terms and, prior to executing it, it has been provided with the opportunity to seek independent legal advice about its terms.
    15. Costs and expenses. Each Party must pay its own costs and expenses (including legal costs) in connection with the execution of this Agreement and any document relating to it.
    16. Entire agreement. The Agreement contains the entire understanding between the Parties, and supersedes all previous discussions, communications, negotiations, understandings, representations, warranties, commitments and agreements, in respect of its subject matter.
    17. Powers, rights, and remedies. Except as provided in this Agreement or permitted by law, the powers, rights, and remedies of a Party under this Agreement are cumulative and in addition to any other powers, rights and remedies the Party may have.
    18. Consents or approvals. Any consent or approval required from the SaaS Provider under this Agreement may be given or withheld at the SaaS Provider’s sole discretion, unless expressly stated otherwise.
    19. Cumulative Rights. The rights arising out of this Agreement do not exclude any other rights of either Party.
    20. Amendment of Terms. The SaaS Provider reserves the right to modify these Terms at any time. Customers will be notified of any changes at least 30 (thirty) days prior to the changes taking effect by email and/or by displaying a notice within the The updated Terms will become effective immediately after the expiry of the notice period. Continued use of the platform after the updated Terms have come into effect, confirms the Customer’s acceptance of and agreement to be bound by the new version of these Terms.
  16. Definitions

In this Agreement, unless the context otherwise requires:

Additional Costs means any additional costs, expenses, damages or losses suffered or incurred by the SaaS Provider.

Affiliate means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with that party, where control means the ownership, directly or indirectly, of more than fifty percent (50%) of the voting securities or other ownership interest of an entity, or the power to direct or cause the direction of its management and policies, whether by ownership, contract, or otherwise.

Authorised User means the user(s) permitted to use the SaaS Services and the content, including Data, generated by, or the output of, the SaaS Services as a part of the Customer’s services to its customers.

Business Day means a day on which banks are open for general banking business in England, excluding Saturdays, Sundays and public holidays.

Business Hours means 9am to 5pm on a Business Day.

Change of Control occurs in respect of a Party if, after the Effective Date, a person acquires (directly or indirectly): (a) shares in that Party conferring alone or in aggregate 50% or more of the voting or economic interests in that Party on a fully diluted basis;  (b) the power to control the appointment or dismissal of a majority of the directors of that Party; or (c) the capacity to control the financial and operating policies or management of that Party.

Claim means any actual, contingent, present or future claim, demand, action, suit or proceeding for any Liability, restitution, equitable compensation, account, injunctive relief, specific performance or any other remedy of whatever nature and however arising, whether direct or indirect, and whether in contract, tort (including but not limited to negligence) or otherwise.

Confidential Information includes information or documentation which: (a) is disclosed to the recipient in connection with this Agreement (whether before or after the Effective Date); (b) is prepared or produced under or in connection with this Agreement (whether before or after the Effective Date); or (c) relates to: (i) the business, assets or affairs of a Party or any of its Affiliates; (ii) the business, assets or affairs of a company in a group of companies to which the Customer belongs, or any Customer of that company in the group; or (iii) the subject matter of, the terms of and/or any transactions contemplated by this Agreement, in each case whether or not such information or documentation is reduced to a tangible form or marked in writing as “confidential”, and whether it is disclosed to the recipient or received, acquired, overheard or learnt by the recipient in any way whatsoever.

Customer Environment means the computing environment of the Customer including all hardware, software, information technology and telecommunications services and Systems.

Data means all of the information, documents and other data provided by the Customer or their Personnel to the SaaS Provider, any content uploaded by the Customer or Personnel to the SaaS Provider’s Systems or otherwise accessed by the SaaS Provider in providing the Services.

Data Protection Laws means the applicable data protection legislation governing each geographical jurisdiction and, as a minimum observance and where applicable, Regulation (EU) 2016/679 (the General Data Protection Regulation), including as it applies in UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018, together with the UK Data Protection Act 2018 and any regulations made pursuant to it; any other laws and regulations relating to the processing of personal data and privacy which apply to a Party; and, where relevant, the guidance and codes of practice issued by any competent data protection supervisory authority, and any subsequent legislation which may supersede in part or in whole the foregoing.

Documentation means the SaaS Provider’s then current on-line administrator users’ manuals and templates for the Services made generally available by the SaaS Provider on the Site or through the platform.

Fee means the fee set out on the Site for the Customer account.

Force Majeure means any event or circumstances beyond the reasonable control of a Party including any fire, lightning strike, flood, earthquake, natural disaster, sabotage, nuclear contamination, terrorism, war or civil riot that occurs to the extent that it: (a) would be unreasonable to expect the affected Party to have planned for, avoided or minimised the impact of such circumstance by appropriate risk management, disaster recovery or business resumption plan; and (b) results in a Party being unable to perform an obligation under this Agreement on time.

Initial Term means the initial term set out in the Customer account.

Insolvency Event means any event in which a Party (a) becomes unable to pay its debts as they fall due; (b) enters into liquidation, administration, receivership, or any arrangement with its creditors (other than for a solvent restructuring); (c) has a receiver, administrator, or similar officer appointed over any of its assets; or (d) suffers any equivalent or analogous procedure in any jurisdiction.

Intellectual Property Rights means all present and future rights to: (a) copyright; (b) registered or unregistered designs, patents, trademarks; (c) trade, business, company or domain names; (d) know-how, inventions, processes, trade secrets; (e) circuit layouts, databases or source codes; and (f) any similar rights in any part of the world, in each case including any application, or right to apply, for registration of, and any improvements, enhancements or modifications of, the foregoing.

Liability means any expense, charge, cost, liability, loss, damage, claim, demand or proceeding (whether under statute, contract, equity, tort (including negligence), indemnity or otherwise), howsoever arising, whether direct or indirect and/or whether present, unascertained, future or contingent.

Payment Method is by credit card, debit card or by UK Direct Debit.

Personnel means in relation to a Party, any employee, contractor, officer and agent of that Party.

Products means hardware or software.

SaaS Services means the BuyingStation.com Software as a subscription service described on the Site.

Service Level means any service levels set out on the Site.

Services means the SaaS Services to be provided or licensed by the SaaS Provider to the Customer on the terms and conditions set out in this Agreement.

Software means the software used to provide the Services and includes any instructions in hard copy or electronic form and any update, modification or release of any part of that software after this Agreement is entered into by the Parties.

Standard Contractual Clauses means the standard contractual clauses adopted by the European Commission or approved by the UK Secretary of State for the transfer of personal data to third countries.

System means a combination of Products or a combination of Products and services which are integrated and operate together, including a network.

Term means the term of this Agreement as set out in Clause 12.

Variation means a change to the SaaS License after the date of this Agreement.

Variation Fee means any variation to the Fee as a consequence of a Variation.

 

If you have any questions about these Terms of Service, you can contact us here or by sending us an email to support@buyingstation.com.

 

Last Updated: November 2025

Modern Slavery Policy

Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a person’s liberty by another to exploit them for personal or commercial gain. We have a zero-tolerance approach to modern slavery and we are committed to acting ethically and with integrity in all our business dealings and relationships and to implement and enforce effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or our supply chain.

BuyingStation does not meet the statutory threshold that requires an annual Modern Slavery Statement under the Modern Slavery Act 2015. However, we voluntarily adopt this policy as part of our commitment to responsible business conduct, ethical procurement and transparency.

We align our approach with international principles, including the ILO Forced Labour Conventions and the UN Guiding Principles on Business and Human Rights.

We are also committed to ensuring there is transparency in our own business and in our approach to tackling modern slavery throughout our supply chain. We explain standards from all our contractors, suppliers and other business partners. As part of our contracting processes, we include specific prohibitions against the use of forced, compulsory or trafficked labour, or anyone held in slavery or servitude, and we expect that our suppliers will hold their own suppliers to the same high standards.

This policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, agents, contractors, external consultants, third-party representatives and business partners.

We adopt this policy as part of our commitment to good governance, transparency and responsible business conduct. BuyingStation is both an organisation with its own supply chain and a provider of a Procurement Intelligence and Source to Contract platform. As such, we recognise a dual responsibility. To prevent modern slavery within our own operations and suppliers and to support our clients in managing modern slavery risks within their supply chains through the responsible sourcing tools embedded in the BuyingStation platform.

Responsibility for the policy

The CEO has overall responsibility for ensuring this policy complies with our legal and ethical obligations and that all those under our control comply with it

The CEO has primary responsibility for implementing this policy, monitoring its use and effectiveness, dealing with any queries about it and auditing internal control systems and procedures to ensure they are effective in countering modern slavery.

Management at all levels is responsible for ensuring those reporting to them understand and comply with this policy and are given any required training.

Compliance with the policy

This policy applies to:

  • All BuyingStation employees
  • Contractors, consultants and agency personnel
  • Directors and officers
  • Individuals working on our behalf in the UK or internationally
  • Suppliers and business partners who support BuyingStation’s operations

You must ensure that you read, understand and comply with this policy.

Concerns related to the potential breach of this policy should be raise through any of the following channels:

  • Your Line manager
  • The CEO
  • Any Member of the Buying Station Leadership team

You are encouraged to raise concerns about any issue or suspicion of modern slavery in any parts of our business or the supply chains of any supplier tier at the earliest possible stage.

If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of our supply chain constitutes any of the various forms of modern slavery, speak to your line manager or any member of the BuyingStation Leadership team. Your concerns may be raised verbally or in writing.

We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken. We are committed to ensuring no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our own business or in any part of our supply chain.  If you believe you have suffered any detrimental treatment as a result of raising a concern in good faith, you should report this to your line manager, the CEO, or any member of the BuyingStation Leadership Team. Concerns may be raised verbally or in writing. BuyingStation will investigate the matter and take appropriate action.

Due Diligence

The BuyingStation platform enables structured due diligence through:

  • Supplier Minimum Standards Questionnaires, including modern slavery and human rights
  • Mandatory declarations during onboarding
  • Document uploads for policies, audits and certifications
  • Automated reminders for expiring compliance evidence
  • Ongoing supervision workflows, dashboards and audit trails

To reduce the risk of modern slavery in our business and supply chain, we will:

  • Conduct risk-based due diligence on new suppliers and contractors
  • Require suppliers to confirm compliance with the Modern Slavery Act 2015
  • Include compliance clauses in relevant contracts

Indicators of Modern Slavery Risk

Examples of potential warning signs include:

  • Unusually low-priced bids suggesting exploitative labour
  • Withholding of worker passports or identity documents
  • Excessive recruitment fees charged to workers
  • Restrictions on movement or controlled accommodation
  • Dependence on labour brokers or gangmasters
  • Incomplete or inconsistent labour documentation
  • Signs of coercion, intimidation, or forced overtime

Communication and Awareness of Policy

Training on this policy and on the risk our business faces from modern slavery in its supply chain will be given where needed.

Our zero-tolerance approach to modern slavery must be communicated to all suppliers, contractors and business partners at the outset of our business relationship with them and reinforced as appropriate thereafter.

Breaches of this policy

Any employee found to be in breach of this policy may face disciplinary action, up to and including dismissal.

Other individuals and organisations working on our behalf found to have engaged in, failed to prevent, or been unwilling to address concerns of modern slavery may have their contracts terminated.

Monitoring and Review

This policy will be reviewed annually to ensure that it remains compliant with legislation or sooner if there are significant changes. We will monitor supplier compliance and internal practices through reviews within our BuyingStation platform.

Approval and publication

Approved by: K Cooper, CEO
Date: November 2025

Privacy Policy

Introduction

Novo-K Limited (trading as BuyingStation) (collectively referred to as “Novo-K”, “BuyingStation” the “Company”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

1. Important information and who we are

Purpose of this privacy policy

This privacy policy aims to give you information on how we collect and processes your personal data through your use of our websites and our SaaS platform ‘BuyingStation’, including any data you may provide through our websites, when you sign up to our newsletter, when you sign up to the SaaS platform or purchase a product or service or take part in a competition or for any legitimate reasons including (but not exhaustive) for marketing and promotional purposes.

Our websites (www.novo-k.com, www.BuyingStation.comhttps://app.buyingstation.com) are not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Controller and Processor

Novo-K Limited (trading as BuyingStation), a limited company registered in England under 10250341, whose registered address is 1st Floor, 17 Duke’s Ride, Crowthorne, RG45 6LZ acts as controller when we process personal data for our own purposes (such as managing user accounts, billing, administration, analytics, marketing or operating our websites) and as a data processor when we process personal data on behalf of our customers or end users captured when providing our services.

We handle all personal data in accordance with applicable data-protection laws in force from time to time. Please be assured that we only use and disclose personal information as needed to:

  • manage our everyday business needs, such as website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance;
  • provide the products, content or services described in our customer contracts; and
  • improve our products and for quality control, including to create anonymised and aggregated data sets for research and analytics, as permitted by our customer contracts and applicable law.

This privacy policy is issued on behalf of the Novo-K divisions or group companies, so when we mention “Novo-K”, “BuyingStation”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant division within Novo-K responsible for processing your data. If/when applicable, we will let you know which division will be the controller/processor for your data when you purchase a product or service with us.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:

Full name of legal entity: Novo-K Limited
Name of data privacy manager: Kavita Cooper
Email address: support@buyingstation.com
Postal address: 1st floor, 17 Duke’s Ride, Crowthorne, RG45 6LZ

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated December 2025.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, SaaS Platform products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • HR internal recruitment related Data for us includes all relevant and necessary data for the purposes of recruitment only when this requirement applies.
  • Customer Platform Data includes operational and transactional data generated through your use of the SaaS Platform.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

With the exception of the HR internal recruitment related Data for us section above (and described in more detail within Purposes for which we will use your personal data below) we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences (unless required as stated within the above exception as described above within this paragraph).

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you
  • apply for our products or services;
  • create an account on our website;
  • apply for employment with us;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website and SaaS platform, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
  • Technical Data from the following parties:
    • analytics providers;
    • advertising networks;
    • search information providers.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
  • Identity and Contact Data from data brokers or aggregators.
  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

4. How we use your personal data

We will only use your personal data when we have a legal basis for us to do so, such as:

  • Where we need to perform the contract we are about to enter into or have entered into with you or with your company.
  • For closely related purposes, such as payment processing, account management, contract management, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • With your consent (or provided you have not objected, as may be applicable), to respond to requests for information and to provide you with marketing communications.

We also use personal data to operate, support and improve the SaaS platform, including to provide services to the Customer, communicate with authorised users, troubleshoot issues, and enforce our contractual terms.

AI Tools

We use artificial intelligence (AI) tools in limited, controlled and supervised ways to support the efficient operation of BuyingStation and the delivery of our services. AI is not used to make decisions that produce legal or similarly significant effects, and we do not engage in automated decision-making without meaningful human involvement.

All outputs generated by AI tools are reviewed by appropriately qualified members of our team before any action is taken. We may use AI-enabled technologies for purposes such as summarising documentation, identifying key information in contracts, supporting due diligence or anti-money-laundering processes, classifying correspondence, enhancing internal knowledge management, and improving the efficiency and accuracy of research activities. These tools may also assist us in analysing operational data generated through use of the BuyingStation platform. Where AI tools process personal data, we ensure that such processing complies with UK data-protection laws. We do not use AI to profile individuals or create behavioural predictions about users.

Specific purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer
  1. Identity
  2. Contact
 Performance of a contract with you
To process and deliver your order, including:

  1. Manage payments, fees and charges
  2. Collect and recover money owed to us
  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you, which will include:

  1. Notifying you about changes to our terms or privacy policy
  2. Asking you to leave a review or take a survey
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary to comply with a legal obligation
  3. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  1. Identity
  2. Contact
  3. Technical
  1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  2. Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical
 Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
  1. Technical
  2. Usage
 Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about products or services that may be of interest to you
  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
  6. Marketing and Communications
 Necessary for our legitimate interests (to develop our products/services and grow our business)
For HR internal purposes as a candidate (i.e. employment with us)
  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
  6. Marketing and Communications
  7. Details of your qualifications, skills, experience and employment history
  8. Information about your current level of remuneration, including benefit entitlements
  9. Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process
  10. Criminal convictions and offences information as and when relevant
  11. Information about your entitlement to work in the UK
  12. Reference checks
 Necessary for us to process data to take steps at your request prior to entering into a contract with you.

In some cases, we need to process data to ensure that it complies with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.

We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

We may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. It may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. The Company processes such information to carry out its obligations and exercise specific rights in relation to employment.

For some roles, we are obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.

For legitimate reasons your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area for which you may be considered and IT staff if access to the data is necessary for the performance of their roles.

The Company will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The Company will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

We will not use your data for any purpose other than the recruitment exercise for which you have applied.
Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Please contact us at support@buyingstation.com for further information.

Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by contacting us.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchases, service level agreement, product/service experience or other transactions.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out in the table Purposes for which we will use your personal data above.

  • Internal Third Parties as set out in the Glossary.
  • External Third Parties as set out in the Glossary.
  • Specific third parties listed or referenced within this policy document.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We may engage third-party service providers (“Subprocessors”) to process personal data on our behalf in connection with the provision of the SaaS platform. Subprocessors may provide services such as hosting, infrastructure, IT support, software development, analytics, security and customer support.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. National and International transfers

We share your personal data within the Novo-K divisions (group companies). This will also involve transferring your data outside the UK. Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

We will store some of your personal data in the UK. This means that it will be fully protected under the Data Protection Legislation, of which includes the Data Protection Act 2018 (and any subsequent amendments,) and UK GDPR. Please refer to the following link: UK GDPR Guidance and Resources | ICO.

We will store some of your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Transfers of personal data to the EEA from the UK are permitted without additional safeguards.

We may store some or all of your personal data in countries outside of the UK. These are known as “third countries”. We will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK.

We ensure that your personal data is protected under binding corporate rules. Binding corporate rules are a set of common rules which all our group companies are required to follow when processing personal data. For further information, please refer to the Information Commissioner’s Office (ICO website) at the following link: International Data Transfers | ICO.

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

  1. limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
  2. procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the ICO where we are legally required to do so;

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Adequacy regulations: We transfer your personal data only to countries that the UK government has determined provide an adequate level of data protection.
  • Standardised transfer mechanisms: Where adequacy does not apply, we use the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as appropriate.
  • Approved contractual protections: For certain service providers, we enter into contracts incorporating data-protection safeguards required under UK data-protection law to ensure your personal data receives the same level of protection as it does in the UK.

Where required by UK data-protection law, we conduct Transfer Risk Assessments before relying on an international data-transfer mechanism, to ensure that the level of protection for personal data is essentially equivalent to that provided in the UK.

In addition to these legal transfer mechanisms, we implement appropriate technical and organisational measures (including encryption, access controls, and security monitoring) to ensure your personal data remains protected when transferred internationally.

You may contact us if you would like further information about the specific safeguards we rely on for international transfers.

7. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Such measures, include but are not limited to:

  • encryption of data in transit and at rest;
  • multi-factor authentication for administrative access;
  • role-based access control;
  • regular penetration testing and vulnerability assessments;
  • security logging, monitoring and incident response processes; and
  • data-segregation measures for hosted customer environments.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach without undue delay in accordance with applicable data-protection laws and any contractual requirements.

8. Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, recruitment or reporting requirements. We may also retain your personal data for a longer period in the event of a complaint, dispute, investigation, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

With regards to data specific to HR internal recruitment related Data for us purposes, if you are successfully recruited to us, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 (six) years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data: see below under Your legal rights, for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

Please click on the link below to find out more about these rights: Individual Rights – Guidance and Resources | ICO

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us before making changes.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us using the details provided in this privacy policy.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We aim to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated of our progress.

10. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in operating and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests in respect of specific activities by contacting us.

Performance of a Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

THIRD PARTIES

Internal Third Parties

Other companies in the Novo-K divisions/group of companies acting as joint controllers or processors and who are based within the UK and provide IT and system administration services and undertake leadership reporting.

External Third Parties

  • Service providers (acting as processors) who provide IT and system administration services, some of whom are based in India.
  • Professional advisers (acting as processors or joint controllers) including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances.

 

Last Updated: November 2025

ISO Certifications

Our Commitment to Security and Compliance

At BuyingStation, information security is foundational to how we operate. We take our responsibility seriously — not only to protect data, but to do so with integrity, transparency, and alignment with global standards.

We are proud to be certified in the following international management systems:

  • ISO 27001 – Information Security Management System
  • ISO 14001 – Environmental Management System
  • ISO 9001 – Quality Management System

These certifications validate our structured approach to managing information security, quality, and environmental impact.

Technology Overview

This document outlines the underlying technologies used in the BuyingStation platform and includes details of hosting, backup, security, compliance and disaster recovery.

Download the document