Terms of use Blanco Free

These terms of use apply to the use of Blanco Free. Deviations from these terms of use can only be agreed in writing between Blanco and the User. Any general terms and conditions of the User are explicitly rejected and have no application whatsoever.

  1. Definitions
    1. In these terms of use, the following terms have the following meanings:

Blanco Services BV, a private company registered with the Chamber of Commerce under number 64426696.

the documentation that is available online by Blanco with regard to the software

the user of the Software, or the other party.

Receiving Party:
the Party receiving Confidential Information from the Providing Party;

SaaS service:
software as a service’: the service provided by Blanco consisting of making the Software available remotely by electronic means

the free version of Blanco’s client onboarding software called Blanco Free. 

Providing Party:
the Party that has made Confidential Information available to the Receiving Party;

Confidential Information:
any information disclosed by (or on behalf of) Disclosing Party to Receiving Party, provided in any form and by any means, if the nature of that information is confidential or Receiving Party knows or should reasonably be expected to know that the information is confidential, including but not limited to technical and operational data and commercial, financial and legal information. Confidential Information does not include; i) information that at the time of disclosure was already known to Receiving Party other than from the Disclosing Party ii) information which became part of the public domain other than in consequence of unlawful disclosure by Receiving Party, and iii) information that Recipient has developed independently of the information received by Disclosing Party;

  1. License and right of use
    1. For the duration of the SaaS Service, Blanco grants the User a worldwide, non-exclusive right to use the Software via the SaaS Service subject to the terms and conditions of the Terms of Use. The User is not entitled to sell, lease, sub-license, encumber, in any manner and for any purpose, (parts of) its right to use the Software, or to make (parts of) the Software available to a third party or provide remote access to a third party. 
  2. The right of use has the following limitation:
  3. The User can only use Blanco’s client onboarding software, and not other functionalities;
  4. the User can only use the default settings;.
  5. the User receives one account that can be used by one person within the User’s organisation; 
  6. Within the onboarding process, one document can be added for signature; 
  7. The User can go through five onboarding processes per month.
  8. A virtual signature (scribble) can be used for digital signing;
  9. ID via Mitek
  10. The Software comes with a Blanco logo;
  11. The registrations can only be performed by the professional.

If the User wishes to make different agreements about the scope of the right of use, the User must contact Blanco, so that the parties can make further agreements. 

The User is not permitted to copy or otherwise reproduce (parts of) the Software and/​or the SaaS Service, or to make changes to the Software and/​or the SaaS Service. The User is not permitted to decompile the Software, reproduce or translate the source code.

  1. Blanco is authorised, without the User’s prior consent, to make use of third parties for its services and for the development of Software.
  2. The User acknowledges that software is never completely free of defects, errors, bugs and security problems. Knox does not guarantee that the Software is completely free of defects, errors, bugs and security problems.
  3. As part of the SaaS service, Blanco will maintain the Software. If possible, Blanco will inform the User of the scheduled maintenance times.
  4. The right of use ends upon termination of the SaaS Service in accordance with Article 8 of these Terms of Use.

  5. User Responsibilities
    1. The User undertakes to use the Software in accordance with the laws and regulations applicable to it.
  6. The User is not permitted to use the SaaS Service in such a way as to cause damage to the SaaS Service, to the Software, to Blanco and/​or to third parties.
  7. The User will handle the account login details provided by Blanco with care. The login details provided by Blanco are personal and may not be used by other persons (within or outside the User’s organisation).

  8. Intellectual property rights 
    1. The copyright and any other intellectual property rights, as well as similar rights to protect information relating to the Software, belong exclusively to Blanco, its licensor and/​or its suppliers. Nothing in these Terms of Use is intended to transfer such rights in whole or in part. The User acknowledges these rights of Blanco and will refrain from any form of (in)direct infringement of these rights.
  9. The User is not permitted to remove any copyright, trademark, trade name or other intellectual or industrial property rights from the Software.
  10. Blanco may take technical measures to protect the intellectual property of the Software. If Blanco has secured the Software by means of technical protection, the User is not permitted to remove or circumvent this protection.
  11. If, in the unlikely event, it appears that Software licensed by Blanco to the User infringes an intellectual and/​or industrial property right valid in the Netherlands and the User is called to account, the User is obliged to immediately inform Blanco of this in writing. The User will provide Blanco with all copies of all correspondence. The defense against such a legal claim and all negotiations to reach a settlement will be conducted exclusively by Blanco.

  12. Confidentiality
    1. The Receiving Party shall use Confidential Information which is made available to it exclusively for purposes within the scope of the SaaS Service. 
  13. Except with the prior written consent of the Disclosing Party, the Receiving Party shall not make Confidential Information available to third parties, with the exception of third parties engaged by Provider to support the SaaS-service. The Receiving Party shall oblige its personnel and third parties engaged by him, to respect the confidentiality obligations of the Terms of Use. The confidentiality obligation does not apply if the Receiving Party is obliged to disclose the information by virtue of any legal provision, at the request of a supervisor, or in the context of judicial proceedings.
  14. Upon receipt of a written request from the Providing Party, the Receiving Party shall, within a reasonable period of time, destroy and/​or return to the Providing Party all Confidential Information, including personal data. Receiving Party shall not withhold any copy of such material unless the Receiving Party is required by law to do so.
  15. The confidentiality obligations of this article shall survive the termination of the Terms of Use, and remain in force for a period of five years after termination.

  16. User data
    1. The intellectual property rights to the data provided by the User when using the Software belong exclusively to the User. Nothing in these Terms of Use is intended to transfer such rights in whole or in part. 
  17. The User hereby grants Blanco a non-exclusive license, together with the right to sublicense, to use the User’s data to the extent reasonably required for the SaaS Service. 
  18. Without the written consent of the User, the data of the User will not be:
    • used, other than for the purpose of providing the SaaS service
  19. made public or otherwise provided to third parties; or
  20. operated commercially

  1. Processing of personal data
    1. Where Blanco processes personal data in the context of the SaaS service, Blanco will act in accordance with the User’s instructions. Blanco will be a processor within the meaning of the EU General Data Protection Regulation 2016679 and the User will be the data controller. The Data Processing Addendum applies to the processing. 

  2. Duration and termination
    1. The SaaS services are provided for an indefinite period of time. Either Blanco or the User may terminate the SaaS Service at any time by giving written notice, without giving notice, after which the User will no longer be entitled to use the Software. 
  3. After termination of the SaaS service, Blanco gives the User a reasonable period to be able to export any data. 

  4. Liability
    1. Blanco, its suppliers and/​or licensors are not liable for any damage suffered or to be suffered by the User or third parties, of any nature or extent whatsoever, in connection with or arising from the SaaS Service or the failure to perform it.
  5. If and to the extent that Blanco appears to have any liability towards the User, for whatever reason, such liability will be limited to an amount of EUR 5,000 per claim. A series of related claims will be considered as one claim.
  6. The restrictions and exclusions referred to in this article will lapse in the event of intent or willful recklessness on the part of Blanco.
  7. Blanco has no responsibilities under the Terms of Use towards customers of the User or other third parties. The User undertakes to indemnify Blanco against all claims by its contracting parties, which are based directly or indirectly on the fact that Blanco has failed to perform its SaaS service. 

  8. General provisions
    1. These Terms of Use and the agreements resulting from them are governed exclusively by Dutch law. Disputes arising from the SaaS service will be submitted to the competent court in Amsterdam.
  9. Without Blanco’s permission, the User is not authorised to transfer the right of use and/​or the rights or obligations arising from these Terms of Use in whole or in part to third parties. 
  10. If Blanco does not enforce a provision, this does not mean that Blanco waives its right to do so at a later date. 
  11. If a provision is found to be unenforceable, the remaining provisions of the Terms of Use will remain in full force and the unenforceable provision will be replaced by a provision that gives shape to the intention of the original provision as much as legally possible.
  12. Blanco is entitled to revise the Terms of Use from time to time. If Blanco intends to make a change in the Terms of Use, it will notify the User 30 days prior to entry into force by means of an‑ email to the‑ email address that is linked to the account. If the User does not agree to the changes, the User must cancel the SaaS Service before the changes take effect. Notice of termination must be given in accordance with article 8 of the terms and conditions of use.

Data processing Addendum 

This Data Processing Addendum (hereinafter: Addendum), is part of the Terms of Use of Blanco Free.

1. Definitions

In this Addendum, the following terms have the meanings specified below and related terms must be interpreted accordingly:

EU General Data Protection Regulation 2016679; including laws implementing or supplementing the GDPR;

the services and other activities to be performed or performed by or on behalf of the Processor on behalf of the Controller as described in the Terms of Use.

the European Economic Area;

Personal Data

Personal data as referred to in the GDPR, which is processed by the Processor on behalf of the Controller pursuant to or in connection with the Terms of Use;

a person (including a third party and an enterprise affiliated with the Processor but excluding an employee of the Processor) appointed by or on behalf of the Processor or any party affiliated with the Processor to process Personal Data on behalf of the Controller in in connection with the Terms of Use;

The terms Controller”, Data Subject”, Member State”, Personal Data Infringement” and Data Processing” have the same meaning as in the GDPR, and related terms will be interpreted accordingly.

Capitalized terms not otherwise defined herein shall have the meaning given to them in the Terms of Use. 

2. Processing of Personal Data

2.1 The Processor will: 

- comply with the GDPR with regard to the processing of Personal Data; and

- do not process Personal Data other than on the instructions of the Controller, unless the Processing is otherwise required under the GDPR or other applicable legislation, in which case the Processor, to the extent permitted by the GDPR or other applicable legislation, will inform the Controller of the relevant legal obligation prior to the intended Processing of that Personal Data.

2.2. Annex 1 to this Addendum contains information regarding the Processing of Personal Data by the Processor, as required by Article 28 (3) of the GDPR. 

2.3. The Controller is obliged to comply with the applicable legislation applicable to it. In particular, the Controller is obliged to determine whether there is a legitimate basis for the Processing of Personal Data.

2.4. The Processor will not bring Personal Data outside the EEA without the prior written consent of the Controller, unless the transfer is based on an adequacy decision or if the transfer is subject to appropriate precautionary measures as referred to in the GDPR.

3. Personnel of Processor

3.1. The Processor will take reasonable measures to guarantee the reliability of the employees, agents or contractors who may have access to the Personal Data, ensuring in any case that access to the Personal Data is strictly limited to the persons who must have knowledge of/​must have access to the relevant Personal Data if this is necessary for the Services. The persons referred to in this article are subject to confidentiality obligations or professional or legal confidentiality obligations. 

4. Security

4.1. Taking into account the state of the art, the implementation costs, and the nature, scope, context and purpose of the Processing, as well as the likelihood and seriousness of the risks to the rights and freedoms of natural persons associated with the Processing, the Processor shall implement appropriate technical and organizational measures with regard to the Personal Data to ensure a level of security appropriate for that risk.

5. Sub-processing

5.1. The Controller authorizes the Processor to appoint Sub-processors in accordance with this article 5 and allows any Sub-processor that has been appointed in accordance with this article 5 to appoint a Sub-processor that is also appointed in accordance with this article 5.

5.2. The Processor must notify the Processing Controller in advance in writing of the appointment of a new Sub-processor, including all details of the Processing performed by the Sub-processor. If the Controller does not agree with the changes, the Controller must terminate the Terms of Use before the changes take effect. Cancellation must take place in accordance with article 8 of the Terms of Use.

5.3. With regard to each Sub-processor, the Processor will:

- before the Sub-processor first processes Personal Data, perform an adequate investigation to ensure that the Sub-processor is able to offer the level of protection with regard to Personal Data as required on the basis of this Addendum;

- ensure that the agreements between the Processor on the one hand and the Sub-processor on the other are laid down in a written agreement with conditions that offer at least the same level of protection with regard to the Personal Data as set out in this Addendum and that meet the requirements of Article 28 (3) from the GDPR;

- at the request of the Controller, provide the Controller with copies of the agreements between the Processor and the Sub-processor (which copies can be modified to hide confidential commercial agreements that are not relevant to this Addendum) for assessment by the Controller.

6. Rights of Data Subject

6.1. Taking into account the nature of the Processing, the Processor will assist the Controller as far as possible, in fulfilling his duty with regard to requests of the Data Subject to exercise rights as set out in the GDPR. 

7. Infringement with regard to personal data

7.1. The Processor will immediately inform the Controller if the Processor or a Sub-processor is aware of a Personal Data Infringement, whereby the Controller receives sufficient information to enable the Controller to comply with any obligation to inform the Data Subject(s) and/​or the supervisory authorities of the Personal Data Infringement in accordance with the GDPR.

8. Removal or return of Personal Data

8.1. With due observance of this article, the Processor will immediately and in any case within 30 (thirty) calendar days after the date of termination of the Services with regard to the processing of Personal Data (the End Date”), remove all copies of the Personal Data or take care of it for removal.

8.2. With due observance of Article 8.3, the Controller may, at his own discretion, require a written notification of the Processor within 30 (thirty) calendar days after the End Date that he; (a) returns a full copy of all Personal Data to the Controller through a secure file transfer in a format that is reasonably requested by the Controller; and (b) removes and ensures the removal of all other copies of Personal Data processed by the Processor. The Processor must comply with such a written request within 30 (thirty) calendar days after the End Date.

8.3. The Processor may store Personal Data to the extent required by any law and only to the extent and for the period required by this law(s) and always provided that the Processor guarantees the confidentiality of all such Personal Data and ensures that the Personal Data only be processed as necessary for the purpose specified in the law that requires the retention of the Personal Data and for no other purpose.

9. Audit

9.1. With due observance of this article, the Processor will, upon request, make all information necessary to demonstrate that this Addendum has been complied with available to the Controller, and will allow and contribute to audits, including inspections, by the Controller or by an authorized representative of the Controller. Audits take place in consultation between the Processor and the Controller.

9.2. The costs of an audit as referred to in Article 9.1 are borne by the Controller.

10. Liability

10.1. The Processor is only liable for the damage caused by the Processor if the Processor has not complied with the obligations specifically addressed to processors in the GDPR or has acted outside or contrary to the lawful instructions of the Controller.

10.2. The Processor is exempt from liability on the basis of Article 10.1 if it proves that it is in no way responsible for the event that caused the damage. 

10.3. Where more than one processor is involved in the same Processing and where they are, under paragraphs 2 and 3 of article 82 of the GDPR, responsible for any damage caused by Processing, each processor shall be held liable for the entire damage in order to ensure effective compensation of the Data Subject. 

10.4. Where the Processor paid full compensation for the damage suffered in accordance with article 10.3, the Processor may recover from other processors involved in the Processing the part of the compensation corresponding to their part of the liability for the damage, in accordance with the provisions of article 82 of the GDPR

11. General

11.1. This Addendum is governed by Dutch law.

11.2. All disputes arising between the Parties in connection with and/​or arising from this Addendum will be submitted to the competent Dutch court in Amsterdam.

11.3. The Controller may propose other variations to this Addendum that the Controller considers reasonably necessary to address the requirements of the GDPR. The Parties shall immediately discuss the proposed changes and negotiate in good faith to agree and implement those or alternative variants designed to meet the requirements set out by the Controller as soon as reasonably practicable.


This Annex 1 contains certain details of the Processing of Personal Data, as prescribed on the grounds of Article 28(3) of the GDPR.

Subject matter and duration of the Processing of Personal Data

The subject matter and duration of the Personal Data Processing are set out in the Terms of Use and this Addendum. 

The nature and purpose of the Processing of Personal Data

The Processing of Personal Data by the Processor takes place in accordance with the Terms of Use and this Addendum. 

The types of Personal Data to be Processed

Pursuant to the Terms of Use and this Addendum, the Processor processes the following types of Personal Data, among others: 

  • Name and address data;
  • (IBAN) account number;
  • Copy of the passport (number)/identity card (number) and other identification data;
  • Data to be collected by the Controller in accordance with a statutory provision; 
  • Other (related) data that Processor receives from Controller for Processing.

The categories of Data Subjects to which the Personal Data relates

Processor processes Personal data of Controller and customers of Controller. 

The rights and responsibilities of Controller

The rights and responsibilities of Controller are set out in the Terms of Use and this Addendum.