Affiliate Agreement

Affiliate and Introducer Agreement

Payment Arrangements

ERS shall pay to the introducer a fee for all introduced business which leads to a completed sale within 12 months from the point of the initial introduction. Unless otherwise documented under a separate agreement, the introducer shall be paid as outlined below.

Equity Release Referrals

Completed sale will be determined by ERS having received a payment from the product provider, for business which has been generated from an introduced client. Unless otherwise documented under separate agreement, commission shall be 50% of procuration fees (provider commission) received from a product provider. For the avoidance of doubt this will not be inclusive of any arrangement fees between ERS and the introduced client. Where the client elects to pay “fee only”, only 25% of the “fee only” amount received will be payable. In the event of a customer renegotiating or not paying the arrangement fee between ERS and the client, the introducer fee will be reduced to a maximum of 35% of the total amount received by ERS from the product provider.

Reclaim Arrangements

Should a position arise where a product provider reclaim any commission already paid to the introducer, for whatever reason, then this will be repaid by the introducer to ERS. The introducer hereby fully indemnifies ERS in respect of his/her share of any commission reclaimed.

Responsibility for the Advice

Where a client is introduced to an ERS advised service, we shall take full responsibility for the advice provided by ERS only. This is on the understanding that the introducer must have no involvement in any advice that ERS provide to the introduced client.

Your Obligations

You will co-operate fully in any investigation or complaint concerning ERS involving clients introduced by you to ERS.

Termination

This agreement may be terminated at any time, without penalty, by either party giving notice in writing to that effect to the other. Such termination shall not affect the rights or obligations of either party in respect of business already completed.

Data Protection

The Parties acknowledge that each will act as a separate and independent Data Controller in relation to the Personal Data which they Process. In performing their obligations under the Agreement, the parties shall comply with their respective obligations under applicable Data Protection Laws in respect of their Processing of Personal Data.

“Data Protection Laws” shall mean Directive 95/46/EC as transposed into domestic legislation of each Member State of the European Economic Area and in each case as amended, replaced or superseded from time to time, including without limitation by the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”) and/or other applicable data protection or national/federal or state/provincial/emirate privacy legislation in force, including where applicable, statues, decisions, guidelines, guidance notes and codes of practice, codes of conduct and data protection certification mechanisms issued from time to time by courts, any Supervisory Authority and other applicable authorities;
The terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Process/Processing” and “Special Categories of Personal Data” shall have the same meaning as described in the Data Protection Laws;
“EEA” means the European Economic Area;
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Personal Data transmitted, stored or otherwise Processed;
“Permitted Purposes” means Processing of Personal Data as reasonably necessary for the performance of each Party’s obligations under the Agreement and other ancillary purposes required in the administration of the relationship between the parties, including.
“Supervisory Authority” means:
(a) an independent public authority which is established by a Member State pursuant to Article 51 GDPR; and
(b) any similar regulatory authority responsible for the enforcement of Data Protection Laws;

General Obligations

The Parties acknowledge that each will act as a separate and independent Data Controller in relation to the Personal Data which they Process.
In performing their obligations under the Agreement, the parties shall comply with their respective obligations under applicable Data Protection Laws in respect of their Processing of Personal Data.
In addition, each Party shall:
• take all measures required pursuant to Article 32 of the GDPR to ensure the security of Processing of the Personal Data;
• ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
• not Process Personal Data in a way that is incompatible with the Permitted Purposes;
• not Process the Personal Data for longer than is necessary to carry out the Permitted Purposes (other than to comply with a requirement of EU, Member State or UK applicable laws to which the relevant Party is subject); and
• in the event of a Personal Data Breach, not inform any third party without first obtaining prior written consent from the other Party (the “Receiving Party”), unless notification is required by EU, Member State or UK law to which the notifying Party is subject, in which case the notifying Party shall to the extent permitted by such law inform the Receiving Party of that legal requirement, provide a copy of the proposed notification and consider in good faith any comments made by the Receiving Party before notifying the Personal Data Breach.
To the extent that the Receiving Party:
• requires an explicit consent from the other Party (“the Disclosing Party”) in order for its Processing of the Personal Data to be lawful under Data Protection Law; or
• is required to provide a notice to a Data Subject containing the information required by Articles 12-14 GDPR or applicable Data Protection Law.
the Receiving Party shall provide the Disclosing Party with the wording of such consent or notice, and the Receiving Party shall, at its own cost, provide this to the Data Subject as directed and seek such consent on Receiving Party’s behalf.

Processor Obligations

Insofar as either Party (the “Relevant Processor”) processes Personal Data for the other Party (the “Relevant Controller”) as a Data Processor, in addition to the obligations set out above, the Relevant Processor shall:

• Process the Personal Data solely on the documented instructions of the Relevant Controller, for the Permitted Purposes including with regard to transfers of Personal Data to a third country outside the EU or an international organisation (unless required by EU, Member State or UK law to act without such instructions, in which case the Relevant Processor shall, except where prohibited by law from doing so, inform the Relevant Controller of that legal requirement before Processing);
• be generally authorised to engage another Processor to Process the Personal Data (“Subprocessor”), subject to the Relevant Processor meeting the conditions set out in Article 28 (2) and (4) of the GDPR
• notify the Relevant Controller without undue delay of any Personal Data Breach, and in any event provide such notice within 24 hours of the Relevant Processor becoming aware of the same, such notice to include all information reasonably required by the Relevant Controller to comply with its obligations under the Data Protection Laws;
• assist the Relevant Controller with its obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the Processing and information available to the Relevant Processor;
• cease Processing the Personal Data upon the termination or expiry of the relevant Principal Agreement and at the Relevant Controller’s option, either return or delete all copies of the Personal Data Processed by the Relevant Processor unless (and solely to the extent and for such period as) EU, Member State or UK law requires storage of the Personal Data;
• promptly notify the Relevant Controller of any communication from a Data Subject regarding the Processing of Personal Data, or any other communication (including from a Supervisory Authority) relating to the Relevant Controller’s obligations under the Data Protection Laws in respect of the Personal Data and, taking into account the nature of the Processing, assist the Relevant Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Relevant Controller’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR; and
• make available to the Relevant Controller on request all information necessary to demonstrate compliance with this Addendum and with Article 28 of the GDPR and shall allow for and contribute to audits, including inspections, by the Relevant Controller or an auditor mandated by the Relevant Controller.

International Transfers

• Where either Party (the “Transferring Party”) transfers, or permits the transfer of, Personal Data outside of the European Union, to a country in respect of which no decision of adequacy has been made by the European Commission, the Transferring Party shall ensure that any such transfer of Personal Data is governed by:
• to the extent the Transferring Party is acting as Controller of the Personal Data, the Standard Contractual Clauses (Controllers) (as laid down in Commission decision C(2004) 5271); and
• to the extent the Transferring Party is acting as Processor of the Personal Data: the provisions of the ‘Standard Contractual Clauses (Processors)’ (as laid down in the Commission Decision 2010/87/EU of 5 February 2010).

Click to Call