Effective date: December 1, 2025
Last updated: December 8, 2025
These terms and conditions (the "Terms") govern access to and use of the Pimlico XHS™ software-as-a-service platform, any related websites, APIs and interfaces, and any content, reports and deliverables made available through them (together, the "XHS™ Service").
The XHS™ Service is provided by Pimlico Solutions Ltd., a company registered in England and Wales under company number 16505294, with its registered office at 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ ("Pimlico", "we", "us", "our").
These Terms are intended for business users only. By (i) signing an order form, statement of work or similar document that references these Terms (an "Order Form"), (ii) clicking "accept", "sign up" or a similar button, or (iii) accessing or using the XHS™ Service, you confirm that you are acting in the course of your trade, business or profession and agree to be bound by these Terms. If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity; in that case, "Customer", "you" and "your" refer to that entity.
Any terms or conditions you send to us (including on a purchase order, in a vendor portal or via email) are expressly rejected and shall have no effect unless expressly agreed in writing and signed by Pimlico.
In these Terms:
XHS™ is a subscription-based platform providing regulatory and market intelligence, workflow tools and analytical functionality. The precise modules, features, usage limits and Authorised User numbers purchased by Customer are set out in the applicable Order Form or Online Order and any accompanying service description.
Customer may access the XHS™ Copilot via web interfaces, APIs, agents, integrations or other methods described in the Documentation.
Customer acknowledges that the XHS™ Service (including any XHS™ Copilot features) uses artificial intelligence and related techniques to assist with searching, analysing and presenting information. While Pimlico aims to provide high-quality outputs, the XHS™ Service is intended as a decision-support tool and does not replace Customer's own judgement or the need for independent professional advice.
The Materials and outputs of the XHS™ Service are provided for general information only and do not constitute legal, financial, regulatory, tax or other professional advice. Customer remains responsible for assessing whether any output is appropriate for its purposes, and for verifying information that is important to its business before relying on it or acting on it.
Unless expressly stated otherwise in an Order Form:
Where Customer is a Beta Customer:
Pimlico will notify the Beta Customer when the relevant functionality moves to General Release. From the effective date of General Release, the charging of AI Credit Usage Fees will commence or continue in accordance with clause 8 and the applicable Order Form.
Customer warrants that it is entering into these Terms in the course of its trade, business or profession and not as a consumer, and that it is acquiring the XHS™ Service solely for business and not for private or domestic use.
Customer represents and warrants that:
Customer warrants that all information it provides to Pimlico (including in any Order Form, Online Order, vendor set-up process or subsequent update) is true, accurate and complete, and will promptly update such information if it changes. This includes, without limitation:
Customer is responsible for ensuring that its nominated contacts have the necessary authority to give instructions to Pimlico in relation to the Services.
Customer is responsible for:
Customer is responsible for:
Customer shall promptly notify Pimlico if it becomes aware of any unauthorised access to the XHS™ Service, misuse of credentials or other security incident relating to its accounts.
If Customer permits contractors, advisers or other third parties to act as Authorised Users, Customer remains responsible for their acts and omissions as if they were Customer's own employees and shall ensure that any such third parties use the XHS™ Service only for Customer's internal business purposes and in accordance with these Terms.
Services may be ordered:
In case of conflict or inconsistency, the following order of precedence applies:
Where Customer or its personnel access any public portion of the Website without an Order Form or Online Order, a Contract is formed when they first access or use those sites, and these Terms apply (mutatis mutandis) to that use.
Once the Contract is formed, Pimlico will issue login credentials for the agreed number and type of Authorised Users or provide access keys for API-based use of the XHS™ Service.
Customer shall:
Pimlico is not liable for any loss or damage arising from unauthorised access to the XHS™ Service resulting from Customer's or its Authorised Users' failure to safeguard credentials.
Customer is solely responsible for procuring and maintaining network connections, hardware, software, browsers and other equipment necessary for accessing the Services. Pimlico is not responsible for any failure to access the Services caused by Customer's systems, connectivity or third-party providers.
Subject to timely payment of all applicable fees and compliance with the Contract, Pimlico grants to Customer, for the Subscription Term, a non-exclusive, non-transferable, non-sublicensable, limited licence to:
Unless expressly stated in the Order Form, Customer's licence is limited to internal business use and does not permit resale, onward provision as a service, or redistribution of Materials to third parties.
Each Authorised User may, for Customer's internal business purposes:
provided that Customer maintains all notices of Pimlico's and third parties' rights and complies with the restrictions in clause 6.3.
Customer shall not (and shall ensure that Authorised Users do not), except to the extent expressly permitted by law and not capable of exclusion by agreement:
Pimlico may suspend or restrict access to the Services (without liability) where it reasonably suspects that the Services are being used in breach of this clause 6.3 or otherwise in a way that may compromise security, integrity or availability.
Customer shall:
As between the parties, Customer retains all rights, title and interest (including IPR) in and to Customer Data. Pimlico acquires no rights to Customer Data except as expressly granted in these Terms.
Customer grants Pimlico a non-exclusive, worldwide, royalty-free licence to host, copy, process, transmit and otherwise use Customer Data:
Pimlico may collect and use (during and after the Subscription Term) aggregated and anonymised data derived from Customer's use of the Services, provided that such data does not identify Customer or any individual. Pimlico may use such data to operate, analyse, improve and develop the XHS™ Service and its business, and may publish high-level statistical information that does not identify Customer.
Customer is solely responsible for the accuracy, quality, legality and appropriateness of Customer Data and for how it uses the outputs of the XHS™ Service. Pimlico has no obligation to monitor Customer Data but may remove or disable access to Customer Data that it reasonably believes to be unlawful, in breach of these Terms or otherwise likely to give rise to liability.
Fees for the Services are set out in the Order Form, Online Order or applicable plan description and, unless stated otherwise, are:
Where Customer exceeds any agreed usage parameters or AI Credit Allowance, Pimlico may charge additional fees at the overage rates set out in the Order Form or otherwise notified to Customer.
Unless the Order Form states otherwise:
Unless the Order Form expressly states different billing terms:
AI Credits are used to measure Customer's usage of AI-powered functionality within the XHS™ Copilot. Unless the Order Form states otherwise:
For Beta Customers, during the Beta Period:
From the earlier of (a) the end of the Beta Period or (b) the applicable General Release date notified by Pimlico, AI Credit Usage Fees and overage charges will become payable in accordance with the Order Form and this clause 8.4.
If the Customer upgrades its plan, adds modules or increases the number of Authorised Users or other billable units during a Subscription Term, Pimlico may:
The Customer must ensure that its payment card details remain valid and that sufficient funds are available. If a card payment fails:
Pimlico may, at its discretion, agree to accept payment by invoice and bank transfer for some or all fees, in which case the due date for such invoice(s) shall be as stated on the invoice and interest may accrue under clause 8.7.
Without prejudice to Pimlico's other rights:
The Customer is responsible for all applicable taxes arising out of the Contract, other than Pimlico's own corporation tax. If any withholding or deduction is required by law, the Customer shall increase the amount it pays such that Pimlico receives the full amount it would have received had no withholding or deduction been required.
Pimlico may adjust pricing, including subscription or base fees, AI Credit Allowances and AI Credit Usage Fees, for any renewal Subscription Term by notifying the Customer in writing at least 60 days prior to the end of the then-current Subscription Term. If the Customer does not wish to renew at the updated price, it may choose not to renew in accordance with clause 9.1.
Pimlico reserves the right to deny or suspend access to any Services for which fees and applicable taxes have not been received in cleared funds. Except as expressly stated in these Terms or the Order Form, all fees are non-cancellable and non-refundable, irrespective of actual usage.
The Subscription Term is as stated in the Order Form or Online Order. If no period is stated, the Subscription Term is twelve (12) months from the date the Customer signs the relevant Order Form or completes the Online Order (as applicable).
At the end of each Subscription Term, the subscription will automatically renew for a further Subscription Term of the same length, unless either party gives the other at least 30 days' written notice of non-renewal before the end of the then-current Subscription Term.
Where expressly stated in the Order Form or applicable plan, Customer may terminate a month-to-month or other flexible plan by giving Pimlico at least 30 days' written notice, effective at the end of the then-current billing period. Pre-paid annual or multi-year subscriptions are otherwise non-cancellable except as provided in clauses 9.4 or 10.6.
Either party may terminate the Contract by written notice if the other party:
If Pimlico makes a change to the Services or these Terms that materially and adversely affects Customer's permitted use of the Services, Customer may terminate the Contract by giving written notice before the change takes effect. If Customer terminates under this clause 9.4, Pimlico will refund a pro-rata portion of any pre-paid fees for the unused remainder of the Subscription Term. This is Customer's sole and exclusive remedy for such changes.
Pimlico may suspend or terminate access to the Services immediately on written notice if it reasonably believes that:
On expiry or termination of the Contract for any reason:
Pimlico and its licensors own all right, title and interest (including IPR) in and to:
in each case excluding Customer Data. No ownership rights are transferred to Customer under these Terms; only the limited licences set out herein are granted.
Customer retains ownership of all IPR in Customer Data and any items supplied by Customer to Pimlico. Customer grants Pimlico the licences described in clause 7.3.
Customer shall not use any Pimlico trade marks, logos or branding except as expressly permitted in writing by Pimlico.
If Customer or its Authorised Users provide feedback, ideas or suggestions regarding the XHS™ Service or any other Services (Feedback), Pimlico may use such Feedback without restriction and without obligation to Customer. Customer assigns (or shall procure assignment of) all rights in Feedback to Pimlico to the fullest extent permitted by law.
Pimlico shall defend Customer against any claim by a third party that Customer's authorised use of the XHS™ Service or standard Materials in accordance with these Terms infringes that third party's IPR in the United Kingdom, and shall pay any damages, costs and expenses finally awarded against Customer by a court of competent jurisdiction or agreed in settlement, provided that Customer:
Pimlico shall have no liability under clause 10.5 to the extent the claim arises from:
If a claim is made or threatened, Pimlico may, at its option and expense:
This clause 10.6 states Customer's sole and exclusive remedy in respect of any IPR infringement claim relating to the Services or Materials.
"Confidential Information" means all information disclosed by or on behalf of one party (Disclosing Party) to the other party (Receiving Party) in connection with the Contract that is either marked or identified as confidential or that would reasonably be understood to be confidential given the nature of the information and circumstances of disclosure. Pimlico's Confidential Information includes the Services, Materials, Documentation, pricing and any non-public technical or business information. Customer's Confidential Information includes Customer Data that is not publicly available.
The Receiving Party shall:
The obligations in clause 11.2 do not apply to information that:
The Receiving Party may disclose Confidential Information if required by law, court order or regulatory authority, provided it (where lawful to do so) gives the Disclosing Party reasonable advance notice and co-operates (at the Disclosing Party's expense) in any effort to resist or limit such disclosure.
Unauthorised disclosure or use of Confidential Information may cause irreparable harm. Without prejudice to any other rights or remedies, the Disclosing Party is entitled to seek injunctive or other equitable relief for any breach of this clause 11.
The parties acknowledge that, in providing the XHS™ Service, Pimlico may process personal data on behalf of Customer. Where Pimlico acts as a processor and Customer as controller (as defined in the UK General Data Protection Regulation and the Data Protection Act 2018), the parties shall comply with their respective obligations under applicable data protection laws, and Pimlico shall process personal data only on Customer's documented instructions (unless required otherwise by applicable law).
Where Pimlico processes personal data as a processor on behalf of Customer, the parties agree that the Data Processing Addendum in Schedule 2 (Data Processing Addendum) applies and forms part of the Contract. In the event of any conflict between these Terms and the Data Processing Addendum in relation to the processing of personal data, the Data Processing Addendum shall prevail.
Any personal data provided to Pimlico (including contact details for Authorised Users and Customer representatives) will be handled in accordance with Pimlico's Privacy Policy as updated from time to time and accessible via the XHS™ website. The Privacy Policy describes, among other things, how Pimlico collects and uses personal data as an independent controller for its own business purposes (for example, billing, account management and product improvement).
Pimlico will implement and maintain appropriate technical and organisational measures to protect Customer Data against unauthorised or unlawful processing and against accidental loss, destruction or damage, having regard to the nature of the Services, the information to be protected and the state of technological development.
Without prejudice to Customer's obligations under these Terms:
Customer remains responsible for securing its own networks, devices and systems used to access the XHS™ Service, and for configuring the XHS™ Service and managing Authorised Users and permissions in accordance with its own security, governance and access-control policies.
Pimlico may use Customer Data:
Pimlico will not use Customer Data to train or fine-tune any foundation model or generally-available AI model intended for use by other customers, unless:
The XHS™ Service may record logs, prompts and interaction data for security, audit, troubleshooting and product improvement purposes. Pimlico will retain such data for no longer than is necessary for those purposes, subject to any longer retention required by law.
If Pimlico becomes aware of a personal data breach affecting Customer Data (as defined in applicable data protection laws), Pimlico shall:
in each case to the extent such information is reasonably available to Pimlico and provided that Customer is responsible for assessing whether any regulatory or other notifications are required. Nothing in this clause limits the Parties' respective obligations under the Data Processing Addendum.
Each party warrants that:
Pimlico will provide the Services with reasonable skill and care and in material accordance with the Documentation.
From time to time, Pimlico may make preview, beta or trial features or modules of the XHS™ Copilot (including AI-powered functionality measured in AI Credits) available. Such features are provided "as is" without warranty, may be changed, suspended or withdrawn at any time and are not subject to any service level or support commitments. For Beta Customers, the Beta Period and any waiver of AI Credit Usage Fees are as described in clauses 1 and 8.4. All other Terms continue to apply in full during any beta, pilot or early-access use.
Except as expressly stated in these Terms, and to the fullest extent permitted by law:
Customer warrants that:
Customer acknowledges and agrees that:
Without limiting clauses 13.4 and 15, Pimlico shall have no liability for any loss or damage arising from Customer's or any third party's use of, reliance on, or actions taken in response to, any output generated or delivered by the XHS™ Service, except to the extent that such liability cannot lawfully be excluded and in all cases subject to the limitations set out in clause 15.
Customer shall indemnify and keep indemnified Pimlico from and against all losses, damages, costs (including reasonable legal fees) and expenses arising out of any third-party claim relating to:
Pimlico shall:
Nothing in these Terms limits or excludes either party's liability for:
Subject to clause 15.1, neither party shall be liable to the other (whether in contract, tort, negligence, misrepresentation, restitution or otherwise) for:
in each case arising out of or in connection with the Contract, even if foreseeable.
Subject to clauses 15.1 and 15.2, Pimlico's total aggregate liability to Customer arising out of or in connection with the Contract (whether in contract, tort, negligence, misrepresentation, restitution or otherwise) in any 12-month period shall be limited to the total fees paid by Customer to Pimlico under the Contract in that 12-month period.
Customer acknowledges that:
Customer's sole and exclusive remedy (and Pimlico's entire liability) in respect of any failure to meet the service levels or availability targets described in Schedule 1 (Service Level Agreement) is the award of any applicable service credits in accordance with that Schedule, in each case subject to the exclusions and procedures set out therein and to the overall limitations in this clause 15.
Pimlico may improve, update or modify the XHS™ Service from time to time (including adding, removing or changing features or content), provided that such changes do not materially reduce the overall functionality of the Services purchased by Customer during the then-current Subscription Term. Where Pimlico intends to make a change that would materially reduce such functionality, it will give Customer reasonable prior notice and Customer may exercise its rights under clause 9.4.
Pimlico may amend these Terms from time to time. For existing Customers, material changes will normally take effect from the start of the next renewal Subscription Term, unless a change is required earlier by law, regulation or a regulator. Pimlico will notify Customer of any material change in a reasonable manner (for example by email or via the XHS™ Service interface).
Pimlico may carry out scheduled maintenance which may cause temporary unavailability. Pimlico will use reasonable efforts to schedule such maintenance outside normal business hours and to give advance notice via the XHS™ Service or email.
Pimlico may carry out emergency maintenance without prior notice where necessary to address urgent security or stability issues, and will use reasonable efforts to minimise disruption.
Neither party shall be liable for any delay or failure in performing its obligations (other than payment obligations) to the extent such delay or failure is caused by events beyond its reasonable control, including but not limited to acts of God, natural disasters, epidemics or pandemics, war, terrorism, civil commotion, strikes or other industrial disputes, failure of utilities or telecommunications, or governmental restrictions. The affected party shall use reasonable endeavours to mitigate the effects of such events.
Customer shall comply with all applicable anti-bribery, anti-corruption, sanctions and export control laws, including the UK Bribery Act 2010 and any applicable local laws. Customer shall not use the XHS™ Service in any country or territory, or for the benefit of any individual or entity, in breach of such laws or applicable sanctions.
Customer may not assign, transfer or sub-contract any of its rights or obligations under the Contract without Pimlico's prior written consent (not to be unreasonably withheld). Pimlico may assign or transfer its rights and obligations under the Contract to an Affiliate or in connection with a merger, acquisition or sale of substantially all of its assets relating to the Services.
The Contract is not intended to confer any rights on any third party, and no person other than the parties shall have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms.
Nothing in the Contract is intended to or shall operate to create a partnership, joint venture, agency or employment relationship between the parties. Neither party has authority to bind the other in any way.
The Contract constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements, arrangements and understandings. Each party acknowledges that in entering into the Contract it does not rely on any statement, representation or warranty not set out in the Contract.
If any provision of the Contract is held to be invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision shall be deemed deleted. Any such modification or deletion shall not affect the validity of the remaining provisions.
A failure or delay by either party to exercise any right or remedy under the Contract shall not constitute a waiver of that or any other right or remedy. A waiver of any right or remedy shall be effective only if in writing and signed by the waiving party.
Formal notices under the Contract must be in writing and sent:
Notices sent by post are deemed received two business days after posting within the UK (or five business days if sent internationally). Notices sent by email are deemed received at the time of transmission, provided no delivery failure notice is received.
If you have any questions about these Terms, you may contact Pimlico at contact@pimlicosolutions.com.
The Contract and any dispute or claim arising out of or in connection with it (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales, and the parties submit to the exclusive jurisdiction of the courts of England and Wales.
This Schedule 1 (the "Service Level Agreement" or "SLA") forms part of the Contract between Pimlico and Customer and sets out the service levels and support commitments that apply to the production XHS™ Service, subject to Customer's payment of all applicable fees in accordance with the Contract.
1.1 This SLA applies only to the production instance of the XHS™ Service used by Customer under a paid Subscription Term. It does not apply to:
1.2 If there is any conflict between this SLA and the main body of the Terms, the Terms shall prevail, except that this SLA governs:
1.3 Service credits, where applicable, are not refundable in cash and may only be applied as a discount against future fees for the XHS™ Service. Service credits do not increase or alter the limitations of liability in clause 15 of the Terms.
1.4 Customer's sole and exclusive remedy (and Pimlico's entire liability) in respect of any failure to meet the availability or service levels set out in this SLA is the award of service credits, in accordance with this Schedule and subject to the Contract.
For the purposes of this Schedule:
Service Availability for a Service Month is calculated as:
Service Availability (%) = [(Total minutes in the Service Month - Downtime) / Total minutes in the Service Month] × 100
Pimlico will use commercially reasonable efforts to ensure that Service Availability for the production XHS™ Service is at least 99.5% in each Service Month (the "Availability Commitment").
Service Availability is measured using Pimlico's monitoring systems and, where applicable, third-party monitoring tools designated by Pimlico. Customer agrees that these measurements will be the authoritative source for determining Service Availability and any associated service credits.
Pimlico may perform Planned Maintenance from time to time. Where reasonably practicable, Pimlico will:
Periods of Planned Maintenance are excluded from Downtime and do not reduce Service Availability for the purposes of this SLA.
The following are "Excluded Events" and are not counted as Downtime and do not reduce Service Availability:
If, in a given Service Month, Service Availability for the production XHS™ Service falls below the Availability Commitment, Customer may be eligible for a service credit calculated as a percentage of the Monthly Service Fee for that Service Month, as set out below:
| Service Availability in a Service Month | Service credit (% of Monthly Service Fee) |
|---|---|
| ≥ 99.5% | 0% |
| ≥ 99.0% and < 99.5% | 5% |
| ≥ 98.0% and < 99.0% | 10% |
| < 98.0% | 20% |
The maximum total service credit for any Service Month is 25% of the Monthly Service Fee for that Service Month.
Service credits:
If the Contract ends before service credits have been fully used, any remaining credits shall be forfeited.
To be eligible for a service credit, Customer must submit a written request to Pimlico:
The request must include:
Pimlico will review the request using its monitoring records. If Pimlico determines that Customer is entitled to a service credit, Pimlico will apply the appropriate credit to Customer's next invoice or card charge for the XHS™ Service.
If Customer does not submit a request within the timeframe set out above, Customer waives any right to claim a service credit for the relevant Service Month.
Pimlico will provide support for the production XHS™ Service to Customer's designated contacts:
Support is provided only to Customer's nominated contacts, not to Customer's end users or clients.
Pimlico will categorise support issues it receives, acting reasonably, as follows:
During Business Hours, Pimlico will use commercially reasonable efforts to provide an initial response (acknowledgement and assignment, not necessarily a fix) within the following target times:
Pimlico will keep Customer reasonably informed of progress in resolving issues, but makes no guarantee as to resolution times.
Support under this SLA does not include:
Pimlico may, at its discretion, agree to provide additional support or professional services outside this SLA, which may be subject to additional fees.
6.1 Pimlico may update this SLA from time to time to reflect changes in the XHS™ Service, provided that any such changes will not materially reduce the overall level of service available to Customer during the then-current Subscription Term. Any updated SLA will apply from the start of the next renewal Subscription Term unless a change is required earlier by law or regulation.
6.2 This SLA is subject to, and shall be interpreted in accordance with, the Terms. Capitalised terms used but not defined in this Schedule have the meaning given to them in the Terms.
This Data Processing Addendum (the "DPA") forms part of, and is incorporated into, the Contract between Pimlico and Customer. Capitalised terms used but not defined in this DPA have the meaning given to them in the Terms.
1.1 This DPA applies to the extent Pimlico processes Personal Data on behalf of Customer in the course of providing the XHS™ Service and related Services under the Contract.
1.2 For the purposes of applicable Data Protection Laws:
1.3 The subject-matter, duration, nature and purpose of the processing, the types of Personal Data and categories of data subjects are described in Annex 1 (Processing Details).
In this DPA:
3.1 Pimlico shall process Personal Data only:
3.2 Customer instructs Pimlico to process Personal Data:
3.3 If Pimlico considers that an instruction from Customer infringes Data Protection Laws, Pimlico shall inform Customer without undue delay. Pimlico shall be entitled to suspend the relevant processing until Customer has modified or confirmed the instruction in a manner that does not infringe Data Protection Laws.
4.1 Customer is responsible for:
4.2 Customer shall not instruct Pimlico to process any special categories of data or criminal offence data (as defined in Data Protection Laws) unless expressly agreed in writing.
5.1 Pimlico shall ensure that any person authorised to process Personal Data on its behalf is subject to a duty of confidentiality (whether contractual or statutory) in respect of that processing.
6.1 Pimlico shall implement and maintain appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data, having regard to:
6.2 Pimlico's current technical and organisational measures are described at a high level in the Security Overview or similar documentation made available by Pimlico on request or via the XHS™ website, as updated from time to time. Updates to such documentation will not materially reduce the overall level of protection for Personal Data during the then-current Subscription Term.
7.1 Customer authorises Pimlico to appoint Sub-processors to process Personal Data on its behalf, provided that Pimlico:
7.2 Pimlico shall maintain a list of current Sub-processors for the XHS™ Service and make this available to Customer on request or via the XHS™ website. Pimlico may update this list from time to time.
7.3 Where required by applicable Data Protection Laws, Pimlico shall provide Customer with advance notice of any intended changes concerning the addition or replacement of Sub-processors that process Personal Data. Customer may object to such changes on reasonable data protection grounds by notifying Pimlico in writing within ten (10) Business Days of receiving the notice. If Customer reasonably objects and the parties are unable to agree on an alternative solution within a reasonable period, either party may terminate the affected Services on written notice, without penalty, and Pimlico shall refund any pre-paid fees for the unused portion of the Subscription Term for those Services.
8.1 Pimlico may transfer Personal Data to, and process Personal Data in, countries outside the United Kingdom and/or European Economic Area, provided that such transfers comply with Data Protection Laws.
8.2 Where Personal Data is transferred outside the United Kingdom and/or European Economic Area to a country that is not the subject of an adequacy decision under the applicable Data Protection Laws, Pimlico shall ensure that appropriate safeguards are in place, which may include:
8.3 On request, Pimlico shall provide Customer with reasonable information about the data transfer mechanism relied on for such transfers to the extent not already described in the Security Overview, Privacy Policy or other documentation.
9.1 Taking into account the nature of the processing and the information available to Pimlico, Pimlico shall provide reasonable assistance to Customer, at Customer's cost, to enable Customer to respond to:
9.2 If Pimlico receives a request or communication from a data subject directly that relates to Customer's Personal Data and identifies Customer as the controller, Pimlico shall (where reasonably practicable) notify Customer without undue delay and shall not respond directly to the data subject except:
10.1 Taking into account the nature of the processing and the information available to Pimlico, Pimlico shall provide reasonable assistance to Customer, at Customer's cost, in relation to:
11.1 Pimlico shall notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Personal Data processed on behalf of Customer.
11.2 Such notification shall, where possible, include:
11.3 Pimlico may provide this information in phases as it becomes available. Customer is responsible for determining whether any notifications to supervisory authorities or data subjects are required under Data Protection Laws and for making any such notifications.
12.1 Pimlico shall make available to Customer, on request, such information as is reasonably necessary to demonstrate Pimlico's compliance with its obligations as a processor under Article 28 of the UK GDPR (and any equivalent provisions of other applicable Data Protection Laws), which may include:
12.2 To the extent that the information made available under clause 12.1 is insufficient to demonstrate such compliance, Customer may, no more than once in any twelve (12) month period and on at least thirty (30) days' written notice, carry out (or appoint an independent third party to carry out) a reasonable audit of Pimlico's data processing activities under this DPA, provided that:
13.1 On expiry or termination of the Contract for any reason, Pimlico shall, at Customer's choice and subject to clause 9.6 of the Terms:
in each case to the extent reasonably practicable and within a reasonable period following termination, unless applicable law requires Pimlico to retain certain Personal Data for a longer period.
13.2 Pimlico may retain copies of Personal Data in backup systems for a limited period after deletion from its primary systems. Such data will remain subject to the obligations in this DPA until deleted.
14.1 This DPA shall remain in force for as long as Pimlico processes Personal Data on behalf of Customer under the Contract.
14.2 Termination or expiry of the Contract shall automatically terminate this DPA, without prejudice to any rights or obligations that by their nature should survive (including, without limitation, clauses relating to confidentiality, liability, audit, and return and deletion of Personal Data).
15.1 This DPA is without prejudice to any additional obligations of the parties under Data Protection Laws.
15.2 In the event of any conflict between this DPA and the rest of the Contract in relation to the processing of Personal Data, this DPA shall prevail.
15.3 This DPA is governed by, and shall be construed in accordance with, the same law and jurisdiction provisions as the Contract.
Subject-matter of the processing
Provision of the XHS™ Service and related Services (including XHS™ Copilot and other AI-enabled features), including hosting, storage, analysis, enrichment and delivery of regulatory and market intelligence content, dashboards and reports.
Duration of the processing
For the Subscription Term and any renewal Subscription Terms, and for such additional period as is necessary for backup, archiving and deletion in accordance with the Contract and this DPA.
Nature and purpose of the processing
Types of Personal Data
Depending on how Customer uses the XHS™ Service, this may include:
Customer shall not intentionally include special categories of data or criminal offence data in Customer Data unless expressly agreed in writing.
Categories of data subjects
Pimlico will implement and maintain technical and organisational measures appropriate to the risk, which may include:
Further details of Pimlico's technical and organisational measures are described in the Security Overview or similar documentation made available by Pimlico on request or via the XHS™ website, as updated from time to time. Updates to such documentation will not materially reduce the overall level of protection for Personal Data during the then-current Subscription Term.
© 2026 Pimlico Solutions Ltd. All rights reserved.
Company Number: 16505294
71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ