GENERAL TERMS AND CONDITIONS FOR SALES OF HOSTED SERVICES

1. Definitions

“Account” means an account enabling a person to access and use the Hosted Services, including both administrator accounts and user accounts;

“Agreement” means this General conditions of Sales for Hosted Services, the Particular Conditions, and any amendment or schedule by writing to be added to the later from time to time;

“Business Day” means any weekday (Mon-Fri) other than a bank or public holiday in France;

“Business Hours” means the hours of 09:00 to 17:00 Paris Time on a Business Day;

“EEA” means the European Economic Area;

“FEES” means the following amounts:

(a) the amounts specified in the Particular Conditions Agreement ;

(b) such amounts as may be agreed in writing by the parties from time to time; and

(c) amounts calculated by multiplying the Provider’s standard time-based charging rates as notified by the Provider to the Customer before the date of the Agreement by the time spent by the Provider’s personnel performing the Services.

“Customer Confidential Information” means:

(a) any information disclosed by the Customer to the Provider at any time before the termination of this Agreement, whether disclosed in writing, orally or otherwise that at the time of disclosure:

(i) was marked as “confidential”; or

(ii) should have been reasonably understood by the Provider to be confidential; and

(b) The Customer Data;

“Customer Data” means all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer including annotated dataset or generated learning models but in this later case only when specified in the Particular Conditions Agreement but excluding models and analytics data relating to the use of the Platform and server log files.

“Customer Personal Data” means any Personal Data that is processed by the Provider on behalf of the Customer in relation to the Agreement, but excluding data with respect to which the Provider is a data controller;

“Data Protection Laws” means all applicable laws relating to the processing of Personal Data including, while it is in force and applicable to Customer Personal Data, the General Data Protection Regulation (GDPR) (EU Directive 95/46/EC);

“Data Transfer” means:

a) a transfer of Customer Personal Data from the Customer to the Provider in order to be Processed by the Platform; or

b) an onward transfer of Customer Personal Data from the Provider to a Subcontracted Processor in order to be Processed by the Platform;

“Documentation” means the videos, tutorials and the FAQ for the Hosted Services made available or delivered by the Provider to the Customer;

“Effective Date” means the date of execution of the Agreement. The Effective Date is the date stipulated in the Financial Provisions of the Particular Conditions Agreement or if not stipulated in the Particular Conditions Agreement the day the Customer is provided with the login details for the Account giving access to the Hosted Services.

“Error” means:

Blocking error: an error which makes the use of the Platform by the Customer impossible. This kind of errors is qualified Critical.

Cumbersome error: an error which makes the use of a feature impossible. This kind of errors is qualified High Priority.

Non-blocking and non-cumbersome error: All the other errors. These errors are qualified Low Priority.

“Force Majeure Event” means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);

“Hosted Services” means Kairntech Platform, as specified in the Hosted Services Specification, which will be made available by the Provider to the Customer as a service via the internet in accordance with the Particular Conditions Agreement will indicate if the Kairntech Platform is provided through a multitenant Infrastructure or a Customer Dedicated Infrastructure.

“Hosted Services Defect” means a defect, error or bug in the Platform having an adverse effect on operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:

(a) any act or omission of the Customer or any person authorized by the Customer to use the Platform or Hosted Services;

(b) any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorized by the Customer;

“Hosted Services Specification” means the specification for the Platform and Hosted Services set out in the Particular Conditions Agreement and in the Documentation;

“Hotfix” means hotfix or patch to any platform software;

“Intellectual Property Rights” means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trademarks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);

“Maintenance Hosted Services” means the general maintenance of the Platform and Hosted Services, and the application of Hotfix, Updates and Upgrades;

“Particular Conditions Agreement” means the agreement signed with the Customer which complete this General Conditions of Sales For Hosted Services and define the hosted service specifications, the financial provisions and contractual notices. Amendments or schedules could be added by writing to the Particular Conditions Agreement from time to time.

“Personal Data” has the meaning given to it in the Data Protection Laws applicable in France from time to time;

“Platform” means the Kairntech Platform managed by the Provider and used by the Provider to provide the Hosted Services, including the application, the machine learning models (including the customer-generated machine learning models on the customer’s data set if not stipulated otherwise in the Particular Conditions Agreement) and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed.

“Processing” means any operation or set of operations which is performed upon Customer Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction performed by the Platform. The terms “process”, “processing” and “processed” will be construed accordingly;

“Schedule” means any schedule attached to the main body of the Agreement;

“Sub processor” means any person appointed by or on behalf of the Provider to Process Personal Data on behalf of the Customer in connection with the Agreement.

“Services” means any services that the Provider provides to the Customer under the Agreement;

“Support Hosted Services” means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;

“Term” means the term of the Agreement, commencing in accordance with Clause 3.1 and ending in accordance with Clause 3.2;

“Update” means a minor version update to any Platform software;

“Upgrade” means a major version upgrade of any Platform software.

The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, Data”, “Personal Data Breach” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly

2. Credit

2.1 This document was created using a template from SEQ Legal.

3. Term

3.1 The Agreement shall come into force upon the Effective Date.

3.2 The Agreement shall continue in force until the Anniversary Date as defined in the Particular Conditions Agreement and the date in article 18 of these General Conditions of sales for Hosted Services.

4. Hosted Services

4.1 On the Effective Date, the Provider shall create an Account for the Customer and shall provide to the Customer login details for that Account.

4.2 The Provider hereby grants to the Customer a worldwide, non-exclusive license to use the Hosted Services by means of a Supported Web Browser for the internal business purposes of the Customer in accordance with the Documentation during the Term.

4.3 The license granted by the Provider to the Customer under Clause 4.2 is subject to the following limitations:

(a) the Hosted Services may only be used by the officers, employees, agents and named subcontractors of the Customer users identified in the Particular Conditions Agreement;

(b) the Hosted Services may only be used by the named users identified in the Particular Conditions Agreement, providing that the Customer may change, add or remove a designated named user in accordance with the procedure set out therein; and

(c) the Hosted Services must not be used at any point in time by more than the number of concurrent users specified in the Particular Conditions Agreement, providing that the Customer may add or remove concurrent user licenses in accordance with the procedure set out therein.

4.4 Except to the extent expressly permitted in the Agreement or required by law on a non-excludable basis, the license granted by the Provider to the Customer under Clause 4.2 is subject to the following prohibitions:

(a) the Customer must not sub-license its right to access and use the Hosted Services;

(b) the Customer must not permit any unauthorized person to access or use the Hosted Services;

(d) the Customer must not republish or redistribute any content or material from the Hosted Services excepted provided by the Agreement in the Particular Conditions Agreement;

(e) the Customer must not make any alteration to the Platform; and

(f) the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or Hosted Services without the prior written consent of the Provider.

4.5 The Customer shall use reasonable endeavors, including reasonable security measures relating to administrator Account access details, to ensure that no unauthorized person may gain access to the Hosted Services using an administrator Account.

4.6 The Provider shall use reasonable endeavors to maintain the availability of the Hosted Services to the Customer but does not guarantee 100% availability.

4.7 For the avoidance of doubt, downtime caused directly or indirectly by any of the following shall not be considered a breach of the Agreement:

(a) a Force Majeure Event;

(b) a fault or failure of the internet or any public telecommunications network;

(d) any breach by the Customer of the Agreement; or

(e) scheduled maintenance carried out in accordance with the Agreement.

4.8 The Customer must comply with Schedule 1 (Acceptable Use Policy) and must ensure that all persons using the Hosted Services with the authority of the Customer or by means of an administrator Account comply with Schedule 1 (Acceptable Use Policy).

4.9 The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services. The Customer will comply with the Particular Conditions Agreement 1.4 Technical Specifications and Requirements.

4.10 The Customer must not use the Hosted Services:

(a) in any way that is unlawful, illegal, fraudulent or harmful; or

(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

4.11 For the avoidance of doubt, the Customer has no right to access the software code including object code, intermediate code and source code of the Platform, either during or after the Term.

4.12 The Provider may suspend the provision of the Hosted Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 30 days written notice, following the amount becoming overdue, of its intention to suspend the Hosted Services on this basis.

5. Maintenance Hosted Services

5.1 The Provider shall provide the Maintenance Hosted Services to the Customer during the Term.

5.2 The Provider shall where practicable give to the Customer at least 10 Business Days’ prior written notice of scheduled Maintenance Hosted Services that are likely to affect the availability of the Hosted Services or are likely to have a material negative impact upon the Hosted Services, without prejudice to the Provider’s other notice obligations under this main body of the Agreement.

5.3 The Provider shall give to the Customer at least 10 Business Days prior written notice of the application of an Upgrade to the Platform.

5.4 The Provider shall give to the Customer written notice of the application of any security Update to the Platform and at least 10 Business Days prior written notice of the application of any non-security Update to the Platform.

5.5 The Provider shall provide the Maintenance Hosted Services in accordance with the standards of skill and care reasonably expected from a leading service provider in the Provider’s industry.

5.6 The Provider may suspend the provision of the Maintenance Hosted Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 30 days written notice, following the amount becoming overdue, of its intention to suspend the Maintenance Hosted Services on this basis.

6. Support Hosted Services

6.1 The Provider shall provide the Support Hosted Services to the Customer during the Term.

6.2 The Provider shall provide the Support Hosted Services in accordance with the standards of skill and care reasonably expected from a leading service provider in the Provider’s industry.

6.3 The Provider shall respond promptly to all requests for Support Hosted Services made by the Customer as defined in Schedule 3 – Service Level Agreement.

6.4 The Provider may suspend the provision of the Support Hosted Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 30 days written notice, following the amount becoming overdue, of its intention to suspend the Support Hosted Services on this basis.

7. Customer Data

7.1 The Customer hereby grants to the Provider a non-exclusive license to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Customer Data to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under the Agreement. The Customer also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, subject to any express restrictions elsewhere in the Agreement.

7.2 The Customer warrants to the Provider that the Customer Data when used by the Provider in accordance with the Agreement will not infringe the Intellectual Property Rights of any person, and will not breach the provisions of any law, statute or regulation, under any French applicable law.

7.3 The Provider shall create a back-up copy of the Customer Data, shall ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 30 days.

7.4 Within the period of 1 Business Day following receipt of a written request from the Customer, the Provider shall use all reasonable endeavors to restore to the Platform the Customer Data stored in any back-up copy created and stored by the Provider in accordance with Clause 7.3. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration.

8. No assignment of Intellectual Property Rights

8.1 Nothing in the Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.

9. Fees

9.1 The Customer shall pay the Fees to the Provider in accordance with the Particular Conditions.

9.2 If the Fees are based in whole or part upon the time spent by the Provider performing Services, the Provider must obtain the Customer’s written consent before performing Services that result in any estimate of time-based Fees given to the Customer being exceeded or any budget for time-based Fees agreed by the parties being exceeded; and unless the Customer agrees otherwise in writing, the Customer shall not be liable to pay to the Provider any Fees in respect of Services performed in breach of this Clause 9.2.

9.3 All amounts stated in or in relation to the Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, which will be added to those amounts and payable by the Customer to the Provider.

9.4 The Provider may elect to vary Fees by giving to the Customer not less than 30 days written notice of the variation on any anniversary of the date of execution of the Agreement providing that no such variation shall result in an aggregate percentage increase in the relevant element of the Charges during the Term that exceeds 3% per annum.

10. Term of Payments

10.1 The Provider shall issue invoices for the Charges to the Customer in advance of the period to which they relate.

10.2 The Customer must pay the Charges to the Provider within the period of 30 days following the issue of an invoice in accordance with this Clause 10.

10.3 The Customer must pay the Fees by bank transfer using such payment details as are notified by the Provider to the Customer from time to time.

10.4 If the Customer does not pay any amount properly due to the Provider under the Agreement, the Provider may charge the Customer interest on the overdue amount at the rate of 8% per annum above the Central European Bank base rate from time to time.

11. Provider’s confidentiality obligations

11.1 The Provider must:

(a) keep the Customer Confidential Information strictly confidential;

(b) not disclose the Customer Confidential Information to any person without the Customer’s prior written consent, and then only under conditions of confidentiality approved in writing by the Customer;

(c) use the same degree of care to protect the confidentiality of the Customer Confidential Information as the Provider uses to protect the Provider’s own confidential information of a similar nature, being at least a reasonable degree of care;

(d) act in good faith at all times in relation to the Customer Confidential Information; and

(e) not use any of the Customer Confidential Information for any purpose other than those in accordance with the Agreement.

11.2 Notwithstanding Clause 11.1, the Provider may disclose the Customer Confidential Information to the Provider’s officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Customer Confidential Information for the performance of their work with respect to the Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Customer Confidential Information.

11.3 This Clause 11 imposes no obligations upon the Provider with respect to Customer Confidential Information that:

(a) is known to the Provider before disclosure under the Agreement and is not subject to any other obligation of confidentiality;

(b) is or becomes publicly known through no act or default of the Provider; or

(c) is obtained by the Provider from a third party in circumstances where the Provider has no reason to believe that there has been a breach of an obligation of confidentiality.

11.4 The restrictions in this Clause 11 do not apply to the extent that any Customer Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of the Provider on any recognized stock exchange.

11.5 The provisions of this Clause 11 shall continue in force for a period of 5 years following the termination of the Agreement, at the end of which period they will cease to have effect.

12. Data protection

12.1 Each party shall comply with the Data Protection Laws with respect to the processing of the Customer Personal Data as defined in Schedule 2, Data Processing.

13. Warranties

13.1 The Provider warrants to the Customer that:

(a) the Provider has the legal right and authority to enter into the Agreement and to perform its obligations under the Agreement;

(b) the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider’s rights and the fulfilment of the Provider’s obligations under the Agreement; and

(c) the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under the Agreement.

13.2 The Provider warrants to the Customer that:

(a) the Platform and Hosted Services will conform in all respects with the Hosted Services Specification defined in the Particular Conditions Agreement;

(b) the Hosted Services will be free from Hosted Services Defects;

(c) the application of Hotfix, Updates and Upgrades to the Platform by the Provider will not introduce any Hosted Services Defects into the Hosted Services;

(d) the Platform will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs; and

(e) the Platform will incorporate security features reflecting the requirements of good industry practice.

13.3 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with the Agreement, will not breach any laws, statutes or regulations applicable under French law.

13.4 The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with the Agreement, will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.

13.5 If the Provider reasonably determines, or any third party alleges, that the use of the Hosted Services by the Customer in accordance with the Agreement infringes any person’s Intellectual Property Rights, the Provider may at its own cost and expense:

(a) modify the Hosted Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or

(b) procure for the Customer the right to use the Hosted Services in accordance with the Agreement.

13.6 The Customer warrants to the Provider that it has the legal right and authority to enter into the Agreement and to perform its obligations under the Agreement.

13.7 All of the parties warranties and representations in respect of the subject matter of the Agreement are expressly set out in the Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Agreement will be implied into the Agreement or any related contract.

14. Acknowledgements and warranty limitations

14.1 The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of the Agreement, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.

14.2 The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of the Agreement, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.

14.3 The Customer acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification defined in the Particular Conditions Agreement; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.

15. Limitations and exclusions of liability

15.1 Nothing in the Agreement will:

(a) limit or exclude any liability for death or personal injury resulting from negligence;

(b) limit or exclude any liability for fraud or fraudulent misrepresentation;

(d) exclude any liabilities that may not be excluded under applicable law.

15.2 The limitations and exclusions of liability set out in this Clause 15 and elsewhere in the Agreement:

(a) are subject to Clause 15.1; and

(b) govern all liabilities arising under the Agreement or relating to the subject matter of the Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in the Agreement.

15.3 Neither party shall be liable to the other party in respect of any losses arising out of a Force Majeure Event.

15.4 Neither party shall be liable to the other party in respect of any loss of profits or anticipated savings.

15.5 Neither party shall be liable to the other party in respect of any loss of revenue or income.

15.6 Neither party shall be liable to the other party in respect of any loss of use or production.

15.7 Neither party shall be liable to the other party in respect of any loss of business, contracts or opportunities.

15.8 Neither party shall be liable to the other party in respect of any loss or corruption of any data, database or software; providing that this Clause 15.8 shall not protect the Provider unless the Provider has fully complied with its obligations under Clause 7.3 and Clause 7.4.

15.9 Neither party shall be liable to the other party in respect of any special, indirect or consequential loss or damage.

15.10 The liability of each party to the other party under the Agreement in respect of any event or series of related events shall not exceed the total amount paid and payable by the Customer to the Provider under the Agreement in the 12 months period preceding the commencement of the event or events.

15.11 The aggregate liability of each party to the other party under the Agreement shall not exceed the total amount paid and payable by the Customer to the Provider under the Agreement.

16. Force Majeure Event

16.1 If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under the Agreement, that obligation will be suspended for the duration of the Force Majeure Event.

16.2 A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under the Agreement, must:

(a) promptly notify the other; and

(b) inform the other of the period for which it is estimated that such failure or delay will continue.

16.3 A party whose performance of its obligations under the Agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

17. Termination

17.1 Either party may terminate the Agreement by giving to the other party at least 30 days’ written notice of termination.

17.2 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if the other party commits a material breach of the Agreement.

17.3 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:

(a) the other party:

(i) is dissolved;

(ii) ceases to conduct all (or substantially all) of its business;

(iii) is or becomes unable to pay its debts as they fall due;

(iv) is or becomes insolvent or is declared insolvent; or

(v) convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;

(b) an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;

(c) an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganization where the resulting entity will assume all the obligations of the other party under the Agreement)

18. Effects of termination

18.1 Upon the termination of the Agreement, all of the provisions of the Agreement shall cease to have effect, save that the following provisions of the Agreement shall survive and continue to have effect in accordance with their express terms or otherwise indefinitely: Clauses 1, 4.11, 8, 11.2, 11.4, 12, 13.1, 13.3, 13.4, 13.5, 13.6, 13.7, 13.8, 13.9, 13.10, 13.11, 13.12, 13.13, 13.14, 13.15, 13.16, 13.17, 15, 18, 22 and 23.

18.2 Except to the extent that the Agreement expressly provides otherwise, the termination of the Agreement shall not affect the accrued rights of either party.

18.3 Within 30 days following the termination of the Agreement for any reason:

(a) the Customer must pay to the Provider any Fees in respect of Hosted Services provided to the Customer and any fees due if considering the Agreement was terminated at the anniversary date as defined in the Particular Conditions Agreement 2) Financial provisions; and

(b) the Provider must refund to the Customer any Fees paid by the Customer to the Provider in respect of Hosted Services that were to be provided to the Customer after the anniversary date as defined in the Particular Conditions Agreement 2) Financial provision,

without prejudice to the parties’ other legal rights.

19. Tacit renewal

NOT APPLICABLE TO THIS CONTRACT

20. Notices

20.1 Any notice from one party to the other party under the Agreement must be given by one of the following methods (using the relevant contact details set out in Part 3 of the Particular Conditions Agreement:

(a) delivered personally or sent by email to Customer or Provider’s contacts as set out in the Particular Conditions Agreement 3) Contractual notices, in which case the notice shall be deemed to be received upon delivery; or

(b) sent by recorded signed-for post, in which case the notice shall be deemed to be received 2 Business Days following posting,

providing that, if the stated time of deemed receipt is not within Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time.

20.2 The addressee and contact details set out in Part 3 of the Particular Conditions Agreement may be updated from time to time by a party giving written notice of the update to the other party in accordance with this Clause 20.

21. Subcontracting

21.1 The Provider must not subcontract any of its obligations under the Agreement without the prior written consent of the Customer, providing that the Customer must not unreasonably withhold or delay the giving of such consent.

21.2 The Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.

21.3 Notwithstanding the provisions of this Clause 20 but subject to any other provision of the Agreement, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.

22. General

22.1 No breach of any provision of the Agreement shall be waived except with the express written consent of the party not in breach.

22.2 If any provision of the Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions of the Agreement will continue in effect. If any unlawful and/or unenforceable provision would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect (unless that would contradict the clear intention of the parties, in which case the entirety of the relevant provision will be deemed to be deleted).

22.3 the Agreement may not be varied except by a written document signed by or on behalf of each of the parties.

22.4 Neither party may without the prior written consent of the other party assign, transfer, charge, license or otherwise deal in or dispose of any contractual rights or obligations under the Agreement.

22.5 the Agreement is made for the benefit of the parties and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to the Agreement are not subject to the consent of any third party.

22.6 Subject to Clause 16.1, the Agreement shall constitute the entire agreement between the parties in relation to the subject matter of the Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.

22.7 the Agreement shall be governed by and construed in accordance with the French Law.

22.8 Any dispute arising in connection with the Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of France,

23. Interpretation

23.1 In the Agreement, a reference to a statute or statutory provision includes a reference to:

(a) that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and

(b) any subordinate legislation made under that statute or statutory provision.

23.2 The Clause headings do not affect the interpretation of the Agreement.

23.3 References in the Agreement to “calendar months” are to the 12 named periods (January, February and so on) into which a year is divided.

23.4 In the Agreement, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

SCHEDULE 1 (ACCEPTABLE USE POLICY)

1. Introduction

1.1 This acceptable use policy (the “Policy“) sets out the rules governing:

(a) the use of [the website at [https://sherpa.kairntech.com], any successor website, and the Hosted Services; and

(b) the transmission, storage and processing of content by the Customer, or by any person on behalf the Customer, using the Hosted Services.

1.2 References in this Policy to “you” are to any customer for the Hosted Services and any individual user of the Hosted Services and “your” should be construed accordingly; and references in this Policy to “us” are to identify Provider and “we” and “our” should be construed accordingly.

1.3 By using the Hosted Services, you agree to the rules set out in this Policy.

1.4 We will ask for your express agreement to the terms of this Policy before you upload or submit any Content or otherwise use the Hosted Services.

2. General usage rules

2.1 You must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or impairment of the availability or accessibility of the Hosted Services.

2.2 You must not use the Hosted Services:

(a) in any way that is unlawful, illegal, fraudulent, deceptive or harmful; or

(b) in connection with any unlawful, illegal, fraudulent, deceptive or harmful purpose or activity.

2.3 You must ensure that all Customer Data complies with the provisions of this Policy.

2.4 You must comply with the Technical specifications and Requirements as mentioned in the Particular Conditions Agreement.

3. Unlawful Content

3.1 Customer Data must not be illegal or unlawful, must not infringe any person’s legal rights, and must not be capable of giving rise to legal action against any person in each case in any jurisdiction and under any applicable law.

3.2 Customer Data, and the use of Customer Data by us in any manner licensed or otherwise authorized by you, must not:

(a) infringe any copyright, moral right, database right, trade mark right, design right, right in passing off, or other intellectual property right;

(b) infringe any right of confidence, right of privacy or right under data protection legislation;

(d) constitute a breach of any contractual obligation owed to any person.

3.3 You must ensure that Customer Data is not and has never been the subject of any threatened or actual legal proceedings or other similar complaint.

4. Graphic material

4.1 Content must be appropriate for all persons who have access to or are likely to access the Customer Data in question.

4.2 Customer data must not depict violence.

5. Factual accuracy

5.1 Statements of fact contained in Customer data and relating to persons (legal or natural) must be true; and statements of opinion contained in Customer Data and relating to persons (legal or natural) must be reasonable, be honestly held and indicate the basis of the opinion.

6. Negligent advice

6.1 Customer Data must not consist of or contain any advice, instructions or other information that may be acted upon and could, if acted upon, cause death, illness or personal injury, damage to property, or any other loss or damage.

7. Etiquette

7.1 Customer Data must not be offensive, deceptive, threatening, abusive, harassing, menacing, hateful, discriminatory or inflammatory.

7.2 Customer Data must not be liable to cause annoyance, inconvenience or needless anxiety.

7.3 You must not use the Hosted Services to send any hostile communication or any communication intended to insult, including such communications directed at a particular person or group of people.

7.4 You must not use the Hosted Services for the purpose of deliberately upsetting or offending others.

8. Marketing and spam

8.1 You must not send any spam or other marketing communications to any person using any email address or other contact details made available through the Hosted Services or that you find using the Hosted Services.

8.4 You must not use the Hosted Services to promote, host or operate any chain letters, Ponzi schemes, pyramid schemes, matrix programs, multi-level marketing schemes, “get rich quick” schemes or similar letters, schemes or programs.

8.5 You must not use the Hosted Services in any way which is liable to result in the blacklisting of any of our IP addresses.

9. Regulated businesses

9.1 You must not use the Hosted Services for any purpose relating to gambling, gaming, betting, lotteries, sweepstakes, prize competitions or any gambling-related activity.

9.2 You must not use the Hosted Services for any purpose relating to the offering for sale, sale or distribution of drugs or pharmaceuticals.

9.3 You must not use the Hosted Services for any purpose relating to the offering for sale, sale or distribution of knives, guns or other weapons.

10. Monitoring

10.1 You acknowledge that we may actively monitor the Customer Data and the use of the Hosted Services.

11. Data mining

11.1 You can conduct systematic or automated data scraping, data mining, data extraction or data harvesting, or other systematic or automated data collection activity, by means of or in relation to the Hosted Services.

12. Hyperlinks

12.1 You must not link to any material using or by means of the Hosted Services that would, if it were made available through the Hosted Services, breach the provisions of this Policy.

13. Harmful software

13.1 The Customer Data must not contain or consist of, and you must not promote, distribute or execute by means of the Hosted Services, any viruses, worms, spyware, adware or other harmful or malicious software, programs, routines, applications or technologies.

13.2 The Customer Data must not contain or consist of, and you must not promote, distribute or execute by means of the Services, any software, programs, routines, applications or technologies that will or may have a material negative effect upon the performance of a computer or introduce material security risks to a computer.

SCHEDULE 2 (DATA PROCESSING)

WHEREAS

(A) The Customer acts as a Data Controller.

(B) The Customer wishes to subcontract certain Hosted Services, which imply Data Transfer and Processing.

(C) The Parties seek to implement a data Processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

(D) The Parties wish to lay down their rights and obligations.

IT IS AGREED AS FOLLOWS:

1. Transfer of data

A) Provider shall comply with all applicable Data Protection Laws for the Transfer of Data; and not Process Customer Personal Data other than on the relevant Customer’s documented instructions.

B) The Customer instructs Provider to Process Customer Personal Data.

2. Provider employees

Provider shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Sub processor who may have access to the Customer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Customer Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Provider, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

3. Security

3.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Provider shall in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

Provider has nominated a Data Protection Officer who can be joined by email at the following email address: RGPD@ kairntech.com

3.2 In assessing the appropriate level of security, Provider shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

4. Subprocessing

4.1 To undertake the hosted services, the Provider will appoint either:

The sub processor requested by the Customer or,
OVH if the Customer let the Provider choose the sub processor.

5. Data subject rights

5.1 Taking into account the nature of the Processing, Provider shall assist the Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under the Data Protection Laws.

5.2 Provider shall:

5.2.1 promptly notify Customer if it receives a request from a Data Subject under any Data Protection Law in respect of Customer Personal Data; and

5.2.2 ensure that it does not respond to that request except on the documented instructions of Customer or as required by Applicable Laws to which the Provider is subject, in which case Provider shall to the extent permitted by Applicable Laws inform Customer of that legal requirement before the Contracted Provider responds to the request.

6. Personal data breach

6.1 Provider shall notify Customer without undue delay upon Provider becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

6.2 Provider shall co-operate with the Customer and take reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

7. Data protection impact assessment

7.1 Prior Consultation Provider shall provide reasonable assistance to the Customer with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Customer reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Customer Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Providers.

8. Deletion or return of customer personal data

8.1 Subject to this section 8 Provider shall promptly and in any event within 10 business days of the date of termination of any Hosted Services involving the Processing of Customer Personal Data (the “Termination Date”), delete and procure the deletion of all copies of those Customer Personal Data.

9. Audit rights

9.1 Subject to this section 9, Provider shall make available to the Customer on request all information necessary to demonstrate compliance with the Agreement, and shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Providers.

9.2 Information and audit rights of the Customer only arise under section 9.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.

10. Data transfer

10.1 The Provider may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the Customer. If personal data processed under the Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.

11. General terms

11.1 Confidentiality. Each Party must keep the Agreement and information it receives about the other Party and its business in connection with the Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:

(a) disclosure is required by law;

(b) the relevant information is already in the public domain.

11.2 Notices. All notices and communications given under the Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the Particular Conditions Agreement or in article 3 of this Schedule 2 or at such other address as notified from time to time by the Parties changing address.

12. Insurance

The Provider undertakes to take out an insurance policy providing coverage for any litigation and any risk covering the risk of fraud or cyber-risk that may affect the Data.

SCHEDULE 3 (SERVICE LEVEL AGREEMENT)

1. Agreement Overview

This Service Level Agreement (“SLA” or “Agreement”) between Kairntech and Customer is for the provisioning of IT services required to support and sustain the Product or service.

This SLA remains valid until superseded by a revised agreement mutually endorsed by the stakeholders.

This SLA outlines the parameters of all IT services covered as they are mutually understood by the primary stakeholders. the Agreement does not supersede current processes and procedures unless explicitly stated herein.

2. Goals & Objectives

The purpose of this SLA is to ensure that the proper elements and commitments are in place to provide consistent IT service support and delivery to the Customer(s) by the Service Provider(s).

The goal of this SLA is to obtain mutual agreement for IT service provision between the Service Provider(s) and Customer(s).

The objectives of the Agreement are to:

Provide clear reference to service ownership, accountability, roles and/or responsibilities.
Present a clear, concise and measurable description of service provision to the customer.
Match perceptions of expected service provision with actual service support & delivery.

3. Stakeholders

The following Service Provider(s) and Customer(s) will be used as the basis of the Agreement and represent the primary stakeholders associated with this SLA:

IT Service Provider(s): Kairntech. (“Provider”)
IT Customer(s): The first Party mentioned in the Particular Conditions for Hosted Services Agreement (“Customer”)

4. Periodic Review

The Agreement is valid from the Effective Date outlined herein and is valid until further notice. the Agreement should be reviewed at a minimum once per fiscal year; however, in lieu of a review during any period specified, the current Agreement will remain in effect.

The Business Relationship Manager (“Document Owner”) is responsible for facilitating regular reviews of this document. Contents of this document may be amended as required, provided mutual agreement is obtained from the primary stakeholders and communicated to all affected parties. The Document Owner will incorporate all subsequent revisions and obtain mutual agreements / approvals as required.

Business Relationship Manager: Kairntech
Review Period: Yearly (12 months)
Next Review Date: Effective date +12 months and following

5. Service Agreement

The following detailed service parameters are the responsibility of the Service Provider in the ongoing support of the Agreement.

5.1 Service Scope

The following Services are covered by the Agreement:

Monitored email support: support@kairntech.com
Emergency assistance in case emergency request coming from email support
Email alert
Weekly system health check
Security controls

5.2 Customer Requirements

Customer responsibilities and/or requirements in support of the Agreement include:

Payment for all support costs at the agreed interval.
Reasonable availability of customer representative(s) when resolving a service-related incident or request.

5.3 Service Provider Requirements

Service Provider responsibilities and/or requirements in support of the Agreement include:

Meeting response times associated with service-related incidents.
Appropriate notification to Customer for all scheduled maintenance.

5.4 Service Assumptions

Assumptions related to in-scope services and/or components include:

Changes to services will be communicated and documented to all stakeholders.

6. Service Management

Effective support of in-scope services is a result of maintaining consistent service levels. The following sections provide relevant details on service availability, monitoring of in-scope services and related components.

6.1 Service Availability

Coverage parameters specific to the service(s) covered in the Agreement are as follows:

Email support: Monitored 9:00 A.M. to 5:00 P.M (Paris Time). Monday – Friday during Business Day
Emails received outside of office hours will be collected, however no action can be guaranteed until the next working day

The Provider guaranty a 98% availability of the platform based on a year of 215 Business Days.

6.2 Service Requests

In support of services outlined in the Agreement, the Service Provider will respond to service-related incidents and/or requests submitted by the Customer within the following time frames:

0-8 hours (during business hours) for issues classified as Critical.
Within 5 working days for issues classified as High Priority.
Next Upgrade for issues classified as Low Priority.

Remote assistance will be provided on-line with the above timescales dependent on the priority of the support request.