Licence for use and provision of services A Term and validity of the agreement and payment conditions The minimum term of this agreement will be TWO YEARS and it will be renewed automatically for annual periods, except for in the circumstances indicated in the CANCELLATION section. A.1 Cancellation A.1.1 The agreement may be cancelled in the following circumstances: a) The CLIENT may cancel the agreement by informing the SUPPLIER, with 30 days’ notice before the expiry date of the period contracted in the latest renewal. The cancellation must accredit the identity of the CLIENT and be made in writing to the SUPPLIER. b) Due to serious breach of the contractual obligations by either of the parties. c) Due to a delay in payment of over 3 months. A.1.2 In any case, the cancellation, termination or annulment of the agreement due to reasons beyond the control of the SUPPLIER does not exempt the CLIENT from the payment of the entire contracted annual period. A.1.3 In the event of cancellation, if the CLIENT has SUPPLIER terminals as part of the agreement, clauses C.6 and C.7 (in the Terminals section) will be applicable. A.2 Temporary suspension of services due to non-payment and reactivation A.2.1 In the event of a delay in payment of over 15 calendar days, the SUPPLIER reserves the right to temporarily suspend the service until it receives payment of the sum owed. A.2.2 Once the payment of the sum owed is received, the SUPPLIER shall re-establish the service within a period of 24 hours and shall issue an invoice to the CLIENT including the cost of the suspension and reactivation of the service corresponding to 2 hours of service by a certified technician according to the prices of Robotics S.A. in force at the time. A.3 Availability of data after cancellation A.3.1 There is an open format data file (not owned by the SUPPLIER) including the data on the services provided by the SUPPLIER to the CLIENT. A.3.2 In the event of cancellation and only if the CLIENT is up to date with payments to the SUPPLIER, the SUPPLIER shall provide the CLIENT with said file for a period of 30 calendar days. A.3.3 If the CLIENT is not up to date with payments at the time of the cancellation, the CLIENT will have 30 calendar days to pay the sum owed. The SUPPLIER shall provide the CLIENT with the data file until 30 calendar days from the cancellation of the service have passed. A.3.4 In all cancellation cases, once 30 calendar days have passed the SUPPLIER shall definitively destroy the CLIENT data. The SUPPLIER shall keep the data duly locked, as liabilities could arise from its relationship with the CLIENT. B Notifications The CLIENT expressly accepts that all notifications, communications and information required between it and the SUPPLIER for the provision of the services described herein shall be made, provided that it is permitted by law, by written electronic means, with the only exception being requests for the cancellation of the service or the termination of the agreement. Robotics shall use the email addresses provided by the CLIENT in this agreement to notify of updates, new functionalities, regulations, services, new versions of VisualTime, and developments regarding maintenance plans, events, news and advertising. The CLIENT may cancel this subscription at any time by using the link in the received email. C Terminals C.1 Setup The SUPPLIER shall carry out the setup of the offered terminals, and shall offer support to the CLIENT regarding their use and the legality of the biometric systems, by providing documentation to inform the CLIENT’s staff who will be using said terminals. C.2 Incidents in the use of terminals and/or accessories C.2.1 An incident in the use of terminals and/or accessories is considered to be any situation that impedes the normal use, as described in the manuals, of the terminals and/or accessories for under 10% of the staff registered on said terminal and/or accessory. If these are situations that affect over 10% of staff, they are considered breakdowns. C.2.2 In the event of incidents in the use of terminals and/or accessories, a USER AUTHORISED by the CLIENT must contact the Helpdesk Service of the SUPPLIER to notify it immediately, and any failure or delay in the notification may not be attributed to the SUPPLIER. All the response times indicated in this section take the date of the notification to the Helpdesk Service as their reference date. C.2.3 The SUPPLIER shall resolve the incident in accordance with the conditions set forth in the service level agreement Annex. C.3 Breakdowns in the use of terminals and/or accessories C.3.1 The non-functioning of a terminal and/or accessory for more than 10% of the staff registered on them is considered a breakdown. C.3.2 In the event of breakdowns, a USER AUTHORISED by the CLIENT must contact the SUPPLIER’s Helpdesk Service to notify it immediately, and any failure or delay in the notification may not be attributed to the SUPPLIER. All the response times indicated in this section take the date of the notification to the Helpdesk Service as their reference date. C.3.3 Once the breakdown has been reported, the Helpdesk Service shall rapidly diagnose the breakdown. Once diagnosed, there are three possible courses of action to be decided on by the operator of the SUPPLIER’s Helpdesk Service: a) Problems due to the application of or communications with the VisualTime solution. The terminals and/or accessories of the SUPPLIER ensure the storage of data for at least 1 month. The SUPPLIER shall resolve the breakdown in accordance with the conditions set forth in the service level agreement Annex. b) Physical breakdowns in terminals and/or accessories. The SUPPLIER shall notify the AUTHORISED USER of the two options available, and the AUTHORISED USER will select the most convenient. The options are: b.1) Sending a SUPPLIER technician to check and repair the terminal. The SUPPLIER shall resolve the breakdown in accordance with the conditions set forth in the service level agreement Annex. b.2) The Fast-RMA system, consisting of: i) The urgent sending, on THE SAME DAY or the NEXT WORKING DAY (according to the time of the notification of the incident) of a pre-configured SUPPLIER terminal to the CLIENT, with carriage paid. ii) Upon receipt by the CLIENT, a SUPPLIER technician will provide guidance on the process of replacing the broken terminal with the new one. iii) Once replaced, the CLIENT shall send the broken terminal to the SUPPLIER, using the transport company that the SUPPLIER indicates, with the costs being at the expense of the SUPPLIER. The CLIENT will have 15 calendar days to do this. iv) If 15 calendar days have passed from the receipt of the terminal by the CLIENT and it has still not delivered the broken terminal to the transport company indicated by the SUPPLIER, said terminal will be treated as a terminal not returned in acceptable conditions to the SUPPLIER, and the clauses described in C.7 will be applicable. c) Breakdowns due to causes and/or reasons not due to the terminals and/or accessories and that cannot be resolved by the SUPPLIER. The Helpdesk Service staff shall provide the AUTHORISED USER with all the information and diagnostics that the SUPPLIER has, so that the CLIENT’s staff can carry out its repair. For example, this includes failures in the electricity grid, the use of unauthorised or broken cards, an incorrect access attempt due to lack of authorisation, etc. C.4 Coverage in the event of breakdowns and repairs C.4.1 All costs arising from the repairs of breakdowns within the normal use of the solution are covered: parts, labour and call-out charges. C.4.2 The normal use of the solution is understood to be as described in the terminal manuals, and includes battery and digital biometric readers’ wear and tear. C.4.3 The normal use of the solution does not include, among other uses: a) The misuse of the supplied materials by staff other than SUPPLIER staff. b) Any kind of sabotage. c) Damage caused by incorrect handling by staff other than SUPPLIER staff. d) Causes not related to or external to the materials themselves (fires, floods, excess voltages, excess currents, the installation of defective or poor quality ground connections, radio frequency emissions, magnetic fields, etc.). C.4.4 Costs arising from the repairs of breakdowns not included within the normal use of the solution shall be estimated and billed in accordance with the prices in force at the time. This explicitly includes, but is not limited to, breakdowns due to vandalism, overvoltage or cases in which liquids are discovered inside them. C.5 Data entry service via the Helpdesk during an incident or breakdown C.5.1 The CLIENT has forms to enter clocking-in details for affected staff in the Incident Procedure documents. The CLIENT can also ask the SUPPLIER’s Helpdesk Service to provide it with forms to enter clocking-in details. C.5.2 From the time when the SUPPLIER has been notified of an incident or breakdown, the CLIENT may send said forms completed with the staff and clocking-in time details to the SUPPLIER’s Helpdesk Service by email, indicating the incident or breakdown number, and the SUPPLIER shall enter them in the VisualTime solution. C.5.3 This service is free of charge for incidents and breakdowns that occur during the normal use of the solution, as described in D.4. In other cases, they will be invoiced in accordance with the prices in force of the Helpdesk Operator per part of hour. C.6 Return of terminals and/or accessories in the event of the termination or cancellation of the agreement C.6.1 If either of the parties terminates or cancels the agreement, the CLIENT must return the terminals (including their accessories) that are subject to this agreement to the SUPPLIER within the following 15 calendar days. C.6.2 Any terminals that are not returned within this time period will be considered as terminals not returned to the SUPPLIER or returned in poor condition and the clauses described in C.7 will be applied. C.7 Terminals and/or accessories not returned to the SUPPLIER or returned in poor condition C.7.1 If one or more terminals and/or accessories are not returned within the indicated time periods to the SUPPLIER, the SUPPLIER will invoice for them in accordance with their prices (these are listed below for the most common models). A terminal is understood as returned to the SUPPLIER if it has been delivered to the transport company indicated by the SUPPLIER. C.7.2 If one or more terminals and/or accessories are returned to the SUPPLIER in poor condition, not functioning or with significant marks or scratches, the SUPPLIER may claim up to 100% of the price of said terminals by issuing an invoice. In any case, the SUPPLIER understands that this is used material and shall only claim payment in the event of damage that is not due to the normal use of the solution. The CLIENT may request the opinion of a third-party expert if it does not agree. C.7.3 The price of the mx8 terminals for VisualTime is €1,395; the price of the rx1 terminals for VisualTime is €795; and the price of the rxC terminals for VisualTime is €995. C.8 Miscellaneous provisions C.8.1 The SUPPLIER reserves the right to replace, if necessary, the terminals and/or accessories with others of similar characteristics, always guaranteeing the functionalities that the CLIENT had in the initially contracted models. C.8.2 The CLIENT undertakes to provide access to the identified staff of the SUPPLIER to the locations of the terminals and/or accessories, so that they can check, install, uninstall, repair and/or update them. If the CLIENT delays granting access to the identified staff of the SUPPLIER by over 30 minutes, and there is written notification of this action, the waiting times may be invoiced by the SUPPLIER in accordance with the prices in force per hour for a certified technician. D Licence D.1 Granting D.1.1 The SUPPLIER hereby grants the worldwide right, non-transferable and non-exclusive, to use the VisualTime service, solely for its own internal business use and subject to the conditions of this agreement. D.1.2 All rights not expressly indicated are reserved in favour of the SUPPLIER. D.2 Guarantees The SUPPLIER guarantees that the VisualTime solution will function substantially in accordance with the user documentation and guarantees the functionality itself of the application within its normal use, as described in the user documentation. D.3 Access and audit D.3.1 The SUPPLIER shall provide credentials and access passwords to AUTHORISED USERS, all of them with the access levels agreed in the setup. D.3.2 The SUPPLIER guarantees that the VisualTime solution will carry out, at all times, an audit of all accesses and actions that are taken in the system, whether by staff of the CLIENT or of the SUPPLIER. D.3.3 The AUTHORISED USERS and the CLIENT are responsible for keeping their credentials secret. Under no circumstances will the SUPPLIER be responsible for data that is modified, deleted, extracted or viewed by accessing VisualTime with said credentials. D.3.4 The SUPPLIER guarantees that access by its staff has an additional security system that stops the copying or communication between staff of their credentials and that they shall solely access the data and resources required to carry out the contracted services. D.4 Incidents in the use of the VisualTime application D.4.1 If the functioning of one of the parts of the VisualTime solution is not as described in the instruction manual, the CLIENT must notify the SUPPLIER of the incident via the Helpdesk Service. D.4.2 The SUPPLIER must offer a solution to the incident in accordance with the conditions described in the service level agreement Annex. D.4.3 Due to the fact that the modification to the application requires extensive tests and time, the solution might be, temporarily, carried out manually by the staff of the SUPPLIER, all at no cost to the CLIENT. D.5 Number of people covered by the licence D.5.1 The maximum number of people covered by the licence is as listed in the offer for the licence. This is the maximum number of people that can currently have an active contract in VisualTime. Any users whose contracts are inactive in VisualTime are not included for this purpose. D.5.2 If the AUTHORISED USERS plan new registrations for future dates and the total of people covered for these future dates exceeds the number in the licence, the VISUALTIME application will warn the AUTHORISED USERS. If the AUTHORISED USERS decide to proceed, the CLIENT must increase the number of people covered by the licence before said date arrives. D.5.3 If the VisualTime application detects, for the current date, a number of people covered that is greater than the maximum, access and the service will be blocked until the CLIENT notifies the SUPPLIER about how it wishes to proceed. a) The CLIENT can request an increase in the licence from the SUPPLIER (see D.6). b) The CLIENT, through the AUTHORISED USERS, can ask the SUPPLIER to make changes to the VisualTime data to rectify the situation (if, for example, it has been due to an error in not deactivating people in time). In this case this will be treated as if it were a service consultation or request as listed in section F of Annex 1: Service Level Agreement. D.6 Licence increases D.6.1 Any functional increase in terms of the maximum number of people covered or maximum number of concurrent users is considered a licence increase. D.6.2 If the CLIENT requests and accepts a licence increase, the SUPPLIER shall activate the new licence within 24 hours of the acceptance and shall issue an invoice for the increased price difference until the end of the annual period in progress. This price shall be calculated based on the difference between the previous and the new monthly payment, including the current month and the months remaining until the next annual period. D.7 Licence reductions D.7.1 Any reduction in terms of the maximum number of people covered or maximum number of concurrent users is considered a licence reduction. Functional reductions are not covered by this agreement and it is necessary to assess them individually depending on their type, as they might not be possible or might entail hourly charges for technicians or consultants to guarantee the compatibility of the solution once the functionalities have been reduced. D.7.2 The CLIENT must request licence reductions at least 15 days before the end of the contracted period in force. If the CLIENT requests and accepts a licence reduction in terms of the maximum number of people covered or number of users within this time period, the SUPPLIER shall activate the new licence at the end of the annual period in force that has already been invoiced. D.7.3 Under no circumstances will licence reductions be made before the next annual period. D.8 Assignment The purpose of this agreement is personal. The SUPPLIER may, after complying with all the requirements included in current legislation, and after notifying the CLIENT, assign this agreement without any need for the express consent of the CLIENT, without prejudice to the latter’s right to terminate the agreement within 10 days of receipt of notification of the assignment. E Continuity and maintenance service E.1 Authorised contact staff E.1.1 Any service in which there is disclosure of personal data shall only be made between the SUPPLIER and AUTHORISED USERS with a “Business Information” access level. E.1.2 Any service in which there are disclosures of sensitive data about the physical access or physical security control systems in general shall only be carried out between the SUPPLIER and AUTHORISED USERS with the “Security and Physical Access Information” access level. E.1.3 Any service in which there are disclosures of sensitive data about the IT infrastructures of the CLIENT shall only be carried out between the SUPPLIER and AUTHORISED USERS with the “Technical and Information Systems Information” access level. E.1.4 Any USER AUTHORISED by the CLIENT with the “Administrator” levels can change, add or cancel AUTHORISED USER permissions. E.2 Services and coverage included E.2.1 Monitoring: the SUPPLIER undertakes to monitor the quality of the services and the connectivity of the terminals and/or accessories to the system, in order to detect possible incidents and/or breakdowns and respond to them proactively, even before the CLIENT notices them. All of the above shall be carried out irrespective of whether the CLIENT itself notifies the SUPPLIER of any incident or breakdown. E.2.2 Resolution of queries and questions: the SUPPLIER provides the CLIENT with a Helpdesk Service, via email or telephone, for customer support and the resolution of queries and questions regarding the daily operation and management elements of VisualTime described in the manual. The SUPPLIER guarantees that any query or question shall be responded to within the continuity and maintenance service response time. E.2.3 Changes in management: the SUPPLIER shall inform the CLIENT of changes in workforce time management, accesses, additions, removals, and changes in contracts and authorisations. E.2.4 Annual operation: the SUPPLIER provides the CLIENT with the annual work schedule and public holiday template application, which are delivered in Excel format or equivalent by the CLIENT. E.2.5 Alerts: the SUPPLIER provides the CLIENT with the configuration for alerts to managers regarding tasks that require the intervention of the CLIENT. E.2.6 Integration: the SUPPLIER provides the CLIENT with consultations regarding data export/import with a response time as defined according to the type of the continuity and maintenance service. Changes in formats in links with any other application are not included. E.2.7 Daily operation: the SUPPLIER provides the CLIENT with an advanced report request service or the extraction of data from the external application to the analytical tools and included reports. This service is included in any continuity and maintenance service type, but entails an additional cost. E.2.8 Integration: the SUPPLIER provides the CLIENT with changes in the format of data export and import, including quality tests and updated documentation. This service is included in any continuity and maintenance service type, but entails an additional cost. E.2.9 Updates: the SUPPLIER undertakes to update the application, terminal firmware and replace terminals on site with the current equivalent model before they become obsolete. E.2.10 Helpdesk: the SUPPLIER provides the CLIENT with a comprehensive Helpdesk Service, by email or telephone. Depending on the continuity and maintenance service selected, this includes retraining or one day’s consultancy per year to resolve questions. E.2.11 Optimisation: the SUPPLIER undertakes to offer a consultancy service in order to prepare an annual efficiency report, including a study and a call service for advice from a consultant. E.2.12 Training on how to deal with incidents: the SUPPLIER undertakes to give a training course after the installation and setup. Its duration will depend on the type of continuity and maintenance service chosen. E.2.13 Data backup: the SUPPLIER undertakes to have an established backup plan that is carried out for both continuity and maintenance service types. E.2.14 Repair of terminals: the SUPPLIER provides the CLIENT with the Fast-RMA service, consisting of the urgent free shipping of a preconfigured terminal when it is determined that an incident is a physical breakdown. This includes remote support for queries during the replacement procedure, and the shipping of the unit to be repaired can be made without urgency once it is replaced for all continuity and maintenance service types. E.2.15 Technical response time: the SUPPLIER provides the CLIENT with a Helpdesk Service and technical support with a maximum response time as defined in the continuity and maintenance service type. F Data protection F.1 The provision of the services entails the need to access personal data. The SUPPLIER, as the data processor, is obliged to comply with the General Data Protection Regulation (GDPR) that entered into force on 25th May 2018 and other applicable legislation. F.2 The CLIENT and the SUPPLIER freely agree to regulate the access and processing of data as detailed herein (in compliance with article 28 of the GDPR). F.3 To provide the services associated with the VisualTime platform and manage the access and/or attendance control system of the CLIENT’s staff, the SUPPLIER, the data processor, is authorised to process, on behalf of the CLIENT, the data controller, the personal data required to provide the contracted services, which is the responsibility of the CLIENT. This includes: • Identity data of employees: name, surname(s), email address, telephone number. • Other employee data: tax number (NIF), date of birth, address, mobile phone number, private email address. • Employment data: job, academic qualifications, employment contract start date, trial period, social security details, type of contract in force, work schedule and hours. • Biometric data: dactyloscopic data (fingerprints). • Clocking-in location data (if applied in one of the contracted services). If the SUPPLIER processes and manages the bonus for training courses, it will also process data regarding social security affiliation, level of qualifications, gross salary and disability status. The processing operations shall be necessarily derived from the provision of the services, mainly including the recording and storage of data. F.4 The data stored in the VisualTime solution is the property of the CLIENT as the data controller. For the purposes of article 28 of the GDPR, the SUPPLIER shall only access the personal data available to it in accordance with the instructions of the CLIENT and always in read mode, and shall not apply or use it for any purpose other than the purpose of the agreement and shall not disclose it, even for its storage, to other persons. If the SUPPLIER uses the data for any other purpose, discloses or uses it in breach of the agreement, it shall also be considered the data controller and shall be liable for any violations that it has personally committed. F.5 The CLIENT, regarding the files that contain personal data, declares that it complies with all the legal requirements for its gathering and processing. It also declares that it has adopted the technical and organisational measures required to guarantee the security of the personal data included in the files, as established in current legislation on personal data protection. OBLIGATIONS OF THE SUPPLIER F.6 The SUPPLIER undertakes to only process the data in accordance with the instructions of the CLIENT as has been documented in the contract that regulates the provision of services, this agreement or that in any other way is recorded in writing, based on current legislation and the purpose stipulated in the context of the contractual relationship to guarantee the continuity of the provided services, and undertakes not to apply or use it for any purpose other than that stipulated herein, or disclose it to third parties, even for its storage. F.7 To process the data in accordance with the instructions of the data controller. If the SUPPLIER considers that any of the instructions infringe the GDPR or any other provisions concerning data protection of the European Union or its member states, it shall immediately inform the CLIENT. F.8 To keep a written record of all the categories of processing activities carried out on behalf of the CLIENT, which contains: • The name and contact details of the data processor or processors and each data controller for which the data processor acts and, if applicable, of the representative of the data controller or processor and of the data protection officer. • The data processing categories carried out on behalf of each data controller. • If applicable, the transfers of personal data to a third-party country or international organisation, including the identification of said third-party country or international organisation and, in the case of the transfers indicated in article 49 section 1, paragraph two of the GDPR, the documentation of suitable safeguards. • A general description of the technical and organisational security measures, in accordance with the GDPR. F.9 The SUPPLIER shall immediately notify the CLIENT of any security breach concerning personal data that it becomes aware of, providing it with all the details required so that the CLIENT can comply with its obligations regarding notification to the supervisory authority and to the data subjects as established in applicable legislation. F.10 The termination, cancellation or expiry of this agreement that regulates the provision of services shall entail the obligation by the SUPPLIER to destroy or return the supplied personal data to the CLIENT, and to destroy or return any medium or document that contains any personal data subject to processing, in accordance with the provisions of point A.3 of this agreement. OBLIGATIONS OF THE CLIENT F.11 The CLIENT must adopt the technical and organisational measures required to guarantee the security of the personal data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of the technology, the nature of the stored data and the risks to which it is exposed, whether caused by human action or by the physical or natural environment. F.12 The CLIENT must: (i) keep a record of registration activities; (ii) evaluate the impact on the personal data of the processing operations to be carried out by the data processor; (iii) make the appropriate prior consultations; (iv) ensure, prior to and throughout the processing, compliance with the GDPR by the data processor; (v) supervise the processing, including making inspections and performing audits; and (vi) sign the relevant contract with the clients that are going to use the VisualTime solution, which informs them of the subcontracting of the services mentioned herein to the SUPPLIER. F.13 The CLIENT expressly authorises the SUPPLIER to subcontract the hosting services (Cloud Computing) to Microsoft Ireland Operations Ltd. for the correct provision of the service subject to the licence, in full compliance with the GDPR as the services are located within the European Union. F.14 The CLIENT expressly authorises the SUPPLIER to disclose data to third parties when it considers their intervention necessary for the correct provision of the services. In this event, the SUPPLIER must enter into a data processor agreement with the third party that stipulates the obligations with which the third party must comply regarding personal data protection. F.15 The CLIENT shall duly attend to all notifications that it receives from the SUPPLIER regarding data processing; in particular those related to the subcontracting of the processing, security breaches and instructions given by the CLIENT that, in the opinion of the SUPPLIER, violate data protection legislation. F.16 The SUPPLIER shall assist the CLIENT in its response to the exercise of rights. When affected persons exercise their rights of access, rectification, erasure, objection, restriction of processing and/or data portability against the SUPPLIER, the SUPPLIER must notify this fact to the CLIENT as quickly as possible. It shall be the responsibility of the CLIENT to respond to the affected person, although the SUPPLIER must cooperate and provide any information that the CLIENT asks for to deal with the request. F.17 The liabilities regarding data protection are shown in section J (Liabilities). G Confidentiality G.1 The SUPPLIER must maintain due professional secrecy concerning the personal data to which it has access and demand the same level of commitment in writing from any person that participates in any phase of the processing of personal data within its organisation, both during their professional relationship with the CLIENT, and once it has ended for whatever reason. G.2 The CLIENT must respect the provisions of current legislation on data protection, and keep all the information regarding the SUPPLIER to which it has access secret, and must return all information or documentation belonging to the SUPPLIER in its possession in the event of the termination, cancellation or expiry of this agreement. H Hosting of the VisualTime application H.1 The information entered into the VisualTime application is hosted on the servers of the HOSTING SUPPLIER indicated herein. H.2 The HOSTING SUPPLIER is the only party responsible for the correct functioning of the server, which is physically housed on its premises. Said company will also be considered the “DATA PROCESSOR” regarding the functioning of the server. H.3 The HOSTING SUPPLIER guarantees that the hosting service is located within the European Union. H.4 The HOSTING SUPPLIER complies with the EU-US Privacy Shield Principles concerning the gathering, use and storage of data from the European Union, the European Economic Area and Switzerland. I Intellectual and industrial property I.1 The SUPPLIER (and its licensors if applicable) is the owner of all rights and interests, which include all those related to the right of intellectual property in the technology, content and service of the SUPPLIER and of any suggestion, idea, request for improvement, comment, recommendation or any other information that an AUTHORISED USER or any other party offers in relation to the service and licences provided. I.2 This agreement does not represent a sale, nor does it grant any property right over the service, the technology of the SUPPLIER or the intellectual property rights that it holds. I.3 The name of Robotics S.A., VisualTime, the logo of Robotics S.A., and the logo of VisualTime and all names and services associated with the VisualTime solution are commercial brands of the SUPPLIER or of third parties and no right or licence is granted for their use. J Liabilities J.1 Except in the case of a claim or action related to non-payment by the CLIENT, the liability of each of the parties that arises as a consequence of this agreement and related to it (for any purpose and any type of claim) will not exceed the payments received by the SUPPLIER during the 12 months following said obligation or liability (as applicable). J.2 Neither of the parties, individually, will have any liability regarding the obligations of said party for indirect, special, consequential, punitive, exemplary or incidental damages, including damages due to the interruption of the business of the other party or losses. J.3 The existence of one or more claim or cause of action shall not increase the limits of this section J. The SUPPLIER shall not be subject to any equitable action in favour of the CLIENT such as injunctive relief, specific compliance or judicial administration. J.4 Except in the case of a claim or cause of action related to non-payment by the CLIENT, neither of the parties may submit any claim or cause of action against the other party over two years after said claim or cause of action is granted. J.5 The party that breaches its obligations regarding personal data protection shall be liable for all the violations it has personally committed. If the CLIENT or the SUPPLIER, their staff or subcontractors breach any of the obligations assumed in this agreement, or obligations that they must comply with in their capacity as data processor, in such a way that a breach of data protection legislation occurs, the breaching party shall hold the other party harmless, in particular against any sanction by the Spanish Data Protection Agency. J.6 The SUPPLIER is exempt from any liability arising from information published or disseminated through VISUALTIME and its website, if this information has been processed or entered by an unrelated third party. J.7 The CLIENT is responsible for any use that might be made of any information extracted from the VisualTime solution, whether data, reports or links to services. J.8 The SUPPLIER does not accept any responsibility for any hosted data, including, but not limited to, information and contents. However, and in accordance with the provisions of art. 11 and 16 of the Law on Information Society Services and Electronic Commerce (LSSICE), the SUPPLIER is at the service of all users, authorities and security forces, actively cooperating in the removal or, whenever necessary, the locking of any content that could affect or contravene national or international legislation, the rights of third parties, morality or public order. If users believe that there could be any content on the website that could be categorised as such, they are asked to immediately notify the SUPPLIER. J.9 The SUPPLIER must include the suitable and relevant security measures described in this document, with the CLIENT being the sole party responsible for the content arising from the VisualTime solution. The SUPPLIER is also exempt from establishing security measures that are superior to those required by law, especially if the restrictions of use described in section K are violated by the CLIENT. K Restrictions of use K.1 The CLIENT and its AUTHORISED USERS may not use this licence, or access the VisualTime application, if the CLIENT is a competitor of the SUPPLIER in the market. Any company that manufactures, sells or distributes access control or workforce time management solutions of any kind (work hours compliance, production times or tasks, etc.) is understood as being a competitor. K.2 The CLIENT may not: a) Commit illicit or illegal actions or actions contrary to the provisions of this agreement. b) Carry out reverse engineering. c) Access the application to create a competitive product or service. d) Create a product that uses ideas, characteristics or functions similar to VisualTime. e) Disrupt the service of the VisualTime solution through the use of viruses or other computer programmes designed in order to damage the software of the VisualTime solution or any hardware of the SUPPLIER. f) Make any unauthorised changes or create versions of the VisualTime solution or of any other software used by the SUPPLIER. g) Use any type of script, robot or technology to monitor the SUPPLIER’s website or the VisualTime solution. h) Impersonate another natural or legal person. K.3 The CLIENT guarantees that the AUTHORISED USERS shall use the VisualTime application: a) With full respect for the conditions of use described in the user manuals. b) Without making any attempt to infringe the access levels, improperly process data, access restricted areas of the SUPPLIER’s computer application, introduce programmes, viruses or any device that might or could cause modifications or alterations in the SUPPLIER’s application. L Integrity of the agreement and effectiveness assurance clause L.1 Each of the clauses of this agreement must be interpreted separately and independently from the others. If any of them become invalid, illegal or unenforceable by virtue of any legal rule or is declared null and void or without effect by any court or governmental authority, its nullity or unenforceable nature will not affect the other clauses, which will retain their full validity and legal effect. The parties agree to replace any clause or clauses affected with another or others that have effects in accordance with the objectives sought by the parties to this agreement. L.2 This agreement includes all the agreements between the parties and annuls and revokes any other agreements or contracts, whether verbal or written, that are in force on the date of its signature. This agreement may be amended by written agreement between the parties. M Applicable legislation and jurisdiction M.1 This agreement shall be governed by what is expressly agreed by the parties in this agreement and by Spanish legislation. M.2 The parties, the SUPPLIER and CLIENT, expressly waive any other jurisdiction to which they might have recourse and submit any disagreement, question or incident that might arise between them regarding this order to arbitration. M.3 The hearing and decision regarding litigious questions will be the responsibility of a single arbitrator, which will be appointed from among the Barcelona Arbitration Court by agreement of the parties when a difference arises, or, if an agreement cannot be reached, by the president of the court, in accordance with its bylaws. M.4 It will be understood that there is no agreement when no affirmative response is received from the other party within 15 calendar days of a demand from one party to the other. M.5 For any question or disagreement regarding the interpretation or compliance with this document, or if there is no agreement between the parties, with express waiver of their own jurisdiction or any other to which they might have recourse, the parties expressly submit to the jurisdiction and competence of the courts of the city of Barcelona. Annex I: Service Level Agreement A Calculation of response times A.1 Under no circumstances will the response times begin before the notification of the incident or breakdown to the SUPPLIER’s Helpdesk Service by the AUTHORISED USERS. The CLIENT, through an AUTHORISED USER, must report the type of incident, namely if it is: a) An incident in the terminals and/or accessories. b) A breakdown in the terminals and/or accessories. c) An incident in the normal use of the VisualTime application. According to its type, it is necessary to provide the following additional information: d) In cases of breakdowns in terminals and/or accessories, response times will not be calculated under any circumstances until the CLIENT specifies in which exact units the breakdown has occurred. e) In cases of incidents in terminals and/or accessories, response times will not be calculated under any circumstances until the CLIENT specifies which people and in which terminal units and/or accessories the incident has occurred. f) In cases of incidents in the normal use of the VisualTime solution, response times will not be calculated under any circumstances until the CLIENT specifies in which exact screens or procedures the incident has occurred. A.2 Hours, parts of days or complete days that have passed since the notification of an incident, during which the SUPPLIER cannot work on the resolution of the incident due to reasons beyond its control will not be calculated for the purpose of response times. This includes cases of force majeure and situations in which the SUPPLIER is waiting for a reply from the CLIENT. A.3 There are situations in which it is possible for staff outside of the group of AUTHORISED USERS to open an incident. In these cases, no information of any kind is shared between them and the SUPPLIER, although the SUPPLIER can begin actions to diagnose and resolve the incident. In these cases, the response times are not calculated until communication is made to an AUTHORISED USER. B General exceptions to the service level agreement The following situations are explicitly excluded from this service level agreement, without prejudice to other exclusions that might be applicable: B.1 Planned maintenance tasks. The SUPPLIER, giving sufficient notice, can plan maintenance or updating tasks for the VisualTime application. The SUPPLIER would like to carry out these tasks on days and at times with low access to the application. However, there may be security updates that must be applied at short notice with little planning. B.2 Service incidents attributable to the HOSTING SUPPLIER contracted by the SUPPLIER. The SUPPLIER guarantees that, at the time of making this offer, the proposed HOSTING SUPPLIER currently has monthly and annual service levels of over 99.5%. However, if the CLIENT wishes, it can request the offer with another hosting supplier. If the HOSTING SUPPLIER causes continual incidents once this agreement has started, the CLIENT and/or the SUPPLIER may mutually agree to change to another hosting supplier. In these cases, the SUPPLIER shall pay the costs associated with the migration of the platform and the data. If the new agreed hosting supplier is more expensive, the CLIENT shall pay the increase in monthly costs. B.3 Access attempts not complying with requirements, especially unsupported browsers. The SUPPLIER guarantees access to the VisualTime application using the browsers and versions indicated in this offer (see technical requirements), on the date of the offer. The SUPPLIER, as indicated in said requirements, shall update the VisualTime application as quickly as possible so that it is compatible with new versions that appear after the submission of this offer. However, the time periods from the appearance of a new version of a browser that is incompatible with the VisualTime application until the SUPPLIER installs the update with which said browser becomes compatible, will not be calculated as unavailability of access. B.4 Access attempts not complying with the conditions of use described herein. The SUPPLIER is exempt from any responsibility due to access attempts not complying with the conditions of use in this agreement. B.5 Service incidents attributable to the INTERNET SERVICE PROVIDER contracted by the CLIENT. The SUPPLIER is exempt from any responsibility due to the unavailability of the Internet service of the INTERNET SERVICE PROVIDERS contracted by the CLIENT. B.6 Service incidents attributable to the INTERNET SERVICE PROVIDER contracted by the SUPPLIER. The SUPPLIER, at the time of the submission of this offer, has a service redundancy plan regarding the availability of the Internet service. If the INTERNET SERVICE PROVIDERS produce incidents in the availability of the Internet service outside the control of the SUPPLIER, the SUPPLIER is exempt from all responsibility. C Availability of access to the VisualTime application C.1 The SUPPLIER guarantees the availability, access and functioning of the VisualTime application 99.00% of the time, without including planned maintenance tasks and provided that the accesses are by AUTHORISED USERS following the conditions of use and restrictions described above in this agreement. C.2 The SUPPLIER shall make all reasonable commercial efforts to achieve or exceed the agreed availability of access levels. If during a period of one month the SUPPLIER is not able to provide the aforementioned 99.00% agreed access level, the CLIENT will have the right to receive a discount in accordance with the following table of penalties: Availability of access* Monthly discount >99.00% 98.99% – 98.00% 5% 97.99% – 97.00% 10% 96.99% – 96.00% 15% 95.99% – 92.50% 25% 92.49% – 90.00% 35% 89.99% – 70.00% 50% <70.00% 100% (*) The availability of access percentage is measured on a monthly basis, from the first day of the month until the last day of the month C.3 If the availability of access to the VisualTime application is less than 95% continually for 6 months, the CLIENT will have the right to cancel this agreement. D Breakdowns in terminals D.1 The maximum time without penalties for the resolution of breakdowns in terminals and/or accessories is 4 working days, calculated as indicated in the general provisions of this service level agreement. D.2 PENALTIES. In the event of a breach of the response times and actions described in this agreement, in incidents relating to terminals, a charge will be applied that will be calculated as detailed below: a) Each broken terminal and the broken accessories will be calculated, but if a broken accessory is connected to a broken terminal it will only be calculated as one unit. b) The daily payment will be established by dividing the monthly payments indicated in the agreement by 30. c) For each day of delay, double the daily payment will be paid, divided by the number of terminals in the facilities. (For example, if the CLIENT has 5 terminals contracted, the daily payment x 2/5 would be paid for each day of delay. Another example: If the CLIENT has only 1 terminal, the daily payment x 2 would be paid for each day of delay). E Incidents in terminals E.1 The maximum time without penalties for the resolution of incidents in terminals and/or accessories is 4 working days, calculated as indicated in the general provisions of this service level agreement. E.2 PENALTIES. Due to the fact that incidents in terminals and/or accessories affect, by definition, at least 10% of staff (if not, they would be considered breakdowns), the penalties in the event of a breach of the response times are established at 10% of the sums indicated for breakdowns of terminals and/or accessories. F Incidents in the normal use of the VisualTime application F.1 The maximum time without penalties for the resolution of an incident in the normal use of VisualTime is 3 working days, calculated as indicated in the general provisions of this service level agreement. F.2 PENALTIES in the event of a breach of the response times and actions described in this agreement, in incidents related to the functioning of the VisualTime application: Incident Solution* Monthly discount <=3d 4d-7d 10% 7d-14d 30% >14d 50% F.3 EXCEPTIONS. In addition to the exceptions considered in this Annex, the following situations will not lead to penalties in incidents in the normal use of the VisualTime application: a) Incidents in actions that could be carried out differently at no cost to the CLIENT. If the software makes it possible to take alternative actions (of a similar complexity), and one of them produces an incident, the SUPPLIER undertakes to resolve said incident once it has dealt with other incidents or higher priority improvements. In this case penalties are not applicable, as there is no impediment to AUTHORISED USERS using the application. b) Incidents for which the SUPPLIER offers alternative solutions, with the cost at the expense of the SUPPLIER. For all the purposes described in this agreement, any incident in the application that is resolved or avoided through manual work by certified consultants or other certified staff of the SUPPLIER, with the cost at the expense of the SUPPLIER, will not be considered an open incident nor, while said alternative solutions last, will it be subject to possible penalisation. G Miscellaneous provisions NON-CUMULATIVE PENALTIES – Several penalties cannot be applied. If the CLIENT can demand several, it must claim the highest of them. H Notification and payments H.1 The CLIENT must make claims in writing to the SUPPLIER’s address within 10 days of the occurrence of the claimed events. H.2 If the SUPPLIER does not reply to the CLIENT within 30 days of the receipt of the claim, the CLIENT will consider the claim delivered. H.3 Sums paid to the CLIENT will be applied as discounts in the later invoices that the SUPPLIER issues related to this agreement. And in witness whereof, the parties sign this agreement in two copies, in the indicated place and on the indicated date.