SaaS Agreement This Board Software-as-a-Service (SaaS) Agreement (“Agreement”) is entered into by and between Board International SA (“Board”), a company with offices at Piazza Bernasconi n. 5, 6830, Chiasso (Switzerland), and ______________ (“Customer”), a company with offices at ___________________________ Tax ID _____________. WHEREAS, (A) Board International SA has developed the Licensed Software (as defined below); (B) Customer wishes to use the Licensed Software in its business operations and therefore is purchasing a certain number of licenses from Board; (C) Customer and Board (the “Parties” and each, a “Party”) desire to set forth the terms and conditions pursuant to which Customer will use the Licensed Software. NOW, THEREFORE, in consideration of the foregoing premises, the Parties, intending to be legally bound, hereby agree as follows: 1. Definitions and Interpretation. 1.1. “Available” or “Availability” shall mean that the Licensed Software can be accessed by Customer via a secure password protected site(s) hosted by Board, or its vendors, or its cloud services providers on the world wide web except for: (i) Planned Maintenance Downtime; (ii) downtime caused by circumstances beyond Board’s control, including the events of force majeure set out in Clause 13.2; (iii) general Internet outages, failure of Customer’s infrastructure or connectivity, computer and telecommunications failures and delays not within Board’s control; and (iv) network intrusions or denial-of-service attacks. 1.2. “Business Day” a day other than a Saturday, Sunday or public holiday in the country in which Customer is situated when banks in the Capital City of the country in which Customer is situated are open for business. 1.3. “Board Cloud” means the Licensed Software provided by Board to the Customer through the cloud infrastructure. 1.4. “Board Group” shall mean any company controlling and/or controlled, directly or indirectly, by Board, where for the purposes of this definition, the term “control” means the possession of the power to, directly or indirectly, direct or cause the direction of the management and policies of the company, whether through the ownership of voting securities, by contract, or otherwise. 1.5. “Confidential Information” means any information whether oral, or written, of a private, secret, proprietary or confidential nature, concerning either Party or its business operations, that is either clearly labeled as such or should be reasonably be understood to be confidential or proprietary, including without limitation: (a) business plans, marketing plans, financial data, employee data, technical information and know how, (b) the System, (c) Customer Data and (d) the terms of this Agreement, including pricing, which shall be deemed to be the Confidential Information of both Parties. Confidential Information will not include information that: (i) was rightfully in the public domain prior to receiving such information, or (ii) becomes publicly available without breach of this Agreement, or (iii) becomes known to the receiving Party after rightful disclosure from a third party not under an obligation of confidentiality. 1.6. “Customer Data” shall mean all proprietary information of the Customer submitted to, stored within, or processed, in an encrypted manner, using the Licensed Software 1.7. “Customer Group” shall mean any company controlling and/or controlled, directly or indirectly, by the Customer, where for the purposes of this definition, the term “control” means the possession of the power to, directly or indirectly, direct or cause the direction of the management and policies of the company, whether through the ownership of voting securities, by contract, or otherwise. 1.8. “Documentation” shall mean the specifications, technical data and other information made available by Board to Customer online at http://help.board.com. 1.9. “Effective Date” shall have the meaning set out in Clause 11.1. 1.10. “License” shall have the meaning set out in clause 2.1. 1.11. “Licensed Software” shall mean the Board Management Intelligence Toolkit Software as specified in a valid, effective Order Form detailed in Exhibit A, and any Upgrades to such Licensed Software made available by Board to Customer under the Agreement. 1.12. ”License Term” shall mean the periods of time during which Customer will have access to the Licensed Software in order to use the Licensed Software, as set forth in the Order Form executed and delivered pursuant to this Agreement from time to time. 1.13. ”Named User” shall mean a distinct physical individual, authorized by Customer to access and use the Licensed Software with a unique username and password. Each Named User may not use more than one License and consequently a License may not be shared by multiple individuals on a single computer or used concurrently on different computers. Named User may be a Customer’s or Customer’s Group employee, consultant, contractor, service provider or agent. A Named User may be transferred to another Named User authorized by the Customer if the initial Named User terminates the employment with the Customer or the Customer Group or is no longer using the license. 1.14. “Order Form” shall mean an ordering document that has been (i) executed by Customer, representing the initial or a subsequent licensing of the Licensed Software set forth therein and (ii) accepted by Board, each in the form attached as Exhibit A hereto. Each Order Form shall constitute a separate agreement and shall incorporate therein all the terms and conditions of this Agreement. In the event of any conflict between the terms of this Agreement and the terms of any Order Form which have been expressly accepted by a duly authorized signatory of Board in writing, the provisions of the Order Form will prevail. In no event shall any terms and conditions of Customer contained in a purchase order or similar document issued by Customer in connection with this Agreement apply and such a document issued shall be only for the administrative purposes of identifying the Licensed Software ordered, the number of licenses and/or the price to be paid and shall have no other legal effect. 1.15. “Planned Maintenance Downtime” shall mean the time during which the Licensed Software is unavailable to the Customer for Board to perform maintenance and provide Upgrades. The Planned Maintenance Downtime will be performed during a Sunday of each month, from 9am to 12pm (local region time), unless otherwise communicated by Board. 1.16. “System” means all of Board’s property and technology (including hardware, software, networks, methodologies, algorithms, products, processes, know-how, techniques, designs and other tangible or intangible property) that is used by Board in providing access to the Licensed Software. 1.17. “Support Web Site” means the Board maintenance and support website available at http://support.board.com/ or any successor website where the Customer may access the support ticketing system. 1.18. ”Upgrade” means a revision to or modification of the Licensed Software. Such modifications or revisions may: (i) fix any error or bug within the Licensed Software (ii) improve upon existing features and operations within the Licensed Software, (iii) modify the Software to comply with applicable laws, regulations, industry standards or market practice or (iv) add enhanced functionality to the Licensed Software. 1.19. “Virus” means any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices. 1.20. Clause, schedule and paragraph headings shall not affect the interpretation of this Agreement. 1.21. A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality). 1.22. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established. 1.23. Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular. 1.24. A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this Agreement and as the same is modified by the relevant governmental authority. 1.25. A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of this Agreement under that statute or statutory provision. 1.26. A reference to writing or written includes faxes and e-mail. 1.27. References to Clauses and Exhibits are to the Clauses and Exhibits of this Agreement. 2. Grant of License 2.1. License Grant. Subject to the payment of the applicable non-refundable license fees identified in each Order Form and to the terms of this Agreement, Board hereby grants Customer a limited, worldwide, non-exclusive, non-transferable (except in connection with a permitted assignment of this Agreement), non-sublicensable right (the “License”) to permit Named Users to access and use the Licensed Software during the License Term solely for the Customer’s internal business operations and without exceeding the maximum number of Named Users in respect of which the relevant fees have been paid from time to time. 2.2. Reservation of Rights. Except for the limited right to access the Licensed Software granted herein, no other right, title or interest in the intellectual property rights or technology of Board is granted and all such rights are hereby expressly reserved. 2.3. User Restrictions. The Customer shall not, and shall not allow any third party to: attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Licensed Software and/or Documentation (as applicable) in any form or media or by any means; or attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Licensed Software; or access all or any part of the Licensed Software and Documentation in order to build a product or service which competes with the Licensed Software and/or the Documentation; or license, sub license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Licensed Software and/or Documentation available to any third party except the Named Users; use the Licensed Software in a manner other than as specifically permitted in this Agreement. 2.4. Third Party components. Customer acknowledge that the Licensed Software may contain certain named elements provided owned by third party suppliers and licensed to Board (“Third Party Components”). Customer may only access Third Party Components of the Licensed Software while using in the course of using the Licensed Software and Customer may not make or attempt any direct access to any such Third-Party Components other than with the Licensed Software. All limitations, restrictions and obligations applicable to the Licensed Software set forth in this Agreement shall apply to Customer’s use of the Third-Party Components. 2.5. Cloud environments. Licensed Software is accessed by Customer through Board Cloud environment (the “Board Cloud Environments”). For the provision of its Cloud services, Board uses Microsoft Azure products/on-line services whose terms and conditions apply to Microsoft products and/or online services and are conditions which apply to the Customer’s use of the Licensed Software. By accepting this Agreement and/or using the Licensed Software Customer agrees and accepts Microsoft terms and conditions terms and conditions available at https://www.microsoft.com/licensing/terms/productoffering/MicrosoftAzure/EAEAS. 3. Payment for Licensed Software. 3.1. Order Form. Customer shall pay the license fees as stated in a valid and effective Order Form where, from time to time during the term of this Agreement, Licenses may be added any other terms and conditions as well as the Parties may mutually agree upon. 3.2. Invoicing and Payment. License fees for the Licensed Software shall be invoiced and due and payable to Board as set forth in the applicable Order Form. Except as set forth in the applicable Order Form, all license fees are payable annually in advance. All payment obligations are non-cancellable, and all amounts paid are non-refundable. All fees shall be quoted and invoiced in the local currency unless otherwise stated in the applicable Order Form. In the event of any non-payment of invoices within thirty (30) days after the due date in accordance with the applicable Order Form and without prejudice to any other rights and remedies of Board, interest shall accrue on a daily basis on such due amounts at an annual rate equal to 3% or, if lower, the maximum rate allowed by law, commencing on the due date and continuing until fully paid, whether before or after judgment. 3.3. Fees. The fees for Customer’s access to the Licensed Software are billed in advance based on the maximum number of Named Users authorized to access the Licensed Software. The License fees will be increased up to 8% per annum. 3.4. Additional Server Fees. Board Cloud standard provisioning will be underpinned by a single virtual server. In case of special architectural requirements required by the Customer such as clustering, geo-clustering or dedicated machines, the activation by Board of any additional virtual servers or customized features shall require the payment of additional fees to be provided in an Order Form. 3.5. Audit and License True-Up. Customer agrees to (i) ensure that Customer’s use of Licensed Software does not exceed the number of licenses granted, (ii) take all necessary steps to destroy or erase Licensed Software codes, programs and other proprietary information before disposing of any media containing the Licensed Software, and (iii) promptly provide written notice to Board if Customer’s usage exceeds the license granted. Upon Board’s reasonable request, but not more frequently than annually without reasonable cause, Customer shall provide Board with a statement signed by a director and/or auditor, as required by Board, verifying the above and shall permit Board to audit the use of Licensed Software at such times. Board shall exercise its right to audit with reasonable prior notice, in such a manner as not to substantially interfere with the Customer's normal conduct of business. If Board determines that Customer has exceeded the number of Named Users or other license terms set forth in the applicable Order Form, Board shall notify Customer. Customer shall, within thirty (30) days of such notification, regain compliance, including, as applicable and without prejudice to Board's other rights, by paying additional fees for any additional Named Users accessing the Licensed Software at the pricing set forth in the applicable Order Form. Further, if such usage exceeds the license granted by more than five percent (5%), Customer shall also reimburse Board for the reasonable cost of such audit in addition to other amounts due. 3.6. Suspension of System Access. With or without notice to Customer and without prejudice to Board's other rights, Board reserves the right to disable Customer’s usernames and passwords and suspend access to the Licensed Software if Customer has undisputed amounts more than thirty (30) days past due, without liability to the Customer, until all such undisputed amounts are paid in full. 3.7. Tax. All payments required by this Agreement are exclusive of local and foreign taxes, duties, tariffs, levies and similar assessments and Customer agrees to bear and be responsible for the payment of all such applicable charges imposed on the use by Customer of the Licensed Software, excluding taxes based upon Board's net income. If Customer is a tax-exempt entity, Customer shall provide a certificate of exemption upon execution of this Agreement and Board will not charge Customer any taxes from which it is exempt. If Customer is required to withhold any withholding taxes from amounts payable to Board under this Agreement, Customer shall advise Board of such requirement at the time of signing this Agreement, shall timely remit such withholding taxes to the appropriate taxing authority, and shall deliver to Board proof of each such remittance. Without limiting the foregoing, unless otherwise stated in the Order Form, all references to payments made in this Agreement are exclusive of any VAT chargeable and where such payments fall to be made under this Agreement, such VAT shall be added to the amount at the rate applicable, if any, and paid in addition thereto subject to production of a valid and properly numbered VAT invoice. 4. Provision and Use of Licensed Software. 4.1. Availability. During any 12 months period prior to the calculation of the Availability, the production instances of the Licensed Software shall be Available 99.8% of the time. In the event that Board fails to maintain the foregoing availability of the Licensed Software, Customer’s sole and exclusive remedy shall be to request (1) a service credit equal to 2% of the monthly portion of the license fee paid in such calendar year if the Availability is between 99.7% and 99%; (2) or a service credit equal to 4% of the monthly portion of the license fee paid in such calendar year if the Availability is less than 99%. If the availability is less than 99% for 3 consecutive months the Customer may terminate the Agreement. Customer acknowledges and agrees that the terms of this Clause 4.1 relating to service credits constitute a genuine pre-estimate of the loss or damage that Customer may suffer as a result of Board’s delivery failure and are not intended to operate as a penalty for Board’s non-performance. 4.2. Service Credits. Board shall provide the Customer with a report only in the event that during a 12 months period there has been a non-Availability of the Licensed Software that gives the right to a service credit. In any case, Customer may request in writing the aforementioned report and consequently request all service credits in writing to Board within thirty (30) days of the date of the report identifying the relevant technical support request relating to the failure. Board will issue a credit memo acknowledging the credit within thirty (30) days of Customer’s request. 4.3. Upgrades. Upgrades are provided to Customer at no additional fee, including all Documentation describing the purpose and function of the Upgrades. Upgrades shall be applied to the Licensed Software by Board as such Upgrades are developed and released to Board’s general user base. Board reserves the right to determine how and when to develop and apply any Upgrades. Upgrades shall not degrade the performance, functioning or operation of the Licensed Software. Upgrades shall be implemented by Board within service windows communicated to the Customer with a reasonable notice period. 4.4. Unique Authentication. Access to and use of the Licensed Software as well as Customer Data shall be restricted to Customer’s and Customer’s Group authorized Named Users only. The Customer shall be responsible to ensure all Named Users maintain the security of any password, username, or other form of authentication involved in obtaining access to the Licensed Software. Usernames and passwords must be uniquely assigned to a specific individual and may not be shared by multiple individuals at any one time or transferred. 4.5. Datacenter and Security Requirements. Board agrees that it shall make the Licensed Software available to Customer using a data center in a manner consistent with the following requirements: 4.5.1. Board shall, or require its vendors and/or suppliers to, implement and maintain procedures to segregate Customer Data from Board’s data and data belonging to Board’s other customers. 4.5.2. Board shall, or require its vendors and/or suppliers to, establish and maintain appropriate environmental, safety and facility procedures, data security procedures and other safeguards designed to protect against the destruction, corruption, loss or alteration of the Licensed Software and any Customer Data, and to prevent unauthorized access, alteration or interference by third parties of the same. 4.5.3. Board shall monitor for any attempted unauthorized access to, or use or disclosure of, the Licensed Software or Customer Data and shall promptly take all necessary and appropriate action in the event any such attempt is discovered, promptly notifying Customer of any material or significant breach of security with respect to any such materials. 4.5.4. When software vulnerabilities are revealed and addressed by a vendor patch, Board will obtain the patch from the applicable vendor and apply it as it is tested and determined to be safe for installation to Board’s customer base. 4.6. Customer Data 4.6.1. Customer is the exclusive owner of the Customer Data loaded on the System and shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data and the means by which Customer acquires the Customer Data, also in case in which the Customer shall use the assistance of Board and/or Board International for the activities necessary to upload, process, consultation and extraction of the Customer Data. 4.6.2. Board may access Customer Data only (i) with the prior written consent of the Customer, to respond to System or technical problems or (ii) at Customer's written request in accordance with Customer’s written instructions. If in the aforementioned cases the Customer Data are Personal Data (as defined below), the Article 12 shall apply. 4.6.3. The Board Cloud services include only the backups and restoration of Customer Data necessary to fulfill its RPO and RTO obligation under Article 4.7 of this Agreement and do not include any obligation related to performing backups or restoration of Customer Data. The Customer at any time may autonomously perform backups of its own Customer Data through the System and download it on Customer’s storage device. The Customer is the sole responsible for the performance of the aforesaid backups. 4.6.4. To the extent permitted by law, by entering into this Agreement, Customer hereby expressly consents to the use of Customer’s name in Board customer lists and marketing materials. Customer agrees to the following: i. social media announcement via Board social media accounts within 2 weeks of contract signature; ii. press release within 4 weeks of contract signature and / or project Go Live; iii. case study in the timeframe agreed with the Customer separately. 4.7. Board Cloud RTO and RPO. 4.7.1. Customer acknowledges that RPO (Recovery Point Objective) shall be deemed as the maximum interval of time in which Customer Data might be lost, and consequently restored, due to an unplanned interruption to or reduction of the Board Cloud services and that RTO (Recovery Time Objective) shall be deemed as the period of time within which the availability of the Board Cloud services is restored after the aforesaid interruption or reduction. 4.7.2. In the event an incident related to the Board Cloud services occurs, Board shall respectively ensure (i) as an RPO, an interval of time of a maximum 1 day and (ii) as an RTO, a period of a maximum of 6 hours. 4.8. No Harmful Use. Customer and Board shall not: (i) send, store or run Virus; (ii) interfere with or disrupt the integrity of the Licensed Software or the data contained therein; or (iii) upload, post, reproduce or distribute any information, software or other material protected by copyright or any other intellectual property right (including the right of publicity and/or privacy) without first obtaining the permission of the owner of such rights. In addition, Customer may not (i) access the System and the Licensed Software for purposes of monitoring availability, performance or for any other benchmarking or competitive purposes and (ii) access, distribute or transmit any Viruses, or any material during the course of its use of the Licensed Software and/or Documentation that (a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive (b) facilitates illegal activity; (c) depicts sexually explicit images; (d) promotes unlawful violence; (e) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or (f) is otherwise illegal or causes damage or injury to any person or property; and Board reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer's access to any material that breaches the provisions of this clause. 4.9. Customer Responsibilities. Customer is solely responsible for (i) monitoring and controlling the activity of each Named User, (ii) ensuring Named User compliance with this Agreement, (iii) ensuring that there is no unauthorized access to the Licensed Software and notifying Board promptly of any such access of which Customer becomes aware, (iv) ensuring that the use of the Licensed Software is in compliance with all applicable laws and regulations, (v) procuring and maintaining its network connections and telecommunications links from its systems to the Board's data centers/cloud provider, and all problems, conditions, delays, delivery failures and (vi) all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet. Customer shall be solely responsible and liable for the acts and omissions of each Named User on the System. The Customer shall comply with all applicable laws and regulations with respect to its activities under this Agreement and carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. 4.10. High Risk Activities. The Licensed Software is not designed or intended for use in hazardous or critical environments requiring fail-safe performance or in any application in which the failure of the Software could lead to death, personal injury, or physical or property damage. 4.11. Penetration Test. The Customer may perform a penetration test of the Board Cloud Environments only in accordance with the Board’s Cloud penetration testing engagement rules as applicable at the time of the request. 5. Support During the term of the Agreement, Board will provide standard support for the Licensed Software to through its Support Web Site as follow. 5.1. Online Documentation. Prior to submission of any support request, Customer is encouraged to consult the Documentation to determine if the support issue has been addressed. 5.2. Requesting Support. For support requests for which a resolution is not found in the Documentation, Customer can submit a ticket, through the Support Web Site. 5.3. Scope of Support. Support and maintenance provided by Board pursuant to this Agreement does not include the following or related services: implementation services, configuration services, integration services, custom software development, application support, training or assistance with administrative functions. Board does not provide any technical support other than for the Licensed Software. The Customer may purchase additional support services (Gold, Silver and Bronze) separately at Board’s then current rates. 6. Confidentiality and Non-Use. 6.1. Non-Disclosure and Non-Use. Each Party agrees to hold the other Party’s Confidential Information in strictest confidence in accordance with this Clause 6 and not to use such Confidential Information except as necessary in order to perform the obligations under this Agreement. Both Parties shall preserve the confidentiality of such Confidential Information with at least the same degree of care that it protects its own most confidential business information, and such level of care shall be no less than reasonable. Without limiting the foregoing, neither Party shall sell, transfer, publish, disclose, display or otherwise make available to any third party the other Party’s Confidential Information without the prior written consent of the other Party. Each Party may only disclose the Confidential Information of the other Party to advisors, employees or subcontractors who need to know (subject always to compliance with relevant data protection laws and regulations) such Confidential Information in order to perform the obligations under this Agreement who are bound by written obligations of confidentiality and non-disclosure at least as protective as those set forth herein. 6.2. Required Disclosure. In the event of a lawful court order or government regulation compelling disclosure of any Confidential Information subject to this Agreement, the receiving Party subject to such order or regulation shall provide the other Party with prompt written notice thereof and shall reasonably cooperate with the other Party to seek confidential or other protective treatment of such information. 6.3. Disclosure Limitations. The Parties agree that they do not desire to receive any Confidential Information from the other Party that is not reasonably necessary or appropriate to the performance of this Agreement or that is not otherwise requested by the other Party. Each Party agrees to use reasonable efforts to avoid disclosures of Confidential Information to the other Party that are not reasonably necessary or appropriate to the performance of this Agreement, and which have not been requested by the other Party. 6.4. Survival. Each Party’s confidentiality and non-use obligations shall remain in effect with respect to the Confidential Information of the other Party after the cessation or termination of this Agreement for a period of three (3) years. 7. Intellectual Property Rights 7.1. System. The Licensed Software and System and their structure, organization and source code constitute valuable trade secrets of Board or the relevant third-party owners (as the case may be). Board will at all times have and retain sole and exclusive ownership of and all right, title, and interest in and to the System, Licensed Software, Documentation and all intellectual property rights therein. Customer acknowledges that all intellectual property rights in the Licensed Software, Upgrades and any maintenance releases belong and shall belong to Board or the relevant third-party owners (as the case may be), and the Customer shall have no rights in or to the Licensed Software other than the right to use it in accordance with the terms of this Agreement. 7.2. User Suggestions; Usage Data. Board shall have a royalty-free, worldwide, non-exclusive, transferable, sub-licensable, irrevocable, right and license to use or incorporate into the System or Licensed Software any suggestions, enhancement requests, recommendations, new software ideas or other feedback provided by Customer or Named Users relating to the operation of the System or the Licensed Software. Board collects information and data on how the Licensed Software is used by Customer and Named Users (such as, but not limited to, benchmarking data, usage patterns and roles) in order to improve the delivery of Licensed Software and for marketing and other purposes (collectively, “Usage Data”). Board shall be permitted to disclose such Usage Data in an anonymous and aggregated form at its discretion and without compensation to Customer or any Named User. All Usage Data shall be the sole property of Board. 8. Indemnification 8.1. By Board. Board shall defend Customers against any third-party suit, claim, action or demand (a “Claim”), and indemnify and hold Customer harmless from any final award of damages or settlement amount (including reasonable legal fees), alleging that the Licensed Software infringe any valid and issued patent, copyright, or trademark of a third party; arising in connection with any such Claim. If any portion of the Licensed Software becomes the subject of a Claim of infringement of any third-party intellectual property rights, Board shall use commercially reasonable efforts to (a) obtain such licenses or (b) make such replacements or modifications to the Licensed Software, in each case as are necessary to permit Customer to continue use of the Licensed Software without infringement and in compliance with this Agreement. If Board is unable to achieve either of the foregoing within sixty (60) days (or such longer period as Customer may determine in good faith) after the holding of infringement or the entry of the injunction, as applicable, Board will refund to Customer the remaining portion of any pre-paid fees for the parts of the Licensed Software for which the use is legally prohibited. The foregoing indemnity obligations are conditioned on Customer: (i) notifying Board promptly in writing of any actual or threatened Claim, (ii) giving Board sole control of the defense thereof and any related settlement negotiations, and (iii) cooperating and, at Board’s request and expense, assisting in such defense. 8.2. By Customer. Except as provided for in Clause 8.1 above, Customer shall defend Board against any third party suit, claim, action or demand (a “Claim”), and indemnify and hold Board harmless from any final award of damages or settlement amount (including reasonable legal fees), resulting from or in connection with Customer’s use of the Licensed Software and any Board’s related services hereunder. 8.3. Limitations. Board shall have no obligation under Clause 8.1 for any Claim which results from or arises in connection with: (i) any use of the Licensed Software in combination with third party software or third party hardware or other technology not provided by Board to the extent such infringement would not have occurred but for such combination; (ii) any use of the Licensed Software which exceeds the scope of the license granted to Customer; (iii) a modification of the Licensed Software by anyone other than Board; or (iv) use of the Licensed Software not in compliance with applicable laws. Board shall have no liability under this Clause for increased damages for intentional or willful infringement by Customer (or any legal fees associated with such intentional or willful infringement) if the basis for the increased damages award, as determined by the court, is the result of the conduct, acts or omissions of Customer. 9. Warranties 9.1. Legal Power. Each Party represents and warrants to the other that it has the legal power and authority to enter into this Agreement. 9.2. Conformance Warranty. Without prejudice to the provisions of Clause 4.1, Board represents and warrants that it will provide the Licensed Software in a manner consistent with general industry standards and that the Licensed Software shall perform substantially in conformance with all material requirements set forth in the applicable Documentation. In the event the Licensed Software fails to conform to the foregoing warranty, Customer must submit a request for support as set forth in Clause 5. 9.3. Board is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet. 9.4. SUBJECT TO CLAUSE 9.6, THE OBLIGATIONS OF BOARD AND REMEDIES OF CUSTOMER SET FORTH IN CLAUSE 5 SHALL BE BOARD’S SOLE AND EXCLUSIVE OBLIGATIONS AND CUSTOMER’S SOLE REMEDIES WITH RESPECT TO ANY NONCONFORMANCE WITH THE FOREGOING WARRANTY. 9.5. Disclaimer of Warranties. THIS CLAUSE CONTAINS LIMITED “WARRANTIES” AND ARE THE ONLY WARRANTIES MADE BY BOARD. EXCEPT AS PROVIDED IN THIS CLAUSE 9, BOARD MAKES NO REPRESENTATION WARRANTY OR CONDITION, EXPRESS, STATUTORY OR IMPLIED, AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, FITNESS FOR PURPOSE, AVAILABILITY OR ACCURACY OF THE SYSTEM, THE LICENSED SOFTWARE OR ANY RELATED PRODUCT OR SERVICE PROVIDED UNDER THIS AGREEMENT. 9.6. SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY OR CONDITION LASTS, SO THESE LIMITATIONS MAY NOT APPLY IN THEIR ENTIRETY. 10. Limitation of Liability 10.1. This Clause 10 sets out the entire financial liability of Board (to Customer in respect of any breach of this Agreement. 10.2. Except as expressly and specifically provided in this Agreement, Customer assumes sole responsibility for results obtained from the use of the Licensed Software by Customer, and for conclusions drawn from such use and Board shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Board by Customer in connection with the Licensed Software, or any actions taken by Board at Customer's direction. 10.3. Nothing in this Agreement excludes the liability of each Party: 10.3.1. for death or personal injury caused by negligence; or 10.3.2. for fraud or fraudulent misrepresentation. 10.4. SUBJECT TO SECTIONS 10.2, 10.3, 10.5 AND 10.6, THE TOTAL AGGREGATE LIABILITY OF EACH PARTY TO THE OTHER PARTY IN RELATION TO THEIR RESPECTIVE OBLIGATIONS IN SECTION 12 SHALL IN EACH CASE NOT EXCEED TWO MILLION SWISS FRANC (CHF 2,000,000). 10.5. SUBJECT TO SECTIONS 10.2,10.3, 10.4 AND 10.6, IN NO EVENT SHALL EACH PARTY’S TOTAL AGGREGATE LIABILITY TO THE OTHER PARTY OR TO ANY THIRD PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED 4 (FOUR) TIMES THE AMOUNT TO BE PAID BY CUSTOMER IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. 10.6. IN NO EVENT SHALL EACH PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOSS OF PROFITS, LOSS OF BUSINESS, (WHETHER DIRECT OR INDIRECT), DEPLETION OF GOODWILL AND/OR SIMILAR LOSSES, LOSS OR CORRUPTION OF DATA OR INFORMATION, LOSS OF USE, OR PURE ECONOMIC LOSS, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT, (INCLUDING FOR NEGLIGENCE OR BREACH OF STATUTORY DUTY), MISREPRESENTATION, RESTITUTION, WARRANTY OR OTHERWISE, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 10.7. All references to “Board” in this Clause 10 shall, for the purposes of this Clause and Clause 8 and 9 only, be treated as including all employees, subcontractors and suppliers of Board and its affiliates, all of which shall have the benefit of the exclusions and limitations of liability set out in Clauses 8, 9 and 10. 10.8. The limitation of liability provided in this Clause 10 shall not apply in case of breach of the obligations set forth in Clause 6 (“Confidentiality and Non-Use), and Clause 7 (“Intellectual Property Rights”). 11. Term and Termination 11.1. Term of Agreement. This Agreement shall be effective starting from the date of its signature by both Parties or the initial delivery date of the Licensed Software (whichever is earlier) (the “Effective Date”) and shall continue for a period of three (3) years (“Initial Term”). Thereafter, the Agreement shall automatically renew for additional one (1) year periods (each a “Renewal Term”) unless either Party provides a written notice to the other Party at least ninety (90) days prior to the end of the then current Initial Term or Renewal Term. All Order Forms shall run coterminous with the term of this Agreement, unless otherwise set forth in the applicable Order Form. Subsequent Order Form(s) shall be effective starting from the date of their signature by both Parties or the delivery date of the relevant Licensed Software licenses (whichever is earlier). 11.2. Termination for Cause. Without prejudice to any other rights and remedies to which the Parties may be entitled, either Party may terminate this Agreement for cause without liability to the other with thirty (30) days written notice to the other Party: (i) for material breach of this Agreement, provided the breached Party provides notice of the breach in its intent to terminate, and the breach remains uncured for that thirty (30) day period; (ii) in the event either Party becomes the subject of a petition in bankruptcy or any proceeding related to its insolvency, receivership or liquidation that is not dismissed within sixty (60) days of its commencement or an assignment for the benefit of creditors and with respect to Board, results in Board’s inability to provide access to the Licensed Software. 11.3. Effect of Termination. Upon expiration or termination of this Agreement for any reason: 11.3.1. Without prejudice to the Customer’s rights pursuant to Clause11.3.2, all licenses and access to the Licensed Software granted under this Agreement shall immediately terminate; 11.3.2. All Customer Data shall remain the property of Customer. The Customer shall take all necessary measures in order to download from the System/Board Cloud, and following Board’s operating instructions and guidelines, all Customer Data within fifteen (15) days starting from the termination date, unless otherwise agreed in writing with Board. After such fifteen (15) day period, Board shall have no obligation to maintain any Customer Data and, thereafter, Board shall have the right, unless legally prohibited, to remove and delete all Customer Data in its Systems/Board Cloud or otherwise in its possession or under its control; 11.3.3. Customer shall immediately pay any sums accrued or payable to Board prior to the effective date of termination. In case of termination for material breach of this Agreement by the Customer, the latter shall within 30 days pay all amounts which have accrued prior to such end, as well as all sums remaining unpaid for the services ordered under the agreement plus related taxes and expenses. 12. Personal Data 12.1. In connection with this Agreement, Board may receive and collect data relating to the Customer, as well as to its employees, directors or executives including but not limited to business contact information: such data may be collected directly from the Customer (hereinafter, “Personal Data”). The Customer hereby authorizes Board to process such data for purposes indicated and/or related to this Agreement in accordance with the Exhibit B (“Data Privacy Schedule”). In particular, for the purposes mentioned above Board may transfer Personal Data to any country where an entity belonging to BOARD Group performs its activity from time to time. Personal Data may not be disclosed to third parties unless this is required or permitted by the Agreement or by the Customer's written consent. 12.2. For all of the operations mentioned above: • Board declares and warrants that the Personal Data will be processed in full compliance with the applicable privacy laws; • Customer shall ensure that Customer is entitled to transfer the relevant Personal Data to Board so that Board may lawfully use, process and transfer the Personal Data in accordance with this Agreement on Customer's behalf; • Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation. 12.3. Customer declares and warrants that the Personal Data communicated to Board or processed by Customer through Licensed Software are handled by the Customer in full compliance with the applicable law and will indemnify and hold Board harmless from any cost, claim, damages, expense or loss resulting from Customer’s unlawful processing or act incompatible with applicable laws. 12.4. Each Party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of the Personal Data or its accidental loss, destruction or damage. 13. General Provisions 13.1. Assignment and Other Rights. Neither Party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other Party, which consent shall not be unreasonably withheld. Notwithstanding the foregoing, Board: i) reserves the right to delegate or anyhow avail itself of a company belonging to the same Board Group for the performance of part or all its duties provided hereunder but provided that Board remains solely responsible for the performance of this Agreement to the Customer; and ii) in connection with a merger, reorganization, or sale of all or substantially all of the assets or equity of Board, may assign this Agreement in its entirety to Board’s successor without Customer’s consent. This Agreement shall bind and inure to the benefit of the Parties, their respective successors and permitted assigns. 13.2. Force Majeure. Neither Party shall be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events, which occur after the signing of this Agreement and which are beyond the reasonable control of the Parties, such as strikes, blockade, war, terrorism, riots, natural disasters, refusal of license by the government or other governmental agencies, in so far as such an event pre-vents or delays the affected Party from fulfilling its obligations and such Party is not able to prevent or remove the force majeure at reasonable cost. 13.3. Governing Law. This Agreement and all disputes and claims arising hereunder shall be governed exclusively by, and construed exclusively in accordance with, the laws of Switzerland, without regard to its conflicts of law provisions. The Courts in Lugano shall have exclusive jurisdiction to adjudicate any dispute or claim arising out of or relating to this Agreement (including non-contractual disputes or claims). Each Party hereby consents to the jurisdiction of such courts and waives any right it may otherwise have to challenge the appropriateness of such forums. 13.4. Alternative Dispute Resolution. Before either Party initiates any proceeding, the matter in controversy will first be referred to the CEO of Customer and the CLO of Board. Such officers shall take all reasonable steps to attempt to resolve the matter within four (4) weeks of the date of referral. 13.5. Entire Agreement. This Agreement, together with the Exhibits hereto and any Order Form executed hereunder, constitutes the entire agreement between the Parties regarding the subject matter of this Agreement, and supersedes all prior or contemporaneous oral or written agreements, representations and negotiations. Customer agrees that any terms and conditions in any purchase order submitted by Customer to Board are for Customer’s own internal purposes and are superseded and replaced by the terms and conditions of this Agreement, and such purchase order terms and conditions shall have no force or effect. 13.6. Severability. If any provision of this Agreement is determined by a court of competent jurisdiction to be illegal or unenforceable, its invalidity shall not affect the other provisions of this Agreement that can be given effect without the invalid provision. If any provision of this Agreement does not comply with any law, ordinance or regulation, such provision, to the extent possible, shall be interpreted in such a manner so as to comply with such law, ordinance or regulation, or, if such interpretation is not possible, it shall be struck, and the Agreement construed in accordance with the remaining provisions of the Agreement. 13.7. Notices. Except as otherwise provided in the table here below, all notices, including notices of address change, required to be sent hereunder shall be in writing and shall be deemed to have been give upon: (i) personal delivery, (ii) the second Business Day after mailing, (iii) the second Business Day after sending by confirmed facsimile, or (iv) the first Business Day after sending by email; provided that facsimile and e-mail shall not be sufficient for notices of termination or an indemnifiable claim. Notices shall be sent to the Parties listed below: Customer: To the Customer address set forth in the header of this agreement anticipated via e-mail at the following e-mail address [please insert]. Board: To the Board address set forth in the header of this agreement anticipated via e-mail at the following e-mail address: legal@board.com with in copy salesorder@board.com. All the notices regarding: (i) security incidents, (ii) general technical incidents and (iii) other technical notifications related to the Board Cloud will be sent by Board via e-mail to the following contact(s): Primary Contact Secondary Contact Name Title: E-mail: Name Title: E-mail: 13.8. No Partnership. The Parties are independent contractors. Nothing in this Agreement shall be construed to create a partnership, joint venture or agency relationship between the Parties. Neither Party shall have any right or authority to assume or create any obligation of any kind expressed or implied in the name of or on behalf of the other Party. 13.9. Waiver. A waiver of any right under this Agreement is only effective if it is given in writing and it applies only to the Party to whom the waiver is addressed and to the circumstances for which it is given. Unless expressly provided otherwise, rights arising under this Agreement are cumulative and do not exclude rights provided by law. 13.10. Counterparts; Facsimile. This Agreement may be executed in any number of counterparts, each of which when executed and delivered shall constitute an original of this Agreement, but all the counterparts shall together constitute the same agreement. No counterpart shall be effective until each party has executed at least one counterpart. Facsimile signatures shall be binding to the same extent as original signatures. 13.11. Variation. No variation of this Agreement shall be effective unless it is mutually agreed in writing and signed by the Parties (or their authorized representatives). CUSTOMER BOARD Name: __________________________________________ Title: ____________________________________________ Signature:________________________________________ Name: ____________________________________________ Title: ______________________________________________ Signature:__________________________________________ Date:_____________________________________________ Date:_______________________________________________   EXHIBIT A ORDER FORM This exhibit details the specific Software License configuration and Fees being ordered by the Customer. License Configuration The table below details the specific Software License Configuration ordered by the Customer and the Annual License Fee. [NOTE FOR THE SALES: PLEASE INSERT THE TABLE USING THE PRICE LIST APPLICABLE FROM TIME TO TIME.] Summary of Investment This section summarizes the investment during the Initial Term. Initial Term: 3 Years Invoicing and payments terms • Upon execution of this agreement Board will invoice the Customer the annual License fees Yearly in advance; • Payment Terms are 30 days from date of Invoice; • All prices exclude VAT. • Customer Purchase Order Purchase Order Required (Y/N) PO Number (please indicate if known or enter “N/A” if not yet available) [_______] [_______] Should the Customer require a purchase order in order to proceed with the payment of the relevant amount set forth in this Order Form, then the "PO Number" field above must be populated, and Customer agrees to provide their required Purchase Order to Board immediately upon execution of this Order Form. If the "Purchase Order Required" field above is marked 'No', then Customer agrees that Board is entitled to the payment of the relevant amount set forth in this Order Form without the requirement of a purchase order authorizing payments. The provisions of this Order Form take precedence over any Customer purchase orders or standard terms and conditions. • The invoice and all the relevant commercial notices shall be sent: (i) by Board to the following Customer’s contact: [°]; and (ii) by the Customer to the following Board’s contact: finance.int@board.com General Terms: • This Order Form is attached to and constitutes an integral part of the SaaS Agreement signed by Board and the Customer. Authorized on behalf of Board International SA by: Name: _______________________________________ Title: _________________________________________ Signature: ____________________________________ Date: ________________________________________ Authorized on behalf of Customer by: Name: _______________________________________ Title: _________________________________________ Signature: ____________________________________ Date: ________________________________________   EXHIBIT B DATA PRIVACY SCHEDULE This data privacy schedule (“Data Privacy Schedule”) is subject to the terms and conditions of the Agreement. This Data Privacy Schedule shall be considered a Schedule to the Agreement and shall be deemed part of the Agreement. Terms not defined herein shall have the meaning set forth in the Agreement. In the event of a conflict between the Agreement and this Data Privacy Schedule, this Data Privacy Schedule shall prevail. WHEREAS, (A) Customer wishes to engage the services of Board to Process Customer Personal Data (as defined below) on its behalf; (B) Data Privacy Laws (as hereinafter defined) and, in particular, Article 28(1) of the General Data Protection Regulation (EU) n. 2016/679 (as hereinafter defined) provides that, where processing of personal data is carried out by a processor on behalf of a data controller the controller must choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures; (C) Article 28(3) of the General Data Protection Regulation (EU) n. 2016/679 require that where processing is carried out by a processor on behalf of a controller such processing shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. In compliance with the above-mentioned provisions, Customer and Board mutually agree as follows: 1. DEFINITIONS “Controller” has the meaning given in Article 4(7) GDPR. "Customer Personal Data" means Personal Data of which Customer is a Controller. "Approved Jurisdiction" means a member state of the European Economic Area (EEA), Andorra, Argentina, Canada (commercial organizations), Faeroe Islands, Guernsey, the Isle of Man, Israel, Japan, Jersey, New Zealand, Switzerland, Uruguay or any other jurisdiction or sector as may be approved by the European Commission as ensuring an adequate level of protection for personal data. “Data Privacy Laws” means all applicable laws, regulations and regulatory guidance in relation to the Processing or protection of Personal Data, as amended from time-to-time, including but not limited to, Regulation (EU) 2016/679 of 27 April 2016, General Data Protection Regulation (“GDPR”). "Highly Confidential Personal Data" means personal data that may be included in Customer Personal Data comprised of an individual's financial account number, social security number, driver's license number or other government-issued identification number, financial account password or PIN, mother's maiden name, answers to security questions, or other Personal Data that allows access to financial accounts, or that can be used to facilitate identity theft, as well as any other special category of Personal Data as defined in Article 9.1 of the GDPR (including biometric, genetic or health data, data concerning sex life or sexual orientation, racial or ethnic origin). “Information Security Obligations” means commercially reasonable and appropriate physical, technical and organizational security measures, including those set forth in the Agreement. "Personal Data" means any information relating to an identified or identifiable natural person (or, to the extent that applicable Data Privacy Laws apply to information about legal persons, an identified or identifiable legal person) or as otherwise defined in Data Privacy Laws. “Process” means any operation, or set of operations, which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, access to, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. "Processes" and “Processing” shall be construed accordingly. Processing includes sub-Processing. “Security Incident” means a known, or reasonably suspected, accidental or unauthorized loss, acquisition, disclosure, access, use or other form of compromise of Customer Personal Data. 2. SCOPE AND APPLICATION 2.1. This Data Privacy Schedule governs Board’s access to, and Processing of, Customer Personal Data (including sub-Processing by any sub-processor of Board), where Board (or its sub-processor) accesses and/or Processes Customer Personal Data on behalf of Customer. 3. GENERAL PROVISIONS 3.1. Compliance with Data Privacy Laws Board shall (and shall ensure that its sub-processors shall) comply with all applicable Data Privacy Laws in relation to its Processing of Customer Personal Data. Customer declares and warrants that the Customer Personal Data communicated to Board or processed by Customer through Licensed Software are handled by the Customer in full compliance with all applicable Data Privacy Laws. Customer shall indemnify and hold Board harmless from any cost, claim, damages, expense or loss resulting from Customer’s unlawful processing or act incompatible with applicable laws. 3.2. Compliance with Security Incident Laws Board shall (and shall ensure that its sub-processors shall) fully assist and cooperate with Customer in their compliance with Articles 33 and 34 of the GDPR. In particular, Board shall: (i) promptly notify Customer in writing whenever Board knows or reasonably suspects a Security Incident has occurred; and (ii) investigate the Security Incident, taking all necessary steps to eliminate or contain the exposure, including cooperating with Customer’s investigation and remediation efforts, mitigating any damage, and developing and executing a plan that promptly reduces the likelihood of a recurrence of the Security Incident. 3.3. Limited retention of Customer Personal Data 3.3.1. Board shall not (and shall ensure that its sub-processors shall not), retain any Customer Personal Data for longer than is necessary for the performance of the services and/or the fulfilment of its obligations under the Agreement, or as required or permitted by applicable law. To the extent that Board processes any Customer Personal Data for any purpose determined by Board, Board acknowledges that it is a Controller for the purpose of such Processing, and Customer bears no responsibility with respect to that Processing. 3.3.2. Board shall not engage a sub-processor with respect to any Processing of Customer Personal Data, without Customer´s prior written approval, in which case Board and applicable sub-processor(s) must be bound by a written agreement that includes the same data protection obligations on the sub-processor(s) as set out in this Data Privacy Schedule. Board will remain fully liable to Customer for any act or omission of the sub-processor in the performance of that sub-processor´s obligations. 3.4. Transfers of EEA Personal Data If, in connection with Board’s performance of its services and/or fulfilment of its obligations under the Agreement EEA Personal Data are transferred in third countries outside the EEA, the Parties agree to promptly complete and execute one or more data transfer agreements substantially in the form of Controller-to-Processor Standard Contractual Clauses for the transfer of Customer Personal Data from the European Union to Processors established in third countries and as approved for the purposes of Directive 95/46/EC (as amended, consolidated or replaced from time to time) and thereafter to comply with all of the conditions thereof. 4. PROCESSING OF CUSTOMER PERSONAL DATA 4.1. When, in the course of providing its support services and/or fulfilling its obligations under the Agreement, Board (or any sub-processor of Board) Processes Customer Personal Data, Board shall (and shall ensure that any relevant sub-processor shall): 4.1.1. ensure it does not cause Customer, through any intentional act or omission, to be in breach of any Data Privacy Laws; 4.1.2. only Process Customer Personal Data in accordance with the prior written instructions of Customer, including as set out in this Agreement, except where Board is required to Process any Personal Data by the laws of the EU or an EU Member State, in which case the Board shall inform Customer in advance of such processing, to the maximum extent permitted by applicable law. If at any point, Board becomes legally unable to comply with Customer's instructions regarding the Processing of Customer Personal Data, Board shall promptly: (i) notify Customer of such inability, providing a reasonable level of detail as to the instructions with which it cannot comply and the reasons why it cannot comply, to the greatest extent permitted by applicable law; and (ii) cease all Processing of the affected Customer Personal Data (other than merely storing and maintaining the security of the affected Customer Personal Data) until such time as Customer issues new instructions with which Board is able to comply; 4.1.3. implement and maintain Information Security Obligations to protect Customer Personal Data against: (i) all Security Incidents; (ii) all other unauthorized or unlawful forms of Processing; and (iii) any breach of Board’s Information Security Obligations. Board shall (and shall ensure that its sub-processors) provide full cooperation and assistance to Customer for the purpose of giving effect to the rights under the applicable Data Privacy without undue delay; 4.1.4. take reasonable steps to inform its staff, and any other person acting under its supervision, of the responsibilities of any applicable Data Privacy Laws due to the incidental access to Customer Personal Data, and ensure the reliability of its staff and any other person acting under its supervision who may come into contact with, or otherwise have access to and Process, such Customer Personal Data; 4.1.5. notify Customer promptly – unless prohibited by applicable law – if Board (or a sub-processor of Board) is required by law, court order, warrant, subpoena, or other legal process to disclose any Customer Personal Data to any person other than Customer, the relevant Customer client, or another sub-processor of Customer expressly approved in writing by Customer to receive such information. Unless prohibited by applicable law, Board will (a) promptly notify Customer prior to such disclosure; (b) cooperate with Customer in the event that Customer elects to legally contest such disclosure, ensure confidential treatment of such information, or otherwise attempt to avoid or limit such disclosure; and (c) limit such disclosure to the extent legally permissible; 4.1.6. permit Customer, or its duly authorized representatives, on reasonable prior written notice and upon Board written confirmation, to audit Board’s Processing activities that are relevant to the Processing of Customer Personal Data, to verify that Board’s data processing activities related to Customer Personal Data are in compliance with the Agreement (including its Schedules), Customer’s written instructions and Data Privacy Laws. Board shall make available to Customer all information necessary to demonstrate: (i) Customer’s compliance with its obligations under Article 28 GDPR and (ii) Board´s compliance with its obligations as set forth in the Agreement; and 4.1.7. Customer undertakes that its instructions to Board for processing Customer Personal Data shall (i) comply with applicable Data Privacy Laws, and (ii) not cause Board to infringe applicable Data Privacy Laws. Also, if Board believes or becomes aware that its processing of Customer Personal Data is likely to result in a high risk to the data protection rights and freedoms of Data Subject, it shall inform the Customer and provide reasonable cooperation with the Customer in connection with any data protection impact assessment that may be required under the applicable Data Privacy laws. 4.2. Instructions given by Board to any sub-processor must be in furtherance of instructions provided by Customer to Board. 4.3. Board shall (and shall ensure that its sub-processors shall) fully assist and cooperate with Customer in ensuring their compliance with Articles 32, 33, 34, 35 and 36 of the GDPR. If Customer needs to provide information (including details of the services provided by Board) to a competent supervisory authority, Board shall assist Customer in providing such information, to the extent that such information is in the possession of Board and/ or its sub-processors. 4.4. Board shall notify Customer in writing of any investigation, litigation, arbitrated matter or other dispute relating to Board’s (or Board’s sub-processors') information security or privacy practices. 5. BOARD PERSONAL DATA Customer may receive Personal Data regarding Board’s employees, directors and other personnel, as part of maintaining its business relationships with Board under the Agreement. Personal Data may be obtained by Customer indirectly through internal security systems or other means. Customer is hereby permitted, and Board hereby authorizes Customer, to process such Personal Data only for purposes related to the Agreement. If required by applicable Data Privacy Laws, Customer and Board agree to sign any additional agreement or amendment that may be required to allow transferring such Personal Data outside its jurisdiction of origin pursuant to such applicable Data Privacy Laws. 6. CHANGES IN DATA PRIVACY LAWS In the event of any changes in Data Privacy Laws applicable to Customer Personal Data, that result in new requirements (including new physical, technical, organizational, security, or data privacy measures), Board will reasonably cooperate with Customer in designing a remedial response to implement such new requirements.