REGULATIONS FOR THE PROVISION OF SERVICES USING ELECTRONIC MEANS BY 3SOFT S.A. I. Definitions Civil Code - Act of 23 April 1964 - Civil Code (Dz.u. No. 16, item 93, as amended). Software - a computer program specified in the Agreement, used to support the business management process, made available to Service Recipients in the SaaS (Software as a Service) model. Regulations - these regulations. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU L 119, p. 1). Service Platform - an information and IT platform created by the Service Provider and connected to the Internet, available at domain addresses to which the rights are vested in the Service Provider, which enables Service Recipients to use IT mechanisms and information developed by the Service Provider. ICT System – a set of cooperating IT devices and software, ensuring the processing and storage, as well as the sending and receiving of data, via telecommunications networks by means of Terminal equipment appropriate to the type of telecommunications network in question, within the meaning of the Law of 16 July 2004 - Telecommunications Law (Dz.U. No. 171, item 1800, as amended). (Service) Agreement - an agreement concluded between the Service Provider and the Service Recipient for the provision of Services by the Service Provider to the Service Recipient. Services - services provided by the Service Provider using electronic means. Service Provider – 3Soft S.A. with its registered seat in Katowice (40-246) at ul. Porcelanowa 23, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Katowice - Wschód in Katowice, 8th Commercial Division of the National Court Register under KRS number: 0000422810, NIP: 634-280-89-32, REGON: 242918006, with share capital of PLN 3 614 231,00 paid up in full, e-mail: biuro@3soft.pl, www.3soft.pl. Terminal Equipment - a computer with software or other telecommunications equipment intended to connect directly or indirectly to the Internet, enabling the use of Services offered by the Service Provider. Act on Copyright and Related Rights - Act of 4 February 1994 on Copyright and Related Rights (Dz. U. No. 24, item 83, as amended). Act on Providing Services by Electronic Means - Act of 18 July 2002 on providing services by electronic means (Dz. U. No. 144, item 1204, as amended). Service Recipient - an entrepreneur who is a natural person, a legal entity or an organizational unit without legal personality and who uses the Services provided by the Service Provider pursuant to the Agreement concluded with the Service Provider. II. Introductory provisions 1. The Regulations specify the conditions and rules for the provision of Services. 2. The Regulations are available free of charge at the Providers’ website and can be downloaded, saved or printed. 3. The Regulations are available in a form allowing for their storage and reviewing in the usual course of action. 4. These Regulations are available to the Service Recipient prior to the conclusion of the Agreement. 5. The Service Platform and the Services available through it can be used on condition that the provisions of the Regulations have been read and accepted. 6. The provision of Services is based on an Agreement concluded between the Service Provider and the Service Recipient and on the Regulations. The Service Recipient undertakes to comply with the provisions of the Regulations and the Agreement. 7. The provisions of these Regulations shall apply to the extent that they do not contradict the provisions of the Service Agreement. III. Types and scope of Services provided 1. Pursuant to the Agreement concluded with the Service Recipient, the Service Provider provides the Service Recipient with the Services consisting in: a) providing the possibility of using the business management process supporting Software described in the Agreement over the Internet (making the Software available in the SaaS model), b) ensuring Software Availability, c) providing technical support to the Service Recipient in relation to his use of the Software (receiving and handling tickets concerning the Software, Helpdesk services). 2. The detailed scope of Services provided by the Service Provider to the Service Recipient is specified in the Agreement. IV. Conclusion of the Service Agreement 1. The Service Agreement is concluded in writing, where a document with the content of the agreement is signed by persons authorized - in accordance with the rules governing representation of the Service Provider and the Service Recipient - to make declarations of intent on their behalf (unless the Service Provider and the Service Recipient agree otherwise). V. Provision of Services 1. The Service Provider undertakes to provide Services with due diligence, in compliance with the principles and conditions specified in the Agreement and the Regulations. 2. The Service Provider shall exercise due diligence in order to protect the ICT System against unauthorized access. 3. The Service Provider shall ensure that: a) 24/7 access to the Services and the ICT System via the Internet, on the principles specified in the Regulations, in the amount specified in the Service Agreement, excluding: (i) periods resulting from restrictions in access imposed by operators of ICT networks used by the Service Recipient; (ii) failure periods resulting from acts or omissions of third parties, for which the Service Provider is not responsible (e.g. power grid failures); (iii) maintenance periods of the ICT System infrastructure (hardware and software); (iv) repair periods related to the occurrence and removal of failures; b) use of cloud georeplication mechanisms to ensure data availability, even in the event of a failure of one of the data centers; c) use of tools aimed at securing the Services (e.g. use of encrypted communication channels, firewall, authorization). 4. The Service Provider reserves the right to temporarily pause or reduce the availability of Services for technical or technological reasons, as well as in other justified cases. VI. Intellectual property 1. The Service Provider has rights to the Software and other works within the meaning of the Act on Copyright and Related Rights available on the Service Platform, in particular the Software documentation, as well as designations and trademarks, to the extent necessary to provide the Services. 2. Works, designations and trademarks made available within the framework of and for the purpose of providing the Services are covered by protection provided by the law. 3. The Service Recipient is obliged to respect the intellectual property rights of the Service Provider and third parties, and in particular to comply with the terms of use of the Software as set forth in the Service Agreement. 4. Due to the fact that the Software is made available in the SaaS model, as a rule there is no need to grant the Service Recipient a license to use the Software. However, if using the Services in accordance with the Agreement and the Regulations so requires, the Service Provider shall grant the Service Recipient, to the extent necessary, a license under the terms and conditions set out in sections 5 to 10 below. 5. To the extent that, the Service Recipient's use of the Services in accordance with the Agreement and these Regulations infringes the Service Provider's copyright, the Service Provider will grant the Service Recipient a license to use the relevant, copyright-protected elements of the Software (hereinafter referred to as “Works”) on the terms and conditions set forth below. 6. The license shall be granted without making separate declarations in this respect when the Work is made available to the Service Recipient. The license will be granted for the time necessary for the Service Recipient to use the Software in accordance with the Agreement and the Regulations, but not longer than until the expiration of the Agreement. 7. The license shall be non-exclusive, inalienable and non-transferable. 8. The license shall entitle the user to use the Works in the following fields of use: a) with respect to Works protected under special rules for computer programs - permanent and temporary reproduction of the program in whole or in part by any means and in any form, including reproduction for the purpose of entering, displaying, using, transferring and storing of the program; b) in relation to Works not protected on special rules for computer programs and protected on rules as for literary works - recording and reproduction in any way, including the production of copies of the Work by any technique, including printing, reprographic, magnetic recording and digital techniques. 9. Granting a license to use the Works in all fields of use indicated herein shall take place as part of the remuneration due to the Service Provider as specified in the Agreement. 10. The license shall not entitle the Service Recipient to: a) receive the source code of the Works that are computer programs; b) translate, adapt, alter the layout or making any other changes to the Works, including making derivatives of the Works; c) exercise derivative rights in relation to the Works; d) distribute the Works in any way, also by lending or renting the Works and their copies, making Works available to third parties; e) decompile, disassemble or reverse-engineer the Works; f) use the Works for a purpose other than the one specified in the Agreement and the Regulations. VII. Liability of the Service Provider 1. The Service Provider shall be liable for the non-performance or improper performance of obligations under the Service Agreement up to the amount of actual losses incurred, excluding lost profits. With respect to losses, the total amount of compensation for the non-performance or improper performance of the Agreement may not exceed the amount equal to the amount of fees actually paid by the Service Recipient to the Service Provider under the Agreement during the 6 (six) months preceding the occurrence of the damage. 2. The liability of the Service Provider for damage caused by physical defects of the Software and subjects of the Service Provider's contractual obligations performed under the Agreement is excluded. 3. The Service Provider's liability under the warranty for defects in the Software and the subjects of its contractual obligations performed under the Agreement is excluded. 4. The provisions of sections 1 - 3 shall apply to all forms of liability for damages, including tort and contractual liability, if the event that caused the damage was the non-performance or improper performance of the obligation under the Service Agreement. 5. The Service Provider shall not be liable for any damage caused to the Service Recipient in connection with the use of or inability to use the Services by the Service Recipient, such as loss of data, delays in the receipt or transmission of data, delays caused by lack of transmission, incorrect transmission or other interruptions in the provision of the Services, if such damage is caused by circumstances beyond the Service Provider’s control, which are deemed to be, in particular: a) failures of transmission or failures of ICT lines, slow connection, lack of access to the networks of domestic and foreign operators or irregularities in the operation of such telecommunications operators; b) interruptions in the supply of electricity and failures of technical equipment and other such circumstances for which service providers and telecommunications operators are responsible; c) necessary maintenance work, repairs and other technical interruptions; d) circumstances for which the Service Recipient is responsible, such as failure of the Service Recipient's hardware or software, operating or configuration errors; e) the Service Recipient's failure to comply with the provisions of the Agreement, the Regulations or applicable laws; f) force majeure. 6. The Service Provider's liability for damage suffered by the Service Recipient in connection with the execution of the Service Agreement, including as a result of the Service Recipient’s data being accessed by unauthorized persons, loss of data or delay in the receipt or transmission of data, is realized after the complaint procedure set forth in section XIV hereof has been completed and is satisfied by the indemnity obligation. 7. The Service Provider does not interfere with the content of information transmitted using the ICT System and does not make such information available to third parties, except for situations, in which the provisions of law or the relevant decision of the bodies authorized by law require otherwise. Activities aimed at antivirus protection of the ICT System do not constitute interference in the content of the transmitted information. 8. The Service Provider shall not be liable for the content of information sent or received, posted or in any way made available by the Service Recipient to third parties as a result of the performance of the Service Agreement and it shall not be liable for violations of the law resulting from such transmission of information. 9. The Service Provider shall not be liable for the consequences of the Service Recipient's provision of access passwords to unauthorized persons. 10. The Service Provider shall not be liable for non-performance or improper performance of the obligation to provide the Services, if it occurred as a result of the Service Recipient using a software different from the one indicated or made available by the Service Provider, in particular software for which the Service Recipient has not obtained a license from an authorized entity. 11. The Service Provider shall not be liable for the consequences of the provision of false or outdated information and data by the Service Recipient. 12. Further principles of the Service Provider’s liability are governed by the Service Agreement. VIII. Liability of the Service Recipient 1. The Service Recipient is obliged to use the Services in accordance with the Regulations and the Agreement concluded with the Service Provider, taking into account applicable laws. 2. The Services are provided for the exclusive use of the Service Recipient. The Service Recipient is not entitled to provide (share, sublicense) the Services to third parties unless the concluded Service Agreement states otherwise. 3. The Service Recipient is obliged to refrain from any actions which are not compliant with the law or which may lead to violation of the law in connection with the use of the Services, including in particular: placing or propagating illegal information, software, content or images violating the rights of third parties or bearing attributes of an offence, using vulgarisms, and performing other actions violating the rules of netiquette. 4. The Service Recipient shall not take any actions to overload the ICT System, which may interfere with the resources of other Service Recipients or cause damage to the Service Provider or third parties. In particular, the following shall be prohibited: a) use or distribution of: illegal software or illegal tools that may damage the ICT infrastructure of the Service Provider, hardware and computer programs of the Service Provider or other Service Recipients; “malware”, including viral software, spyware, Trojan software, adware for displaying advertisements without the consent of Internet users, as well as other programs of this type or for similar purposes; b) infringement of third party rights, in particular intellectual property rights; c) using solutions which may reduce the efficiency of the Service Provider's ICT infrastructure; d) undertaking any actions whose direct or indirect effect would be to bypass the security of the Service Provider's ICT infrastructure; e) undertaking any actions whose direct or indirect effect would be to make elements of the Service Provider's ICT infrastructure or its resources available to third parties, including in particular proprietary data of the Service Recipients using the Services, technical and technological information undisclosed to the public and organizational or other information of economic value; f) undertaking any actions whose direct or indirect effect would be to destroy or remove all or part of the resources gathered within the ICT infrastructure of the Service Provider; g) undertaking other actions that could violate the interests of the Service Provider. 5. Should the Service Provider find a material breach of these Regulations or the Service Agreement by the Service Recipient or persons for whom the Service Recipient is responsible, the Service Provider is entitled to demand that the breach be remedied or to terminate the Services immediately due to the Service Recipient’s fault, without having to submit a prior notice of such intention. IX. Information on personal data processing 1. Section IX sets out the rules for the processing of personal data in the relationship between the Service Provider and the Service Recipient, as the parties to a business relationship. The provisions of this section do not apply to data entered by the Service Recipient in the Service Provider's ICT System as part of the use of the Services. 2. In accordance with Article 13 section 1 and section 2 of the GDPR, the Service Provider provides information on the processing of personal data of a Service Recipient who is a natural person or of the Service Recipient’s personnel. 3. The administrator of personal data is the Service Provider - 3Soft S.A., ul. Porcelanowa 23, 40-246 Katowice, KRS: 0000422810, NIP: 634-280-89-32, REGON: 242918006, www.3soft.pl. 4. The person to be contacted in all matters relating to personal data protection is the Data Protection Officer: e-mail: iod@3soft.pl 5. The Service Provider processes the personal data of the Service Recipient (Service Recipient's personnel) in order to establish and shape the content, change or terminate the legal relationship between the Service Provider and the Service Recipient, as well as for the purpose of execution of the Agreement or performing another legal action with the Service Recipient (basis - Article 6(1)(b) of the GDPR and Article 18(1) of the Act on Providing Services by Electronic Means). The Service Provider processes the Service Recipient's personal data in order to comply with a legal obligation imposed on it (basis - Article 6(1)(c) of the GDPR). The Service Provider processes the Service Recipients’ personal data in order to assert or secure claims (basis - Article 6(1)(f) of the GDPR). With the Service Recipient's separate consent, the Service Provider may process the Service Recipient's personal data for the purposes of advertising, market research and research on Service Recipients’ behavior and preferences, with the aim of using the results of these surveys to improve the quality of services provided by the Service Provider (basis - Article 6(1)(a) of the GDPR). 6. The personal data of the Service Recipient (Service Recipient's personnel) is stored for the term of the Agreement and after its expiration for the period necessary to: fulfill the legal obligation of the Service Provider (e.g. resulting from tax or accounting regulations), the Service Recipient’s after-sales service (e.g. handling complaints), secure or enforce any claims to which the Service Provider is entitled. Personal data processed on the basis of a separate consent shall be stored until its withdrawal. 7. The data subject shall have the right of access to the content of his or her data and the right to rectify, erase, restrict the processing of the data, the right to transfer the data, to object to the processing of data, the right to withdraw consent to data-processing at any time without affecting the lawfulness of the processing carried out on the basis of consent given prior to the withdrawal of consent. Declaration on the withdrawal of the consent to personal data processing must be submitted in writing or emailed to: iod@3Soft.pl. In the event of a breach of personal data protection, the Service Recipient has the right to lodge a complaint to the supervisory authority (in Poland, to the President of the Office for Personal Data Protection). 8. Personal data may be transferred to entities processing personal data on behalf of the Service Provider, including cloud service providers, whereby such entities process personal data on the basis of an agreement concluded with the Service Provider and only in accordance with the Service Provider’s instructions. Personal data may also be transferred to entities authorized to obtain them pursuant to applicable laws. 9. Providing personal data is voluntary. It is a condition for concluding the Agreement with the Service Provider. 10. Personal data is not subject to automated decision-making, including profiling. X. Technical requirements 1. The Services can be rendered provided that the Service Recipient's Terminal Equipment and telecommunications network, to which the Service Recipient has access, fulfil the conditions and requirements set out in the Service Agreement and in sections 2 and 3 below. 2. The telecommunications devices used by the Service Recipient, in particular the Terminal Equipment, regardless of fulfilling the requirements referred to in section 1 above, must meet the technical requirements required by applicable laws and have the required certificates of approval, certificates of conformity and other required documents or designations. 3. To be able to use the Services, the Service Recipient must have Terminal Equipment enabling the use of the Internet and software enabling the use of the Services, in particular: a) an Internet browser and an Internet connection, provided that the Service Provider guarantees the correct operation of the Services for those versions of Internet browsers that are currently supported by manufacturers or distributors (relevant information in this respect can be found on the manufacturers' websites); b) an Internet browser compliant with the Acid3 test (available at http://acid3.acidtests.org), in particular supporting JavaScript; c) Service Recipient’s FTP software to use the FTP service; d) other software delivered to the Service Recipient by the Service Provider at the launch of the Service or specified in the Service Agreement. XI. Termination of the Agreement 1. The Service Agreement shall be terminated: a) as a result of the lapse of the period for which the Agreement has been concluded (if the Agreement has been concluded for a definite period of time), b) if the Service Recipient and the Service Provider enter into an agreement regarding the termination of the Service Agreement, c) as a result of termination of the Agreement by the Service Provider or the Service Recipient for reasons and in accordance with the procedure set forth therein, d) as a result of the occurrence of circumstances specified in the Agreement. 2. Notwithstanding the foregoing, the Service Provider shall have the right to terminate the Agreement with immediate effect if the Service Recipient: a) grossly or persistently violates the provisions of the Agreement or the Regulations; or b) uses the Service in a manner that may threaten the interests of the Service Provider or third parties, including other Service Recipients; or c) violates the rules of fair economic trading, in particular by failing to comply with the law; or d) violates generally applicable rules of ICT safety by failing to adequately protect its equipment against external attacks; or e) uses the Services in a manner that may lead to disruption of the proper functioning of the ICT System, the Service Platform or the Services; or f) disseminates computer viruses; or g) attempts to change or makes changes to the parameters of the ICT System relating to the Services provided; or h) attempts to illegally access foreign computer systems (e.g. by searching open ports, attacking with the use of “Trojan horses”, scanning computer ports of other Service Recipients, etc.). XII. Information on specific risks associated with using services provided by electronic means 1. Pursuant to Article 6 (1) of the Act on Providing Services by Electronic Means, the Service Provider provides information about special risks related to the use of services provided by electronic means. The information concerns the threats that the Service Provider identifies as potential threats, which should be taken into account despite the fact that the Service Provider applies measures to protect the Service Platform against unauthorized influence of third parties: a) interference of third parties in databases concerning the Service Recipient, including browsing, copying, modification and deletion of data concerning the Service Recipient; b) interference of third parties in the transmission of information between the Service Recipient's ICT system and the Service Provider's ICT system; c) receiving unsolicited commercial communications (spam) by e-mail; d) infecting an ICT system with malware (including computer viruses and worms, “Trojan horses”) or spyware; e) phishing and cracking; f) breaking cryptographic protocols used in the exchange of information between ICT systems, and enabling the interception of transmitted information in consequence; g) counterfeiting protocols and safety certificates that secure websites; h) installing and using software necessary to use the Service provided by the Service Provider from unofficial and unauthorized sources, installing and using pirate software - such software may contain harmful software, as indicated in the sections above, may have a reduced level of security due to the lack of updates whose task is to increase the protection of software against unauthorized access. 2. The Service Provider undertakes necessary actions aimed at minimizing the risk of threats indicated above, as well as improving the security of communication with the Service Platform. Regardless of the above, the Service Provider recommends that the Service Recipient install an up-to-date antivirus and firewall software on its computer and that the software be updated on an ongoing basis, and it also recommends implementation of internal procedures aimed at protecting logins and passwords allowing access to the ICT system, as well as services provided by electronic means, against unauthorized access. It is recommended that the passwords and logins granted to the Service Recipient never be disclosed to third parties, even with the Service Recipient's consent. The Service Provider also informs that the protection measures taken, including antivirus protection or the firewall, do not provide full protection against possible interference of third parties in the ICT System, however, their use may reduce the risk of undesirable effects. XIII. Fees The Service Recipient is obliged to pay fees for the Services provided in the amount and under the terms specified in the Service Agreement concluded with the Service Provider. XIV. Complaints 1. If the Service Recipient considers that the Service has not been performed or has been performed improperly, that the Service Provider has made an erroneous settlement or if there are any other reservations concerning the Service, the Service Recipient has the right to make a complaint. 2. The complaint must include: a) the Service Recipient’s designation; b) the name and surname, as well as contact details of the person making the complaint; c) specification of the subject of the complaint; d) presentation of the circumstances justifying the complaint, i.e. the most accurate description of the irregularities along with the time and place of their occurrence; e) a possible indication of the desired manner of resolving the complaint. 3. Complaints can be sent to cmp@3sensaitech.com (via email) or to 3Soft S.A., ul. Porcelanowa 23, 40-246 Katowice (via post). 4. If the submitted complaint does not meet the conditions set out in section 2 above, if it is deemed necessary for the proper handling of the complaint, the Service Provider shall immediately request the Service Recipient to supplement the complaint, specifying the date and scope of such supplementation. Failure to supplement the complaint within the specified time limit will result in the complaint being left unrecognized. If the Service Recipient does not complete the necessary information, the complaint shall be treated as not submitted and not subject to consideration. 5. A complaint should be lodged immediately after the circumstances justifying it have occurred, but no later than within 30 (thirty) days. A complaint lodged after the indicated deadline shall be treated as unfounded, of which the Service Provider shall immediately notify the complainant. 6. The complaint shall be considered as soon as possible, however not longer than 30 (thirty) days from the date of its delivery to the Service Provider. 7. The response to the complaint shall be given in writing or by e-mail to the address indicated in the complaint. XV. Final provisions 1. In the event that any of the provisions of the Regulations, by virtue of the law or a final or final and legally binding judgement of any authority or a court, are found to be invalid or ineffective, the remaining provisions of the Regulations shall remain in full force and effect. 2. The Regulations are governed by Polish law. In matters not governed by these Regulations, the provisions of law generally binding in the Republic of Poland shall apply. 3. Any disputes between the Service Provider and the Service Recipient shall be settled by a Polish common court of competent jurisdiction for the each and every current registered seat of the Service Provider. 4. The Service Provider reserves the right to amend the Regulations. Should any amendments be made, the current version of the Regulations will be posted at Provider’s website and, at the same time, the Service Recipient will be notified of the new version. Any amendment to the Regulations shall take effect on the date indicated by the Service Provider, but not less than 7 (seven) days from the date of making the amended Regulations available. 5. The Regulations have been drawn up in Polish and English. In case of discrepancies, the Polish language version shall be binding. 6. The Regulations shall enter into force on 27.07.2020