Parties This Subscription Agreement for the provision of Artificial Intelligence Services (the “Agreement”) is made and entered into force as of this [ ]th day of [ ] of the year two thousand and twenty (2020) (the “Effective Date”) by and between: I. EBO Limited, a limited liability company, incorporated and registered under and by virtue of the laws of Malta, bearing registration number C84916, and having its registered offices at JPR Buildings, Taz-Zwejt Street, San Gwann SGN 3000, Malta, represented hereon by Dr. Giuseppe Giovanni Gatt, as duly authorised (“Supplier”), and II. [ ], a private company, incorporated and registered under and by virtue of the laws of [ ], bearing registration number [ ], with its registered office situated at [ ], represented hereon by [ ], as duly authorised, (“Customer”). Throughout this Agreement, Supplier and Customer may also, as appropriate, be referred to as a “Party” or collectively as the “Parties”. Recitals WHEREAS, Supplier has developed certain software, web applications and related services, relating to an Artificial Intelligence Platform as further listed in Schedule 1 of this Agreement. WHEREAS, Customer wishes to utilise the software applications, platforms and services of Supplier on the terms and conditions set forth in this Agreement. NOW, THEREFORE, in consideration of the mutual covenants contained herein, the Parties hereby agree as follows:   1. Definitions & Interpretations 1.1 The following terms when used herein with initial capital letters shall have the respective meanings specified below: a. “Agreement” means this document as well as it Schedules and Annexes which creates enforceable rights and obligations between Supplier and Customer. b. “Affiliate” means in relation to Supplier or Customer, any person or company Controlling, Controlled by or under common Control with that company; c. “API” means Application Programming Interface and is a means to allow a software to send and/or receive data; d. “Authorised Users” means those employees, agents and independent contractors of Customer who are authorised by Customer to use the Services and the Documentation, as further described in Clause 3; e. “Business Day” means a day other than a Saturday, Sunday or public holiday in Malta when banks in Malta are open for business; f. “Change” means a change to this Agreement, including without limitation any change to the Services and/or Service Levels. g. “Change Control Procedure” means the procedure set out in Schedule 4 for amending this Agreement and/or the Services and/or the obligations between the Parties; h. “Change Order Note” means a change order note substantially in the form set out in Annex 1 of Schedule 4; i. “Charges” means the monetary consideration paid or due by Customer to Supplier pursuant to this Agreement as compensation for the provision by Supplier to Customer of the Services or part of the Services; j. “Confidential Information” means Customer Confidential Information and Supplier Confidential Information, collectively; k. “Control” means having any or all of: • the ownership or control (directly or indirectly) of more than fifty (50%) of the voting share capital of Customer or Supplier; • the ability to direct the casting of more than fifty (50%) of the votes exercisable at general meetings of the relevant undertaking on all, or substantially all, matters; or • the right to appoint or remove directors of the relevant undertaking holding a majority of the voting rights at meetings of the board on all, or substantially all, matters; l. “Conversation” or “Dialogue” refers to actual, or planned, communicative activity between the Artificial Intelligence Platform and the client of Customer. A conversation is composed of a set of interactions, in the form of a dialogue which seeks to fulfil a single end-user query or intent. m. “Corporate Group” means either Customer and its Affiliates (“Customer’s Corporate Group”) or Supplier and its Affiliates (“Supplier’s Corporate Group”); n. “Customer Confidential Information” means any information of a confidential or proprietary nature that is disclosed by Customer and/or is received by Supplier under this Agreement including without limitation, business affairs, data, designs, manuals, training materials and documentation, formulas, ideas, inventions, knowledge, methods, prices, financial and accounting data, products and product specifications, systems, and technical information and the terms of this Agreement; o. “Customer Data” means the data inputted by Customer, Authorised Users, or Supplier on Customer’s behalf for the purpose of using the Services or facilitating Customer’s use of the Services; p. “Customer Hardware” means the computers and related equipment used by Customer in the course of its business, including central processing units and other processors, controllers, modems, communications and telecommunications equipment (voice, data and video), cables, storage devices, printers, terminals, other peripherals and input and output devices, and other tangible mechanical and electronic equipment intended for the processing, input, output, storage, manipulation, communication, transmission and retrieval of information and data; q. “Customer Project Manager” means the person(s) nominated by Customer as being responsible for managing Customer’s obligations under this Agreement at a management level; r. “Customer Software” means any software programmes and applications (including third-party software and applications) used by Customer in the course of its business and licensed to or owned by Customer whether directly integrated or in any-way linked to the Software provided, or not; s. “Customer Systems” means the Customer Hardware and the Customer Software, collectively; t. “Data Protection Laws” means the General Data Protection Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data as implemented in Malta (and any subsequent enactment), any laws and/or regulations or other measures having statutory force made under them, and any codes of practice or guidance issued by the relevant supervisory authority; u. “Dispute Resolution Procedures” means the procedure for resolving disputes set out hereunder; v. “Documentation” means the documents made available to Customer by Supplier in the course of Project Management, training and delivery; w. “EBO” means the Software; x. “Effective Date” means the date of this Agreement; y. “End User” is the client of the Customer; z. “Force Majeure Event” means in relation to either Party, any circumstances beyond the reasonable control of that Party, including without prejudice to the generality of the foregoing, any fire, flood, earthquake, elements of nature or acts of God, acts of war (whether or not war is declared), terrorism, riots, civil disorders, rebellions or revolutions, pandemics declared by the health authorities, strikes, lock outs or other form of industrial action and any act or regulation of any government or supra-natural authority; aa. “Illicit Code” means any hidden files, any automatically replicating, transmitting or activating computer program, any virus (or other malicious computer program), (including any key, node lock, time-out or other similar functions), whether implemented by electronic or other means; bb. “Incident” means any defect, malfunction or other issue relating in any manner with the provision of the Services which prevents or may prevent the provision of the Services by Supplier to Customer in a normal manner; cc. “Incident Resolution Services” means the act of remedying an Incident; dd. “Intent” refers to an Artificial Intelligence concept. An intent is a purpose or goal expressed in an end-user input which is resolved through a Conversation. By recognising an intent, Supplier’s Services can choose the correct Conversation to respond to it. ee. “Interactions” refers to the exchange of messages between the Artificial Intelligence Platform and the client of Customer (end-user) which occur through a Conversation. By way of example: “Hi – can I help you with our banking services relating to foreign exchange?” – “Yes please” - amounts to two (2) interactions. ff. “Initial Subscription Term” means the initial term of this Agreement as set out in Schedule 2. The Initial Subscription Term will commence when Customer provides a final certificate of Acceptance to Supplier; gg. “Intellectual Property Rights” include patents, copyrights, trade marks, design rights, rights in databases, trade secrets, and all other similar rights or obligations through the world whether or not any of these are registered and including applications for such rights; hh. “Mandatory Policies” means Supplier’s business policies attached or listed in Schedule 5, as amended by notification to Customer from time to time; ii. “Materials” means requirements, specifications, designs, test plans, scripts, reports, analysis documents and other written material which is in any way produced or supplied by Supplier for Customer under this Agreement; jj. “Media” means any media on which computer programs and other information are capable of being recorded, whether electronically or otherwise; kk. “Normal Business Hours” means 8.30 am to 5.00 pm local Malta time, each Business Day; ll. “Services” means all the services and functions to be performed or supplied by Supplier to Customer, under this Agreement including through the use of the Software, as set out in Schedule 1, and as more particularly described in the Documentation; mm. “Service Level(s)” means the level of performance and standard that Supplier’s performance of the Services must meet in accordance with, and as may be varied in writing, Schedule 3; nn. “Service Level Agreement” (SLA) or “Support Services Policy” means the conditions, policies, service metrics and the levels of performance required in relation to the Services set out in Schedule 3 and as notified by Supplier to Customer from time to time; oo. “Software” means the software applications provided by Supplier as part of the Services and as further described in Schedule 1 and includes any computer programming code consisting of instructions or statements in a form readable by individuals (source code) or machines (object code), and documentation and supporting materials therefore, in any form or medium, including electronic media; pp. “Subscription Fees” means the Charges relating to the Subscription Term; qq. “Subscription Term” has the meaning given in Clause 2 (being the Initial Subscription Term together with any subsequent Renewal Periods). The Subscription Term will commence when Customer acceptance has been received by Supplier Project Manager. rr. “Supplier Confidential Information” means any information of a confidential or proprietary nature that is disclosed by Supplier and/or is received by Customer under this Agreement including without limitation, business affairs, data, designs, manuals, training materials and documentation, formulas, ideas, inventions, knowledge, methods, prices, financial and accounting data, products and product specifications, systems, and technical information and the terms of this Agreement; ss. “Supplier Project Manager” means the person(s) nominated by Supplier as being responsible for managing this Agreement on behalf of Supplier at a management level; tt. “Taxes” means any value-added, country or local sales, use or similar taxes imposed by and collected on behalf of any taxing authority and any telecommunications excise taxes, except taxes on net income of a Party; uu. “Termination Date” means the date on which this Agreement terminates or expires (and if the provision of the Services is extended under this Agreement, this means the date on which the extension comes to an end); vv. “VAT” means value added tax; ww. “Virus” means any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices; 1.2 Unless the context otherwise requires, references in this Agreement to: a) the words “including”, “in particular”, “inter alia” and “such as” shall be construed as being by way of illustration or emphasis only and shall not be construed as, nor shall they take effect as, limiting the generality of any foregoing words; b) Clause and Clause headings are for convenience of reference only and shall not be considered in the interpretation of this Agreement; c) any enactment, order, regulation or other similar instrument shall be construed as a reference to the enactment, order, regulation or instrument as amended by any subsequent enactment, order, regulation or instrument or as contained in any subsequent re-enactment thereof; d) Clauses, Schedules, Appendices and Annexes are references to clauses, schedules, appendices and annexes to this Agreement. The Schedules, Appendices and Annexes to this Agreement form part of this Agreement and are incorporated in it and any reference to this Agreement shall include reference to its Schedules, Appendices and Annexes. References to Paragraphs or Sections or Articles contained in a Schedule are references unless otherwise stated to Paragraphs or Sections or Articles in that Schedule; e) to any person includes any reference to a body corporate, unincorporated association or a partnership and any reference to any party who is an individual is also deemed to include his respective legal personal representative(s); f) to any agreement, document or deed shall be construed as references to such agreement, document or deed as each of the same may be amended, varied, novated or supplemented from time to time; g) to time shall be to Central European time unless expressly provided otherwise. h) the words “other” and “otherwise” shall not be construed eiusdem generis with any foregoing words where a wider construction is possible; i) words importing the plural shall include the singular and vice versa. 1.3 In the event of any conflict between the terms of the body of this Agreement on the one hand and the terms in any of the Schedules or Annexes on the other hand, the terms in the body of this Agreement shall prevail. Notwithstanding the foregoing, the order of precedence applies only to the extent a conflict exists (and only for the purpose of resolving such conflict). Any conflicting terms shall not be deemed to be amended, modified, cancelled or waived with respect to any other purpose whatsoever. 2. Term and Commencement 2.1 This Agreement shall enter into force and shall be effective as from the Effective Date and shall continue and remain in full force and effect for the Initial Subscription Term and, thereafter, this Agreement shall be automatically renewed for successive periods equivalent in length to the Initial Subscription Term (each a “Renewal Period”), unless terminated earlier pursuant to the relevant Clauses in this Agreement. 3. Grant of License 3.1 Subject to the restrictions, terms and conditions of this Agreement, Supplier hereby grants to Customer a non-exclusive, irrevocable, non-transferable right, without the right to grant sub-licences, to permit the Authorised Users, and where and when applicable the End User, to use the Services and/or the Documentation during the Subscription Term. 3.2 In relation to the Authorised Users, Customer undertakes that the maximum number of Authorised Users that it authorises to access and use the Services and the Documentation shall not exceed the number limitations as set in Schedule 2; 3.3 Customer shall not access, use, process, store, integrate, load, install, distribute or transmit any Viruses, Illicit Code, or any material during the course of its use of the Services that: a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; b) facilitates illegal activity; c) depicts sexually explicit images; d) promotes unlawful violence; e) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or f) is otherwise illegal or causes damage or injury to any person or property; and Supplier reserves the right, without liability or prejudice to its other rights to the Customer, to disable Customer’s access to any material that breaches the provisions of this clause or terminate the Agreement. 3.4 Customer shall not: a) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement: (i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Service and/or Software and/or Documentation (as applicable) in any form or media or by any means; or (ii) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Service and/or Software; or b) access all or any part of the Service and/or Software and/or Documentation in order to build a product or service which competes with the Service and/or Software and/or Documentation; or c) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Service and/or Software and/or Documentation available to any third party except the Authorised Users, or d) attempt to obtain, or assist third parties in obtaining, access to the Service and/or Software and/or Documentation, other than as provided under this Clause 3. 3.5 Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Service and/or Software and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify Supplier. 3.6 The rights provided under this Clause 3 are granted to Customer only, and shall not be considered granted to any Affiliate, subsidiary or holding company of Customer. 4. Extensions to License and Supplemental Services 4.1 Subject to the terms of this Agreement, Customer may, from time to time during any Subscription Term, purchase or directly make use during the course of its operations, additional extensions, interactions, conversations, modules, channels, or usage volumes in excess of the number set out in Schedule 2 and Supplier shall grant access to the Services, and when applicable, the Documentation, in accordance with the provisions of this Agreement and subject to the payment of any additional applicable Charges. 4.2 Customer may wish to obtain related services that are logically related to, or closely integrated with, the Services or modify the Services (together the “Supplemental Service(s)”). Should Customer wish to acquire such Supplemental Services from Supplier, Customer shall communicate to Supplier its request for any Supplemental Services pursuant to the Change Control Procedure hereunder, and Supplier shall respond to such request accordingly. 5. Obligations of the Supplier 5.1 Supplier shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for: (i) planned maintenance, and (ii) unscheduled maintenance performed outside Normal Business Hours, provided that Supplier has used reasonable endeavours to give Customer notice thereof in advance. 5.2 Supplier will, provide the Customer with the Supplier’s standard support services during Normal Business Hours in accordance with the Supplier’s Support Services Policy (in Schedule 3 hereunder), unless Parties have agreed on extended support services beyond Normal Business Hours. Supplier may amend the Support Services Policy in its sole and absolute discretion from time to time. Customer may purchase enhanced support services at any time. 5.3 The undertakings contained in this Clause 5 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to Supplier’s instructions, or modification or alteration of the Services (including the Software) by any party other than Supplier or Supplier’s duly authorised contractors or agents or any dependency or fault based on any data or information (whether incorrect or otherwise) or third party services to which the Customer Systems is linked . 5.4 Customer acknowledges that the provision of Services in the sector of Artificial Intelligence may require the availability of third party services, platforms and tools which may, from time to time, be unavailable – in part or in full – with no prior warning to the Supplier. In the unlikely occurrence of such event which may have a material impact on the Services being provided to Customer, the Supplier will diagnose the issue and inform Customer of such occurrence and likely resolution time, if know to it. The correction or substitution necessary will be at Supplier’s own expense and constitute Customer’s sole and exclusive remedy for any breach of the undertakings set out in this Clause . Notwithstanding the foregoing, Supplier: a) does not take responsibility for any configuration, addition or modification performed by Customer directly; b) does not warrant that Customer’s use of the Services will be uninterrupted or error-free; or that the Services, Documentation and/or the information and/or results obtained by Customer through the Services will meet Customer’s requirements; and c) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the Internet, and or dependence on third-party services and Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities and/or third-party websites and/or services. 5.5 This Agreement shall not prevent Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement. 5.6 Supplier warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement. 5.7 Supplier will provide a user training manual for Customer’s easy-access to knowledge, as well as training and hand-over services to Customer personnel as indicated in Schedule 1 of this Agreement. 6. Obligations of the Customer 6.1 Customer shall: a) provide Supplier with (i) all necessary co-operation in relation to this Agreement; and (ii) all necessary access to such information as may be required by Supplier; in order to provide the Services, including but not limited to Customer Data, training information, transcripts or call/chat-logs, Client of Customer Data or demographics, security access information, overview of strategy and Customer vision, and technical/configuration services. Customer further agrees to cooperate with Supplier so as to determine objective-success metrics such as KPIs (and deliver any supporting data to compile such metrics) for the Services; b) comply with all applicable laws and regulations with respect to its activities under this Agreement; c) carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in Customer’s direct (or indirect) provision of such assistance as agreed by the parties, Supplier may adjust any agreed timetable or delivery schedule as reasonably necessary as well as revise the Charges; d) ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this agreement and shall be responsible for any Authorised User’s breach of this Agreement; e) obtain and shall maintain all necessary licences, consents, and permissions necessary for Supplier, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services; f) ensure that its network and systems comply with the relevant specifications provided by Supplier from time to time; and g) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to Customer’s network connections or telecommunications links or caused by the internet; h) take, or maintain – as the case may be, responsibility for the channels (often known as ‘front-end channels’) which are used to expose the Services to the Customer’s end-user (such as Facebook Messenger, SKYPE, or website) and ensure the correct use thereof and compliance with possibly applicable Terms and Conditions of use, set by such channels, i) take charge and full responsibility for effectively marketing and communication activity with its client (end users) so as to encourage take-up and use of the Services which in turn will fulfil the full potential of the Services, 7. Customer Systems 7.1 In order to enable Supplier to provide the Services, Customer hereby grants to Supplier, a limited, non-transferable, non-assignable, revocable (in accordance with this Agreement), non-exclusive right to access and use, during the term of validity of this Agreement, the Customer Systems and resulting data, solely for providing the Services to Customer and subject to any terms and conditions of use which Customer and/or the Head Licensor (for purposes of this Clause, “Head Licensor” shall mean the original licensor of Customer Software who has granted the original license to the Customer) may provide to Supplier from time to time. This is typically required when Supplier needs to access an API (or other service) consumed or offered by the Customer to fulfil the Customer’s business requirements or when Supplier Services are rendered over technology platforms (such as website or social account) owned or controlled by Customer. 7.2 Supplier may not, in relation to Customer Software, modify, alter, adapt, translate, reverse engineer, decompile, disassemble, or create derivative works based on the written materials. 7.3 In no event may Supplier transfer, assign, rent, lease, sell, or otherwise dispose of the Customer Software on a temporary or permanent basis, under any title. The Customer Software shall be used by the Supplier solely for purposes of providing the Services to Customer and not to provide any service to any other third party client of Supplier. 7.4 Upon termination of the right of use granted by this Clause 7 for any reason, Supplier shall immediately return to Customer all copies of the Customer Software, including modified copies, if any. 7.5 In the event that: (i) the license granted to Customer by the Head Licensor for any part of the Customer Software terminates for any reason; and/or, (ii) Customer is no longer licensed to use and/or execute, and/or copy, and/or perform and and/or display, and/or transfer any of the Customer Software, Supplier shall immediately cease to use the Customer Software so affected following notification from the Customer. In such event, the Customer shall without unnecessary delay substitute the affected Customer Software with an equivalent Customer Software. Such changes in the Customer Software may, in Supplier’s own opinion, require a modification of the Charges through the Change Control Procedure. 7.6 Should Customer change the Customer Systems at any time, Customer shall inform Supplier of the intended change at least ninety (90) days prior to the day of such change of the Customer Systems. The Parties shall immediately discuss in good faith in order to agree on how the transition from one Customer System to another service shall take place with no negative impact on the Services to both Parties. The Parties agree that such change to the Customer Systems may trigger a change in the Charges through the Change Control Procedure.   8. Third Party Providers 8.1 Customer acknowledges that the Services may enable or assist it (or its End User) to access data and/or information of, or correspond with or purchase products and services from, third parties via third-party websites and/or services (such as but not limited to APIs) and that it does so solely at its own risk. Supplier makes no representation, warranty or commitment and shall have no liability or obligation whatsoever in relation to the content and/or data and/or information or use of (or inability to use and/or delay in use), or correspondence with, any such third-party website and/or services, or any transactions completed, and any contract entered into by Customer or End User, with any such third party. Any contract entered into, and any transaction completed, or any information acted upon via any third-party website and/or services is between Customer and the relevant third party, and not Supplier. 9. Customer Data 9.1 Subject to the terms of this Agreement, all data received by Supplier from Customer and/or all data generated by Supplier in the performance of the Services, and/or all data which in any manner relates to any End User, and/or all data provided to Supplier by any client of Customer including conversation data (hereinafter ‘Client Data’), shall belong to Customer. Any linguistic models, training sets or machine-learning data or routines, conversation patterns or sequences (hereinafter ‘Scientific Data) created to support the Services requested shall remain the property of the Supplier. Supplier shall not use Customer Data for any purpose other than in the performance of the Services and shall keep such data confidential in accordance with Clause 16. 9.2 Irrespective of the generality of Clause above, Customer hereby consents that Supplier shall have the right to process the Client Data and/or analytics, and Customer Data and/or analytics (as the case may be), in anonymised form and this for statistical and research purposes as well as for product, platform and service development and enhancement (the “Statistical and Research Results”). Supplier will have all intellectual property rights arising from and relating to the Statistical and Research Results and shall be allowed to use same without any restriction from the Customer for purposes including but not limited to product improvement and the development of new products or product functionalities whether sold at a charge or not. All processing carried out by Supplier by virtue of this Clause 9.2 shall be in full compliance with applicable data protection and privacy laws. Customer shall not gain any right or Intellectual Property rights over the Statistical and Research Results or derivates therefrom. 9.3 In so far as it is reasonably possible to expect, the Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data and the Client Data. 9.4 Without prejudice to the provisions of Clause 9.2, upon Customer’s request at any time and/or upon the cessation of the Services, Supplier shall, as directed by Customer: (i) promptly return to Customer any Customer Data and/or End User data; and/or (ii) erase or destroy all of the Customer Data and/or End User data in Supplier’s possession and destroy all Media containing Customer Data and/or End User data. Nevertheless, despite this provision all anonymised data retained for Statistical and Research Results as indicated in Clause 9.2 shall be retained by Supplier for reasons stated above. 9.5 Supplier shall follow archiving procedures for Customer Data and/or End User Data guaranteeing a minimum 90 days in a geo-redundant storage area which is itself GDPR compliant. In the event of any loss or damage to Customer Data and/or Client Data, Customer’s sole and exclusive remedy shall be for Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data and/or Client Data from the latest back-up of such Customer Data and/or Client Data maintained by Supplier in accordance with the archiving procedure described above. Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data and/or Client Data caused by any third party. 9.6 Supplier shall, in providing the Services, comply with its Privacy Policy relating to the privacy and security of the Customer Data and/or Client Data available In Schedule 5 hereunder or as may be notified to the Customer from time to time, as such document may be amended from time to time by Supplier in its sole discretion. 10. Change Control Procedure 10.1 Schedule 4 describes the procedure for making a change to this Agreement as well as requests for Supplemental Services. Should either Party wish to propose a change, Customer may at any time request, and Supplier may at any time recommend, such change only in accordance with the Change Control Procedure as set out in that Schedule. 11. Project Managers 11.1 Supplier shall appoint, as of the Effective Date, the Supplier Project Manager who shall be given by the Supplier authority to act for Supplier in connection with this Agreement. Customer shall appoint, as of the Effective Date, the Customer Project Manager who shall be given by Customer authority to act for Customer in connection with this Agreement. These two individuals will act as a Single Point of Contact for both organisations. 11.2.1 Without prejudice to any other provision in this Agreement, the responsibilities of the Supplier Project Manager shall inter alia include: a) overseeing all aspects of this Agreement and the Services; b) ensuring that the Services are performed by the Supplier, in accordance with and to the standards set out in the Service Levels; c) problem and change management; d) to ensure that tasks assigned to Supplier are undertaken in a timely manner; e) dealing with the Change Control Procedure (including advising on and proposing and negotiating changes in relation to technological advancements or improvements to the Services) and capacity planning; f) dispute resolution; g) progressing business and system development via the Change Control Procedure; h) to act as the interface between Customer and Supplier on all the issues in connection with the Services and this Agreement; i) to discharge the various roles and responsibilities allotted to the Supplier Project Manager as set out in and this Agreement; and j) to provide advice and consultancy around delivery and successful execution. 11.2.2 Without prejudice to any other provision in this Agreement, the responsibilities of the Customer Project Manager shall inter alia include: a) overseeing all aspects of this Agreement and the Services; b) managing the Customer contract management team; c) progressing business and system development via the Change Control Procedure; d) monitoring whether the Services are performed by the Supplier in accordance with and to the standards set out in the Service Levels; e) problem and change management; f) to ensure that tasks assigned to Client staff are actioned in a timely manner; g) dealing with the Change Control Procedure; h) dispute resolution; i) to act as the interface between Customer and Supplier on all the issues in connection with the Services and this Agreement; and j) to discharge the various roles and responsibilities allotted to the Customer Project Manager as set out in this Agreement. 12. Invoices and Payment of Charges 12.1 In consideration of Supplier providing the Services, the Customer shall pay to Supplier the Charges set out in Schedule 2. All invoices shall state separately applicable Taxes owed by Customer, if any. 12.2 All invoices shall be due within thirty (30) calendar days and payable by Customer, unless the invoice is the subject of a genuine dispute with Customer, within the relevant time periods stipulated in Schedule 2. 12.3 If any sums are not fully paid by Customer by the due date, interest on any unpaid amount shall automatically and without further notice accrue, on a daily basis, as from the end of the time when the invoice was due up until the date on which payment is received by Supplier. The rate of such late payment interest shall be eight per cent (8%) per annum. Supplier may, without liability to Customer, disable Customer’s password(s), account(s) and access to all or part of the Services and likewise disable access to client of Customer, and Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid beyond the due date; • In the event of a dispute, the sums in dispute shall be payable once the dispute is finally settled. All sums not in dispute shall be paid in accordance with Clause 12.2 above. • Settlement of any invoice by Customer shall be affected in favour of Supplier at the bank indicated by Supplier or in any other form as may be agreed to between the Parties. 12.4 Unless otherwise agreed to in writing between the Parties, all amounts stipulated in this Agreement shall be in Euro (€) and are non-cancellable and non-refundable. 12.5 Services are subject to usage limits, including, for example, the quantities specified in Schedule 2. If, at any time whilst using the Services, Customer exceeds the specifications for the chosen level of Service, including the number of interactions, as specified in Schedule 2, Supplier shall charge Customer, and Customer shall pay. 13. Taxes 13.1 The Charges payable under this Agreement are net of any applicable Taxes. Subject as provided below, Customer shall pay all Taxes resulting from or applicable to payments under this Agreement in accordance with the payment provisions under this Agreement. 14. Data Protection & Privacy 14.1 In addition to the obligations in the Privacy Policy in Schedule 5 hereunder, it is agreed that each Party shall obtain and shall maintain in force all appropriate registrations and/or consents under applicable Data Protection Laws so as to allow (inter alia) the provision by Customer to Supplier of copies of (or access to) Client Data and the retention and use by the Supplier of such data in connection with the performance of the obligations under this Agreement; and ensure that all activities carried on by them under this Agreement shall be in accordance and consistent with those registrations and/or consents. Customer shall ensure that Customer, through obtaining the relevant consent from its clients or data subjects, is entitled to transfer the relevant personal data to Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer’s behalf. 14.2 Supplier agrees that with regard to any Client Data (whether or not it is personal data within the meaning of any Data Protection Laws) held by Customer or Supplier or to which Supplier has access in connection with the Services: a) to keep the Client Data secure and not to disclose it to any third parties other than as authorised by Customer or disclosed by Supplier for lawful processing and rendering of a technical service; b) to process the Client Data only in accordance with Customer’s express instructions; 14.3 Supplier shall ensure that it shall adopt appropriate security and technical measures to protect Client Data as required by the applicable Data Protection Laws and according to the guidelines and recommendations of the Customer, if any. 14.4 Upon Supplier’s or Customer's reasonable written request, Supplier or Customer shall provide the other with such information that it has regarding Client Data and its processing that is necessary to enable the requester to comply with its obligations under this Clause and the applicable data protection laws. 14.5 For the avoidance of doubt and without prejudice to the provisions contained in this Clause 14, especially the registration and/or consent obligations contained in Clause 14.1, if Supplier processes any personal data on Customer’s behalf (which may include Client Data) when performing its obligations under this agreement, the parties record their intention that Customer shall be the data controller and Supplier shall be a data processor. 15. Proprietary Rights 15.1 Customer acknowledges and agrees that Supplier and/or its licensors own all Intellectual Property Rights in the Services and/or Software and/or the Documentation and/or the Statistical and Research Results. Except as expressly stated herein, this Agreement does not grant Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Services and/or Software and/or the Documentation and/or the Statistical and Research Results. 15.2 Each Party reserves the right to use any know how (which for the purposes of this Clause shall mean such skills, knowledge, experience, technical information, inventions or techniques of whatever nature utilised or gained by either Party in the course of performing its obligations under this Agreement) for its own benefit or the benefit of third parties, provided that such know how does not involve: a) the infringement of any part of the Intellectual Property Rights belonging to the other Party (or any third parties who have licensed such rights to the Party); and/or b) the use or disclosure of Confidential Information of the other Party where such use or disclosure is in breach of Clause 16 hereunder. 15.3 Customer hereby gives its consent to Supplier to a limited, non-exclusive, non-transferable, right of use, on Supplier’s reference lists of clients or on Supplier’s marketing material (including Supplier’s website or presentations), of any logo, trademark, trade name, service name, service mark or style, which Customer uses. Such use shall be in the form and substance satisfactory to Customer an always performed in bona fide. 15.4 Without prejudice to the rights conferred pursuant to this Clause, each Party agrees that all Intellectual Property Rights of the other Party shall remain the exclusive property of that Party and each Party shall take no action that infringes, abridges, jeopardises, undermines or reduces the value of, or in any way dilutes, the other Party’s ownership of its own Intellectual Property Rights. 15.5 The above provisions of this Clause shall survive termination of this Agreement, however arising. 16. Confidentiality 16.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party’s Confidential Information shall not be deemed to include information that: a) is or becomes publicly known other than through any act or omission of the receiving party; b) was in the other party’s lawful possession before the disclosure; c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or d) is independently developed by the receiving party, which independent development can be shown by written evidence. 16.2 Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement. 16.3 A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this Clause, it takes into account the reasonable requests of the other party in relation to the content of such disclosure. 16.4 Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party. 16.5 Customer acknowledges that details of the Services, and the results of any performance tests of the Services or reports generated therefrom, constitute the Supplier’s Confidential Information. Supplier acknowledges that the Customer Data is the Confidential Information of the Customer. 16.6 The above provisions shall survive termination of this agreement, however arising. 17. Term and Termination 17.1 This Agreement shall, unless otherwise terminated as provided in this Clause, commence on the Effective Date and shall continue for the Initial Subscription Term and, thereafter, this agreement shall be automatically renewed for successive periods equal to the Initial Subscription Term (each a Renewal Period), unless: a) either party notifies the other party of termination, in writing, at least ninety (90) days before the end of the Initial Subscription Term or any Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period; or b) otherwise terminated in accordance with the provisions of this Agreement; 17.2 Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if: a) the other party commits a material breach of any other term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of fifteen (15) days after being notified in writing to do so; b) the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of Maltese Law; c) the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party; d) a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party; e) an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party; f) the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business or there is a change of control of the other party; 17.3 Without affecting any other right or remedy available to it, Supplier may terminate this Agreement with immediate effect by giving written notice to Customer if: a) Customer fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than thirty (30) days after being notified in writing to make such payment; or b) Customer repeatedly breaches any of the terms of this Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this Agreement. 17.4 Without affecting any other right or remedy available to it, Customer may terminate this Agreement with immediate effect by giving written notice to Supplier if: a) Supplier fails to provide its Services for a period not less than thirty (30) days after being notified by Customer; or b) Supplier repeatedly breaches any terms of this Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this Agreement. 17.5 On termination of this Agreement for any reason: a) all licences granted under this Agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Software the Documentation and return any property (if any) belonging to the Supplier; b) Supplier will destroy, anonymise, or otherwise dispose of any of the Customer Data or Client Data in its possession unless Supplier receives, no later than ten (10) days after the effective date of the termination of this Agreement, a written request for the delivery to Customer of the then most recent back-up of Customer Data and Client Data. Supplier shall use reasonable commercial endeavours to deliver the back-up to Customer within fifty (50) days of its receipt of such a written request, provided that Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Supplier in returning or disposing of Customer Data and/or Client Data; Should Customer require assistance with migration to a third-party system, then Supplier will govern this request through a Change Order form as stipulated in Clause 10 above; and c) any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced. For avoidance of doubt it is clarified that if termination does not occur as stipulated by the covenants of this clause, Clause 17 of the Agreement, and instead occurs due to the Customer abandoning the project during its implementation stage (and thus prior to Final Acceptance) without a cause attributable to Supplier, then Customer hereby agrees to pay the full ‘Professional Fee’ as stipulated in Schedule 2 of this Agreement within thirty (30) days from abandonment. In this context, ‘abandonment’ is understood to occur when communication between the Parties ceases for a period of at least three (3) months, or the implementation of the project lasts three (3) times longer than agreed between the parties – whichever the shorter period. 17.6 The Clauses in this Agreement which expressly or impliedly have effect after termination shall continue to be enforceable notwithstanding termination. 18. Limitation of Liability 18.1 Except as expressly and specifically provided in this Agreement, and except when an action or omission of the Supplier is one which is negligent or a reason for termination as described in the preceding Clause: a) Customer assumes sole responsibility for results obtained from the use of the Services and/or the Software and/or the Documentation by Customer, and for conclusions drawn from such use. Supplier shall have no liability for any damage caused by errors or omissions in any information, data, instructions, conversations, intents, entities, Artificial Intelligence or derivatives thereof, or scripts provided to Supplier by Customer in connection with the Services, or any actions taken by Supplier at the Customer’s direction or the client of Customer – provided that Supplier has consistently acted in good faith and has reasonably followed industry best practices in the delivery of its Services; b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and c) the Services and/or the Software and/or the Documentation are provided to Customer on an “as is” basis. 18.2 Subject to Clause 19, hereunder: a) Supplier shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this agreement; and b) Supplier’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to the maximum value of €10,000 (ten thousand Euro) or the total Charges paid for by the Customer to the Supplier during the three (3) months immediately preceding the date on which the claim arose, whichever is the lower. 19. Authorisation, Laws and Regulations 19.1 Each Party shall be obliged to obtain and maintain (at its own cost) all licenses, authorizations, approvals or permits of any person or entity which is necessary for the performance of such obligations under this Agreement save any licenses related to the Customer Systems which shall be paid by Customer. 19.2 Both Parties shall comply with all laws and regulations applicable to or as specified in this Agreement relating to the delivery or receipt of the Services. 19.3 The Parties shall identify and notify each other of any changes that they become aware of in applicable laws and regulations that may relate to the delivery or receipt of the Services. Each Party shall accept and act upon any reasonable recommendations made by the other Party relating to any potential non-compliance as detailed in this Clause. Should any change in any applicable law require a change in the provision of the Service, Supplier shall reserve the right to amend the Charges according to the Change Control Procedure or terminate the Agreement. 19.4 Customer and Supplier shall amend this Agreement using the Change Control Procedure to comply with any changes in legal and regulatory requirements. 20. General 20.1 Assignment: No assignment, novation, transfer, mortgage or other charge may be made by the Customer of any of its rights or duties/obligations under this Agreement (or any portion thereof) except with the other Party’s prior consent in writing. 20.2 Status of the Parties: This Agreement shall not be interpreted as constituting either Party agent of the other or to create a joint venture relationship, partnership or any other form of legal association. Additionally this Agreement will not be understood as providing either Party with the right, power or authority to create, vary or release any duty or obligation of the other Party. Each Party therefore agrees not to represent that any such relationship exists or that it has any such authority. 20.3 Management of Employees: Each Party shall be responsible for the management, direction and control of its employees and sub-contractors and such employees and sub-contractors shall not be deemed to be employees or sub-contractors of the other Party. 20.4 Representations: Each Party represents and warrants to the other that: (i) It is as an organization duly incorporated, validly existing, and has all requisite corporate power and authority to execute, deliver and perform its obligations under this Agreement; and (ii) that it has taken all requisite corporate and other action to approve the execution, delivery and performance of this Agreement. 20.5 Indemnities: Both parties shall defend, indemnify and hold harmless the other Party against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the use of the Services. 20.6 Enforceability of terms: If any term or provision of this Agreement, or of any document incorporated herein by reference is held by a court and/or tribunal of competent jurisdiction to be contrary to law, then the remaining provisions of this Agreement or the application of such provision to persons or circumstances other than those as to which it is invalid or unenforceable shall not be affected thereby, and each such provision of this Agreement shall be valid and enforceable to the extent granted by law and such term or provision shall be deemed to be deleted. 20.7 No implied waiver: No failure or delay on the part of either Party hereto in exercising any right, power or remedy hereunder shall operate as a waiver thereof, nor shall any single or partial exercise of any such right, power or remedy preclude any other or further exercise of any such right, power or remedy. The rights, powers or remedies provided herein are cumulative and not exclusive of any remedies provided by law and thus may be exercised as often as each party considers appropriate and are in addition to its rights under the applicable law. The rights, powers or remedies of one Party against the other Party are not capable of being waived or amended except by an express waiver or amendment in writing. Any defective or partial exercise of any such rights, powers or remedies will not preclude any other or further exercise of that or any such right, power or remedy and no act or course of conduct or negotiation on a Party’s part or on its behalf will in any way preclude such Party from exercising any such right, power or remedy or constitute a suspension or any amendment of any such right, power or remedy. 20.8 Final Agreement: This Agreement, supersedes all previous conditions, understandings, commitments, presentations, talks, agreements or representations whatsoever whether oral or written relating to the subject matter hereof and constitute the entire agreement between the Parties relating to the subject matter thereof. 20.9 Amendment: No amendment to, or change of any provision of this Agreement shall be valid unless in writing and signed on behalf of Customer and Supplier by the authorised signatories of both Parties. 20.10 Inconsistencies: If there is an inconsistency between any of the provisions in the main body of this agreement and the Schedules, the provisions in the main body of this agreement shall prevail. 20.11 Own Assessment: Customer agrees and acknowledges that it has entered into this Agreement on its own assessment of the viability of its business or prospective business and that it has not relied upon any statement of opinion, warranty, promise, representation or other assurance, whether oral or written that may have been made by anyone at any time prior to the execution of this Agreement and which is not expressly set out in this Agreement. 20.12 Costs: Each party shall bear its own costs in relation to the negotiation of this Agreement. 20.13 Copies: This Agreement may be executed in any number of identical counterparts, each of which will be deemed to be an original, and all of which together will be deemed to be one and the same instrument when each Party has signed and delivered one such counterpart to the other Party. 21. Force Majeure 21.1 Supplier shall not be liable for any delay or failure to perform its obligations under this Agreement or for any loss or damage caused as a result of such delay or failure, if such delay or failure is due to a Force Majeure Event. 21.2 The occurrence or existence of any Force Majeure Event shall be immediately notified by Supplier to Customer. Supplier shall use all reasonable endeavours to remedy as quickly as possible the effects of the Force Majeure Event. Supplier’s performance or observance of the obligation(s) affected by the Force Majeure Event shall be suspended for as long as such circumstances remain in existence. 21.3 If any Force Majeure Event results in the suspension or delay of the performance or observance of an obligation of Supplier under this Agreement for more than three (3) months, then Customer may terminate this Agreement, without need of judicial recourse, and without liability for compensation or damages (whether direct and/or indirect) of any type or nature in favour of Supplier, as of a date specified by Customer in a written notice of termination to Supplier no earlier than when the written notice was given. 22. Dispute Resolution & Governing Law 22.1 Upon a dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination or invalidity thereof, or any dispute, controversy or claim relating to any right or obligation based thereon or related thereto, the Parties shall by means of the Customer and Supplier Project Managers, as soon as reasonably practicable and in any event no later than ten (10) Working Days after a written request from either Party to the other, discuss in good faith and use all reasonable efforts to resolve such dispute, controversy or claim. 22.2 If the Parties reach agreement on the resolution of the relevant dispute, controversy or claim the Parties will each procure that the agreement is set out in writing within ten (10) Working Days and signed by their respective duly authorized representatives at which time it will be and remain binding on the Parties. All negotiations between the Parties will be conducted in strict confidence. Negotiations shall be without prejudice to the rights of the Parties in any future arbitration and/or court proceedings or expert determination. 22.3 If any dispute, controversy or claim arising under this Agreement is not resolved within fifteen (15) Working Days of the relevant discussions of the Parties or, for whatever reason, the relevant discussions do not take place, then either Party may by written notice to the other require that such dispute, controversy or claim be resolved by escalation to the Chief Executive Officers of the Parties. If the dispute, controversy or claim is not resolved within fifteen (15) Working Days after the request for escalation was made, then either Party shall be bound to refer said dispute, controversy or claim immediately and exclusively to arbitration. 22.4 All disputes, controversies or claims arising out of or in connection with this Agreement not resolved pursuant to Clause 22.1 shall be submitted immediately and exclusively to arbitration in accordance with the Malta Arbitration Act, 1996 and the Arbitration Rules of the Malta Arbitration Centre as at present in force. The venue of such arbitration shall be the Malta Arbitration Centre and all verbal and/or written proceedings shall be conducted in the English language. The award shall be final and binding and there shall be no appeal except in relation to a point of law. a) Pending the reference to arbitration and thereafter until the arbitration tribunal’s award shall be final and binding, the Parties shall continue to perform all of their obligations hereunder without prejudice to a final adjustment in accordance with said award. b) Each Party waives, to the fullest extent, it may effectively do so, any objection that it may now or hereafter have to the laying of venue of any such proceeding, and submits to the jurisdiction of such arbitral tribunal in any suit, action or proceeding. 22.5 This Agreement shall be governed, construed, enforced and interpreted in accordance with the Laws of Malta. 23. Notifications 23.1 Any notice, demand, consent, record or account to be given under this Agreement shall be in writing and be sent by prepaid registered letter or courier at the addresses of the Parties listed in the first page of this Agreement or to such other person or address as any Party may notify in writing to the other Party hereto for that purpose. 23.2 Any such notice shall be deemed to have been received (and reference herein to receipt shall include deemed receipt, (i) if such notice is given by prepaid registered letter or courier, at the expiration of three (3) Working Days after being put in the post; or (ii) if such notice is given by electronic mail: upon return receipt. Signed on behalf of the Supplier (duly authorised) Signature......................................... Name.............................................. Title................................................ Date................................................ Signed on behalf of the Customer (duly authorised) Signature......................................... Name.............................................. Title................................................ Date................................................ Witness to Signatures: Signature......................................... Name.............................................. Title................................................ Date................................................ Signature......................................... Name.............................................. Title................................................ Date................................................   Schedule 1: Summary of Project The below is a summary of the key project details and deliverables, as well as a summary of service details and contacts. PROJECT DETAILS Customer Company Name Company Name Customer VAT Number XX 1111 1111 Customer Address Please insert Customer Accounts Department Contact Name & Email Name Surname name@company.com Customer Project Manager (if known) Name Surname EBO Project Manager (if known) Name Surname Approved Proposal version Version X Date of Approved Proposal Dd/mm/yy Proposal attached herewith in: Annex A (page YY) SERVICE DETAILS Selected Front-End Platform Quantity 1 Selected Front-End Platforms Facebook Messenger Selected Language(s) English Setup of Conversations by EBO for Customer Yes Quantity of planned Conversations to be setup (excluding Control Dialogues) XX License Tier X Maximum Interactions per month XX,XXX Irrevocable Term License for QTY months XX Conversation Manager Yes Conversation Transcripts Yes Chat Takeover Yes/No Reporting & Insights Yes Multi-Device Support Yes Natural Language Processing Yes Machine Learning Yes Click-to-Email Yes Hosting Yes SLA Yes Training Yes Quantity of Customer Users envisaged per month (if known) XX 3rd Party API Integration for Customer Data Yes/No GDPR Bot Add-On Yes/No Hosting: Space Allocation 10Gb Schedule 2: Charge & Payments 1. General 1.1 This Schedule describes the Charges to be payable by Customer to Supplier and applicable terms including payment terms. 1.2 All Charges shall be calculated, invoiced and paid in the Euro (€) currency. 1.3 All Charges below are excluding VAT or any applicable taxes. 1.4 In general, the fees are as categorised as follows: Type Cycle Amount (€) ex VAT Payable Reference Subscription Fee Monthly €[AMOUNT] Monthly Clause 2 hereunder Cloud Hosting Fee Monthly €[AMOUNT] Monthly Clause 3 hereunder Service Fee Monthly €[AMOUNT] Monthly Clause 4 hereunder & Schedule 3 Professional Fee N/A €[AMOUNT] N/A Clause 5 and 6.2 hereunder 2. Subscription Fees 2.1 Initial Subscription Term: The Initial Subscription Term is of: [INSERT LENGTH OF INITIAL SUBSCRIPTION TERM – Example 2 years] and is irrevocable. 2.2 Subscription Fees: The Subscription Fees shall amount to a total of €[AMOUNT] per calendar month, based on License Tier [Insert Number] allowing a maximum amount of [AMOUNT] Interactions per calendar month, This fee is charged monthly and in advance. 2.3 Interaction Overages: Should the monthly Interactions exceed the maximum stated above, every additional 1,000 interactions (or part thereof) shall be at a monthly fee of €50. These shall be invoiced monthly and in arrears. 3. Cloud Hosting Fees 3.1 Hosting Term: The hosting term is identical and attached to the Subscription Term as identified in Clause 2.1 above. 3.2 Hosting Fees: The Hosting Fees shall amount to a total of €[AMOUNT] per calendar month. This fee is charged monthly and in advance. 3.3 Hosting Overages: 10GB of hosting space is made available to Customer. Should the monthly hosting required exceed the space requirements stated above, every additional 1GB of hard-disk space (or part thereof) shall be at a monthly fee of €50. This shall be invoiced monthly and in arrears. 4. Service Fees The Service Fee relates to a catalogue of services offered by Supplier to Customer which includes the following tasks: (i) provision of an IT Help Desk, (ii) Technical Support, (iii) Software Patching, (iv) Upgrades and Updates, (v) Server Monitoring & Management, and (vi) Continuous Improvement. Each of which is described in detail in Schedule 3 hereunder. The services offered herein do not change the design or function of the Subscription Fee. 4.1 Term: The term for these services is identical and attached to the Subscription Term as identified in Clause 2.1 above. 4.2 Service Definition: The Supplier’s standard services terms are set out in Schedule 3 hereunder. 4.3 Fees: The Service Fee shall amount to a total of €[AMOUNT] per calendar month. This fee is charged monthly and in advance. 5. Professional Fees The Supplier’s professional fee to configure and deliver the Services as described herein shall amount to a total of €[AMOUNT]. The performance obligations which Supplier shall undertake and which result in the charging of the ‘Professional Fees’ are identified, in detail in Annex 1 hereunder and create an enforceable right to payment as indicated in 6.2 hereunder. 6. Terms 6.1 The Customer shall pay the Subscription Fees, Cloud Hosting Fees and Support fees (collectively ‘Monthly Fees’) to the Supplier monthly and in advance with the first payment occurring on, or before, the first day of the Subscription term. 6.2 The Customer shall pay the Professional fees set up above 50% on the Effective date, and the remaining balance on the first day of the Subscription Term. 6.3 The Customer shall confirm to the Supplier, in writing, the initiation of the Subscription Term. 6.4 The Customer shall on the Effective Date provide to the Supplier a valid purchase order (if necessary) and valid, up-to-date and complete contact and billing details. 6.5 If Client requests services outside the scope of this Agreement, unless otherwise provided in this Schedule, the charges applicable for such services shall be as per the Change Control Procedure. 6.6 Supplier shall be entitled to increase the Monthly Fees due by Customer to Supplier pursuant to this Agreement, on the first (1st) day of each yearly Subscription Term based on the then applicable rate of inflation published by the National Office of Statistics in Malta,. In no event shall the increase be more than five percent (5%).   Schedule 3: Service Levels & Service Policy 1. Scope 1.1 Purpose of Service: The purpose of this policy is to ensure that the proper elements are in place to provide support services to Customer, and to ensure that there is clear, mutual understanding on the service provision by Supplier. 1.2 Method of Service: The service is undertaken by Supplier’s personnel, who are conversant with the Services and Systems to be supported. Support services provided to Customer principally through: (i) remote monitoring, diagnostics and support via a remote connection link; and (ii) remote telephone and/or e-mail support. Continuous Improvement Services are provided remotely through trained linguists and AI engineers as facilitated by the Project Manager, 1.3 Service Coverage: The policy shall cover the Product and Services as described in Schedule 1 above. 1.4 Service Start Date: The SLA shall commence on the first day of the Subscription Term as defined in Clause 2 of this Agreement. 1.5 Service Fee: The fee for SLA services is as defined in Schedule 2 above. 1.6 Fee Revision due to increase in Deliverables: The fees set out in Schedule 2 are relative to the size, scope and volumes of the deliverables as agreed to herein. Should the size and/or scope of the Deliverables change during a term of this Agreement, Supplier reserves the right to proportionately alter the fees to reflect the increases in the Deliverables. 1.7 Refunds: Refunds are not permitted for any unutilised portion of a term of this Agreement. 2. Responsibilities: For this policy to be effective it requires the cooperation of all parties, the list below indicates the responsibility of Supplier and Customer: 2.1 Supplier Responsibilities include: a) Training required staff on appropriate service support tools. b) Generating appropriate notification(s) to Customer for all scheduled or unscheduled maintenance. c) Facilitation of all service support activities documented within this Agreement. d) Using bona fide endeavours to correct issues. e) Informing Customer of any SLA service procedure, that may adversely affect the efficient and effective operation of any Services provided by Supplier as described in this Agreement. f) Providing a training and usage manual in electronic format. g) Ensuring the Continuous Improvement of the dialogues provided in the period for which the Service fee and license fee are paid for. 2.2 Customer Responsibilities include: a) Appropriate Incident and/or request prioritisation as outlined in this Agreement. b) Reasonable availability of Project Manager and/or business-unit representative(s) when resolving a service related incident or request and provision of necessary information and documentation to enable Supplier to assist with the request. c) Management of its own hardware, operating systems, network setup, maintenance, security management, site, channel(s), API(s) and IT services. d) Ensuring that its personnel have sufficient training to attain and maintain competence in the operation of the Services described in Schedule 2 above. e) Ensuring that communication with client of Customer (end-user) on matters relating to service notification, service windows, privacy or terms etc., is managed by Customer. f) The Customer is responsible for informing end-users of potential outages which may occur during Problem Management process. 3. Six Services Provided: The services provided through this policy are as follows: Service No. Service Name Description 1 IT Help Desk A point of contact for Customer to log Incidents, or request services. 2 Technical Support Support services through corrective, reactive measures. 3 Software Patching Preventive software maintenance through software updates. 4 Upgrades Provision of system or module upgrades. 5 Server Monitoring & Management Management of infrastructure to maintain a Service availability 6 Continuous Improvement Improvement to the language models and the dialogues prepared by EBO for customer. 3.1 Service Assumptions: Assumptions related to in-scope services include: a) Service usage will remain within the levels established in this Agreement. Should the usage exceed such levels: (i) fee revision (as per Clause 1.5.1 of Schedule 3) will occur, and (ii) the scope of the policy may need to be revised jointly by the Parties. b) Changes are treated as a project outside the scope of this policy and are governed by the Change Control mechanism in Schedule 4 hereunder. Such changes typically include but are not limited to, the addition of front-end channels, the improvement, modification or addition of conversations and dialogues as well as API integrations. 4. Service #1: IT Help Desk: 4.1 Service Objective: To coordinate and carry out activities and processes required to deliver and manage services to Customer. The IT Help Desk will: • Offer a single point of contact between Supplier and Customer. • Provide preliminary diagnostics and resolve basic issues and questions. • Escalate incidents and service requests when required. • Notify Customer of impending changes, planned outages and progress on incidents and service requests. 4.2 Incident Management Process: Supplier will efficiently handle Incidents or Service Requests received by the IT Help Desk via an established process in which requests are received, recorded, processed and resolved. 4.3 Access to IT Help Desk: Customer may access the IT HelpDesk to report an Incident, make a query or put forward a Service Request using the following contact information: +356 22581830 and/or support@ebo.ai 4.4 Service Availability: The service is available during business hours which are considered to be Monday to Friday from 08:30 to 17:00 (CET/GMT+2) excluding Public Holidays in Malta. Working hours may be adjusted due to Supplier’s system/power outages, emergency situations, or disaster and such adjustments will be communicated to Customer. 4.5 Data required when contacting IT Help Desk: In order to respond to a request in a timely manner, Customer must provide the following information: (i) Customer Name, (ii) Any corresponding tracking number in use by the Customer, (iii) Name of person making the request, (iv) Name of person to be contacted (if different from above), (v) Telephone number/extension and Mobile numbers of abovementioned, (vi) System(s) affected or description of the Request put forward, (vii) Brief description of the matter, (viii) Classification understood by Customer. 4.6 Progress Reporting: Once a request has been received, Supplier will establish the nature of the issue and schedule the fault resolution process or service delivery. Customer will be kept informed of progress, including what action has been taken to resolve the issue and the time the issue was closed. 4.7 Closure: When the request has been completed, the Incident will be closed and Customer will be informed verbally or in writing. 4.8 Incident Classification: For all requests which relates to incidents, Supplier will use a classification and escalation method. Supplier understands and expects that there may be cases in which the severity of the incident is not known at the time of request. Once Supplier receives such request, it will make a determination as to the severity level of the problem and respond accordingly. Should the Supplier’s Project Manager and Customer's Project Manager disagree on the severity of the incident, the incident shall be classified as Level 3: Incident Classification & Escalation Table PRIORITY LEVEL 4 3 2 1 Severity Level Work-Around Available Error Critical System Failure Software is functioning with work-arounds. Incident may be prioritized as a Modification to be included into a future release. Any other uncategorized issues or questions. Software has minor functionality which is unavailable or impaired. No mutually agreed upon work-around is available. Software has important functionality or core component which is unavailable or severely impaired. No Application feature is currently functioning. Application is completely unavailable or severely impaired. 5. Service #2: Technical Support: 5.1 Service Objective: Technical Support means actions taken by Supplier addressing the request lodged by Customer at the IT Help Desk to investigate, consult and resolve Incidents of a technical nature. It denotes activities that keep the provided Services fit for purpose. Technical support shall receive initial Incident data from the IT Help Desk, generate additional diagnostics and seek to resolve the technical issues which may be present. Supplier will provide internal resources dedicated to such support services based on the Incident priority level and technical complexity. For clarity it is specified that Technical Support is not intended to cater for Customer changes or new projects. 5.2 Service Process: Customer is required to establish and maintain a “First Line Support” for the Services to directly serve its internal users and end-users. If after reasonable commercial efforts Customer is unable to diagnose or resolve problems or issues for the Services, Customer may contact Supplier’s IT Help Desk for “Second Line Support”. The process to provide support will be governed by the process described in Clause 4.2 – 4.8 of this Policy. 6. Service #3: Software Patching: 6.1 Service Objective: Software patching is the process in which new software is installed to update the existing software or its supporting data so as to fix or modify it through a limited amount of code. Patching is used for fixes, vulnerability fixing, security hardening, UI updates, corrections and minor enhancements of and to the Software used to deliver the Services. Supplier’s personnel will sometimes resort to emergency fixes which are referred to as “hot patching” which are also considered to be ‘patching’ as determined in this Clause. This occurs when a quick workaround solution is required to solve a pressing Incident. 6.2 Service Process: When possible, Supplier will render such services in periods of low end-user activity so as to reduce any impact on the publicly available Services. Should it be necessary, Supplier will schedule with the Customer's consent, a scheduled maintenance window to install such patches. 7. Service #4: Updates and Upgrades: 7.1 Service Objective: In the context of this policy, an ‘update’ is understood to be a minor improvement to the software enabling the Services. An ‘upgrade’ is understood to be a major new release replacing the present version of the software enabling the Services. 7.2 Updates: The Supplier, may at its sole discretion and without any commitment or obligation to do so, make available updates to the software enabling the Services agreed upon. Such updates will be deployed onto the Customer’s environment without the need or requirement for Customer approval or review. Updates are available at no cost to the Customer as long as Customer has a fully paid-up license during an active Subscription Term. All updates released become part of the Services herein and subject to the same conditions set out in this Agreement. 7.3 Upgrades: Supplier, may from time to time, re-build the entire platform enabling the Services – or part thereof - with a view to entirely replace previous versions or maker available major functionality not previously available. Upgrades are not in the scope of this Agreement and are generally managed through the Change Control policy in hereunder, or by mutual Agreement between the Parties. 8. Service #5: Server Monitoring and Management: 8.1 Service Objective: Supplier will monitor the technical environment and infrastructure within which the Services reside and which are operated by Supplier directly or its partners. Supplier’s monitoring tools are configured to send automatic notification of infrastructure issues to it's IT Help Desk. Once an Incident is reported, Supplier will make available resources to reach quick resolution based on the Incident Classification & Escalation Table above. 8.2 Maintenance: Supplier also regularly conducts server maintenance procedures so as to ensure that its hosting operation will run smoothly. The operations in this procedure include reviewing the performance of the network and its components, security risks and backup protocols. 9. Service #6: Continuous Improvement 9.1 Service Objective: The Supplier provides continuous improvement on two levels: (i) Language Improvement, and (ii) Dialogue Improvement. None of these improvements affects the Subscription License or the functionality of the Software in any way but instead enhances the dialogues within it. 9.2 Language Improvement which occurs through the Solution’s advanced Machine Learning capabilities which allow it to improve performance of its language models. 9.3 Dialogue Improvement which occurs through the manual review by Supplier’s trained personnel who periodically optimize the dialogues and their workflow to improve the business outcomes of the solution. 10. General 10.1 Service Review: As appropriate, Supplier will participate in review meetings to discuss the effectiveness and quality of the service provided. The participants of these meetings would comprise of a representative of Supplier and Customer. 10.2 Service Revision: Revisions of this policy may become necessary due to changing service needs, modifications to existing services and addition of services. Without prejudice to foregoing, any modifications to this Agreement will occur through joint approval of the Parties. 10.3 Minor Issues: If Supplier or Customer identifies a substantive breach of responsibility, or other problem that requires resolution prior to the next Service Review, both Parties will engage in a joint effort of understanding and rectification of the issue. In the event this remedial effort fails, either party can proceed to Dispute Resolution. 10.4 Soliciting Feedback: Through the term of this Agreement Supplier shall solicit feedback from Customer about its satisfaction on the services provided herein. All feedback shall be stored for retrospective analysis and any complaints will be treated immediately through an internal process based on Supplier’s Quality management practices.   Schedule 4: Change Control 1. Principles 1.1 This Schedule sets out the procedures that apply to any change to this Agreement. This clause sets out the basic principles. Claus 2 sets out the process, which operates using a Change Order Note which is included as an Annex to this Schedule. 1.2 In certain situations as described in the Agreement, Customer or Supplier may need to be able to flexibly change the certain matters and/or Services covered by this Agreement. This shall enable both Parties to respond to the changes that shall happen over the lifetime of the Agreement. 1.3 Changes may be initiated by either Party and each Party shall follow the procedures as set out in this Schedule. Each Party shall be responsible for all costs and expenses incurred by such Party in completing any Change Order Note. 1.4 Supplier shall implement a Change using existing resources unless Supplier gives notice to the Customer that it shall compromise its ability to meet the Service Levels and its other obligations under this Agreement. 1.5 Supplier shall implement each agreed Change in a timely and efficient manner and so as to minimise disruption to Customer and ensure that any agreed Change that would interrupt or otherwise adversely affect Services are, except with the prior consent of Customer, implemented during periods of minimal use of the Services by Customer, as specified by Supplier. 1.6 Until such time as both Parties have agreed the Change in accordance with this Schedule, Supplier shall continue to provide the Services unchanged, in accordance with this Agreement. 1.7 Any communication as set out in this Schedule, including any Change Order Note, shall be sent to the respective Project Manager of each Party. 2. Change Procedure & Change Order Note 2.1 Each Change Order Note shall be in the form of Annex 1 of this specific Schedule. 2.2 Whenever a Party proposes a Change, it shall draft a Change Order Note in the form of Annex 1 and deliver it to the other Party’s Project Manager. Parties may agree on an electronic process to support and facilitate the issuance of Change Order Notes, acknowledgements of receipt and acceptance of such Change Order Notes. 2.3 Notwithstanding anything to the contrary stipulated in a Change Order Note, a Change Order Note shall cease to have effect on the Termination Date. 2.4 In the event that a Party does not agree with the draft forwarded by the Party initiating the Changes pursuant to paragraph 2.2 above, the respective Project Managers shall discuss the request, agree on the time necessary to respond and the Party making the request for Change shall submit to the other Party’s Project Manager a revised Change Order Note within the agreed time period, taking into account any proposed amendments made by the other Party. 2.5 If, following a period of ten (10) days from request of the Change, the Party requesting the Change has not submitted a revised Change Order Note to the other Party’s Project Manager or has submitted a revised Change Order Note that is not agreed on by the other Party, then either Party may escalate the matter in accordance with the amicable dispute resolution principles in Clause 22.1 of this Agreement. 2.6 The terms of the Change Order Note, together with any attachments and appendices, shall be considered valid and effective when signed by the authorised signatories of both Parties. 2.7 Except as modified by the respective Change Order Note, the Change Order Note shall be governed by the terms and conditions of this Agreement. 2.8 Each Change Order Note signed by both Parties shall be incorporated by reference into and constitutes an integral part of this Agreement. 2.9 If any terms in any Change Order Note conflict with the terms of this Agreement, the terms of this Agreement shall supersede the terms of the Change Order Note; unless otherwise agreed in the Change Order Note. ANNEX to Schedule 4: Sample Change Order Note This Change Order Note to the Subscription Agreement for Artificial Intelligence Platform Services dated as of___________________ (the “Agreement”) between (_________) (“Customer”) and EBO Ltd (“Supplier”) is made and entered into force as of the______________________ (“Change Order Note Effective Date”). This Change Order Note, together with the terms of the Agreement, shall constitute a single agreement. 1. Change Order Note Reference Number 2. Requested Change (Title) 3. Description/details of proposed Change 4. Chargeable / Non-chargeable Change 5. Reason for the Request 6. Risk Identification/Analysis 7. Impact Analysis 8. Quality Impact 9. Schedule Impact 10. Charges (if any) 11. Additional training (if any) 12. Training (if any) 13. Customer / Supplier responsibilities 14. Details of any Service Levels affected 15. Dependencies 16. Other terms and conditions Except as otherwise expressly modified herein, all other terms and conditions of the Agreement shall remain in full force and effect and are hereby ratified and confirmed. All terms and expressions used in this Change Order Note shall have the same meaning as in the Agreement, unless otherwise stated herein. SO AGREED ON the Change Order Note Effective Date For SUPPLIER (duly authorized) For CUSTOMER (duly authorized) Name: Title: Signature: Name: Title: Signature:   Schedule 5: Privacy Policy & Processing Agreement Supplier is committed to ensuring data privacy. Any personal information is governed in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679). This privacy policy describes Supplier's current policies and practices with regard to personal data collected by Supplier through its Services. The term "personal data" refers to personally identifiable information about a user who can be directly or indirectly identified in particular by reference to an identifier, such as name, birth date, e-mail address or mailing address, and any other information that is identified with a person. We are aware that we have a legal duty to respect and protect any personal information and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on personal data, to any third party unless you give us your consent to do so or unless this is governed by flow-down obligations to a data processor rendering a technical service to Supplier. All data collected is processed in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679). 1. Privacy Policy 1.1 Notification of Changes to This Policy: Supplier is continually improving and adding new functionality and features to its services. Because of these ongoing changes, changes in the law, and the changing nature of technology, Supplier's data practices will change from time to time. If and when our data practices change, Supplier will post the changes on its website https://www.ebo.ai/privacy-policy/. We encourage you to check this page frequently. 1.2 Personal Data Collected and its use: The personal data the Supplier currently collects through its Services is data which a user voluntarily gives or that derived from the channel being used for communication (typically a front-end channel like Facebook Messenger). For example, a user may use the Services to ask a question and in so doing provide personal data which is necessary within the context of that exchange. The only purpose for which the personal data provided is used, is that of providing a service as requested by the Customer. 1.3 Requirements and Criteria for Processing: Supplier ensures that when personal data is captured, the: a) personal data is processed fairly and lawfully; b) personal data is always processed in accordance with good practice and always aligned with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679); c) personal data is only collected for specific, explicitly stated and legitimate purposes; d) personal data is not processed for any purpose that is incompatible with that for which the information is collected; e) personal data that is processed is adequate and relevant in relation to the purposes of the processing; f) no more personal data is processed than is necessary having regard to the purposes of the processing; g) personal data that is processed is correct and, if necessary, up to date; h) personal data is not kept for a period longer than is necessary, having regard to the purposes for which they are processed and this determination is made by the Data Controller or Customer; i) all personal data is stored within the physical borders of the European Union. 1.4 Personal data will be processed only if: a) the data subject, has voluntarily chosen to give consent; or b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or c) processing is necessary for compliance with a legal obligation to which Customer is subject; or d) processing is necessary in order to protect the vital interests of the data subject; or e) processing is necessary for the performance of an activity that is carried out in the public interest or in the exercise of official authority vested in Supplier or in a third party to whom the data is disclosed; or f) processing is necessary for a purpose that concerns a legitimate interest of Customer, Supplier or of such a third party to whom personal data is provided, except where such interest is overridden by the interest to protect the fundamental rights and freedoms of the data subject and in particular the right to privacy. 1.5 Anonymous Data Collected through the Services: Supplier uses technology to collect anonymous information about the use of its Services. For example, we use technology to track how many users access which channels, the date and time of their visit, the length of their stay, and which themes or topics they interact with. Supplier may also use technology to determine which web browsers our visitors use, which OS and the location from which they Services are accessed. In most cases, this technology does not identify you personally. It simply enables us to compile statistics about usage. Supplier uses this anonymous data to improve the content and functionality of our Services, to better understand our customers and markets and to improve our products and services. 1.6 Disclosure of Personal Data: Supplier may allow access to personal data collected through its website with authorized third-party suppliers who are bound with non-disclousre and privacy-compliance agreements. Such disclosure is limited to absolute necessity and is to companies that provide technical support services to us (such as providing a technical infrastructure). These companies are not authorized to use the information we share with them for any other purpose. More so all the personal data we stored is protected from unauthorized view including, when applicable, to such third-parties. While no method of data transmission is guaranteed against unlawful third party interception or other misuse, Supplier uses commercially reasonable efforts to ensure protection of your data including industry-standard encryption and offline security methods in our physical facilities. 1.7 Access to information: Customer or client of Customer may, at any time request to know what information is held in its regard, if any. Customer or client of Customer have the right to have any inaccuracies corrected and where applicable erased, if they are not already deleted. 1.8 Rectification & Deletion: Supplier shall at Customer’s request immediately rectify, block or erase such personal data that may be held about a data subject following a request from the same. To do so the request will reach Supplier in writing, via email. 1.9 Governing Law: This privacy policy is governed by and construed in accordance with the laws of the Republic of Malta and relevant EU legislation. This policy is specifically inspired by the General Data Protection Regulation (Regulation (EU) 2016/679). 2. Processing Agreement Both Parties agree that processing is necessary to fulfil the obligations of this Agreement. More so both Parties agree that under existing law, the Supplier is understood to be the ‘Processor’ and the Customer is understood to be the ‘Data Controller’. So as to regulate their relationship in this regard the Parties agree that: 2.1 Appointment: The Processor is appointed by the Controller to Process such Personal Data on behalf of the Controller as is necessary to provide the Services, and as may subsequently be agreed by the Parties in writing. Any such subsequent agreement between the Parties, which require Processing of any Personal Data, shall be subject to the provisions of this Agreement. 2.2 Approach: The Processor warrants and undertakes in respect of all Personal Data that it Processes on behalf of the Controller that at all times it: a) processes Personal Data only on instructions from the Controller and in accordance to this Agreement, unless otherwise required by the Applicable Law, b) ensures that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; c) takes all security measures required pursuant to the Applicable Law, d) provides appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights in accordance with the Applicable Law, e) makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in the Applicable Law and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller; f) shall inform the Controller without undue delay after becoming aware of a personal data breach and shall describe the nature of such breach and the likely consequences thereof. In such event it shall then be the responsibility of the Controller to inform the affected data-subjects. 2.3 Termination: Upon termination of the Agreement, the Personal Data shall be, at the Controller’s option, destroyed in the manner indicated by the Controller or returned to the Controller, along with any medium or document containing Personal Data. 2.4 Security Measures: Both Parties shall maintain and continue to maintain appropriate and sufficient technical and organisational security measures to protect such Personal Data or information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of Processing.