Kallidus Standard SaaS Terms & Conditions (v24.0) PARTIES: Kallidus Limited, a company registered in England and Wales (registered company number 03984404) whose registered office is situated at 5 Fleet Place, London, EC4M 7RD (“Kallidus”); and {{ACCOUNT}}, a company registered in England and Wales (registered company number {{ACCOUNT_REGISTRATION_NUMBER}}) whose registered office is situated at (“the Customer”). INTRODUCTION 1.1 These Terms are the only terms and conditions on which Kallidus Limited offers to contract with customers for the provision of the Service. By either agreeing to these Terms via the Kallidus website or by submitting a signed Order Form to Kallidus, the Customer indicates acceptance of the incorporation of these Terms into the Contract, and the individual who does so on behalf of the Customer confirms their authority to enter the Customer into legally binding contracts. Unless otherwise agreed in writing, Kallidus will not enter into contracts with customers except on these Terms. Any other terms and conditions proffered, for example in any purchase order or other document, are expressly rejected. 1.2 The attention of the Customer is drawn in particular to the provisions of clause 14 (Limitation of Liability and Insurance), which limit Kallidus’ liability and exclude certain types of liability. Please note that if the Customer is signing up to a free trial of any Kallidus product(s) then, notwithstanding any other provision to the contrary, those product(s) are provided on an “as-is” basis and without any warranty whatsoever. During the free trial period the product(s) are used at the Customer’s own risk. 2. DEFINITIONS 2.1 In these Terms: “Agreement Personal Data” shall have the meaning given to it in Schedule 4; “Business Day” means any day which is not a Saturday, Sunday or public holiday in the UK; “Contract” means this agreement between the Customer and Kallidus for the provision of the Service and any Professional Services, as constituted by the Order Form and these Terms; “Control” means a situation where the beneficial ownership of more than 50% of the issued share capital of a company or the legal power to direct or cause the direction of the general management of the company; “Customer” means the Kallidus customer under the Contract as identified at the start of this Contract and on the Order Form, or on Kallidus’ website; “Customer Content” means any User Data and related user records, online courses provided by the Customer or by any third party (other than any subcontractor of Kallidus) and any other content, text, script, image or other tangible or intangible material that is uploaded to or otherwise appears in the Service at the request of the Customer and which has not been created by Kallidus; “Data Protection Legislation” means (whilst they are still in force) the Data Protection Act 1998, the Data Protection Act 2018, the GDPR (whilst it is directly applicable in the UK), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) and the Telecommunications (Data Protection and Privacy) Regulations 1999, and any successor legislation to these, or any legislation that, in respect of the United Kingdom, replaces or converts into domestic law the GDPR, the PECR or any other applicable laws relating to data protection, the processing of personal data and privacy; “Data Controller” shall have the same meaning as that given to it in the Data Protection Legislation; “Data Processor” shall have the same meaning as that given to it in the Data Protection Legislation; “Data Security Incident” the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Agreement Personal Data transmitted, stored or otherwise Processed by Kallidus (or on its behalf); “Disaster” means any unplanned event which prevents or impairs the ability of Kallidus to provide the Service or to provide any Professional Service; “Effective Date” means the earlier of the date of the Order Form and the date when the Customer accesses any Service via the Kallidus website (including, for the avoidance of doubt, for the purposes of a free trial); “GDPR” means, with effect from 25 May 2018, the General Data Protection Regulation (EU) 2016/679; “Group” means, in relation to the Customer, any holding company of the Customer, any subsidiary of the Customer and any other subsidiary of such holding company and “Group Company” shall be construed accordingly; "Initial Contract Term" means the initial period during which the Customer is obliged to pay for the Service, which shall be three (3) years unless an alternative period is set out in the Order Form; "Intellectual Property Rights" means unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, database rights, rights in undisclosed or confidential information such as know-how and other trade secret rights, and all other intellectual property rights or similar proprietary rights of whatever nature (whether registered or not and including applications to register or rights to apply for registration), derivatives, and forms of protection of a similar nature which may now or in the future subsist anywhere in the world; “Kallidus Content” means any standard or generic online courses provided to the Customer as part of the Contract, as detailed in the Order Form; "Kallidus Technology" means all of Kallidus’ proprietary technology (including software, hardware, products, processes, algorithms, databases (including database files, database structure, column names, table names, datatypes, field lengths, database views or residual code), user interfaces, know-how, techniques, designs and other tangible or intangible technical material or information) made available to the Customer or otherwise used by Kallidus in providing the Service and any Professional Services; “Normal Business Hours” means 8.30am to 5.30pm local UK time, each Business Day; “Order Form” means an order form in the form used by Kallidus for the time being, which has been completed for or by the Customer and accepted by Kallidus; “Personal Data” shall have the same meaning as that given to it in the Data Protection Legislation; “Processing and Process” shall have the same meaning as that given to these terms in the Data Protection Legislation; “Professional Services” means any service other than the Service that Kallidus agrees in the Order Form to provide to the Customer, including configuration, implementation, consultancy, project management, training and data transfer services; "Service" means the service as set out in Schedules 1, 2 and 3; “Special Categories of Personal Data” shall have the same meaning as that given to it in the Data Protection Legislation; “Term” means the period from the Effective Date until the Contract is ended in accordance with its Terms; "these Terms" means these terms and conditions (including the Schedules) and the terms of the Order Form; "User(s)" means the employees or prospective employees, representatives, consultants, contractors, agents, resellers, partners or customers of the Customer (and those of any Group Company) who are authorised by the Customer to use the Service and have been supplied usernames and passwords by the Customer or by Kallidus; “User Data” means any data which is held by Kallidus as part of the Service about the User(s) which may include data relating to the performance, talent or training records and/or courses or course information and any Personal Data; and “Virus” means any software code or file which may prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network or adversely affect the user experience, including worms, Trojan horses, viruses and other similar things or devices. 2.2 In the event of any conflict between these Terms and the Order Form, these Terms shall take precedence. PROVISION OF THE SERVICE Kallidus agrees to provide the Service and any Professional Services to the Customer in accordance with and subject to all the terms of the Contract and for use by the number of Users for whom the Customer has for the time being paid Kallidus service fees in accordance with the Contract. Kallidus agrees to provide the Hosting and Back-Up in accordance with Schedule 2. 3.3 The Customer may only use the Service as a platform to deliver to Users the relevant functions as set out in Schedule 1 for that part of the Service that the Customer contracts to receive under this Contract. These functions are learning, performance, talent, recruitment and 360 reviews. The Customer will not use the Service to provide any other service to any third party, including Users. 3.4 Kallidus grants to the Customer and the Users a non-exclusive, non-transferable (except as permitted in clause 17 below) licence to use the Kallidus Technology but strictly limited to the extent necessary to use the Service in accordance with the Contract. 3.5 Kallidus shall use commercially reasonable endeavours to make the Service available 24 hours a day, seven days a week, except for: Planned upgrades carried out outside of business hours, every week during a two (2) hour maintenance window. The data and times for the maintenance window are published on the kallidus support site at https://kallidus.zendesk.com; and Unscheduled maintenance performed outside Normal Business Hours, provided that Kallidus has given the Customer at least 4 Normal Business Hours’ notice in advance; and Emergency maintenance which can be performed by Kallidus with no notice to the Customer where, in Kallidus’ reasonable opinion, exceptional circumstances require such action. Without limitation, such exceptional circumstances would include risks to the overall platform stability or where a critical security vulnerability is identified. 3.6 Kallidus will, as part of the Service and at no additional cost to the Customer, provide the Customer with the Kallidus’ standard customer support services during Normal Business Hours as set out in Schedule 3. The Customer may purchase enhanced support services separately at Kallidus’ then current rates. 3.7 Kallidus agrees to provide any Professional Services to the Customer in accordance with the Contract and the Customer will pay for such Professional Services in addition to the fees for the Service. The Customer agrees to use the number of Professional Services days specified in the Order Form within the six-month period starting on the Effective Date. The Customer shall forfeit any Professional Services days or time not used within the (6) six-month period and no credit or refund will be given for these unused days or time. The Customer acknowledges that reasonable travel charges and expenses (incurred in accordance with the Kallidus expenses policy, a copy of which is available on request) will be billed and payable in addition to the charges contracted for Professional Services, subject always to Kallidus notifying and receiving approval from the Customer in advance of incurring any such charges or expenses where the individual charge or expense exceeds £250. 3.8 Kallidus reserves the right to suspend access to the Service: (a) to any or all User(s) if it becomes aware of any unauthorised use or any misuse or abuse of the Service by the Customer or the Customer has knowingly allowed any misuse or abuse of the Service by a User or Users; and/or (b) to any User(s) that are, or Kallidus reasonably believes are, making any unauthorised use or are misusing or abusing the Service whether or not such use, misuse or abuse has been allowed by, or been made with the approval or knowledge of the Customer. However, unless it reasonably believes that it must do so immediately to avoid or mitigate civil or criminal liability, it shall first consult with the Customer. 3.9 Kallidus agrees that the Customer may brand the Service (using any brands owned by the Customer, Group companies, joint ventures and customers of the Customer), provided that the Customer shall indemnify Kallidus against any claim that the Customer’s branding of the Service infringes in any respect the Intellectual Property Rights of any third party. 3.10 Kallidus shall use all reasonable measures, including using up to date commercially available anti-malware software, to prevent any Virus from entering or accessing any IT system used by the Customer in relation to the Service. 3.11 Kallidus retains the right at any time to request the parties to conduct a fair usage review if usage is so excessive that the Customer’s service levels or those of Kallidus’ other customers are being detrimentally affected. Kallidus understands that customers will occasionally have very high volumes of traffic outside of normal usage patterns. In those cases where this traffic can be predicted Kallidus requests to be informed with as much notice as is reasonably possible to ensure that service delivery remains consistently high. Usage of Kallidus products is monitored on a continuous basis. Only customers that consistently generate exceptionally high loads will be subject to a fair usage review. The total storage available to the Customer for its users is calculated as 7.5Mb per user, per annum, calculated across a rolling 12 month period. For the purposes of calculating the average, the mean number of Users during the relevant 12 month period shall be used (or, during the first 12 months of the Contract, the mean number calculated pro rata across that shorter period). A combination of metrics are monitored that includes nightly processing, storage usage, data transactions and others, which can be used to gauge impact of a specific customers’ usage. These are subject to change as the Customer’s use of the Service evolves. THE CUSTOMER’S RESPONSIBILITIES In this clause 4, the Customer is responsible for all User activity occurring under its User accounts where such Users are its employees, consultants, contractors and/or other duly appointed representatives, and the Customer shall be liable for any failure to comply with the provisions of this clause 4. In respect of all other Users, the Customer shall use reasonable commercial efforts to ensure that all User activity is in compliance with the provisions of this clause 4. The Customer shall prevent any unlawful and/or unauthorised use, including any use by persons who are not Users. The Customer shall abide by (and shall procure that all Users abide by) all relevant laws and regulations that are applicable to the Customer in using the Service, including those related to data privacy and the transmission of Personal Data. 4.3 The Customer shall ensure that each username and password combination ("Login") is only used by one person. The Customer may create separate Logins for as many Users as its account allows. Each Login may only be used by one person. The Customer is responsible for maintaining the security of Logins to its account. 4.4 The Customer shall: (i) notify Kallidus promptly upon becoming aware of any unauthorised use of any password or account or any other known or suspected breach of security; (ii) report to Kallidus promptly upon becoming aware of any infringement of Kallidus’ Intellectual Property Rights and use reasonable efforts to stop immediately any such infringement or copying or distribution of Content that is known or suspected by the Customer or its Users; and (iii) not permit any User to log in as, or impersonate another Kallidus user, or provide false identity information to gain access to or use the Service. 4.5 The Customer shall not in the course of its use of the Service access, store, distribute or transmit any material during the course of its use of the Service that: Is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; Facilitates illegal activity; Depicts sexually explicit images; Promotes unlawful violence; Is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability, or any other illegal activity; or Causes damage or injury to any person or property. 4.6 The Customer shall use all reasonable measures, including by the use of up to date commercially available anti-malware software, to prevent any Virus from entering or accessing any IT system used by Kallidus in relation to the Service. 4.7 Kallidus reserves the right, without liability to the Customer, to disable the Customer’s access to any material that breaches the provisions of this clause. However, unless it reasonably believes that it must do so immediately to avoid or mitigate civil or criminal liability, it shall first consult with the Customer. 4.8 The Customer shall not: (a) Use or otherwise access all or any part of the Service in order to build a product or service which competes with the Service; or (b) Use or otherwise access all of any part of the Service to provide services to third parties (other than to provide the relevant functions to Users); or (c) License, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Service available to any third party except the Users in accordance with the Contract; or (d) Attempt to obtain, or assist third parties in obtaining, access to all or any part of the Service, other than as provided by the Contract. 4.9 If the Customer becomes aware of any use of the Service which is or might be in breach of any of the provisions of this clause 4, or is otherwise an inappropriate use or action in respect of the Service by any User (whether such User(s) are its employees, consultants, contractors and/or other duly appointed representatives or not), the Customer shall promptly notify Kallidus and assist Kallidus, as Kallidus may reasonably require, to deal with such breach or inappropriate use or action. The obligations in this clause 4.9 do not prejudice any other right or remedy that Kallidus may have in respect thereof. 5. INTELLECTUAL PROPERTY OWNERSHIP 5.1 Kallidus (and its licensors, where applicable) shall own and continue to own all right, title and interest, including all related Intellectual Property Rights, in and to the Kallidus Technology, the Kallidus Content and the Service and any suggestions, ideas, enhancement requests, feedback, recommendations provided by the Customer or User or any third party acting on behalf of or providing advice to the Customer or otherwise acting in the performance of an agreement with the Customer (in this clause “Third Parties”) relating to the Service. The Customer assigns to Kallidus and shall if necessary procure that all Third Parties shall assign to Kallidus, by way of present and future assignment, all Intellectual Property Rights in all such suggestions, ideas, enhancement requests, feedback and recommendations. 5.2 The Contract is not a sale and does not convey to the Customer or any User any rights of ownership in or related to the Service, the Kallidus Content, the Kallidus Technology or the Intellectual Property Rights owned by Kallidus or (where applicable) its licensors. The Kallidus name, the Kallidus logo, and the product names associated with the Service are trademarks of Kallidus or third parties, and no right or licence is granted to use them. 5.3 The Customer (and its licensors, where applicable) shall own and continue to own all right, title and interest, including all related Intellectual Property Rights, in and to the Customer Content. 6. CHARGES AND PAYMENT OF FEES 6.1 (a) In respect of the Initial Contract Term, Kallidus shall invoice the Customer in advance for the fees in accordance with the Order Form. (b) Fees for the Service for subsequent periods during the Term (after the end of the Initial Contract Term) shall be notified by Kallidus to the Customer not less than 90 days prior to the end of the Initial Contract Term or any subsequent anniversary of it. Such fees shall be due and payable at the beginning of each such further period. (c) If the fees for any subsequent period during the Term, as notified by Kallidus to the Customer pursuant to clause 6.1(b) above, increase by more than the greater of: (i) RPI; and (ii) 3% the Customer shall have the right to give notice to terminate the Agreement in accordance with clause 8.2(b) below. For the avoidance of doubt, the increase must relate to the same Service and not arise as a consequence of agreed changes thereto. (d) The Customer shall pay Kallidus all invoice(s) within 30 days of the date of the relevant invoice, unless an alternative payment period is set out in the Order Form. (e) Subject to the provisions of clauses 7 and 8 below, all fees for the Service paid in advance are non-refundable save in the event of the Customer lawfully terminating the Contract due to Kallidus being in breach of this Contract (and without prejudice to any other remedy which the Customer may have) in which case Kallidus will refund the Customer, on a pro rata basis, any pre-paid fees for the period starting on the date on which the breach occurred and ending on the date on which this Contract would have expired had the Customer not exercised its right to terminate. 6.2 The fees for any Professional Services shall be specified in, and payable in accordance with, the Order Form, or in respect of any other services that Kallidus agrees to provide to the Customer as such fees are agreed by the parties. In addition to all such fees, the reasonable travel and other out of pocket expenses incurred by Kallidus (subject to clause 3.7 above) shall be payable in accordance with the Kallidus expenses policy. 6.3 All prices and fees are in the currency specified in the Order Form. All amounts payable under the Contract are exclusive of value-added tax. 6.4 Save for the fees in respect of the Service, Kallidus may increase any of its other charges at any time and will give not less than 30 days’ notice of such increase to the Customer. 7. NON-PAYMENT AND SUSPENSION 7.1 Without prejudice to any other available remedy, Kallidus reserves the right to suspend the Contract and/or the Customer’s access to the Service if the Customer has not paid any undisputed invoices within 30 days of receipt of a notice from Kallidus notifying the Customer that the payment is late and requesting payment. 7.2 Late payments shall automatically accrue interest from the due date until payment in full is received by Kallidus at the rate for the time being in force under the Late Payment of Commercial Debts (Interest) Act 1998. No fees or other charges will be refunded or waived in respect of any period of suspension. Where interest accrues on any sum due in accordance with this clause, any payment later received will be applied first in payment of the interest due, and only secondly in reduction of the indebtedness. 7.3 Kallidus reserves the right to impose a reasonable reconnection fee (currently £925 plus VAT) in the event the Customer is suspended validly in accordance with this Contract and thereafter requests access to the Service. 8. TERM & TERMINATION 8.1 The Contract starts on the Effective Date and (subject always to earlier termination in accordance with these Terms) shall continue until the end of the Initial Contract Term and thereafter unless and until terminated by either party in accordance with clause 8.2. 8.2 (a) After the end of the Initial Contract Term and during the continuation of the Term, either party may terminate this Contract by giving to the other party not less than 90 days’ notice in writing, such notice to expire on an anniversary of the Effective Date. (b) The Customer can give notice to terminate this Contract pursuant to clause 6.1(c). Where notice is given under that clause, the Customer’s notice to terminate must be given within 30 days of the date of the notice of the relevant price increase given by Kallidus, and such notice must expire on the next anniversary of the Effective Date. 8.3 One party (“the notifying party”) shall be entitled at any time during the Term to terminate the Contract immediately by written notice to the other (“the notice recipient”) if the notice recipient: Fails to pay an undisputed sum to the notifying party within 30 days of having received a notice from the notifying party giving details of the late payment and requesting payment. If the sum is owed to Kallidus, a notice issued by Kallidus pursuant to clause 7.1 above shall serve as an appropriate notice by it under this clause 8.3(a); Commits any material breach of the Contract that is not capable of remedy (including, in the case of the Customer and without limitation, any breach of confidentiality or any infringement of Kallidus’ Intellectual Property Rights); Commits any material breach of the Contract that is capable of remedy and fails to remedy it within 30 days after receipt of a written notice giving full particulars of the breach and requiring it to be remedied; or Is involved in any legal proceedings concerning its solvency, or ceases trading, or enters into liquidation, whether compulsory or voluntary (other than for the purposes of an amalgamation or reconstruction), or makes an arrangement with its creditors or petitions for an administration order or has a receiver or manager appointed over all or any part of its assets or generally becomes unable to pay its debts within the meaning of Section 123 of the Insolvency Act 1986 or any analogous event occurs in any relevant jurisdiction. 8.4 Kallidus may at any time during the Term terminate this Contract by giving to the Customer not less than 60 days’ notice in writing if, in Kallidus’ reasonable opinion, the Customer has been acquired by a competitor of Kallidus, or such a competitor has taken Control of the Customer or the Customer has become part of a group of companies comprising a competitor of Kallidus. 8.5 On termination of the Contract for any reason other than termination by the Customer under clause 8.3 above, all fees and other sums that are payable under the Contract shall become due for payment immediately. If termination is made by the Customer under clause 8.3, all fees and other sums that are payable up to the date of termination shall be due for payment immediately, Kallidus shall either destroy or return immediately to the Customer, in the format reasonably requested by the Customer (provided that the Customer shall pay in advance a reasonable charge for conversion of any data to the format requested), any and all property and data (and all copies) including all User Data which is in Kallidus’ possession or under its control and which belongs to the Customer (and/or to any Group Company) and on the request of the Customer shall certify to the Customer in writing that it has done so. 8.6 Any termination of the Contract will not affect any accrued claims, rights or liabilities of either party nor will it affect the coming into force or continuation in force of any other provisions of the Contract, which are expressly or by implication intended to come into force or continue in force on or after termination, including clauses 5 (Intellectual Property Ownership), 10 (Indemnities), 11 (Confidentiality), 13 (Data Protection) and 14 (Limitations of Liability).   9. WARRANTIES Each party warrants that it has the legal power and authority to enter into the Contract. 9.2 Kallidus warrants that: It has the right to grant to the Customer the rights granted under the Contract and that Kallidus has obtained all required permissions from its licensors (if any)); It has achieved both ISO 9001 quality management and ISO 27001 information security certification and will maintain these certifications (or substantially similar alternatives therefor) throughout the Term; It will provide any Professional Services with reasonable skill and care and to the standard which would reasonably and ordinarily be expected from a skilled and experienced service provider engaged in the same type of undertaking under the same or similar circumstances; and Subject to clause 9.3, the Service will perform in all material respects with Schedules 1, 2 and 3. The warranty given in the clause 9.2(d) shall not apply to any non-conformance or non-compliance with service levels to the extent that it is caused by any unreasonable use of the Service or any use of the Service by the Customer or any User contrary to Kallidus' instructions, or modification or alteration of the Service by any party other than Kallidus or Kallidus' duly authorised contractors or agents. If the Service does not conform with Schedules 1, 2 and 3, Kallidus will, at its expense, use reasonable commercial endeavours to correct any such non-conformance promptly. Such correction constitutes the Customer's sole and exclusive remedy of any breach of such warranty. Notwithstanding the foregoing, Kallidus: Does not warrant that the Customer's use of the Service will be uninterrupted or error-free; (Other than Kallidus modules pre-uploaded (as agreed with Customer) which will be accessed by the Customer) Kallidus does not warrant that the Service and/or the information obtained by the Customer through the Service will meet the Customer's requirements (the Customer acknowledges that it is responsible for ensuring that a service having the specification of the Service will meet the requirements of the Customer); and Is not responsible (unless caused by an act or omission of Kallidus) for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Service may be subject to limitations, delays and other problems inherent in the use of such communications facilities. 9.5 The Customer warrants that it intends to use the Service to provide to Users the functions specified in the Service Description in Schedule 1 for the relevant Service that it is contracting to receive under this Contract (such functions being learning, performance, talent, recruitment and 360 reviews) and not to provide services to any third party not being a User. The Customer further warrants that it has not falsely identified itself nor provided any false information to gain access to the Service and that its billing information is correct. 9.6 Except as set out expressly in these Terms, all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from the Contract. 10. INDEMNITIES 10.1 Kallidus will indemnify the Customer against any and all liability incurred by the Customer as a result of any third-party claim that the Service and/or Professional Services, as provided by Kallidus to the Customer under the Contract and as used by the Customer in accordance with the Contract, infringes any third-party Intellectual Property Rights. 10.2 Kallidus’ obligations under this indemnity are subject to the following conditions: (a) the Customer must notify Kallidus in writing promptly after it becomes aware of a claim; and (b) the Customer must grant Kallidus the sole control of the settlement, compromise, negotiation, and defence of any such claim and any related legal action; and; (c) the Customer must promptly provide Kallidus with all information related to the claim and any related legal action that is reasonably requested by Kallidus; and (d) Kallidus will at its option either; (i) obtain the right for Customer to continue using the Service; or (ii) modify the Service so it is no longer infringing; or (iii) terminate the Contract. If Kallidus terminates the Contract, Kallidus shall refund on a pro-rata basis any fees for the Service that have been paid in advance. 10.3 Kallidus shall not be liable for any settlement made by the Customer without Kallidus’ advance written approval or for any award from any legal action in which Kallidus was not granted sole control of the defence in accordance with this clause. 10.4 The parties agree to co-operate in good faith in the defence of any legal action or suit that causes the Customer to invoke an indemnity under clause 10.1. 10.5 Clause 10.1 states Kallidus’ entire liability and the Customer’s exclusive remedy for a claim of infringement of intellectual property rights of any kind. 10.6 The Customer shall indemnify Kallidus against any and all liability incurred by Kallidus as a result of any claim that any User Data or any content or material that the Customer or any User uploads to or uses in relation to the Service (including the Customer Content), or any unauthorised or unlawful use that the Customer or any User makes of the Service, infringes any proprietary right of any third party or is offensive or unlawful in any respect in any jurisdiction in which the Service may be used by the Customer or by any User. 11. CONFIDENTIALITY 11.1 During the term of the Contract, each party may have access to confidential information of the other party. “Confidential Information” of the Customer shall include but not be limited to employee data of the Customer (including the User Data). “Confidential Information” of Kallidus shall include but not be limited to confidential aspects of the Service and the Kallidus Technology. “Confidential Information” of each party shall include all other information relating to its business, customers, contracts, financial information, research and development information, formulae, methods, know-how, processes, designs, performance tests, product evaluations, computer software and any other information identified as confidential or information that the receiving party knew or reasonably should have known was confidential. 11.2 Confidential Information shall be used solely for each party’s performance under the Contract and the exercise of its rights under the Contract and shall not be disclosed to any third party. Each party shall take reasonable precautions, at least as great as the precautions it takes to protect its own confidential information, to maintain the Confidential Information of the other party in strict confidence. 11.3 The database files, database structure, column names, table names, datatypes, field lengths, database views or residual code contained within any copy of the Customer Content that Kallidus delivers to the Customer are part of the Kallidus Technology and are expressly designated by Kallidus as confidential aspects of the Service, and therefore constitute Confidential Information of Kallidus under this Contract. Notwithstanding any other provision of this Contract, it is expressly agreed by the Customer that the Customer shall only provide information that would or might include any elements of such information, including Customer Content, to a third party in a raw data form to ensure that no Confidential Information of Kallidus is disclosed. 11.4 Confidential Information shall not include any information that the receiving party can establish: (a) is or subsequently becomes publicly available through no act or omission of the receiving party; (b) was in the receiving party’s lawful possession (without restriction of confidentiality) prior to disclosure of such information; (c) is subsequently disclosed to the receiving party by a third party who is not in breach of an obligation of confidentiality; or (d) is independently developed by the receiving party without the use or benefit of any part of the Confidential Information. 11.5 Confidential Information may be disclosed pursuant to any applicable laws, rules, regulatory authority, requirements of any investment exchange, court order, a valid subpoena, or other legal process, provided in each case that, where it is not prohibited from doing so, the receiving party promptly notifies the disclosing party in writing of such disclosure and provides the disclosing party an opportunity to seek an appropriate protective order prior to disclosing such Confidential Information. 11.6 The disclosing party may be irreparably damaged if the obligations of confidence under this clause 11 are breached and such party may not have an adequate remedy in damages in the event of a breach by the other party of such obligations. The parties agree, therefore, that such party may be entitled, in addition to other available remedies, to apply for an injunction restraining any actual, threatened or further breaches of the other party's obligations of confidence or any other appropriate equitable order or decree. 12. USER DATA 12.1 The Customer shall own all rights, title and interest in and to all the User Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the User Data. 12.2 In the event of any loss or damage to User Data, the Customer's sole and exclusive remedy (subject to any liability that Kallidus may have to the Customer pursuant to clause 13 below) shall be for Kallidus to use reasonable commercial endeavours to restore the lost or damaged User Data from the latest back-up of such User Data maintained by Kallidus in accordance with its standard back-up procedure. Kallidus shall not be responsible for any loss, destruction, alteration or disclosure of User Data caused by any third party (except those third parties sub-contracted by Kallidus to perform services related to User Data maintenance and back-up). 12.3 Kallidus will not bear any responsibility for the quality or integrity of data provided by the Customer. It remains the Customer’s responsibility to ensure that data provided to Kallidus has been correctly validated. Kallidus reserves the right to charge the Customer for work undertaken to diagnose data quality issues in any processable data provided by the Customer. 13. DATA PROTECTION 13.1 Compliance with Data Protection Legislation The parties acknowledge that for the purposes of Data Protection Legislation, the Customer is the Data Controller and Kallidus is the Data Processor; In performing the Services and its other obligations under this Contract Kallidus will comply with the Data Protection Legislation; The Customer will comply with all applicable requirements of the Data Protection Legislation in relation to its obligations under this Contract and in relation to the Processing of Agreement Personal Data. The Customer will ensure that it has all necessary appropriate consents and notices in place to enable the lawful transfer of the Agreement Personal Data to Kallidus and the Processing of the Agreement Personal Data by Kallidus (or any of its authorised sub-processors) for the duration and purposes of this Contract. Neither party will cause the other party to breach any obligation under the Data Protection Legislation; Kallidus will notify the Customer without undue delay if, in the performance of the Services, it identifies any areas of actual or potential non-compliance with the Data Protection Legislation or this Clause 13; Each party shall be responsible for bearing the costs of our obligations under the Data Protection Legislation (unless otherwise expressly stated in this Contract). 13.2 Authority The Customer authorises Kallidus to Process the Agreement Personal Data during the term of this Contract as a Data Processor solely for the purpose of providing the Services. 13.3 Sub-Processing If Kallidus wishes to engage or use any third party for the Processing of Agreement Personal Data or permit any third party to Process Agreement Personal Data, it shall tell the Customer of its proposed appointment of such third party, including details of the Processing to be undertaken by the sub-processor. If within 5 Business Days, the Customer notifies Kallidus in writing of any objection (on reasonable grounds) to that appointment, Kallidus shall take reasonable steps to address the objections raised by the Customer. If the Customer has been provided with a reasonable written explanation of the steps taken to address its objections or why its objections are unfounded, Kallidus shall be entitled to proceed with such appointment. The Customer acknowledges that Kallidus currently uses the sub-processors listed in Schedule 4 paragraph 7, and gives its approval to any Processing by that sub-processors; If Kallidus appoints an authorised sub-processor pursuant to Clause 13.3(a) Kallidus will ensure that there is in place a written contract between Kallidus and the authorised sub-processor that specifies the authorised sub-processor’s Processing activities and imposes on the authorised sub-processor similar terms as those imposed on Kallidus in this Clause 13; Kallidus will remain responsible and liable to the Customer for all acts and omissions of authorised sub-processors as if they were its own acts and omissions. 13.4 Data Protection Obligations Kallidus will, and will procure that any authorised sub-processor will: Process the Agreement Personal Data only on documented instructions from the Customer (including this Contract and Processing activities set out in Paragraph 6 of Schedule 4). Kallidus shall further be authorised to Process the Agreement Personal Data if it is required so to do by the laws of the UK or of any member of the European Union, or by the laws of the European Union applicable to Kallidus to process Agreement Personal Data (“Applicable Laws”). Where Kallidus is relying on Applicable Laws as the basis for Processing Personal Data, Kallidus shall promptly notify the Customer of this before performing the Processing required by the Applicable Laws unless those Applicable Laws prohibit Kallidus from so notifying the Customer; without prejudice to Clause 13.4(a)(i), ensure that Agreement Personal Data will only be used for the purpose of providing and to the extent reasonably required to provide the Services; without prejudice to Clause 13.4(a)(ii), not without the express prior written consent of the Customer: convert any Agreement Personal Data into anonymised, pseudonymised, depersonalised, aggregated or statistical data; use any Agreement Personal Data for “big data” analysis or purposes; or match or compare any Agreement Personal Data with or against any other Personal Data (whether Kallidus’ or any third party’s); ensure that any individual authorised to Process Agreement Personal Data accesses such Agreement Personal Data strictly on a need to know basis as necessary to perform their role in the provision of the Services, and: is subject to confidentiality obligations equivalent to those set out in Clause 11 (Confidentiality) or is under an appropriate statutory obligation of confidentiality; will comply with this Clause 13; and is appropriately reliable, qualified and trained in relation to their Processing of Agreement Personal Data; throughout the term of this Contract, ensure that it takes account of and abides by the principles of data protection-by-design and data protection-by-default as required under the GDPR as they may be applicable to the provision of the Services and the Processing of the Agreement Personal Data; implement (and assist the Customer to implement) technical and organisational measures to ensure a level of security appropriate to the risk presented by Processing the Agreement Personal Data, in particular from a Data Security Incident; notify the Customer without undue delay (and in any event no later than 24 hours) after becoming aware of a Data Security Incident, including the nature of the Data Security Incident, the categories and approximate number of Data Subjects and Agreement Personal Data records and any measure proposed to be taken to address the Data Security Incident and to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all the relevant information at the same time, the information may be provided in phases without undue further delay, but Kallidus (and authorised sub-processors) may not delay notification under this Clause 13.4(a)(vii) on the basis that an investigation is incomplete or ongoing. Kallidus will not, and will procure that authorised sub-processors will not, make or permit any announcement in respect of the Data Security Incident to any person without the Customer’s prior written consent; notify the Customer immediately if it, or its authorised sub-processor receives any communication which relates directly to the Processing of the Agreement Personal Data or to either the party’s (or an authorised sub-processor’s) compliance with Data Protection Legislation or this Clause 13, it shall immediately notify the Customer and it shall provide the Customer with full co-operation and assistance in relation to any such communication; provide reasonable assistance to the Customer in: documenting any Data Security Incidents and reporting any Data Security Incidents to any supervisory authority and/or Data Subjects; taking measures to address Data Security Incidents, including, where appropriate, measures to mitigate their possible adverse effects; and conducting privacy impact assessments of any Processing operations and consulting with supervisory authorities, Data Subjects and their representatives accordingly; and in relation to any complaints made by a Data Subject or investigations or enquiries made by any regulator or supervisory authority relating to you or your obligations under the Data Protection Legislation; at the option of the Customer, securely delete or return to the Customer or, at the Customer’s option, transfer to any replacement supplier, all Agreement Personal Data promptly after the end of the provision of the Service relating to Processing, and securely delete any remaining copies (except where necessary to retain such Agreement Personal data strictly for the purposes of compliance with Applicable Laws) and promptly certify (via a director) when this exercise has been completed; comply promptly with any request from the Customer to amend, delete or transfer Agreement Personal Data. Where Kallidus receives a request from a Data Subject regarding the exercise of any data subject rights in respect of that person’s Personal Data, it shall: notify the Customer within three (3) Business Days of receiving such a request; provide the Customer with full co-operation and assistance in relation to any request made by a Data Subject to have access to that person’s Personal Data; and not disclose the Personal Data to any Data Subject or to a third party other than at the request of the Customer or as provided for in this Contract. If Kallidus receives any other communication not mentioned in clause 13.4 (b), including, but not limited to, a complaint which relates directly to the Processing of the Agreement Personal Data or to either the party’s compliance with Data Protection Legislation or this Clause 13, it shall immediately notify the Customer and it shall provide the Customer with full co-operation and assistance in relation to any such communication. 13.5 Information Provision Kallidus will, and will procure that authorised sub-processors will during this Contract: make available to the Customer all information necessary to demonstrate compliance with the obligations set out in this Clause 13; and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. Where and to the extent required to do so by Data Protection Legislation, Kallidus will prepare and securely maintain a record of all categories of Processing activities carried out on behalf of the Customer in relation to the Agreement Personal Data, including as a minimum: its name and contact details and details of its manager for data protection; the categories of Processing it carries out on behalf of the Customer; a general description of the technical and organisational security measures referred to in Clause 13.4(a)(vi); and the same information in relation to any authorised sub-processor, together with its name and contact details (together the “Data Record”). Kallidus will promptly upon request securely supply a copy of the Data Record to the Customer. 13.6 Kallidus undertakes that it will not Process Agreement Personal Data outside the United Kingdom and/or the European Economic Area (as it is made up from time to time). 13.7 At the end of the Term, Kallidus shall (a) immediately cease to use the Agreement Personal Data and shall, at the Customer’s option, return the Agreement Personal Data to the Customer or destroy it and all copies of it (except where necessary to retain such Agreement Personal Data strictly for the purposes of compliance with Applicable Laws); and (b) continue to comply with the provisions of these terms in respect of any Agreement Personal Data that it is required by law to continue to possess. Kallidus will tell the Customer promptly if it is asked to do something which might infringe the Data Protection Legislation or other Applicable Laws. Each party will indemnify and keep indemnified, defend and hold harmless the other party, its officers, employees and agents (“the indemnifying party”) in full against all claims, demands, actions, losses, liabilities, costs and expenses (including reasonable legal costs and disbursements) which the party suffers or incurs as a result of any act, omission or default of the indemnifying party in respect of the indemnifying party’s obligations (or, in the case of Kallidus, the obligations of its authorised sub-processors) under this Clause 13 and the indemnifying party’s compliance with Data Protection Legislation. The parties will each agree to any reasonable amendment to this clause 13 required to bring it into line with any amendment to or re-enactment of any Data Protection Legislation, in particular to reflect the GDPR, or to allow each of the parties to comply with any requirement or recommendation of the Information Commissioner or any other data protection or supervisory authority in relation to the Processing of Agreement Personal Data. 14. LIMITATIONS OF LIABILITY AND INSURANCE 14.1 To the extent permitted by English law, except with respect to Kallidus’ obligations under clause 10 and clause 13.9 above, notwithstanding the form whether contract, tort (including negligence and negligent misstatement), statutory duty, misrepresentation or otherwise) in which any legal or equitable action may be brought against Kallidus, Kallidus shall not be liable under the Contract for damages or any other monetary remedy which exceed, in the aggregate, the greater of £50,000 and 150% of the aggregate User fees paid or payable by the Customer in respect of the twelve (12) month payment period of the Contract in which the cause of action arises. 14.2 To the extent permitted by English law, in no event shall either party be liable for any loss of profits, business or anticipated savings whether direct or indirect or for any special, incidental, indirect, consequential, exemplary or punitive loss or damages, even if a party has been notified at the time of making the Contract of the possibility of such loss or damage arising and whether arising from tort (including negligence and negligent misstatement), breach of contract, statutory duty, misrepresentation or otherwise. 14.3 Nothing in the Contract shall limit either party’s liability for death or personal injury caused by a party’s negligence or liability for fraud. 14.4 The provisions of the Contract allocate the risks between the Customer and Kallidus. Kallidus’ pricing reflects this allocation of risk and the limitations of liability set out in this clause. 14.5 Any material downloaded or otherwise obtained by the Customer or any User through the use of the Service is at Customer’s own discretion and risk, and Kallidus shall have no responsibility for any damage to Customer’s computer system or loss of data or any claim from a User or a third party that results directly or indirectly from the download, use or possession of any such material. 15. INTERNET DELAYS AND FORCE MAJEURE 15.1 The Service may be subject to limitations and/or delays, inherent in the use of the internet and electronic communications. Except to the extent that Kallidus is in breach of obligations under the Contract, Kallidus is not responsible to the Customer or any User for any delays, delivery failures, resulting from Customer’s internet connectivity problems (unless such problems are directly caused by any act or omission of Kallidus). 15.2 Neither party shall be liable for any delay or default in performing any of its obligations (not being an obligation to pay money to the other party) if the delay or default results from events or circumstances outside its reasonable control, including interruption or failure of utility services including but not limited to electricity or telephone services, failure of any transportation service, fuel shortage, any industrial dispute, fire, flood, earthquake, severe weather conditions, war or other hostilities, acts of terrorism, actions of governments or governmental agencies, riots or other civil commotions. The party affected shall use all reasonable endeavours to remove or overcome the cause of such force majeure as soon as practicable. Such delay or default shall not constitute a breach of the Contract and the time for performance shall be extended by a period equivalent to that during which performance is so prevented. If such delay or default continues for a period of more than thirty (30) days, either party may terminate this Contract upon written notice to the other party. 16. PENETRATION TESTING For the purposes of this clause, “Penetration Test” shall mean: A penetration test of Kallidus’ externally hosted environments, conducted in a cloned representative version of its production environment; and A penetration test of the efficacy of Kallidus’ information technology security arrangements. Kallidus shall (by using a CREST accredited organisation) perform a Penetration Test on at least an annual basis and its own cost. Where any vulnerabilities are identified by the Penetration Test, Kallidus shall work to remedy such vulnerabilities within a reasonable time. 17. ASSIGNMENT 17.1 The Contract is personal to the parties, neither of whom may assign any of its rights or obligations under the Contract without the prior written consent of the other, provided that: (a) either party may assign its rights and obligations under the Contract to a purchaser of all or a substantial part of its business and undertaking without the consent of the other party; and (b) Kallidus may subcontract or delegate any or all of its obligations under this Contract to any third party. 18. DISPUTE RESOLUTION If any dispute arises out of the Contract the parties will attempt in good faith to negotiate a settlement. If the matter is not resolved by negotiation, the parties will refer it to mediation in accordance with the Centre for Effective Dispute Resolution ("CEDR") Model Mediation Procedure (see www.cedr.co.uk). Unless the parties agree on the choice of mediator within seven (7) days of one party nominating a proposed mediator in writing to the other, the mediator shall be appointed by CEDR at the request of either party. If the parties fail to agree terms of settlement within forty-two (42) days of the start of the first meeting held under such procedure, the dispute may be referred to litigation by either party. Nothing in this clause shall prevent or delay either party from seeking injunctive relief in any court in respect of any infringement of intellectual property or from issuing proceedings to recover any undisputed debt or from joining the other party to any proceedings issued against the first party by a third party. 19. ANTI – BRIBERY Kallidus shall: comply with all applicable laws, statutes, regulations relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010 (Relevant Requirements); not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK; have and shall maintain in place throughout the term of this Contract its own policies and procedures, including adequate procedures under the Bribery Act 2010, to ensure compliance with the Relevant Requirements, and will enforce them where appropriate; promptly report to the Customer any request or demand for any undue financial or other advantage of any kind received by the Kallidus in connection with the performance of this Contract. ANTI-SLAVERY 20.1 In performing its obligations under the Contract, Kallidus shall: comply with all applicable anti-slavery and human trafficking laws, statutes, regulations and codes from time to time in force including the Modern Slavery Act 2015; not engage in any activity, practice or conduct that would constitute an offence under sections 1, 2 or 4, of the Modern Slavery Act 2015 if such activity, practice or conduct were carried out in the UK; include in contracts with its direct subcontractors and suppliers provisions which are at least as onerous as those set out in this clause 20; notify the Customer as soon as it becomes aware of any actual or suspected slavery or human trafficking in a supply chain which has a connection with this Contract; and maintain records to trace the supply chain of services provided to the Customer in connection with this Contract and permit the Customer and its third party representatives reasonably to inspect the Kallidus' records, and to meet the Kallidus' personnel to audit its compliance with its obligations under this clause 20. 20.2 Kallidus represents and warrants that at the date of this Contract it not has been convicted of any offence involving slavery and human trafficking; nor has it been the subject of any investigation, inquiry or enforcement proceedings regarding any offence or alleged offence of or in connection with slavery and human trafficking. 20.3 The Customer may terminate the Contract with immediate effect by giving written notice to Kallidus if Kallidus commits a breach of this clause 20. MISCELLANEOUS 21.1 The parties are independent contractors and nothing in the Contract shall be deemed to make either party an agent, employee, partner or joint-venturer of the other party. Neither party shall have the authority to bind, commit, or otherwise obligate the other party in any manner whatsoever. Kallidus may use the Customer’s plain text name to list the organisation as a customer of Kallidus and may issue press releases announcing that the Customer is a customer of Kallidus. The Customer will, subject to the Service being in compliance with the warranties given in clause 9.2 (d), participate in a customer case study for marketing purposes. 21.2 During the Term of the Contract and for six months after it ends, both parties agree not without the other party’s prior written consent to solicit or to offer employment to any employee of the other party with whom it has had dealings in relation to the Contract. If a party breaches this restriction, it agrees to pay to the other party on demand as liquidated damages a sum equal to 20% of that person’s starting annual gross salary or other contractual payment with the party in breach and agrees that this amount shall be recoverable as a debt. 22.3 In respect of the contact details that it receives of the Customer’s employees and authorised representatives (“client data”) Kallidus applies a soft opt-in rule to all new client data where we have obtained a person's details during a sale or negotiations for a sale of a product or service as well as support and account management. We assume, unless informed otherwise, that we have the right to market similar products or services in accordance with Data Protection Legislation and the PECR (or equivalent) for marketing. Should a person wish to refuse marketing at any point they can opt out using the unsubscribe link in future messages. Kallidus can collect data in the following methods during the sale, negotiations and account management: Handed out over the phone; Client Meetings – where details are handed out; Copied into email correspondence; Named in email correspondence (no email provided) but where there is a standard email format throughout the organisation; Handed out over the phone; Colleague referral. Kallidus will review the collected client data at regular intervals to keep such data up to date. 22.4 Any notice given under the Contract shall be in writing and shall be delivered by hand (in which case delivery is effective immediately), by email (in which case delivery shall be deemed to have taken place on the next following Business Day), by Royal Mail special delivery (if posted in the United Kingdom) or by airmail (if posted outside the United Kingdom). In the case of Royal Mail special delivery, delivery shall be deemed to take place on delivery or on receipt by the sender of a notice that the addressee has "gone away" or refused to take delivery or any notice having similar effect. In the case of airmail, delivery shall be deemed to take place seven days after posting. Notices shall be delivered or posted to the addresses of the parties given above or to any other address notified in substitution on or after the Effective Date. 22.5 These Terms and the Order Form constitute the entire agreement between the parties regarding the subject matter of the Contract and supersede all proposals and prior discussions and writings between the parties with respect to such subject matter. Each party confirms that it has not relied on any pre-contractual statement made by the other in deciding to enter into the Contract. 22.6 A person who is not a party to the Contract has no right under the Contracts (Rights of Third Parties) Act 1999 to rely upon or enforce any term of the Contract. 22.7 The Contract and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by the laws of England and the parties submit irrevocably to the exclusive jurisdiction of the English courts.   SCHEDULE 1 - SERVICE DESCRIPTION This document provides details of the different Service modules from Kallidus. The Service modules to be provided by Kallidus to the Customer under the Contract will be as set out in the Order Form(s). The function of the relevant Service for the purposes of the Contract, including clauses 3.3 and 9.5 above, is defined below in respect of each module. Kallidus eLearn provides the function of “Learning” and the following functionality: Support for e-learning: Support for AICC learning objects Support for SCORM 1.2 and 2004 learning objects Interactive Reporting User Management Kallidus Learn provides the function of “Learning” and the following functionality: Support for e-learning: Support for AICC learning objects Support for SCORM 1.2 and 2004 learning objects Interactive Reporting User Management Classroom management module Kallidus Perform module provides the function of “Performance” and the following functionality: Manage Job roles Manage Competencies and Competency Frameworks Manage Performance Reviews Manage Objectives Manage Actions Interactive Reporting Kallidus 360 Review provides the function of “Review” and the following functionality: Feedback via e-mail Deadlines for surveys Administrator dashboard Multiple questionnaires Individual PDF Reporting User Management Kallidus Recruit provides the function of “Recruitment” and the following functionality: Candidate portal Administrator dashboard User-friendly manager portals Streamlined onboarding Centralised recruitment Powerful analytics User Management Kallidus Talent provides the function of “Talent” and the following functionality: Talent Management Talent Reviews Succession Planning Organisation designer Reporting Data Import/Export User Management SCHEDULE 2 - HOSTING AND BACK-UP POLICY For all the Services, Kallidus will provide them as software-as-a-service (SaaS). Subject to the terms of the Contract, Kallidus agrees that the Service will be available for a minimum of 99.5% of each month for the duration of the Contract. Kallidus shall ensure that it has appropriate technical measures in place in order to continuously monitor uptime in increments no less than hourly. For the purposes of this schedule “monthly uptime” shall be calculated as follows: "Excluding scheduled downtime,total hours in the relevant month that the Service is available and accessible " /"Total number of hours in the relevant month" The SaaS Service shall be provided from Kallidus’ contracted data centres and Kallidus shall ensure that such data centres are ISO 27001 certified and located in the UK. Data is backed up each night to separate and geo-redundant (other UK datacentre) storage which is encrypted at rest. SQL transactions logs are backed up every (3) three hours. Kallidus maintains a business continuity plan and this is regularly reviewed, and non-disruptive elements of the plan are tested annually. If a Disaster occurs, Kallidus shall notify the Customer of the Disaster and keep the Customer regularly apprised of the situation regarding the resumption of the Service.   SCHEDULE 3 - CUSTOMER SUPPORT SERVICES SUPPORT Kallidus customer support is designed to enable a customer to successfully meet their business objectives via use of the Kallidus product suite. Kallidus customer support includes the following support benefits: Application functionality support Expert product advice to ensure the effective use of the Kallidus products. Application issue management Analysis, tracking, communication and resolution of application issues, including software defects. Change request management Managing the scoping, tracking and delivery of Change Requests, which are requests for additional or changes to existing services. 24/7 access to the knowledge base and community in the Kallidus Help Centre Customers have around the clock access to self-service resources such as the online Knowledge Base and to our customer community in the Kallidus Help Centre. 1.1 Customer Support Features: Kallidus customer support offers the following support features: Support Feature Description Support hours 08:30- 17:30 UK time Monday-Friday excluding public holidays Live chat support 08:30- 17:30 UK time Monday-Friday excluding public holidays Self-help support Access to Kallidus self-service resources available 24/7 through the self-service portal. Named Administrators Up to three individual administrators who may contact Kallidus customer support Ticket management tools Included, via 24/7 self-service portal. Kallidus user community Included, via 24/7 self-service portal. Service levels Standard, as set forth in the Kallidus Service Level Agreement 1.2 Included within the Support Services: Errors with Service (Service does not operate as per any User documentation and technical requirements provided) Performance issues related to Service and not to the Customer’s network or internet access. Integration of any formally certified or approved AICC or SCORM content Supply and support of patches or to fix a known error   NOT covered by Support Services: Completion of routine administration tasks on behalf of the Customer Integration of any content that is not formally certified or approved AICC or SCORM content supplied by a 3rd party Support of issues with content supplied by 3rd parties The resolution of issues caused by the User error or User Data supplied The routine loading of content onto a Customer site Uploading of User or training data not covered in an Order Form Requests to change configuration of software Reporting Procedures Kallidus will provide support via email, telephone or the self-service support portal which is accessed through the Kallidus web site at https://kallidus.zendesk.com The Customer will be provided with usernames and passwords for the self-service support portal Support requests will be responded to in accordance with the service level agreement below. SERVICE LEVEL AGREEMENT The Kallidus service level agreement covers the following: Application support Application functionality support Application issue management including software defects 2.1 Application Support Application support includes guidance and support in the use of the Kallidus products and the resolution of technical defects relating to the Kallidus products, platform or integrations within Kallidus control. Issues fall into four severity categories: Urgent High Normal Low The severity of an issue is determined by the Kallidus customer support team, using the guidelines on the following page: Severity Examples Urgent High Normal Low Application Functionality - Urgent request for support with an application feature to support the delivery of business-critical objectives. - A request for support with an application feature where assistance is required within 2 business days. - A request for support with an application feature where assistance is required within (3) three business days. - Non-urgent request for support with an application feature where assistance is required within (5) five business days. Application Issue - The site URL is not responding. - Users are unable to log in to the product. - Performance is degraded to the extent that the site is unusable. - An issue with the application is affecting all users and impacts the delivery of business-critical objectives - Application performance issue that is either intermittent or does not seriously impact the use of the application. - Reporting is unavailable. - Data feed issue. - An issue that is affecting multiple users. - An issue affecting a small number of users. - An issue that affects a single user. Software Defect - A key feature of the application is unavailable - There is no work-around. - A prominent feature that is routinely used and where multiple users are prevented from progressing with important tasks. - There is no work-around. - A minor feature, multiple users affected but are not prevented from progressing with important tasks. - A work-around exists. - Cosmetic issue with the product. - Low impact issue that can be worked around easily.   2.3 Application Support Service Level Targets Kallidus work towards the following service level targets with an overall target of 90% of tickets meeting the targets below: SLA Measure/Target Urgent High Normal Low Initial Acknowledgment On submission First Response 1 hour 2 hours 4 hours 1 business day Status Updates – Application Functionality & Issues (except Defects) Hourly Twice a day Every business day Every 2 business days Status Updates – Software Defects Daily Weekly Fortnightly Monthly Resolution – Application Functionality & Issues (except Defects) 1 business day 2 business days 3 business days 5 business days Resolution – Software Defects Hot fix/ 1 week 2 weeks 1 months 2 months In situations where Kallidus requires additional information or action from the Customer, support tickets are held in a pending status, until a response is received. This time is excluded from the calculation of service level targets.   SCHEDULE 4 – DATA PROTECTION DEFINITIONS For the avoidance of doubt, capitalised terms used but not defined in this Schedule 4 shall have the meanings given in the main body of the Contract. PROCESSING, PERSONAL DATA AND DATA SUBJECTS This section sets out the classes of Data Subject, the categories of Personal Data and Special Categories of Personal Data, the Processing operations, as well as any duration of Personal Data Processing applicable to this Contract. The Agreement Personal Data shall constitute the Personal Data set out in paragraphs 4 and 5 below as they relate to the Data Subjects listed in paragraph 3 below. DATA SUBJECTS The Agreement Personal Data Processed concern the following categories of Data Subjects: Actual and/or potential clients of the Customer; Employees or potential employees, agents, advisors, freelancers and staff of the Customer; Customer’s Users authorised by Customer to use the Services; Service providers to the Customer; CATEGORIES OF DATA The Personal Data Processed concern the following categories of Personal Data: Name; Title; Gender; Position; Contact details (including postal address, email address and telephone number, physical business address); Date of birth; Bank details; ID Data; Professional life data; Personal life data; Connection data; Transaction history; SPECIAL CATEGORIES OF PERSONAL DATA The Personal Data Processed concern the following Special Categories of Personal Data: Disabilities; Health; PROCESSING ACTIVITIES The Personal Data will be subject to the following basic Processing activities: Employee management; Employee administration; Recruitment of staff; Performance management of staff; Talent management of staff; Training of employees SUB-PROCESSORS As at the Effective Date, the following sub-processors are used by Kallidus in respect of the Service: Microsoft Azure   Accepted by: Accepted by: Kallidus Limited "Kallidus" "Customer" Name: Philip Pyle Name: Signature: Signature: Title: Sales & Marketing Director Title: Date: Date: