Q.REFINERY PRODUCT AS A SERVICE AGREEMENT

Client (Name)	
Client ABN/Reg no. and Place of Incorporation	
Client address	



Product	See Q.Refinery description attached as Annexure C

Term	Start Date	
	Term	
	End Date	
Coverage Territory	Australia
Q.Refinery Cloud Instance	[e.g. Microsoft Azure EU Cloud]
Q. Refinery Outputs 	A.	Enriched Transaction Data
•	Q. Refinery Output:  Enriched Transaction Data
•	Permitted Use:  Enriched Transaction Data may only be used for the internal business activities of You and Your Nominated Group Companies to improve Your core banking performance. 

B.	Customer Attributes
•	Q. Refinery Output:  Your Customer Attributes
•	Permitted Use: Your Customer Attributes may only be used may only be used for the internal business activities of You and Your Nominated Group Companies to improve Your core banking performance.

Timing	This should specify whether transaction data and/or customer attributes (as timing may be different between the two) should be monthly, weekly or real time.
The Q.Refinery Outputs will be provided to You on a [insert frequency] basis no more than [insert number] Business Days after receipt of Your Input Data
Fees	[insert fees] excluding GST made up of:

payable quarterly in advance, within 14 days of the date of Quantium’s invoice.
Fees commence to be payable on and from the Start Date, being [specify].
Stated amounts above are indicative ongoing annual service fees only.  
Fees are stated in A$ exclusive of GST/VAT/sales taxes and like.  
Fees are payable quarterly in advance on 14 days terms.
Implementation and Tuning Services are chargeable separately, payable monthly on 14 days terms, and vary according to quality and readiness of Your Input Data for input into Q.Refinery and readiness of your systems to ingest Q.Refinery Outputs: estimates can be provided by Quantium once these services are able to be properly scoped.

Specified options	State here if any option has already been selected

Your Input Data	See attached Annexure A

Data Requirements	A.	Ingestion Format: CSV 

B.	Data Transfer Mechanism: SFTP

C.	Q.Refinery Outputs: As set out in Annexure B

D.	Q.Refinery Format: CSV
Permitted Use	(a)	internal business activities of You and Your Nominated Group Companies to [specify nature of business]; 
(b)	any other purpose approved in writing by Quantium at Quantium’s discretion.

Territory of Permitted Use	
Your Nominated Group Companies	
Currency of account	Australian dollars
Special Conditions	[Not applicable]

Client Representative	Name	[insert name]
	Email	[insert email]
Quantium Representative	Name	
	Email	

Executed for the Client by the Client’s authorised signatory:		Executed for Quantium by Quantium’s authorised signatory:

		
Signature		Signature
		
Name:  [insert date]		Name:  [insert date]
Date:  [insert date]		Date:  [insert date]



 
ANNEXURE A - YOUR INPUT DATA

Field	Type	Description
Hashed Transaction ID	Required	Unique identifier for a transaction, hashed to remove PII
Hashed Customer ID	Required	Unique identifier for a customer, hashed to remove PII. This joins to the Customer ID field in the Customer table.
Transaction Channel	Required	Channel through which the transaction was made. Should include electronic POS transactions; online / phone / postal transactions, other bill payments (such as including pre-authorized debits), ATM withdrawals
Hashed Card ID	Required	Unique identifier for a card, hashed to remove PII
Terminal ID	Required	Unique identifier for a terminal which processed this transaction. Provided by the acquiring institution
Date and Time	Required	Date and time when the customer swiped their card, authorised an online transaction or at which a request for a card not present transaction was sent to the payment system. Provided based on a fixed agreed time zone
Amount	Required	The amount of the transaction in an agreed currency
Card Present	Required	An indicator of whether the card was present for the transaction
Transaction Text	Required	For card-initiated transactions, this is the description produced by the terminal for the transaction. For other transaction channels, this is the text that is provided by the recipient of the funds and should exclude any information that may be appended that relates to the customer.
Merchant Category Code	Required	For card-initiated transactions, this is the 4-digit industry classification consistent with ISO 18245 associated to the merchant of this transaction.
Acquiring Institution Code	Required	For card-initiated transactions, this is the code corresponding to the country in which a transaction was made. This is usually captured in a standard format, such as ISO 3166.
Hashed Account ID	Optional	Unique identifier for an account, hashed to remove PII.
Terminal Location	Optional	Physical location (address) of the terminal, where known
Merchant ID	Optional	Merchant identifier for the terminal. Provided by the acquiring institution
Merchant Name	Optional	Merchant description for merchants acquired by client
Amount (local)	Optional	The amount of the transaction in the currency paid
Currency	Optional	The currency in which the transaction was paid. If supplied the amount fields should correspond to the currency supplied here

Important: To ensure that all analysis conducted by Quantium adheres to the highest security and privacy standards, Quantium will only receive obfuscated, PII-free versions of sensitive fields. These anonymised fields must have passed through appropriate deidentification algorithms to ensure sensitive information cannot be reidentified by Quantium, but will maintain referential integrity by always producing the same output for the same given input.
Quantium may use correlations of Transaction Data (other than as to Your Customers) to Enriched Data discovered through the provision of Q.Refinery Outputs to You during the term for the purpose of enriching and improving the Q.Refinery Data Corpus, improving correlations of transaction data to Enriched Data for other Q.Refinery clients, and improving and enhancing other features and functionality of the Q.Refinery Product.
 
ANNEXURE B - Q.REFINERY OUTPUTS

Customer Attributes

Field	Type	Description
customer_id	Long / Bigint	Identifier for the customer.
yearmonth	Date	Analysis date at which attribute was measured for customer.
attribute_type	String	Type of attribute
attribute_name	String	Name of attribute
attribute_value	Double	Attribute value applicable for that customer on that date for that attribute
attribute_metadata	String	Dictionary of other useful information about the attribute, used for structured querying. 

Enriched Transaction Data

Field	Type	Description

transaction_id	Long 	Identifier for the transaction. Links to the transaction_id field on the raw transactions provided
brand	String 	Brand that is associated with the transaction
quantium_industry_id	Integer 	Identifier of the Quantium industry that is associated with the transaction
quantium_industry_l1	String 	Level 1 industry of a 4 level industry hierarchy that is associated with the transaction
quantium_industry_l2	String 	Level 2 industry of a 4 level industry hierarchy that is associated with the transaction
quantium_industry_l3	String 	Level 3 industry of a 4 level industry hierarchy that is associated with the transaction
location_latitude	Double 	Longitude part of the Latitude/Longitude coordinate where the transaction was made. Only populated for transactions where card_present = TRUE
location_longitude	Double 	Latitude part of the Latitude/Longitude coordinate where the transaction was made. Only populated for transactions where card_present = TRUE
coordinate_confidence	String 	Level at which the coordinate is populated. E.g. store level, suburb level etc
state	String 	State (geographic) in which the transaction was made
suburb	String 	Suburb (geographic) in which the transaction was made
postcode	String 	Postcode (geographic) in which the transaction was made

 
ANNEXURE C - DESCRIPTION OF Q.REFINERY 

1.	Q.Refinery Clients provide raw transaction data and associated text (Transaction Data) to Quantium.  Quantium ingests that Transaction Data into Q.Refinery and runs Q.Refinery to append enriched transaction attributes (Enriched Data) to that Transaction Data to the extent that Quantium is able to do so by using previously discovered correlations of raw transaction data and associated text with Enriched Data.  Quantium then provides Enriched Transaction Data to Q.Refinery Clients in the form of the original Transaction Data transformed by the Enriched Data.  Over time and volume, the correlations of Transaction Data with Enriched Data are increased as a proportion of the total Transaction Data of Q.Refinery Clients. 
2.	Each instance of Q.Refinery is specific to a particular consumer market.  Accordingly, Q.Refinery is tuned and offered specific to a specific Territory (i.e. Australia, New Zealand, U.S.A. respectively).  Because Q.Refinery is unlikely to be of significant utility for a consumer market other than the consumer market for which a particular instance of Q.Refinery is tuned, each instance of Q.Refinery is licensed to a Q.Refinery Client for use within a specific Territory.
3.	Q.Refinery comprises a Data Corpus regularly updated by further correlations as and when verified by Quantium, and Q.Refinery processes and code as operated by Quantium.  Q.Refinery is provided as a service by Quantium to Q.Refinery Clients using the Data Assets Corpus applied across those Q.Refinery Clients and accordingly aggregating improvements in the Data Corpus.  Correlations of Transaction Data to Enriched Data previously discovered by Quantium through continuing research and updating of market data, and through operating the Q.Refinery product for each Q.Refinery Client, are used to improve discoverability, usefulness and human intelligibility of Transaction Data for each and all Q.Refinery Clients.
4.	Correlations of Transaction Data to Enriched Data previously discovered by Quantium in operating the Q.Refinery product for each Q.Refinery Client are also used to continuously improve Q.Refinery processes and code applied across Q.Refinery Clients.  This enables Q.Refinery Clients to derive collective benefit from all transformations conducted by Quantium using the same instance of Q.Refinery.
5.	By embedding prior discovered correlations and learnings into Q.Refinery processes and code and the Q.Refinery Data Assets Corpus, Q.Refinery is enabled to deliver speed and cost-effectiveness at industry-leading quality and reliability.
6.	Embedding prior discovered correlations and learnings into Q.Refinery processes and code to enrich the Q.Refinery Data Corpus requires the creation of a feedback loop of learning.  This feedback loop is tightly controlled.  Quantium operates the Q.Refinery subject to strict business confidentiality controls and safeguards which ensure that no Q.Refinery Client becomes aware of transactions processed or otherwise controlled by another Q.Refinery Client, or as to which user, or provider of services to a user, is associated in any way with any particular Q.Refinery Client.
 
ANNEXURE D - Q.REFINERY PRODUCT-AS-A SERVICE TERMS

 
1.	AGREEMENT
1.1	Included Terms: This Agreement includes these terms and conditions and the terms of any Subscription Order signed by both parties. 
1.2	Commencement Date: This Agreement starts on the date that the first Subscription Order is executed by both parties. 
1.3	End Date: Subject to clause 1.4 this Agreement ends automatically upon expiry of the Term (unless renewed), or when terminated in accordance with these terms.
1.4	Extension: Prior to the end of the Term, the parties will negotiate the terms of a renewal of this Agreement for a further two years. If these negotiations do not commence or do not lead to the conclusion of a new agreement, this Agreement will terminate on the End Date.
2.	ACCESS TO YOUR INPUT DATA
2.1	Your Input Data: You will provide Quantium with access to Your Input Data for the Term on the terms of this Agreement. 
2.2	Data Requirements: You agree to provide Your Input Data to Quantium in accordance with the Data Requirements set out in the Subscription Order.
2.3	Warranty by You: You warrant that the use by Quantium of Your Input Data in accordance this agreement will not infringe any Right or breach any Law. Quantium expressly disclaims, takes no responsibility for, and has no liability for claims relating to Your Input Data.
2.4	Reliance by Quantium: Quantium relies on, and will not confirm, check or verify any of Your Input Data or any other information that you provide or direct Quantium to input into Q. Refinery.  You must ensure that Your Input Data is accurate and complete.  
2.5	Acknowledgments by You: You acknowledge and agree that:
(a)	Q.Refinery will not convert Your Input Data to Q.Refinery Outputs if Your Input Data does not meet the Data Requirements;
(b)	the delivery of Q. Refinery Outputs to You will be delayed by the same number of Business Days that equates to time taken by Quantium to resolve any issue with Your Input Data; and
(c)	Q.Refinery is designed and optimised for use in relation to transactions within the Coverage Territory stated above.  Q.Refinery is unlikely to be of significant utility in relation to transactions conducted with merchants outside the Coverage Territory.
3.	Q.REFINERY OUTPUTS
3.1	Delivery Date: Q.Refinery will convert Your Input Data to Q. Refinery Outputs in accordance with the Data Timetable that is set out above [/in the Subscription Order].
3.2	Q.Refinery Output Format: Quantium will provide Q.Refinery Outputs to You in accordance with the Q.Refinery Format set out set out above [/in the Subscription Order]. 
3.3	Licence Grant: You are granted a non-exclusive licence to use the Q.Refinery Outputs for the Permitted Use stated above within the Use Territory during the Term.  All other rights are expressly reserved by Quantium and excluded from this right as licensed to you.
3.4	Nominated Group Companies: The rights granted to You under this Agreement may also be exercised by Your Nominated Group Companies, while they remain Nominated Group Companies under Your control, or under common control with You by another entity.  You will be responsible for ensuring full compliance by each of Your Nominated Group Companies with requirements of this Agreement
3.5	Acknowledgments by You: You acknowledge and agree that:
(a)	You have read and understand the description of Q.Refinery in Attachment A;
(b)	The Q.Refinery Product is inference-based and Your Customer Attributes are likely to include errors in some individual Customer records; and 
(c)	the Q.Refinery Data Corpus used by the Q.Refinery Product may contain some errors and is unable to provide Enriched Transaction Data for all Transaction Data.
Quantium will use all reasonable commercial efforts to minimise the number of such errors and will correct the relevant Customer record or delete the relevant error from the Q. Refinery Data Corpus promptly after You make Quanitum aware of any such error.
3.6	Reference Documentation: Quantium will provide You with reference documentation for Your Customer Attributes and Enriched Transaction Data (if applicable), to enable Your data analysts to use the Q.Refinery Outputs for the Permitted Use.
4.	PERMITTED USE OF Q.REFINERY OUTPUTS
4.1	Permitted Use: Subject to the conditions and restrictions set out in this Agreement, You may use the Q.Refinery Outputs for the Permitted Use.
4.2	Restrictions on Use: You (and Your Authorised Users and Your employees) must not:
(a)	use a Q.Refinery Output for any purpose other than the Permitted Use within the Territory during the Term;
(b)	commercialise Your Customer Attributes to third parties, and may not otherwise grant access to, sell or distribute Your Customer Attributes to third parties, without the consent of Quantium
(c)	provide an enrichment service to third parties or enable third parties to use Enriched Transaction Data  without the consent of Quantium;
(d)	disclose, disseminate, communicate, transmit or publish any Q.Refinery Output (or any part of a Q.Refinery Output) to a third party; 
(e)	re-sell, sub-licence, transfer or assign any Q.Refinery Output (or any part of a Q.Refinery Output) to a third party;
(f)	decompile, disassemble, reproduce or reverse engineer, or seek to decompile, disassemble, reproduce or reverse engineer, any Q.Refinery Output or create a substitute for or replacement of any Q.Refinery Output, or otherwise discern the source code or the object code used to create any Q.Refinery Output;
(g)	copy, modify, alter, reproduce, translate, store, adapt or create derivative works of any Q.Refinery Output (or any part of a Q.Refinery Output) or embed any part of a Q.Refinery Output in your systems, except as reasonably required by you for the Permitted Use within the Use Territory during the Term;
(h)	permit unauthorised personnel to access or use any Q.Refinery Output;
(i)	alter, obscure or remove any disclaimer, logo, branding or notice that is on or contained in any Q.Refinery Output;
5.	FEES AND INVOICING
5.1	Invoicing and Payment: Quantium will invoice You the Fees in accordance with the invoicing terms set out above [/in the Subscription Order]. You agree to pay Quantium the Fees in accordance with the payment terms set out above [/in the Subscription Order]. 
5.2	Taxes: All fees listed in Your Subscription Order are exclusive of GST, VAT, turnover, sales and other taxes on supplies, other than taxes on Quantium’s income.  Quantium will add such taxes to the Fees when You are invoiced for those Fees.  You agree to pay fees free from bank charges, deductions and withholdings, or to gross-up payments, so that payments of Fees and taxes are received by Quantium in Quantium’s nominated bank account with an Australian trading bank in the currency of account in full and without deductions or withholdings.
6.	INTELLECTUAL PROPERTY 
6.1	IPRs: You agree that all IPRs in the Q.Refinery Product and all Q.Refinery Outputs are owned by Quantium.  Your right to use the Q.Refinery Outputs is limited to the Permitted Use.  All Rights not expressly granted to You under this Agreement are reserved to Quantium.
6.2	Your Input Data:  You own all IPRs in Your Input Data.  You grant to Quantium an irrevocable right and license to use Your Input Data in connection with the Q.Refinery Product for the purposes of providing the Q.Refinery Outputs to You under this Agreement and to enable enhancement of the Q.Refinery Product as contemplated in clause 8.7 of this Agreement.
6.3	Developed IP:  You agree that all IPR’s created or developed by Quantium, including in connection with the use of Your Input Data, for the purposes of enhancing, modifying, updating or adapting the Q. Refinery Product during the Term are owned by Quantium.
6.4	Infringement of IPRs: If Quantium, acting reasonably, believes that You have used (or permitted another person to use) or are likely to use (or permit another person to use) Q.Refinery Outputs or the Q.Refinery Product in a way which infringes or is likely to infringe Quantium’s IPRs, or breaches confidentiality, Quantium may in its sole discretion:
(a)	direct You to remove all Q.Refinery Outputs and any other Quantium Confidential Information from any database, IT system or device which is owned or controlled by You; and
(b)	direct You to return to Quantium all Q.Refinery Outputs that have been provided by Quantium to You; and
(c)	suspend Your access to Q.Refinery Outputs and to the Q.Refinery Product; and
(d)	terminate Your Subscription or this Agreement.
You must comply with any direction within 5 Business Days and certify in writing that You have fully complied with Quantium’s direction.
7.	PRIVACY
7.1	Compliance with Laws: Each party must, and must ensure that members of its Group and its Employees will comply with all Laws, including Privacy Laws, from time to time that relate to collection, handling, control, processing and disclosure of Personal Information (including obtaining any necessary Consents), any reasonable directions of a party as to Laws and steps reasonably required to effect compliance. The parties agree to comply with the provisions of Attachment E to the extent that GDPR is applicable to the processing of Your Input Data under this Agreement.
7.2	Notification: Each party must promptly notify the other party of any potential or actual material complaint relating to the first party's compliance or alleged non-compliance with Privacy Laws, and any suspected data breach that may affect the other party.  Each party agrees to cooperate and comply with all reasonable directions of the other party in relation to such event and to promptly take all reasonable steps to rectify or remedy such breach where possible.  
7.3	No provision of Personal Information: You must not provide Quantium with Personal Information, or access to Personal Information, except with Quantium’s prior written consent.  Any Personal Information You do provide to Quantium must be in accordance with all access conditions, protocols and safeguards agreed between the parties in writing.
7.4	Protection of Personal Information: To the extent that You receive Personal Information from Quantium, or Q.Refinery Outputs (or derivatives from them) become Personal Information as held by You, You agree that you will comply with all Laws, including Privacy Laws, relating to the collection, handling, control, processing and disclosure of this Personal Information, including obtaining any necessary Consents, and that you will protect this Personal Information against misuse, loss, or unauthorised access, modification or disclosure, including not disclosing any Personal Information to a third party without Quantium’s prior written consent or as required by Law or pursuant to a lawful request of a data subject.
8.	CONFIDENTIALITY
8.1	Reciprocal Confidentiality Obligations: Each Recipient of Confidential Information agrees to keep Discloser’s Confidential Information confidential, secret, and protected and to only use Discloser’s Confidential Information to the extent allowed by this Agreement.  
8.2	Quantium’s Confidential Information:  You agree that Quantium's Confidential Information, is provided to you for the Permitted Use within the Territory during the Term only, and its disclosure to you does not change its confidential nature. 
8.3	General Disclosure Limitations: Except to the extent that this Agreement expressly allows, a Recipient must not disclose Confidential Information of the Discloser to any person, except: 
(a)	with the prior written consent of the Discloser; or
(b)	if Recipient is required to disclose by Law, by a regulator, government, administrative authority, stock exchange or in connection with legal proceedings relating to this Agreement, provided that (where practical) the Recipient notifies the Discloser prior to such disclosure and it is limited to what is necessary.
8.4	Compliance with directions: Each Recipient must:
(a)	comply with the reasonable directions of Discloser in relation to Discloser’s Confidential Information; and 
(b)	immediately notify the Discloser if the Recipient suspects or becomes aware of any unauthorised copying, use or disclosure of Discloser’s Confidential Information.
8.5	Destruction of Confidential Information: Upon termination or expiry of this Agreement, or at Discloser’s request, Recipient must promptly either deliver to Discloser, or destroy and certify the destruction of, materials that contain the Discloser’s IPRs and Confidential Information. This clause does not require the Recipient to deliver up or destroy materials (and, in Your case, any Q.Refinery Outputs) that the Recipient is required to keep for the purposes of archive (including electronic backup data storage), professional indemnity insurance, legal advice or legal compliance, provided that Recipient gives written assurances to the Discloser regarding protection against unauthorised use or disclosure (including as to systems security).
8.6	No publicity without Quantium consent:  You must not (and must ensure your Employees do not) publish or release any information in connection with this Agreement, the Q.Refinery Product or any Q.Refinery Outputs, or refer to Quantium in any offering, promotion, advertising, web site, presentation, media release or statement, publication or communication of similar nature, without Quantium’s prior written consent.
8.7	Continuing Use of Your Input Data: Notwithstanding termination of this Agreement or expiry of the Term, You permit and licence Quantium (on a non-revocable, continuing basis notwithstanding expiry or termination of the Term) to use correlations in term (transaction) text of Transaction Data to Enriched Data discovered through the provision of Q.Refinery Outputs to You during the Term for the purpose of:
(a)	enriching and improving the Q.Refinery Data Corpus; 
(b)	improving correlations of transaction data to Enriched Data for other Q.Refinery clients; and
(c)	improving and enhancing other features and functionality of the Q.Refinery Product.
For clarity, term (transaction) text does not include any information about any customer of You or details of transactions of customers.

9.	SUSPENSION AND TERMINATION
9.1	Suspension Rights: Quantium may suspend access to the Q.Refinery Outputs during the Term if Quantium, acting reasonably, considers that you have failed to comply with this Agreement, including failing to pay any amounts owing to Quantium when due. No refund will be provided to You for any period of suspension. Quantium may reinstate access once Quantium is satisfied that You have rectified the failure that led to the suspension and that You are not otherwise in breach of this Agreement.
9.2	Termination for Cause: Either party may terminate this Agreement immediately on written notice to the other party if: 
(b)	the other party is in breach a material term of this Agreement and fails to remedy that breach within 30 days after written notice of the default; or
(c)	to the extent permitted by law, the other party suffers an Insolvency Event.
Upon termination of this Agreement, Your right to access and use the Q.Refinery Product and the Q.Refinery Outputs will immediately cease.
9.3	Survival of clauses: All clauses which either expressly or by implication are intended to survive this Agreement ending will continue to apply after this Agreement ends, including without limitation clauses 6, 7, 8 and 10. 
10.	WARRANTIES, LIABILITIES AND INDEMNITIES
10.1	Warranty: The Q.Refinery Product is designed to append enriched transaction attributes as Enriched Data to Your Transaction Data as ingested into Q.Refinery, to the extent that Quantium is able to do so by using previously discovered correlations of raw transaction data and associated text with Enriched Data.  Over time and volume, the number and quality of correlations of Transaction Data with Enriched Data will increased as a proportion of the total Transaction Data of You and other Q.Refinery Clients.  The Q.Refinery Product uses scale and learnings to improve coverage and accuracy, but as a product based upon inferred correlations will include errors and will be incomplete, as Qunatium is unable to provide complete coverage and accuracy within the Coverage Territory.  Quantium states and warrants that Q.Refinery is generally reliable and statistically reasonably fit for the purpose of enriching Transaction Data, and that Quantium will use all reasonable commercial endeavours to further refine and improve coverage and accuracy within the Coverage Territory throughout the Term, but Qunatium also expressly states that Q.Refinery will be incomplete and contain errors (i.e. Quantium is unable to provide complete coverage and accuracy within the Coverage Territory).
10.2	Exclusion of Warranties: Subject to clause 10.1, to the maximum extent permitted by law, and unless expressly provided in this Agreement, all implied warranties, representations, guarantees, statements, terms, conditions and any other additional obligations are excluded from this Agreement. 
10.3	Acknowledgement by You: Subject to and without limiting clause 10.1, You acknowledge that Quantium makes no representations (express or implied) nor gives any guarantee or warranty as to the quality, fitness for purpose, usefulness, completeness, reliability, timeliness or accuracy of any Q.Refinery Output or the Q.Refinery Product; 
10.4	Maximum liability: If, despite this clause 10, Quantium incurs any liability to You, then Quantium’s maximum liability to You for any claim (including related or similar claims, and in aggregate) arising in connection with this Agreement, is limited, to the maximum extent permitted by law, to the ongoing Fees for provision of the Service paid by You under this Agreement in the 12 months prior to the claim.
10.5	Excluded Loss: To the extent permitted by law, Quantium is not liable to You for any Excluded Loss suffered or incurred by You in connection with this Agreement.
10.6	No liability for patents: Quantium expressly disclaims, takes no responsibility for, and has no liability for, infringement of any third-party patent, other than a patent issued in the Coverage Territory stated above.
10.7	No liability to third parties: Subject to and without limiting clause 10.1, You agree that Quantium is not liable to You or any third party in relation to any use by You or any third party of, or reliance by You or any third party on, the Q.Refinery Outputs or any other Quantium Confidential Information.
10.8	Indemnity by You: You indemnify Quantium, each member of its Group, and each of its employees, officers, contractors, representatives or agents (each and all indemnified persons):
(a)	from and against any claim by any third party in relation to any use or reliance by that third party on the Q.Refinery Outputs; and 
(b)	against Loss (including penalties or fines imposed by any regulator) that the indemnified persons suffer or incur to the extent that such Loss arises out of: 
(i)	Your Input Data infringing or breaching any Right or Law;
(ii)	any unauthorised access to the Q.Refinery Outputs supplied to You; and 
(iii)	any breach by You (or any person for whom You are responsible) of clause 6 (IPRs), clause 7 (Privacy) or clause 8 (Confidentiality)
11.	GENERAL 
11.1	Events outside Quantium’s control: Quantium is not liable to You for any delay or non-performance of Quantium’s obligations under this Agreement to the extent to which that delay, or non-performance is due to events which are beyond Quantium’s reasonable control which could not reasonably be planned for or avoided (including any delay in Quantium obtaining Your Input Data).
11.2	Quantium audit rights:  On the provision of not less than 14 days’ written notice and subject to reasonable confidentiality undertakings, You will give Quantium and its authorised representatives access to any of Your facilities, premises, systems, records, books and personnel to enable Quantium to assess whether or not You have complied with this Agreement.
11.3	No Assignment: Neither party may assign, sub-license or otherwise transfer the benefit of this Agreement without the other party’s prior written consent.
11.4	Applicable law: This Agreement is governed by the laws of New South Wales, Australia. Each party submits to the non-exclusive jurisdiction of the New South Wales courts. 
11.5	Entire Agreement: This Agreement (including the Subscription Order, Attachment A and Attachment B) contains the entire agreement between You and Quantium with respect to its subject matter and supersedes all other prior agreements, understandings and representations between You and Quantium. This Agreement may only be varied by written agreement.
12.	INTERPRETATION
12.1	References to 'us', 'our' or 'Quantium' means The Quantium Group Pty Ltd ABN 45 102 444 253.
12.2	References to 'You', 'Your' or 'Client' means the entity listed as the Client above.
12.3	In this Agreement, the following definitions apply unless the context requires otherwise:
Business Day means any day that is not a Saturday or Sunday or public holiday in New South Wales.
Client Representative means the client representative nominated by You in the Subscription, or any replacement client representative communicated in writing to Quantium.
Confidential Information is information that a party (including members of a party’s respective Group and their employees, officers, contractors, representatives or agents), being a Discloser, discloses to the other party (or members of the other party’s respective Group and their employees, officers, contractors, representatives or agents), being a Recipient, in connection with performance of this Agreement. Confidential Information does not include information which is known to the public or otherwise becomes part of the public domain (other than due to breach of an obligation of confidence owed under this Agreement).
Control (including associated meanings “Controlled by”, “Controlling” and “under common Control with”) means possession, directly and indirectly, of the power to direct or cause the direction of management f management or policies of an entity, whether through ownership of more than fifty per cent of an entity’s outstanding equity securities (whether consisting of capital stock, membership units, securities or partnership or other ownership interests), by contract or otherwise;
Data Requirements means the data requirements that are set out above [/in the Subscription Order] for the ingestion of Your Input Data into the Q.Refinery Product and the provision of Q.Refinery Outputs to You.
Employees means officers, employees, contractors and authorised agents of a party.
Enriched Transaction Data means the enriched transaction attributes, including merchant brand, merchant industry and transaction location, that will be appended to the Transaction Data of Your Customers by the Q.Refinery Product in accordance with the format described above [/in the Subscription Order].
Excluded Loss means loss resulting from loss or corruption of data, loss of revenue, loss of profits, loss of business, loss of use, opportunity, goodwill, bargain, failure to make savings, and business interruption, whether arising directly or not.
Fees means the fees set out above [/in the Subscription Order]. 
GDPR means the General Data Protection Regulation of the European Union (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016).
Group means a group of entities, whatever their nature or denomination and irrespective of their jurisdiction of incorporation, organized under a scheme of direct or indirect equity participation, or otherwise, in which one entity Controls the other entities, provided that, as in the definition of entity, trusts or similar agreements shall be deemed included, regardless of the laws under which such trusts or similar arrangements are created or executed and regardless of their corporate name. Each such entity is a a member of the entity’s Group.
Insolvency Event means a party is unable to pay its debts as they fall due, takes any corporate action or any steps are taken or legal proceedings are started for the winding up, dissolution, liquidation or reorganisation (other than a solvent reconstruction) or for the appointment of a controller, receiver, administrator, official manager, trustee, or any other similar officer, over it or of any of its revenues or assets, or it seeks or is granted protection from its creditors under any applicable legislation.
IPRs means all intellectual property rights, whether registered or unregistered, including copyright, rights in relation to inventions (including patents), know how, trademarks, business names, domain names, designs, circuit layouts, trade secrets, Quantium Confidential Information and other confidential information and all other rights resulting from intellectual activity in the industrial, scientific, literary or artistic fields.
Laws means any applicable federal, state and local laws (including legislation), mandatory codes, directives or practices and mandatory industry codes (whatever called) of any relevant country and jurisdiction.  
Loss means any loss, damages, liabilities, claims, costs or expenses reasonably and properly incurred, including penalties or fines imposed by any regulatory authority and legal costs (on a solicitor/client basis), excluding loss not arising naturally and not arising according to the usual course of things.
Nominated Group Companies means those entities in your Group, if any, specified above.
Permitted Use means use of the Q.Refinery Outputs for the purposes set out in this Agreement.
Personal Information means information or an opinion about or relating to an individual or other data subject that is identified or reasonably identified and regulated as personal information, personal data or personally identifying information under any relevant Privacy Law of any relevant jurisdiction at any relevant time. 
Privacy Laws means applicable privacy or data protection laws, including without limitation the Privacy Act 1988 (Cth of Australia), the GDPR, the Californian Consumer Privacy Act, and regulations and mandatory guidelines as issued by a regulator from time to time that relate to the collection, handling (including use, disclosure, storage and retention), security and access and correction rights, notification of suspected or actual data breaches, and control and processing of or relation to Personal Information.
Quantium Confidential Information means Confidential Information of Quantium and without limitation includes :
(a)	the terms of this Agreement (including the terms of any Subscription Order);
(b)	all Q.Refinery Outputs and any other data, information or outputs (including any reports) made available to You via the Q.Refinery Product, but not Your Input Data; and
(c)	all other information or materials provided, or made available, to You by Quantium under or in connection with this Agreement,
but does not include information which is or becomes available in the public domain, other than as a result of a breach of this Agreement.
Right means any right of privacy or confidentiality or in contract or tort that is legally enforceable by any person.
Q.Refinery Data Corpus means the data corpus of brands, geographic locations, industry categories and common words and texts, plus correlations between raw transaction data and enriched transaction attributes, that is maintained by Quanitum for use in connection with the Q.Refinery Product which will be updated by the correlations between the Transaction Data and Enriched Transaction Data identified by the Q.Refinery Product under this Agreement.
Q.Refinery Output means an output from the Q.Refinery Product that is provided to You by Quantium on the terms of this Agreement, including Your Customer Attributes and, if applicable, Enriched Transaction Data.
Q.Refinery Product means the Quantium software product and automated data enrichment process more fully described above [/in the Subscription Order], including all enhancements and modifications to the software and automated processes developed during the Term.
Special Conditions means any special conditions set out above [/in the Subscription Order], which, to the extent of any inconsistency, shall take precedence over these terms and conditions.
Subscription Order means Your subscription to the Q.Refinery Product as set out on the front page of this Agreement, as updated or varied in writing, or as substituted by any subsequent subscription order signed by the parties.
Term means the term described in in the Subscription Order.
Territory means the country or other jurisdiction or geographical area described in the Subscription Order.
Transaction Data means raw transaction data in its original form and any associated text that is included in Your Input Data for ingestion into the Q.Refinery Product.
Your Customer Attributes means the customer attributes that are created by Q.Refinery from Your Input Data and which are supplied to you in the format described above [/in the Subscription Order].
Your Input Data means data, information (including Your Confidential Information), content, instructions or other information provided by You to Quantium which is:
(a)	specified in the Subscription Order for ingestion into the Q.Refinery Product (which may include third party data); or 
(b)	reasonably requested by Quantium to assist with the development and delivery of the Q.Refinery Outputs.
12.4	Interpretation: Unless the context otherwise requires:
(a)	monetary amounts are expressed in Australian dollars;
(b)	headings are for convenience only and do not affect interpretation; 
(c)	words importing the singular include the plural and vice versa;
(d)	other grammatical forms of a word or phrase defined in this Agreement have a corresponding meaning;
(e)	an expression importing a natural person includes a partnership, joint venture, association, corporation, trading trust or other body corporate or government agency;
(f)	a reference to anything includes a part of that thing;
(g)	mentioning anything after includes, including, for example, or similar expressions, does not limit what else might be included;
(h)	a reference to any statute, regulation, proclamation, ordinance or by-law includes all statutes, regulations, proclamations, ordinances or by-laws amending, consolidating or replacing them and a reference to a statute includes all regulations, proclamations, ordinances and by-laws issued under that statute;
(i)	a reference to a document includes an amendment or supplement to, or replacement or novation of, that document;
(j)	references to a party to this Agreement includes references to the successors or assigns (immediate or otherwise) of that party;
(k)	where the day on or by which any thing is to be done is not a Business Day, that thing must be done on or by the next Business Day. 

 
 

 
ANNEXURE D - GDPR DATA PROCESSING 
PREAMBLE
In performance of its obligations under this Agreement, Quantium may process for Client “Personal Data” as defined in the GDPR that is within the territorial scope of operation of Article 3 of the GDPR (Client GDPR Personal Data). The activity of processing that Client GDPR Personal Data is Contract GDPR Data Processing.
This Attachment specifies the rights and obligations of the Parties in connection with Contract GDPR Data Processing. 
For clarity, all other processing of Personal Information that Quantium processes pursuant to the Agreement is not governed by this Attachment and is governed by provisions of the Agreement not including this Attachment.
References below to Sections are to sections of this Attachment.
1.	DEFINITIONS
Capitalized terms used herein shall have the meaning assigned to them in the Agreement or in Section 16 (List of Definitions) below.  Unless otherwise defined herein, the definitions of the European General Data Protection Regulation 2016/679 (GDPR), in particular the terms Controller, Data Subject, Member State, Personal Data, Personal Data Breach, Processor, Processing and Supervisory Authority as defined in the GDPR, shall apply.
2.	SUBJECT MATTER AND TERM
2.1	In relation to Contract GDPR Data Processing, Quantium is classified as "Processor" and Client as "Controller" under GDPR.  Quantium shall process Client GDPR Personal Data for the purpose of providing the services described in the Agreement (Contract Services) and any additional services under this Attachment (Processing Services) to Client (Admissible Purpose).  Quantium shall not use or disclose Client GDPR Personal Data for any other than the Admissible Purpose.
2.2	Details of Processing:
Categories of Data Subjects Concerned
Customers of Client Group
Officers and personnel of corporate customers
Categories of Personal Data Processed
[Demographic information such as name, age, marital status, income, occupation, address, email address etc]
[Customer details such as account numbers, credit information, transaction information, products held, channel usage, communication preferences, behavioural characteristics etc]
2.3	Contract GDPR Processing shall always be conducted in a professional manner and in compliance with the principles of proper data processing, the provisions of the Agreement, this Attachment and applicable law.
2.4	Unless expressly provided otherwise herein, Client shall not be liable for any additional charges for Contract GDPR Processing Services under this Agreement and the Parties acknowledge and agree that all costs, charges and fees in connection with the Contract GDPR Processing Services are fully and adequately compensated by the fees and charges payable under the Agreement.
2.5	The duration (term) of this Attachment is equal to the term of the Agreement.  This Attachment shall terminate automatically when the Agreement terminates, except for any provisions intended to survive termination hereof or the Agreement.  Any right to terminate this Attachment separately prior to such termination date shall be excluded to the extent permitted by applicable law. 
3.	CLIENT’s INSTRUCTIONS
3.1	Quantium shall process Client GDPR Personal Data only on behalf of Client and in strict accordance with Client's written instructions, including with regard to transfers of Personal Data to a Third Country or an international organisation, unless required to do so by Union or Member State law to which Quantium is subject.  In such a case, Quantium shall inform Client of that legal requirement before such Processing, unless that law prohibits such information on important grounds of public interest.  For the avoidance of doubt, whenever this Attachment or the Agreement include provisions relating to Contract GDPR Processing of Client GDPR Personal Data (e.g. an obligation to anonymise certain Client GDPR Personal Data), such Processing shall be considered an instruction of the Controller pursuant to this Attachment.
3.2	Quantium shall immediately notify Client, if in its reasonable opinion, an instruction of Client infringes any EU Data Protection laws or other EU or Member State data protection provisions.  Client is responsible for determining whether an instruction of Client may infringe any EU Data Protection laws or other EU or Member State data protection provisions.  Client must not at any time issue any instruction which, if performed by Quantium in accordance with the terms of this Agreement, including this Attachment, would cause Quantium to infringe any EU Data Protection laws or other EU or Member State data protection provisions.  Quantium is not required to perform any instruction that in the reasonable opinion of Quantium, as notified to Client in accordance with this Section 3.2, would cause Quantium to infringe any EU Data Protection laws or other EU or Member State data protection provisions.
4.	TECHNICAL AND ORGANISATIONAL MEASURES
4.1	Quantium shall implement appropriate technical and organizational measures in order to prevent unauthorised or unlawful processing of Client GDPR Personal Data; accidental loss or destruction of, or damage to, Client GDPR Personal Data; and to ensure a level of security appropriate to (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of Client GDPR Personal Data to be protected, including, as appropriate, the measures referred to in Article 32 GDPR (Data Security Standards). 
5.	DATA SUBJECT RIGHTS 
5.1	Client is legally responsible to deal with any requests or enquiries from Data Subjects in relation to their rights under applicable laws in relation to the Processing of Client GDPR Personal Data (GDPR Data Subject Requests) and Quantium shall not respond to any such GDPR Data Subject Requests unless otherwise required by documented instructions by Client, provided that Quantium is not required to follow instructions by Client that in the reasonable opinion of Quantium would cause Quantium to infringe any EU Data Protection laws or other EU or Member State data protection provisions.  In such circumstances, Quantium must notify Client in accordance with Section 3.2.
5.2	Quantium shall promptly notify Client of any GDPR Data Subject Requests, provide any required information and use best efforts to assist Client in dealing with any GDPR Data Subject Requests.
5.3	In the event of a dispute with or other claims brought by a Data Subject concerning the Processing of Client GDPR Personal Data against either or both Parties, the Parties shall promptly notify and inform each other and shall cooperate and coordinate with a view to effectively defend themselves against such claims or settling them amicably in a timely fashion.
6.	FURTHER DATA PROTECTION OBLIGATIONS 
6.1	Quantium shall maintain a written record in accordance with Art. 30 par. 2 GDPR of all categories of Contract GDPR Data Processing carried out on behalf of Client.
6.2	Quantium shall reasonably assist Client in relation to:
(a)	the preparation of the records of processing activities in accordance with Art. 30;
(b)	any data protection impact assessment (DPIA) that Client elects to conduct in accordance with Art. 35 GDPR; and 
(c)	any requests or consultations with the responsible Supervisory Authority.
7.	SERVICE PROVIDER PERSONNEL/DATA PROTECTION OFFICER
Quantium shall ensure that any personnel undertaking or involved in the Processing under this Attachment are properly qualified and trained and have committed themselves to keep Client GDPR Personal Data confidential or are under an appropriate statutory obligation of confidentiality in accordance with applicable law which shall survive termination of this Attachment.  If required under applicable law, Quantium shall appoint a data protection officer and shall immediately provide Client with relevant up to date contact details.
8.	SUB-PROCESSING
8.1	Any engagement of other Processors in relation to the Contract GDPR Data Processing (Sub-Processor) requires prior documented consent of Client which shall not be unreasonably withheld.
8.2	Quantium shall give Client prior written notice of the intended appointment of any additional Sub-Processor, including full details of the intended Processing, and shall always provide Client with an up to date list of Sub-Processors engaged.  If Client notifies Quantium in writing of any legitimate objections to the proposed appointment, Quantium shall not appoint (or disclose any Client GDPR Personal Data to) that proposed Sub-Processor until reasonable steps have been taken to address the objections raised by Client.
8.3	Quantium shall enter into a written agreement with the Sub-Processor which includes terms which offer at least the same level of protection for Client GDPR Personal Data as those set out in this Attachment and meet the requirements of Art. 28 par 3 GDPR.  Quantium shall conduct regular audits as required under applicable law to ensure that the Sub-Processor complies with the Data Security Standards, applicable laws and its other contractual obligations. The agreement with the Sub-Processor shall include a direct audit right for Client or other appropriate audit mechanisms (e.g. third-party audits or audits conducted by the Service-Provider on behalf of Client).
8.4	In case of material non-compliance of the Sub-Processor with its contractual obligations which affects the security and integrity of Client GDPR Personal Data, Quantium shall be liable to Client for any damages caused by such non-compliance as though the material non-compliance of the Sub-Processor with its contractual obligations was a non-compliance by Quantium with Quantium’s contractual obligations in the Agreement.
9.	PROCESSING OUTSIDE OF EU/EEA
9.1	When processing Client GDPR Personal Data outside of the territory of the European Union or the EEA or engaging in any act or practice regarding Client GDPR Personal Data where that act or practice is subject to applicable laws in jurisdictions outside the territory of the European Union or EEA, Quantium shall comply with those applicable laws, and in particular provide appropriate safeguards to ensure an adequate level of data protection in accordance with Art. 44 et. seq. GDPR.  The same shall apply with respect to any Processing of Client GDPR Personal Data by a Sub-Processor outside of the territory of the European Union.
9.2	The parties will immediately upon reasonable request of either party and prior to commencement of any Restricted Transfer (i) enter into the standard clauses set forth in the Commission Decision dated February 5, 2010 (2010/87/EU) and/or (ii) enter into or establish any other appropriate instruments or undertakings required under applicable law to effect such Restricted Transfer without breach of such applicable law.  Restricted Transfer means any transfer of Client GDPR Personal Data by or to any of the parties or a Sub-Processor which would be prohibited by applicable law in the absence of the instruments or undertakings referred to in the preceding sentence.
10.	INSPECTIONS AND AUDITS
10.1	Quantium shall make available to Client on request all information reasonably requested by Client as necessary to demonstrate compliance with this Attachment, and shall allow for and contribute to audits in relation to the Processing of Client GDPR Personal Data, including inspections of the data-processing facilities of Quantium, by Client or an auditor mandated by Client, to the extent required by applicable law.
10.2	Client shall give Quantium at least three weeks' notice of any audit or inspection to be conducted and shall avoid causing any damage, injury or disruption to Quantium's premises, equipment, personnel and business.  In the event that Client identifies any deficiencies or irregularities related to the Processing of Client GDPR Personal Data during such audits or inspections, it shall promptly notify Quantium and Quantium will discuss such findings with Client and the Parties shall work together to develop a mutually agreeable remediation plan.
11.	PERSONAL DATA BREACHES AND INCIDENTS
11.1	Quantium shall promptly, at the latest within 24 hours of becoming aware, notify Client of any technical, organizational or other incidents (including incidents at Sub-Processors) which have resulted or may result in a Personal Data Breach in the sense of Art. 33 par. 1 GDPR affecting Client GDPR Personal Data (GDPR Data Security Incident).  Such notification must be comprehensive and include any information required under Art. 33 par. 3 GDPR and/or required by applicable laws.
11.2	In the event that Quantium is required under applicable law to notify a GDPR Data Security Incident to a Supervisory Authority or other authority, the Data Subjects concerned or any other third parties (e.g. if the Data Security Incident results in a Personal Data Breach for which Quantium is himself responsible as Controller), Quantium shall, to the extent permitted under applicable law and reasonably possible, liaise and coordinate with Client prior to making such notification.  The parties shall use their best efforts to agree on a joint approach with a view to prevent any contradicting or inconclusive notifications.  This includes providing each other with the details of any notification and the date and time on which notification will be made.
11.3	In the event of a GDPR Data Security Incident, Quantium shall promptly take any measures required and appropriate under applicable law and technical standards to restore the confidentiality, integrity and availability of Client GDPR Personal Data and the resilience of the processing systems and services and to mitigate the risk of harm and/or any detrimental consequences for the Data Subjects affected or potentially affected by the Data Security Incident.
12.	COMMUNICATION WITH AUTHORITIES
To the extent permitted under applicable law:
(a)	Quantium shall promptly notify Client in the event of any audits, enquiries, investigations, requests, orders or other proceedings or matters relating to this Attachment by a Supervisory Authority or any other public body in relation to the Processing of Client GDPR Personal Data (Authority Enquiries).  The parties shall use best efforts to support each other and to ensure an aligned and coordinated communication with the Authority in relation to any Authority Enquiries; and
(b)	in the event of a dispute with, imposition of orders or fines imposed by, or other claims brought by, a Supervisory Authority or other competent authority concerning the Processing of Client GDPR Personal Data against either or both parties, the parties shall promptly notify and inform each other and shall cooperate and coordinate with a view to effectively defend themselves against such claims or settling them amicably in a timely fashion.
13.	RETURN AND DELETION OF COMPANY PERSONAL DATA
13.1	Upon termination of the Agreement or anytime upon request of Client, Quantium shall promptly delete and procure the deletion of all copies of Client GDPR Personal Data.  Client may in its discretion by written notice require Quantium to return a complete copy of all Client GDPR Personal Data to Client by secure file transfer in such format as is reasonably notified by Client to Quantium.
13.2	Quantium may retain Client GDPR Personal Data to the extent and for such period as required by applicable law provided that Quantium shall ensure that such retained Client GDPR Personal Data is (i) kept confidential and protected against unauthorized access, disclosure or use and (ii) only Processed as necessary for the purpose(s) specified in the applicable law requiring its storage.
14.	BREACH OF THIS SCHEDULE
With respect to any breach of this Attachment, the relevant provisions of the Agreement shall apply, provided that any limitation of liability under the Agreement shall not be construed or interpreted in a way to deviate, and shall not apply to the extent such limitation would deviate, from the allocation of liability between Controllers and Processors as set down in Article 82 (2) GDPR or would prevent either Party’s right to claim back any compensation for damage in accordance with Article 82 (5) GDPR.
15.	AMENDMENT FOR DATA PROTECTION COMPLIANCE
In the event the EU Commission or a competent Supervisory Authority lays down standard contractual clauses in accordance with Article 28 par. 7 GDPR, the parties will upon either party’s request include one or more of those contractual clauses in this Attachment if so required to comply with applicable law.  The same applies to any other changes of applicable law which require an amendment to this Attachment to comply with applicable law.
16.	LIST OF DEFINITIONS
Admissible Purpose has the meaning assigned to the term in Section 2.1.
Affiliate means any legal entity directly or indirectly Controlling or Controlled by or under direct or indirect common Control with the specified entity. 
Agreement has the meaning assigned to the term in the Preamble.
Authority Enquiries has the meaning assigned to the term in Section 12.
Attachment has the meaning assigned to the term in the Preamble.
Control, for the purpose of the definition of “Affiliate”, means the power to direct the management and policies of such entity, directly or indirectly, whether through the ownership of voting securities, by contract or otherwise.
Client GDPR Personal Data has the meaning assigned to the term in the Preamble. 
Contract GDPR Data Processing has the meaning assigned to the term in the Preamble.
Contract Services has the meaning assigned to the term in Section 2.1.
Data Security Standards has the meaning assigned to the term in Section 4.1.
Data Subject Requests has the meaning assigned to the term in Section 5.1.
EEA means the European Economic Area.
GDPR has the meaning assigned to the term in Section 1.
GDPR Data Security Incident has the meaning assigned to the term in Section 11.1.
Processing Services has the meaning assigned to the term in Section 2.1.
Sub-Processor has the meaning assigned to the term in Section 8.1.
Third Country means the countries which are not a member of the EU or EEA and which have not been recognized by the European Commission as providing an adequate level of Personal Data protection.  Countries recognized by the European Commission as providing an adequate level of Personal Data protection include, as of November 2019, Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (limited to the Privacy Shield framework).