Duration of the Service To be offered on a case by case basis Liquidated Damages / Service Credits While the offered Set-up Services have committed delivery milestones, the Services and Support & Maintenance Services are subject to the fulfillment of offered Service Levels / performance that are measured over the time. Mechanisms of “liquidated damages” applicable in case of delivery delays as well as “service credits” applicable in case of failure to meet the offered Service Levels over the time is associated to the present Commercial Proposal. Liquidated damages and service credits are financial compensation for delay / failure to meet the offered Service Levels, which is fixed in advance, and which applies regardless of the existence and the size of any damage caused by the delay or failure to perform according to the Service Levels. The benefit for Customer is that liquidated damages and service credits represent an immediate financial remedy in the event of a delay or Service Levels breach, without having to prove any loss or damage. In return, liquidated damages and service credits serve as the sole and exclusive financial remedy for delays or for any failure to meet the offered Service Levels measured over the time, i.e. no other liabilities or penalties apply up to the offered cap of liquidated damages and service credits. Liquidated damages and service credits are capped at a percentage of the price of the affected Services. If and to the extent that the cap of liquidated damages or service credits has been reached, IDEMIA is deemed in severe or persistent failure, and Customer is entitled to terminate the Services or any part of the affected Services and to be compensated for any proven damages on the terms of the general liability offered in the present Commercial Proposal. Liquidated damages or service credits are not available if the delay or failure is due to force majeure, as described in this Commercial Proposal, or any circumstance for which IDEMIA is not responsible. As for delays in the delivery of the Set-up Services, only one single milestone is the trigger for liquidated damages, which IDEMIA’s declaration that the Set-up Services are Ready for Acceptance (“RFA” milestone). As for failure to meet committed performance, IDEMIA undertakes to provide a good visibility, tracking and governance around Service Levels as part of the Services. Liquidated damages amounts are in coherence with offered prices. Intellectual Property Rights (IPR) As part of this Commercial Proposal, Customer is offered to receive access to the Service, and not any sale or license to use any software or any other intellectual property rights (e.g. patents, copyrights, and/or know-how), “IPR”, as a result of the Service. All IPR vested in the systems, software etc. over which the relevant Service is being provided whether existing, enhanced or new IPR, i.e. any modifications and add-ons as well, are IDEMIA’s or IDEMIA vendor’s property only. IDEMIA does not sell to Customer its IPR and technology/know-how in connection with the offered Services or the development of any new services that would imply that the Customer owns the development results. As a general principle, IDEMIA sells Services that fulfils a certain IDEMIA’s specification or written agreed requirements. IDEMIA has invested considerable amounts in development of new technology/know-how in relation to the Services and such technology/know-how is protected by certain IPR. IDEMIA does not warrant that its Service do not infringe any third party intellectual property rights, and offers a “defend and pay” type of indemnity to protect Customer against any third party IPR infringement claims. Recoverable damages are limited to amounts awarded by a final court against the Customer or settlement amounts pre-approved by IDEMIA. They do not include Service replacement costs. IDEMIA may require inbound indemnities from Customer related to third party claims addressing Customer’s content processed via the Service. Limitation of General Liability IDEMIA’s present Commercial Proposal is based on the assumption that all costs and liabilities are defined and measurable. IDEMIA is therefore not liable for "indirect or consequential damages" that do not flow proximately from the breach, and for the following types of damages, whether or not they are considered as direct or indirect damages: loss of production, loss of use, loss of business, loss of data, loss of access, loss of market share, loss of revenue, loss of savings, loss of profit. These limitations shall not apply in case of breach of confidentiality. IDEMIA’s maximum aggregate liability per Year shall not exceed the total amount invoiced by IDEMIA during such Year for the Services offered herein. “Year” shall mean each 12 months period calculated from the anniversary date of the commercial contract between the Customer and IDEMIA. Liquidated damages and service credits do not count towards the offered limitation of liability indicated in the previous paragraph, since they are regulated separately, serving as a pre-set amount of compensation that covers both direct and indirect damages. Suspension of Service IDEMIA reserves the right to suspend the offered Services in situations where Customer puts IDEMIA, its platform or services at risk of: a) a technical or security threat; b) third party claims due to infringing or illegal content or data; c) exposing IDEMIA to some other liability or risk or d) persistent delayed payments by Customer. This right of suspension is balanced as it is qualified as the remedy of last resort i.e.: a) IDEMIA allows Customers a reasonable time period (unless immediate suspension is critical to avoid harm or IDEMIA is compelled by law to suspend the Services) to fix / eliminate or mitigate the relevant issue before suspension occurs, and b) IDEMIA only undertakes suspension under circumstances that are not reasonably capable of other mitigations or remedies. IDEMIA also undertakes to only suspend the directly affected Services, provided that such partial suspension is technically feasible and otherwise reasonable. IDEMIA will restore the suspended Service(s) as soon as possible after the cause of the suspension has been corrected or eliminated and will continue to charge during any such period of suspension. Termination of Service & Exit by Customer Customer may terminate the Services for material breach, where IDEMIA materially defaults on the provision of the Services. Customer has the option to call on IDEMIA in the event of termination to provide support for the return of Customer’s data “as is” and in a format that enables Customer to move the data to another supplier. IDEMIA will then securely destroy the data received by Customer while providing the Services offered herein. Termination of Service by Customer prior to the expiry of the offered duration of Service, for any reason other than termination for cause, shall be subject to the payment of 100% of all future amounts due for the relevant Service over the remainder of the offered duration of Service. Service Withdrawal / End of Life by IDEMIA IDEMIA requires the flexibility to withdraw any Services during the offered duration of Service by providing a prior written notice of twelve (12) months. IDEMIA may offer assistance services for moving to an alternative service provider or technology to be agreed with Customer on a case-by-case basis. Audit Rights It is acknowledged that numerous security audits (performed either by customers directly or by varying third parties) may compromise the integrity, security and performance of IDEMIA’s platforms over which the access to Services is offered, and there impact our customers. As a result, IDEMIA has independent third-party auditors that carry out these annual security audits, and capture their findings in a report (SOC1, SOC2 etc.), which IDEMIA is able to share with Customer. In case such report is not available, IDEMIA and Customer will agree upon the designation of an independent third party to perform the audit, and its results will be shared in a form of a “customer report“. Physical audits can only be performed by an independent third party, and are remedy of last resort if other methods, such as security audit reports, prove inadequate or insufficient to fulfil mandatory rules according to relevant applicable regulations for personal data protection or any other purposes. When physical audits are envisaged, the commercial contract specifies the type of needed audit (e.g. contract compliance, financial or security), the scope of the audit, its frequency, Customer’s access to the audit results and the allocation of the associated costs between Customer and IDEMIA. Force Majeure IDEMIA is excused from its obligations if IDEMIA’s performance is prevented or delayed by circumstances which remain beyond its reasonable control in spite of the implementation by IDEMIA of business continuity or mitigation measures (event of Force Majeure). The same applies if such event affects a subcontractor of IDEMIA. The result of a Force Majeure event is, primarily, that the time for completion is delayed or the execution of Services is suspended while the circumstances at stake are prevailing. If the Force Majeure event continues for a long period, IDEMIA or Customer have the right to terminate the affected Services. Third Party Products If and to the extent any products and/or services offered to Customer contain a significant portion of third party hardware, software or services that are specific for the Services, then it should be secured that the terms and conditions offered shall be equal to the terms and conditions agreed between IDEMIA and the relevant third party ("back-to-back"). Ethics & Compliance IDEMIA conduct its business in compliance with IDEMIA’s Code of Conduct (https://www.idemia.com/ethics-charter) as well as all applicable anti-corruption, anti-bribery and anti-money laundering laws, whether effective in France or internationally and expects from Customer a reciprocal commitment.