API Terms and Conditions | Webnetic s. r. o. - Usage and Compliance Guidelines


API Terms and Conditions

LAST UPDATED: 9/6/2024

Please read the Agreement carefully. All contracts that the Provider may enter into from time to time for the provision of the API Services and related services shall be governed by the Agreement, and the Provider will ask for the Customer's express written acceptance of the Agreement before providing any such services to the Customer.

1. Definitions

LAST UPDATED: 9/6/2024

1.1 In the Agreement, except to the extent expressly provided otherwise:

"Access Credentials" means the cryptographic keys and any other credentials provided or made available by the Provider to the Customer enabling access to the API Services;

"Agreement" means the contract between the parties incorporating the Services Order Form, the terms and conditions and the Schedules, along with any amendments to the Agreement from time to time;

"API Services" means api.webnetic.sk, as specified in the API Services Specification, which will be made available by the Provider to the Customer as a service via the internet in accordance with the Agreement;

"API Services Defect" means a defect, error or bug in the Platform having a material adverse effect on the functionality, security or performance of the API Services, but excluding any defect, error or bug caused by or arising as a result of:

(a) any act or omission of the Customer or any person authorised by the Customer to use the Platform or API Services;

(b) any use of the Platform or API Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer;

(c) a failure of the Customer to perform or observe any of its obligations in the Agreement; and/or

(d) an incompatibility between the Platform or API Services and any other system, network, application, program, hardware or software not specified as compatible in the API Services Specification;

"API Services Specification" means the specification for the Platform and API Services set out in Section 2 of the Services Order Form and in the Documentation;

"Business Day" means any weekday other than a bank or public holiday in Slovakia;

"Charges" means:

(a) the charges and other payable amounts specified in Section 4 of the Services Order Form and elsewhere in the Agreement;

(b) such charges and payable amounts as may be agreed in writing by the parties from time to time; and

(c) charges calculated by multiplying the Provider's standard time-based charging rates (as notified by the Provider to the Customer before the date of the Agreement) by the time spent by the Provider's personnel performing the Support Services (rounded down by the Provider to the nearest quarter hour);

"Confidential Information" means the Provider Confidential Information and the Customer Confidential Information;

"Customer" means the person or entity identified as such in Section 1 of the Services Order Form;

"Customer Applications" means the software application or applications identified as such in the Services Order Form or otherwise agreed by the parties in writing;

"Customer Confidential Information" means:

(a) any information disclosed by or on behalf of the Customer to the Provider at any time before the termination of the Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure:

(i) was marked or described as "confidential"; or

(ii) should have been reasonably understood by the Provider to be confidential; and

(b) the Customer Data;

"Customer Data" means all data, works and materials provided or made available to the API Services by the Customer, along with all data, works and materials generated by the API Services as a result of the use of the API Services by the Customer (but excluding analytics data relating to the use of the API Services and server log files);

"Customer Personal Data" means any Personal Data that is processed by the Provider on behalf of the Customer in relation to the Agreement at any time before the termination of the Agreement, but excluding personal data with respect to which the Provider is a data controller, with such data being stored temporarily in RAM and not permanently retained;

"Data Protection Laws" means the EU GDPR and the UK GDPR and all other applicable laws relating to the processing of Personal Data;

"Documentation" means the documentation for the API Services produced by the Provider and delivered or made available by the Provider to the Customer;

"Effective Date" means the date upon which the parties execute a hard-copy Services Order Form; or, following the Customer completing and submitting the online Services Order Form published by the Provider on the Provider's website, the date upon which the Provider sends to the Customer an order confirmation;

"EU GDPR" means the General Data Protection Regulation (Regulation (EU) 2016/679) and all other EU laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time;

"Initial Period" means the period of 12 months starting upon the Effective Date;

"Intellectual Property Rights" means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these "intellectual property rights" include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);

"Modifications" means updates, upgrades, patches and other modifications to the Platform and/or the API Services made by or on behalf of the Provider (and "Modify" shall be construed accordingly);

"Personal Data" means personal data under any of the Data Protection Laws;

"Platform" means the platform managed by the Provider and used by the Provider to provide the API Services, including the application and database software for the API Services, the system and server software used to provide the API Services, and the computer hardware on which that application, database, system and server software is installed;

"Provider" means Webnetic s. r. o., a company incorporated in Slovakia (registration number 53451244) having its registered office at Sládkoviova 1071/29 038 53 Turany;

"Provider Confidential Information" means:

(a) any information disclosed by or on behalf of the Provider to the Customer at any time before the termination of the Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure was marked or described as "confidential" or should have been understood by the Customer (acting reasonably) to be confidential; and

(b) the terms of the Agreement;

"Renewal Period" means a period of 12 months starting at the end of the Initial Period or at the end of a previous Renewal Period;

"Security Modifications" means Modifications made or to be made wholly or primarily for the purpose of fixing a security issue relating to the Platform or the API Services, or otherwise enhancing the security of the Platform or the API Services;

"Services" means any services that the Provider provides to the Customer, or has an obligation to provide to the Customer, under the Agreement;

"Services Order Form" means an online order form for the API Services published by the Provider and completed and submitted by the Customer, or a hard-copy order form for the API Services signed or otherwise agreed by or on behalf of each party;

"Support Services" means support in relation to the use of, and the identification and resolution of errors in, the API Services;

"Term" means the term of the Agreement, commencing in accordance with Clause 3.1 and ending in accordance with Clause 3.2; and

"UK GDPR" means the EU GDPR as transposed into UK law (including by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) and all other UK laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time.

2. Credit

LAST UPDATED: 9/6/2024

2.1 This document was created using a template from Docular (https://docular.net). You must retain the above credit. Use of this document without the credit is an infringement of copyright. However, you can purchase from us an equivalent document that does not include the credit.

3. Term

3.1 The Agreement shall come into force upon the Effective Date.

3.2 The Agreement shall continue in force indefinitely subject to termination in accordance with Clause 15 or any other provision of the Agreement.

3.3 Unless the parties expressly agree otherwise in writing, each Services Order Form shall create a distinct contract between the parties.

4. API Services

4.1 The Provider shall provide to the Customer upon or promptly following the Effective Date the Access Credentials necessary to enable the Customer to access and use the API Services.

4.2 The Provider hereby grants to the Customer a worldwide, non-transferable, non-exclusive licence to make calls to the API Services by means of the Customer Applications for the internal business purposes of the Customer in accordance with the Documentation during the Term.

4.3 The licence granted by the Provider to the Customer under Clause 4.2 is subject to the following limitations:

(a) the calls made to the API Services must not exceed those limitations specified in the Documentation or notified by the Provider (acting reasonably) to the Customer in writing from time to time; and

(b) the use of computational, bandwidth and storage resources of the Platform must not exceed those limitations specified in the Documentation or notified by the Provider (acting reasonably) to the Customer in writing from time to time.

4.4 Except to the extent expressly permitted in the Agreement or required by law on a non-excludable basis, the licence granted by the Provider to the Customer under Clause 4.2 is subject to the following prohibitions:

(a) the Customer must not sub-license its right to access and use the API Services;

(b) the Customer must not permit any unauthorised person or application to access or use the API Services;

(c) the Customer must not use the API Services to provide services to third parties, except for internal use within the Customer's organization for business purposes, or sharing with authorized partners or affiliates for collaboration purposes, provided they comply with these terms;;

(d) the Customer must not republish or redistribute any content or material from the API Services, except for internal use within the Customer's organization for business purposes, or sharing with authorized partners or affiliates for collaboration purposes, provided they comply with these terms;;

(e) the Customer must not make any alteration to the Platform, except as permitted by the Documentation;

(f) the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or API Services without the prior written consent of the Provider;

(g) the Customer must not use the API Services to monitor their availability, performance, or functionality or for any benchmarking purpose;

(h) the Customer must not use the API Services to create or supply any products or services that compete with or are intended to compete with, or that provide or will provide identical or similar functionality to, the API Services or any other products or services of the Provider;

(i) the Customer must not use the API Services to create, generate, train, verify or test any machine learning or other artificial intelligence systems, tools, applications, algorithms or models that compete with or are intended to compete with, or provide or will provide identical or similar functionality to, the API Services or any other products or services of the Provider; and

(j) the Customer must not reverse engineer, decompile, disassemble or otherwise attempt to discover the software code (including source code, intermediate code or object code) of the Platform or API Services or the underlying algorithms or models used by the Platform or API Services.

4.5 The Customer shall implement and maintain reasonable security measures relating to the Access Credentials to ensure that no unauthorised application or person may gain access to the API Services by means of the Access Credentials.

4.6 The parties acknowledge and agree that Schedule 1 (Availability SLA) shall govern the availability of the API Services.

4.7 The Customer must not use the API Services in any way that causes, or may cause, damage to the API Services or Platform or impairment of the availability or accessibility of the API Services.

4.8 The Customer must not use the API Services in any way that uses excessive Platform resources and as a result is liable to cause a material degradation in the services provided by the Provider to its other customers using the Platform; and the Customer acknowledges that the Provider may use reasonable technical measures to limit the use of Platform resources by the Customer for the purpose of assuring services to its customers generally.

4.9 The Customer must not use the API Services:

(a) in any way that is unlawful, illegal, fraudulent or harmful; or

(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

4.10 For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

5.Customer Data

LAST UPDATED: 9/6/2024

5.1 The Customer hereby grants to the Provider a non-exclusive, worldwide licence to:

(a) copy, store and transmit the Customer Data;

(b) edit, translate and create derivative works of the Customer Data; and

(c) distribute and publish the Customer Data to persons, to the extent reasonably required for the performance of the obligations of the Provider under the Agreement. The Customer also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers strictly for this purpose and subject to any express restrictions elsewhere in the Agreement.

5.2 The Customer hereby grants to the Provider a non-exclusive, worldwide licence to use the Customer Data for the purposes of creating, generating, training, testing and verifying the machine learning and other artificial intelligence systems, tools, applications, algorithms and models of the Provider, providing that such use must not involve the processing of any Customer Personal Data and providing that such systems, tools, applications, algorithms and models must not incorporate any Customer Data. The Provider also grants to the Customer the right to sub-license these rights to sub-licensees for the performance of the obligations and the exercise of the rights of the Provider under the Agreement for the performance of the obligations and the exercise of the rights of the Provider under the Agreement, subject to any express restrictions elsewhere in the Agreement, subject to any express restrictions elsewhere in the Agreement.

5.3 The Customer hereby grants to the Provider a non-exclusive, worldwide licence:

(a) to use the Customer Data to create aggregated datasets concerning relating to the performance and improvement of the API Services, providing that those aggregated datasets must not incorporate any Customer Personal Data, any other Personal Data supplied or made available by the Customer to the Provider, or any information contained in or derived from the Customer Data that identifies the Customer or that identifies any other organisation, business or person (legal or natural); the Customer also grants to the Provider a right to sub-license these rights to to sub-licensees for set forth in this Agreement, subject to the express restrictions elsewhere in the Agreement; and

(b) insofar as the use of those aggregated datasets requires the permission of the Customer, to make unrestricted use of those aggregated datasets, including sub-licensing all or any of the rights therein to any third party or third parties.

5.4 The Customer warrants to the Provider that the Customer Data when used by the Provider in accordance with the Agreement will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law.

5.5 The Provider shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable the Provider to restore the API Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 30 days.

5.6 Within the period of 1 Business Day following receipt of a written request from the Customer, the Provider shall use all reasonable endeavours to restore to the Platform the Customer Data stored in any back-up copy created and stored by the Provider in accordance with Clause 5.5. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration.

6. Scheduled Maintenance and Modifications

LAST UPDATED: 9/6/2024

6.1 The Provider may from time to time conduct scheduled maintenance upon and/or Modify the API Services and/or the Platform, and may permit its services providers to do so, in accordance with this Clause 6.

6.2 The Customer acknowledges that a Modification may change the API Services and may have an adverse effect on the use of the API Services by the Customer (without prejudice to the obligations of the Provider under this Clause 6).

6.3 The Provider shall ensure that no Modification shall result in the removal or restriction of functionality that is specified as protected functionality in the Documentation as constituted at the Effective Date, or that the parties otherwise agree in writing shall constitute protected functionality.

6.4 The Provider must give to the Customer at least 60 days' prior written notice of any Modifications that:

(a) remove or restrict any exposed API Services function;

(b) change any exposed API Services function definition (including function names and parameters);

(c) may change the return value of an exposed API Services function for any given set of arguments and other applicable data inputs; or

(d) materially diminish the features, functionality, performance and/or security of the API Services as constituted from time to time.

6.5 Without prejudice to the other provisions of this Clause 6, the Provider must give to the Customer at least 30 days' written notice of any Modification.

6.6 This Clause 6.6 shall apply with respect to Security Modifications:

(a) the Provider shall apply Security Modifications issued by any third party responsible for maintaining any element of the Platform to the Platform promptly following the release of the relevant Security Modification, providing that the Provider may acting reasonably decide not to apply any particular third party Security Modification;

(b) with respect to elements of the API Services that are not maintained by a third party, the Provider shall apply an appropriate Security Modification to the relevant elements of the API Services as soon as practicable following the Provider becoming aware of a material security issue affecting the API Services and arising out of such elements; and

(c) notwithstanding the other provisions of this Clause 6, the Provider may acting reasonably notify a Security Modification to the Customer at any time before before or promptly following the application of that Security Modification.

6.7 The Provider shall where practicable give to the Customer at least 5 Business Days' prior written notice of scheduled maintenance that will, or is likely to, affect the availability of the API Services or have a material negative impact upon the API Services.

6.8 The Provider shall ensure that all scheduled maintenance is carried out outside Business Hours.

6.9 The Provider shall ensure that, during each calendar month, the aggregate period during which the API Services are unavailable as a result of scheduled maintenance, or negatively affected by scheduled maintenance to a material degree, does not exceed 24 hours.

7. Support Services

LAST UPDATED: 9/6/2024

7.1 The Provider shall provide the Support Services to the Customer during the Term.

7.2 The Provider shall provide the Support Services in accordance with the standards of skill and care reasonably expected from a leading service provider in the Provider's industry.

7.3 The Provider shall provide the Support Services in accordance with Schedule 2 (Support SLA).

7.4 The Provider may suspend the provision of the Support Services if any amount due to be paid by the Customer to the Provider under the Agreement is overdue, and the Provider has given to the Customer at least 30 days' written notice, following the amount becoming overdue, of its intention to suspend the Support Services on this basis.

8. No Assignment of Intellectual Property Rights

LAST UPDATED: 9/6/2024

8.1 Nothing in the Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.

9. Charges

LAST UPDATED: 9/6/2024

9.1 The Customer shall pay the Charges to the Provider in accordance with the Agreement.

9.2 If the Charges are based in whole or part upon the time spent by the Provider performing the Services, the Provider must obtain the Customer's written consent before performing Services that result in any estimate of time-based Charges given to the Customer being exceeded or any budget for time-based Charges agreed by the parties being exceeded; and unless the Customer agrees otherwise in writing, the Customer shall not be liable to pay to the Provider any Charges in respect of Services performed in breach of this Clause 9.2.

9.3 All amounts stated in or in relation to the Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, which will be added to those amounts and payable by the Customer to the Provider.

9.4 The Provider may elect to vary any element of the Charges by giving to the Customer not less than 30 days' written notice of the variation expiring on any anniversary of the date of execution of the Agreement, providing that no such variation shall constitute a percentage increase in the relevant element of the Charges that exceeds 2% over the percentage increase, since the date of the most recent variation of the relevant element of the Charges under this Clause 9.4 (or, if no such variation has occurred, since the date of execution of the Agreement), in the Retail Prices Index (all items) published by the UK Office for National Statistics.

10. Payments

LAST UPDATED: 9/6/2024

10.1 The Provider shall issue invoices for the Charges to the Customer on or after the invoicing dates set out in Section 4 of the Services Order Form.

10.2 The Customer must pay the Charges to the Provider within the period of 30 days following the receipt of an invoice issued in accordance with this Clause 10.

10.3 The Customer must pay the Charges by debit card, credit card, direct debit or bank transfer (using such payment details as are notified by the Provider to the Customer from time to time).

10.4 If the Customer does not pay any amount properly due to the Provider under the Agreement, the Provider may charge the Customer interest on the overdue amount at the rate of the base rate of VUB Bank (https://www.vub.sk/). (which interest will accrue daily until the date of actual payment and be compounded at the end of each calendar month). The Provider acknowledges and agrees that it shall have no right to claim interest or statutory compensation under the Late Payment of Commercial Debts (Interest) Act 1998, and that its contractual rights under this Clause 10.4 constitute a substantial remedy within the meaning of that Act.

11. Confidentiality Obligations

LAST UPDATED: 9/6/2024

11.1 The Provider must:

(a) keep the Customer Confidential Information strictly confidential;

(b) not disclose the Customer Confidential Information to any person without the Customer's prior written consent, and then only under conditions of confidentiality [approved in writing by the Customer] OR [no less onerous than those contained in the Agreement];

(c) use the same degree of care to protect the confidentiality of the Customer Confidential Information as the Provider uses to protect the Provider's own confidential information of a similar nature, being at least a reasonable degree of care;

(d) act in good faith at all times in relation to the Customer Confidential Information; and

(e) not use or allow the use of any of the Customer Confidential Information for any purpose other than [specify purposes].

11.2 The Customer must:

(a) keep the Provider Confidential Information strictly confidential;

(b) not disclose the Provider Confidential Information to any person without the Provider's prior written consent, and then only under conditions of confidentiality [approved in writing by the Provider] OR [no less onerous than those contained in the Agreement];

(c) use the same degree of care to protect the confidentiality of the Provider Confidential Information as the Customer uses to protect the Customer's own confidential information of a similar nature, being at least a reasonable degree of care;

(d) act in good faith at all times in relation to the Provider Confidential Information; and

(e) not use or allow the use of any of the Provider Confidential Information for any purpose other than [specify purposes].

11.3 Notwithstanding Clauses 11.1 and 11.2, a party's Confidential Information may be disclosed by the other party to that other party's officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Confidential Information that is disclosed for the performance of their work with respect to the Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Confidential Information that is disclosed.

11.4 No obligations are imposed by this Clause 11 with respect to:

(a) the Confidential Information of a party that is known to the other party before disclosure under the Agreement and is not subject to any other obligation of confidentiality;

(b) the Confidential Information of a party that is or becomes publicly known through no act or default of the other party;

(c) the Confidential Information of a party that is obtained by the other party from a third party in circumstances where the other party has no reason to believe that there has been a breach of an obligation of confidentiality; or

(d) information that is independently developed by a party without reliance upon or use of any Confidential Information of the other party.

11.5 The restrictions in this Clause 11 do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation, or by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of either party on any recognised stock exchange. If a party makes a disclosure to which this Clause 11.5 applies then, to the extent permitted by applicable law, that party shall promptly notify the other party of the fact of the disclosure, the identity of the disclosee, and the Confidential Information disclosed.

11.6 Upon the termination of the Agreement, each party must immediately cease to use the other party's Confidential Information.

11.7 Within 5 Business Days following the date of effective termination of the Agreement, the relevant party must:

(a) irreversibly delete from its media and computer systems all copies of the other party's Confidential Information (and ensure that the other party's Confidential Information is irreversibly deleted from the media and computer systems of all persons to whom the relevant party has directly or indirectly disclosed that Confidential Information);

(b) ensure that no other copies of the other party's Confidential Information remain in the relevant party's possession or control (or the possession or control of any person to whom the relevant party has directly or indirectly disclosed the other party's Confidential Information);

(c) certify in writing to the other party that it has complied with the requirements of this Clause 11.7, subject in each case to any obligations that the relevant party has under the Agreement to supply or make available to the other party any data or information, and providing that the relevant party shall have no obligation under this Clause 11.7 to delete or to cease to possess or control any of the other party's Confidential Information to the extent that the relevant party is required by applicable law to retain that Confidential Information, or to the extent that the Confidential Information is contained in to the extent that the Confidential Information is contained in excluded document types defined in this Agreement.

11.8 The provisions of this Clause 11 shall continue in force indefinitely following the termination of the Agreement.

12. Data Protection

LAST UPDATED: 9/6/2024

12.1 The Provider shall comply with the Data Protection Laws with respect to the processing of the Customer Personal Data.

12.2 The Customer warrants to the Provider that it has the legal right to disclose all Personal Data that it does in fact disclose to the Provider under or in connection with the Agreement.

12.3 The Customer shall only supply to the Provider, and the Provider shall only process, in each case under or in relation to the Agreement:

(a) the Personal Data of data subjects falling within the categories specified in Section 1 of Schedule 3 (Data processing information) (or such other categories as may be agreed by the parties in writing); and

(b) Personal Data of the types specified in Section 2 of Schedule 3 (Data processing information) (or such other types as may be agreed by the parties in writing).

12.4 The Provider shall only process the Customer Personal Data for the purposes specified in Section 3 of Schedule 3 (Data processing information).

12.5 The Provider shall only process the Customer Personal Data during the Term and for not more than 30 days following the end of the Term, subject to the other provisions of this Clause 12.

12.6 The Provider shall only process the Customer Personal Data on the documented instructions of the Customer (including with regard to transfers of the Customer Personal Data to a third country under the Data Protection Laws), as set out in the Agreement or any other document agreed by the parties in writing.

12.7 The Customer hereby authorises the Provider to make the following transfers of Customer Personal Data:

(a) the Provider may transfer the Customer Personal Data internally to its own employees, offices and facilities in Slovakia;

(b) the Provider may transfer the Customer Personal Data to its third party processors in the jurisdictions identified in Section 5 of Schedule 3 (Data processing information) and may permit its third party processors to make such transfers, providing that such transfers must be protected by any appropriate safeguards identified therein; and

(c) the Provider may transfer the Customer Personal Data to a country, a territory or sector to the extent that the competent data protection authorities have decided that the country, territory or sector ensures an adequate level of protection for Personal Data.

12.8 The Provider shall promptly inform the Customer if, in the opinion of the Provider, an instruction of the Customer relating to the processing of the Customer Personal Data infringes the Data Protection Laws.

12.9 Notwithstanding any other provision of the Agreement, the Provider may process the Customer Personal Data if and to the extent that the Provider is required to do so by applicable law. In such a case, the Provider shall inform the Customer of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

12.10 The Provider shall ensure that persons authorised to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

12.11 The Provider shall implement appropriate technical and organisational measures to ensure an appropriate level of security for the Customer Personal Data, including those measures specified in Section 4 of Schedule 3 (Data processing information).

12.12 The Provider must not engage any third party to process the Customer Personal Data without the prior specific or general written authorisation of the Customer. In the case of a general written authorisation, the Provider shall inform the Customer at least 14 days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Customer objects to any such changes before their implementation, then the Customer may terminate the Agreement on 7 days' written notice to the Provider, providing that such notice must be given within the period of 7 days following the date that the Provider informed the Customer of the intended changes. The Provider shall ensure that each third party processor is subject to the same legal obligations as those imposed on the Provider by this Clause 12.

12.13 As at the Effective Date, the Provider is hereby authorised by the Customer to engage, as sub-processors with respect to Customer Personal Data, third parties within the categories identified in Section 5 of Schedule 3 (Data processing information).

12.14 The Provider shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Customer with the fulfilment of the Customer's obligation to respond to requests exercising a data subject's rights under the Data Protection Laws.

12.15 The Provider shall assist the Customer in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 12.15.

12.16 The Provider must notify the Customer of any Personal Data breach affecting the Customer Personal Data without undue delay and, in any case, not later than 24 hours after the Provider becomes aware of the breach.

12.17 The Provider shall make available to the Customer all information necessary to demonstrate the compliance of the Provider with its obligations under this Clause 12 and the Data Protection Laws. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 12.17, providing that no such charges shall be levied with respect to the completion by the Provider (at the reasonable request of the Customer, not more than once per calendar year) of the standard information security questionnaire of the Customer.

12.18 The Provider shall, at the choice of the Customer, delete or return all of the Customer Personal Data to the Customer after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.

12.19 The Provider shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer in respect of the compliance of the Provider's processing of Customer Personal Data with the Data Protection Laws and this Clause 12. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 12.19, providing that no such charges shall be levied where the request to perform the work arises out of any breach by the Provider of the Agreement or any security breach affecting the systems of the Provider.

12.20 If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under the Agreement, then the parties shall use their best endeavours promptly to agree such variations to the Agreement as may be necessary to remedy such non-compliance.

13. Warranties

LAST UPDATED: 9/6/2024

13.1 The Provider warrants to the Customer that:

(a) the Provider has the legal right and authority to enter into the Agreement and to perform its obligations under the Agreement;

(b) the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider's rights and the fulfilment of the Provider's obligations under the Agreement; and

(c) the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under the Agreement.

13.2 The Provider warrants to the Customer that:

(a) the Platform and API Services will conform in all material respects with the API Services Specification;

(b) the API Services will be free from API Services Defects;

(c) the Platform will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs; and

(d) the Platform will incorporate security features reflecting the requirements of good industry practice.

13.3 The Provider warrants to the Customer that the API Services, when used by the Customer in accordance with the Agreement, will not breach any laws, statutes or regulations applicable under English law.

13.4 The Provider warrants to the Customer that the API Services, when used by the Customer in accordance with the Agreement, will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.

13.5 If the Provider reasonably determines, or any third party alleges, that the use of the API Services by the Customer in accordance with the Agreement infringes any person's Intellectual Property Rights, the Provider may at its own cost and expense:

(a) modify the API Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or

(b) procure for the Customer the right to use the API Services in accordance with the Agreement.

13.6 The Customer warrants to the Provider that it has the legal right and authority to enter into the Agreement and to perform its obligations under the Agreement.

13.7 All of the parties' warranties and representations in respect of the subject matter of the Agreement are expressly set out in the Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Agreement will be implied into the Agreement or any related contract.

14. Limitations and Exclusions of Liability

14.1 Nothing in the Agreement will:

(a) limit or exclude any liability for death or personal injury resulting from negligence;

(b) limit or exclude any liability for fraud or fraudulent misrepresentation;

(c) limit any liabilities in any way that is not permitted under applicable law; or

(d) exclude any liabilities that may not be excluded under applicable law.

14.2 The limitations and exclusions of liability set out in this Clause 14 and elsewhere in the Agreement:

(a) are subject to Clause 14.1; and

(b) govern all liabilities arising under the Agreement or relating to the subject matter of the Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in the Agreement.

14.3 The Provider shall not be liable to the Customer in respect of any losses arising out of a Force Majeure Event.

14.4 The Provider shall not be liable to the Customer in respect of any loss of profits or anticipated savings.

14.5 The Provider shall not be liable to the Customer in respect of any loss of revenue or income.

14.6 The Provider shall not be liable to the Customer in respect of any loss of use or production.

14.7 The Provider shall not be liable to the Customer in respect of any loss of business, contracts or opportunities.

14.8 The Provider shall not be liable to the Customer in respect of any loss or corruption of any data, database or software; providing that this Clause 14.8 shall not protect the Provider unless the Provider has fully complied with its obligations under Clause 5.5 and Clause 5.6.

14.9 The Provider shall not be liable to the Customer in respect of any special, indirect or consequential loss or damage.

14.10 The liability of the Provider to the Customer under the Agreement in respect of any event or series of related events shall not exceed the greater of:

(a) 2000; and

(b) the total amount paid and payable by the Customer to the Provider under the Agreement in the 12-month period preceding the commencement of the event or events.

14.11 The aggregate liability of the Provider to the Customer under the Agreement shall not exceed the greater of:

(a) 2000; and

(b) the total amount paid and payable by the Customer to the Provider under the Agreement.

15. Termination

LAST UPDATED: 9/6/2024

15.1 The Provider may terminate the Agreement by giving to the Customer not less than 30 days' written notice of termination expiring at the end of any calendar month. The Customer may terminate the Agreement by giving to the Provider not less than 30 days' written notice of termination, expiring at the end of any calendar month.

15.2 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:

(a) the other party commits any material breach of the Agreement, and the breach is not remediable;

(b) the other party commits a material breach of the Agreement, and the breach is remediable but the other party fails to remedy the breach within the period of 30 days following the giving of a written notice to the other party requiring the breach to be remedied; or

(c) the other party persistently breaches the Agreement (irrespective of whether such breaches collectively constitute a material breach).

15.3 Subject to applicable law, either party may terminate the Agreement immediately by giving written notice of termination to the other party if:

(a) the other party:

(i) is dissolved;

(ii) ceases to conduct all (or substantially all) of its business;

(iii) is or becomes unable to pay its debts as they fall due;

(iv) is or becomes insolvent or is declared insolvent; or

(v) convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;

(b) an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;

(c) an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under the Agreement); or

(d) if that other party is an individual:

(i) that other party becomes incapable of managing his or her own affairs as a result of illness or incapacity; or

(ii) that other party is the subject of a bankruptcy petition or order, and if that other party dies then the Agreement shall automatically terminate.

15.4 The Provider may terminate the Agreement immediately by giving written notice to the Customer if:

(a) any amount due to be paid by the Customer to the Provider under the Agreement is unpaid by the due date and remains unpaid upon the date that that written notice of termination is given; and

(b) the Provider has given to the Customer at least 30 days' written notice, following the failure to pay, of its intention to terminate the Agreement in accordance with this Clause 15.4.

15.5 The Agreement may only be terminated in accordance with its express provisions.

16. Effects of Termination

LAST UPDATED: 9/6/2024

16.1 Upon the termination of the Agreement, all of the provisions of the Agreement shall cease to have effect, save that the following provisions of the Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 4.10, 10.2, 10.4, 11, 12, 14, 16, 18 and 19.

16.2 Except to the extent expressly provided otherwise in the Agreement, the termination of the Agreement shall not affect the accrued rights of either party.

16.3 Within 30 days following the termination of the Agreement for any reason:

(a) the Customer must pay to the Provider any Charges in respect of Services provided to the Customer before the termination of the Agreement; and

(b) the Provider must refund to the Customer any Charges paid by the Customer to the Provider in respect of Services that were to be provided to the Customer after the termination of the Agreement, without prejudice to the parties' other legal rights.

17. Effects of termination

LAST UPDATED: 9/6/2024

17.1 Subject to any express restrictions elsewhere in the Agreement, the Provider may subcontract any of its obligations under the Agreement, providing that the Provider must give to the Customer, promptly following the appointment of a subcontractor, a written notice specifying the subcontracted obligations and identifying the subcontractor in question.

17.2 The Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.

17.3 Notwithstanding the provisions of this Clause 17 but subject to any other provision of the Agreement, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.

18. General

LAST UPDATED: 9/6/2024

18.1 No breach of any provision of the Agreement shall be waived except with the express written consent of the party not in breach.

18.2 If any provision of the Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions of the Agreement will continue in effect. If any unlawful and/or unenforceable provision would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect (unless that would contradict the clear intention of the parties, in which case the entirety of the relevant provision will be deemed to be deleted).

18.3 The Agreement may not be varied except by a written document signed by or on behalf of each of the parties.

18.4 Neither party may without the prior written consent of the other party assign, transfer, charge, license or otherwise deal in or dispose of any contractual rights or obligations under the Agreement.

18.5 The Agreement is made for the benefit of the parties and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to the Agreement are not subject to the consent of any third party.

18.6 Subject to Clause 14.1, the Agreement shall constitute the entire agreement between the parties in relation to the subject matter of the Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.

18.7 The Agreement shall be governed by and construed in accordance with English law.

18.8 The courts of England shall have exclusive jurisdiction to adjudicate any dispute arising under or in connection with the Agreement.

19. Interpretation

LAST UPDATED: 9/6/2024

19.1 In the Agreement, a reference to a statute or statutory provision includes a reference to:

(a) that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and

(b) any subordinate legislation made under that statute or statutory provision.

19.2 The Clause headings do not affect the interpretation of the Agreement.

19.3 References in the Agreement to "calendar months" are to the 12 named periods (January, February and so on) into which a year is divided.

19.4 In the Agreement, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

SCHEDULE 1 (Availability SLA)

LAST UPDATED: 9/6/2024

1. Introduction to Availability SLA

1.1 This Schedule 1 sets out the Provider's availability commitments relating to the API Services.

1.2 In this Schedule 1, "uptime" means the percentage of time during a given period when the API Services are available at the gateway between public internet and the network of the hosting services provider for the API Services.

2. Availability

2.1 The Provider shall use reasonable endeavours to ensure that the uptime for the API Services is at least 70% during each calendar month.

2.2 The Provider shall be responsible for measuring uptime, and shall do so using any reasonable methodology.

2.3 The Provider shall report uptime measurements to the Customer in writing, in respect of each calendar month, within 10 Business Days following the end of the relevant calendar month.

3. Service Credits

3.1 In respect of each calendar month during which the API Services uptime is less than the commitment specified in Section 2.1, the Customer shall earn service credits in accordance with the provisions of this Section 3.

3.2 The service credits earned by the Customer shall be as follows: If the API Services uptime is less than 70.0% but at least 60.0% during a calendar month, the Customer shall earn service credits equal to 5% of the monthly service fee for that month. If the API Services uptime is less than 60.0% but at least 50.0% during a calendar month, the Customer shall earn service credits equal to 10% of the monthly service fee for that month. If the API Services uptime is less than 50.0% but at least 40.0% during a calendar month, the Customer shall earn service credits equal to 15% of the monthly service fee for that month. If the API Services uptime is less than 40.0% during a calendar month, the Customer shall earn service credits equal to 20% of the monthly service fee for that month.

3.3 The Provider shall deduct an amount equal to the service credits due to the Customer under this Section 3 from amounts invoiced in respect of the Charges for the API Services. All remaining service credits shall be deducted from each invoice issued following the reporting of the relevant failure to meet the uptime commitment, until such time as the service credits are exhausted.

3.4 Service credits shall be the sole remedy of the Customer in relation to any failure by the Provider to meet the uptime guarantee in Section 2.1, except where the failure amounts to a material breach of the Agreement.

3.5 Upon the termination of the Agreement, the Customer's entitlement to service credits shall immediately cease, save that service credits earned by the Customer shall be offset against any amounts invoiced by the Provider in respect of API Services following such termination.

4. Exceptions

4.1 Downtime caused directly or indirectly by any of the following shall not be considered when calculating whether the Provider has met the uptime guarantee given in Section 2.1:

(a) a Force Majeure Event;

(b) a fault or failure of the internet or any public telecommunications network;

(c) a fault or failure of the Provider's hosting infrastructure services provider, unless such fault or failure constitutes an actionable breach of the contract between the Provider and that company;

(d) a fault or failure of the Customer's computer systems or networks;

(e) any breach by the Customer of the Agreement; or

(f) scheduled maintenance carried out in accordance with the Agreement.

SCHEDULE 2 (Support SLA)

LAST UPDATED: 9/6/2024

1. Introduction

1.1 This Schedule 2 sets out the service levels applicable to the Support Services.

2. Helpdesk

2.1 The Provider shall make available to the Customer a helpdesk.

2.2 The Customer may use the helpdesk for the purposes of requesting and, where applicable, receiving the Support Services; and the Customer must not use the helpdesk for any other purpose.

2.3 The Provider shall ensure that the helpdesk is accessible by telephone, email and using the Provider's web-based ticketing system.

2.4 The Provider shall ensure that the helpdesk is operational and adequately staffed during Business Hours during the Term. In addition, the Provider shall provide a special telephone number for the Customer to report critical issues outside of Business Hours.

2.5 The Customer shall ensure that all requests for Support Services that it may make from time to time shall be made through the helpdesk.

3. Response and Resolution

3.1 Issues raised through the Support Services shall be categorised as follows:

(a) critical: the API Services are inoperable or a core function of the API Services is unavailable;

(b) serious: a core function of the API Services is significantly impaired;

(c) moderate: a core function of the API Services is impaired, where the impairment does not constitute a serious issue; or a non-core function of the API Services is significantly impaired; and

(d) minor: any impairment of the API Services not falling into the above categories; and any cosmetic issue affecting the API Services.

3.2 The Provider shall determine, acting reasonably, into which severity category an issue falls.

3.3 The Provider shall use all reasonable endeavours to respond to requests for Support Services promptly, and in any case in accordance with the following time periods:

(a) critical: 1 Business Hour;

(b) serious: 4 Business Hours;

(c) moderate: 1 Business Day; and

(d) minor: 5 Business Days.

3.4 The Provider shall ensure that its response to a request for Support Services shall include the following information (to the extent such information is relevant to the request): an acknowledgement of receipt of the request, where practicable an initial diagnosis in relation to any reported error, and an anticipated timetable for action in relation to the request.

3.5 The Provider shall use all reasonable endeavours to resolve issues raised through the Support Services promptly, and in any case in accordance with the following time periods:

(a) critical: 2 Business Hours;

(b) serious: 8 Business Hours;

(c) moderate: 4 Business Days; and

(d) minor: 10 Business Days.

4. Provision of Support Services

4.1 The Support Services shall be provided remotely, save to the extent that the parties agree otherwise in writing.

5. Limitations on Support Services

5.1 If the total hours spent by the personnel of the Provider performing the Support Services during any calendar month exceed 20 then:

(a) the Provider will cease to have an obligation to provide Support Services to the Customer during the remainder of that period; and

(b) the Provider may agree to provide Support Services to the Customer during the remainder of that period, but the provision of those Support Services will be subject to additional Charges.

5.2 The Provider shall have no obligation to provide Support Services:

(a) to the extent that the requested Support Services amount to general training in the use of the API Services;

(b) in respect of any issue that could have been resolved by a competent person who had received general training in the use of the API Services;

(c) in respect of any duplicate issue raised by or on behalf of the Customer;

(d) in respect of any issue caused by the improper use of the API Services by or on behalf of the Customer; or

(e) in respect of any issue caused by any alteration to the API Services, or to the configuration of the API Services, made without the prior written consent of the Provider.

SCHEDULE 3 (Data Processing Information)

LAST UPDATED: 9/6/2024

1. Categories of Data Subject

The employees and individual users of the API service operated by the Customer.

2. Types of Personal Data

IP addresses and other related metadata required for filtering and monitoring access.

3. Purposes of Processing

The personal data is processed for the purposes of filtering and monitoring access to the API service to ensure security, prevent unauthorized access, detect and mitigate potential cyber threats, and improve the performance and reliability of the service.

4. Security Measures for Personal Data

The personal data is temporarily stored in RAM and is not persisted to disk. The following security measures are implemented to protect personal data: Data Encryption: All data in transit is encrypted using industry-standard encryption protocols (e.g., HTTPS). Access Controls: Strict access controls are enforced to ensure that only authorized personnel have access to the data. Network Security: Firewalls and intrusion detection systems are used to protect the network from unauthorized access. Regular Audits: Regular security audits and vulnerability assessments are conducted to identify and mitigate potential security risks. Data Minimization: Only the minimum necessary personal data is collected and processed for the specified purposes.

5. Sub-processors of Personal Data

Currently, no sub-processors are engaged in the processing of personal data. In the event that sub-processors are engaged in the future, the following conditions will apply: Specific Authorizations: Any sub-processors will be identified and approved by the Customer prior to engagement. Categories of Sub-processor: Sub-processors will be limited to entities providing necessary technical support and infrastructure services. International Transfers: Any international transfers of personal data to sub-processors outside the EEA/UK will be conducted in compliance with applicable data protection laws, including the implementation of appropriate safeguards (e.g., standard contractual clauses).