General Terms & Conditions for the application of SaaS

1. Purpose

2. Definitions

The terms “ADDACTIS”, “Service Provider” “CLIENT”, “Territory”, “Effective Date” and “Initial Term” shall have the meanings assigned to them in the Special Terms and Conditions of the Contract.
Terms beginning with a capital letter in the contract as defined in Article 4 hereof, whether used in the singular or in the plural, shall have the meaning given to them below:

ADDACTIS GROUP
All companies whose share capital is more than 50% owned by the Belgian company ADDACTIS Group SA, registered under company number 0537.718.411 in the Banque Carrefour des Entreprises (Register of Legal Persons), and whose registered office is located at Avenue Louis 120, 1050 Ixelles (Belgium).

APPLICATION SERVICES
The operational functions of the addactis® Platform Software and associated Business Applications made available to the Client under the Contract. The scope of the Application Services is specified in the Special Terms and Conditions of the Contract.

ASSOCIATED SERVICES
The hosting of Client Data and the maintenance and security of the Application Services.

AUTHORISED CONTACT(S)
Contact person(s) designated by the Client from among its employees, the number of whom is specified in the Special Terms and Conditions of this Contract, who are authorised to contact the Service Provider’s support department in accordance with Article 10.1 below.

BENEFICIARIES
All the legal entities listed in Article 1 that may benefit from the use of the Application Services, in accordance with the terms of this Contract.

BUSINESS APPLICATION
The package subscribed to as part of the Application Services, comprising the addactis® software functionalities and optional “Add-ons”. The Business Applications are described in Annex 1 of the Special Terms and Conditions.

CLIENT DATA
Personal data, information, publications and, in general, all data in the Client’s database that is processed as part of the Contract.

ENVIRONMENT
All hardware and software components (i) enabling the operation and use of the Application Services by the Beneficiary or Beneficiaries designated in the Contract and (ii) giving rise to a single administrative and technical management activity (invoicing, Authorised contact person for the support service, licence management, production environment, etc.).

IDENTIFIERS
Both the username (“login”) and the connection password (“password”) transmitted after registration for the Application Services. The Identifiers of Authorised Contacts are allocated by the Service Provider after acceptance of the General Terms and Conditions of Use of the Services. Identifiers specific to Users are allocated by the Client itself, in accordance with Article 6.2 below.

INFRASTRUCTURE CHARACTERISTICS
The size, storage space and outgoing network transfer limit of the IT infrastructure hosting the Client’s Application Services Environment, which are referred to in Article 2 of the Special Terms and Conditions of the Contract, as well as all of its attributes defined by the Service Provider in accordance with the Scope of the Application Services.

LICENCE
The granting of the right to use the Application Services.

PARTIES
The Client and the Service Provider considered collectively.

PARTY
The Client or the Service Provider considered individually.

PERSONAL DATA
Data that directly or indirectly identifies a natural person, in accordance with current regulations on the protection of personal data.

SCOPE
The conditions referred to in Article 1 of the Special Terms and Conditions of the Contract under which the Client and the Beneficiaries are authorised to benefit from the Application Services. Any change to the Scope must first be submitted by the Client to the Service Provider, who is free to accept or refuse such change, and may lead to a change in the financial conditions and the Infrastructure Characteristics.

SERVICE FEE
The fee payable for the right to use the Application Services and benefit from the Associated Services.

SERVICES
All Application Services and Associated Services.

SOFTWARE
The addactis® Platform software mentioned in the Special Terms and Conditions of the Contract, as well as any other addactis® software that may be added to it within the framework of the Business Applications.

USAGE DATA
Data relating to the use of the Application Services by Users (IP addresses, etc.), enabling the Service Provider to develop and improve the Services and measure their application performance.

USER
The natural person placed under the Client’s responsibility (an employee of the Client) or under the legal entity’s responsibility (an employee of the legal entity), a Beneficiary who falls expressly within the Scope, and who benefits from access to the Application Services due to the granting of personal identifiers via a computer by virtue of an Application Services contract signed by the Client.

3. Intellectual Property

The Service Provider is also the exclusive owner of all the updates, new versions and services it provides as part of the ongoing maintenance of the Application Services. In addition, all titles and copyrights relating to the Application Services (including, without limitation, those relating to any image, photograph, animation, music, video or sound element, text, clipart, form or “applets” integrated into the Application Services) are owned by the Service Provider or by ADDACTIS Group SA.
The Contract does not grant the Client any right of ownership of the Application Services or their documentation. The temporary provision of the Application Services to the Client under the conditions set out in the Contract shall not be construed as the assignment or transfer of any intellectual property rights whatsoever, within the meaning of the provisions in force.

Consequently, the Client shall refrain from taking any action likely to infringe the intellectual property rights held by the Service Provider in respect of the Software and the Application Services; in particular, the Client shall refrain from reproducing any part of the Software or the Application Services, and any documentation relating thereto, by any means whatsoever, in any form whatsoever and on any medium whatsoever, and from altering or concealing, in any way whatsoever, the trademarks, distinctive signs and copyright notices affixed to the Application Services.

All rights not expressly granted to the Client in these Terms and Conditions are reserved for the Service Provider.
The Client may not assign, either in whole or in part, the rights and obligations arising from the Contract, whether as part of a temporary assignment, a sub-licence or any other contract providing for the transfer of the said rights and obligations.

4. Contractual Documents

The Contract for the Application Services comprises the following contractual documents, listed in order of decreasing legal force:

• The Special Terms and Conditions including its Annex
• The Service Level Agreement
• The General Terms and Conditions
• All Annexes related to the General Conditions.

The contractual documents referred to above constitute the entire agreement between the Parties. They supersede any previous oral or written commitment relating to the Application Services. Any new annex to the Special Terms and Conditions shall be the subject of an amendment signed by the Parties.
In the event of any discrepancy or contradiction between several provisions of the contractual documents referred to above, the provisions of the higher-ranking document shall prevail.

5. Effect, Term, Termination

The Contract takes effect on the Effective Date of the Application Services, as set out in the Special Terms and Conditions or, failing this, as notified in the first invoice issued by the Service Provider.

The Contract is entered into for the term specified in the Special Terms and Conditions relating to the Application Services (see “Initial Term”).
Beyond this Initial Term, the Contract shall be tacitly renewed for successive periods of one (1) year, unless terminated by one Party by means of a notification sent to the other Party by registered letter with acknowledgement of receipt, subject to compliance with a minimum notice period of three (3) months before the end of the Initial Term, and then three (3) months before the end of each annual renewal period, hereinafter referred to as the “Anniversary Date”.

If the Contract is not terminated, the Service Provider may notify the Client, by any written means, subject to providing at least three (3) months’ notice before the end of the initial Term, or three (3) months’ notice before each Anniversary Date, of the changes made to the Special Terms and Conditions which shall apply to the renewal of the Contract and notably the new amount of the Fee. If the Client refuses to apply the new Special Terms and Conditions previously notified and if no special agreement is reached between the Parties, the Client may terminate the Contract by registered letter with acknowledgement of receipt sent to the Service Provider, subject to compliance with a minimum period of at least two (2) months’ notice before the end of the Initial Term, or two (2) months’ notice before the Anniversary Date. In the absence of termination by the Client in accordance with the conditions specified above, the Contract shall be renewed in accordance with the Specific Terms and Conditions previously notified by the Service Provider.

6. Description of Services and Access

6.1 APPLICATION SERVICES AND RELATED SERVICES
The Service Provider shall make the Application Services available to the Client via the Internet using the latest stable version of Google Chrome, Mozilla Firefox or Microsoft Edge Chromium (the Client is responsible for subscribing to high-speed Internet access). In accordance with Article 7, the Service Provider grants the Client the right to use the Application Services on a non-exclusive basis. The Client, for its part, undertakes to comply with the conditions of use of the Application Services indicated by the Service Provider and with the conditions set out in the Contract.
In addition, the Service Provider shall provide the Client with Associated Services in accordance with the terms and conditions set out in the Contract. Any other service that the Client may wish to obtain from the Service Provider shall be excluded from the Contract and must be the subject of a separate contract or of an amendment to the Contract.

6.2 ACCESS TO THE APPLICATION SERVICES
Only Authorised Contacts are permitted to access the administration of the Application Services. Authorised Contacts are responsible for creating the personal Identifiers of each User and passing them on to each User in a confidential manner.
Users, including the Authorised Contact(s), may log in at any time during the time slots set out in the Service Level Agreement, with the exception of duly scheduled corrective and upgrade maintenance periods or under the conditions strictly provided for in the said document.
The Application Services are accessed by means of the Client’s Identifiers and/or those allocated to each User by the Authorised Contacts.
The Identifiers are intended to restrict access to the Application Services to Users only, including the Authorised Contact(s), and to protect the integrity and availability of the Application Services and the integrity, availability and confidentiality of the Client Data transmitted by Users.

6.3 CONFIDENTIALITY OF IDENTIFIERS
Identifiers are personal and confidential. The Client undertakes to do everything in its power to keep its identifiers secret and to refrain from divulging them in any form whatsoever.
The Client is entirely responsible for the use and safekeeping of the Identifiers issued to it. It shall ensure that no other person not authorised by the Service Provider can access the Application Services. In general, the Client assumes responsibility for the security of individual workstations accessing the Application Services. In the event of the Client becoming aware of access to the Application Services by an unauthorised person, or in the event of loss or theft of the Identifiers, the Client shall inform the Service Provider thereof without delay and confirm this by email with acknowledgement of receipt, sent to the following address: support-platform@addactis.com

7. Usage Rights

The Service Provider grants the Client a personal, non-exclusive, non-assignable and non-transferable right to use the Application Services for the number of Users and Beneficiaries and the Scope specified in the Special Terms and Conditions, for the entire term of the Contract, it being specified that this right of use is indivisibly linked to the subscription to the Associated Services, and that the Service Provider reserves the right to ask the Client for a list of the Users by name.
As the Contract is entered into on an intuitu personae basis and designed for the use of Services by identified Users, the Client may not assign, either in whole or in part, the rights and obligations arising from the Contract, whether as part of a temporary assignment, a sub-licence or any other contract providing for the transfer of the said rights and obligations, for free or against payment.

The Client and its Users may only use the Application Services in accordance with the Client’s requirements, the intended purpose and documentation of the Application Services and the general terms and conditions of use of the Services, which are binding on the Client and each User. The Licence relating to the Application Services is granted for the sole purpose of enabling the Client to use the said Services to the exclusion of any other purpose, under penalty of incurring its liability.

The usage right means the right to represent and implement the Application Services in accordance with their intended purpose, in SaaS (Service as a Software) mode via a connection to the Internet network.
Under no circumstances may the Client make the Application Services available to a third party or to a service provider of any kind in the context of outsourcing (particularly to an outsourcer), bearing in mind that unless a Special Condition has been expressly agreed, the usage right is granted solely to Users who are employees of the Client or employees of a Beneficiary included in the Scope, on the date of the exercise of their usage right.
The Client shall refrain from any other use whatsoever, particularly any adaptation or intervention (including to correct errors, as the Service Provider has sole authority to carry out corrective and evolutive maintenance) and including, but not limited to, any modification, translation, arrangement, distribution, decompilation, or efforts to circumvent any protection systems. Generally speaking, any use not expressly authorised by the Contract is unlawful, in accordance with the current provisions of the French Intellectual Property Code.

Lastly, in accordance with the applicable Intellectual Property law, the Service Provider expressly reserves the right to adapt and correct any anomalies that may arise during the use of the Application Services.

8. Conditions of Use by Beneficiaries

To ensure that the Contract also benefits the identified Users of the Beneficiaries expressly mentioned in the Special Terms and Conditions, the Client undertakes to obtain from Beneficiaries who have not signed the Contract:

• their agreement to conform to the terms and conditions of this Contract in the same way as if these Beneficiaries were the clients themselves;
• their agreement to conform to contracts or other documents required by the Service Provider, in respect of which the Beneficiaries undertake to comply with the same obligations towards the Service Provider as those incumbent on the Client under this Contract ; and
• their full liability to the Service Provider for all of their acts, omissions and breaches as if they were acts, omissions and breaches carried out by the Client itself.

9. Service Quality & Level – annual Monitoring Committee

9.1 SERVICE QUALITY AND LEVEL
The Service Provider shall perform all of its services in accordance with the rules of best professional practice and the conventions applicable to this field. It also guarantees the implementation of the Application Services in accordance with the conditions set out in the Service Level Agreement.
The Service Provider undertakes to implement effective controls to provide reasonable assurance that the Client can access and use the relevant Application Services at the times specified in the Contract, within the limit of the commitments per indicator specified in the Service Level Agreement.
The Infrastructure Characteristics have been defined with regard to the Scope. The Client undertakes to comply with the Scope, the Maximum Storage Space and Outgoing Network Transfer Limit specified in the Special Terms and Conditions. The Client must inform the Service Provider in the event of changes to the Scope or of an increase in its processing capacity requirements in order to consider a change to the Special Terms and Conditions and the redimensioning of the Infrastructure Characteristics, which will be agreed by common agreement of the Parties. Failing notification of the Service Provider, the latter shall be released from its Service Level Agreement obligations.
The Client is aware of the technical hazards inherent to the Internet and of any interruptions to access, unavailability or slowdowns that may result and affect the proper use of the Application Services; the Client may not hold the Service Provider liable in this respect alone. The Service Provider is not in a position to guarantee the continuity of the Application Services run remotely via the Internet, which the Client acknowledges.
In addition, the Application Services may be suspended from time to time due to maintenance work required for the proper operation of the Service Provider’s platform. In the event of interruption to the Application Services for maintenance, the Service Provider undertakes to comply with the conditions laid down in the Service Level Agreement. The Service Provider cannot be held liable for any impact this unavailability may have on the Client’s activities.
The availability factor of the Application Services is set in accordance with the conditions laid down in the Service Level Agreement.
With a view to the continuous improvement of the Application Services, the Service Provider collects and uses data derived from Usage Data in order to monitor statistics on the use of the Software’s functional modules (usage metrics, etc.), identify business trends, contribute to the design of future improvements to the Application Services and guarantee the effectiveness and security of the application solutions that the Service Provider develops for its clients.

9.2 MODIFICATION OF THE SERVICE LEVEL AGREEMENT
The Service Provider may notify the Client, by any written means, subject to providing at least three (3) months’ notice before the end of the initial Term, or three (3) months’ notice before each Anniversary Date, of the changes made to the Service Level Agreement which shall apply to the renewal of the Contract.
If the Client refuses to apply the new Service Level Agreement previously notified, the Client must terminate the Contract by registered letter with acknowledgement of receipt sent to the Service Provider, subject to compliance with a minimum period of at least two (2) months’ notice before the end of the Initial Term, or two (2) months’ notice before the Anniversary Date.
In the absence of termination by the Client under the conditions specified above, the Contract shall be renewed in accordance with the terms and conditions previously notified by the Service Provider.
In the event that major modifications prove necessary, the Parties undertake to negotiate in good faith and to amend the Service Level Agreement by means of an amendment to the Contract.

9.3 ANNUAL MONITORING COMMITTEE
As part of the performance of the Contract, an annual monitoring committee consisting of at least one representative of each Party (hereinafter the “Monitoring Committee”) shall be established by the Parties.
This Monitoring Committee is an opportunity for the Service Provider to review the preceding year with the Client:
– on the Application Services side: presentation of indicators for consumables, review of any interruptions to Services, calculation of the availability factor for the preceding year, compliance with the Service Levels Agreement;
– on the Business side: feedback from Users, discussions on the use of Application Services, Questions & Answers, discussions on future developments of Application Services (particularly in the context of regulatory changes).

Minutes will be drawn up following each meeting within eight working days. These minutes will be drawn up by one of the Parties to the Contract on an alternating basis and will be sent to the other Party for validation. In the absence of written reservations submitted by the other Party within eight working days of receipt of the report, the said report will be deemed to have been validated.

The Monitoring Committee is not authorised to take decisions liable to amend the provisions of the Contract.

10. User Support & Maintenance

Under the terms of the Contract, the Service Provider shall provide assistance to Users as well as corrective and evolutive maintenance services.

10.1 USER SUPPORT
The Authorised Contact(s) may contact the Service Provider’s Support and Operations team by email at: support-platform@addactis.com. The first point of contact is established through this channel and may be extended by telephone or email at the initiative of the Support and Operations team.
Support includes:
• the resolution of technical problems preventing access to or the normal operation of the Application Services;
• clarification of minor doubts about specific functionalities.

The support provided by the Service Provider to Users of Application Services is carried out in accordance with the conditions set out in the Service Level Agreement.
The Authorised Contacts are responsible for providing the Service Provider with a precise description of the difficulty encountered and, where appropriate, an extraction of the data used.
The Authorised Contact(s) must possess the necessary expertise relating to the operation of the Application Services. In this respect, the Client undertakes, on the recommendation of the Service Provider, to provide or ensure that the Authorised Contacts are provided with any training required to give them sufficient knowledge of the Application Services.
The support services cannot, under any circumstances, replace the training of Users and exclude any legal or actuarial advice.
The support services covered by this article do not include:
• assistance with the configuration or advanced parameterisation of the Application Services;
• advice or recommendations relating to the Client’s business processes;
• the resolution of difficulties not directly attributable to the Application Services (e.g. network or third-party).
These services must be the subject of a specific contract, if requested by the Client.

10.2 CORRECTIVE MAINTENANCE
For the corrective maintenance services, the Service Provider undertakes to correct or find a workaround solution to any incident affecting the operation of the Application Services resulting from use in accordance with the documentation, under the conditions set out in the Service Level Agreement. Workaround solutions are only temporary and must be supplemented by a permanent fix.
When the Service Provider corrects an incident, it will also provide any corrections, additions or modifications to the documentation previously provided that may prove necessary for the continued operation of the Application Services.

10.3 EVOLUTIVE MAINTENANCE
Evolutive maintenance operations are carried out by the Service Provider in order to enhance the functionalities provided by the Application Services and to take account of significant regulatory changes, in accordance with the conditions set out in the Service Level Agreement.
In the event of any substantial addition to the standards applicable to the functional scope of the Application Services by the regulator in the Client’s national territory, the Service Provider reserves the right to offer the corresponding new functionality as an additional module to the Application Services.

11. Data Ownership & Protection

11.1 DATA OWNERSHIP
The Client is and remains the owner of the Client Data that it uses or creates via the Application Services. The Client is solely responsible for the conformity, lawfulness and relevance of the Client Data and content that it integrates into the Application Services or transmits to any person for the purposes of using the Application Services and/or performing the Associated Services.
The Service Provider is and remains the owner of the Usage Data relating to the Application Services and Associated Services contracted by the Client, which enable the Service Provider to obtain information on the use of the said Services by the Users and Authorised Contact(s), in accordance with the Special Terms and Conditions, in order to improve the Client’s level of satisfaction. The Service Provider is responsible for anonymising any Personal Data contained in the Usage Data. The Service Provider provides the Client with information on the processing of Usage Data in accordance with the GDPR via the Application Services.

11.2 PERSONAL DATA PROTECTION
In the context of their activities, the Parties declare that they are required to comply with national and European legislation and regulations relating to the protection of personal data (hereinafter the “Applicable Regulations”), notably the General Data Protection Regulation No 2016/679 (GDPR), in force and as subsequently amended or modified.
Under this Contract, the Service Provider may process personal data on behalf of the Client. The nature of this processing and the respective obligations of the Parties with regard to the protection of personal data are defined in Annex 1 “Protection of Personal Data”, which forms an integral part of the Contract.
In addition, via the Client, the Service Provider shall collect and process certain personal data of the Client’s legal representative(s) and some of the Client’s employees (hereinafter the “Data Subjects”).
The categories of personal data collected and processed by the Service Provider are the surname, first name, job title, professional e-mail address and professional telephone number of the Data Subjects.
This data processed by the Service Provider is used for the following purposes:

•  the negotiation, execution and performance of this Contract;
•  management of the administrative, commercial and financial aspects of this Contract.

This data may only be transmitted to the Service Provider and its staff for the above-mentioned purposes and in compliance with the Applicable Regulations.

12. Financial Conditions

12.1 SERVICE FEE
The amount of the annual Service Fee is specified in the Special Terms and Conditions (hereinafter “Service Fee(s)”). The amount is always expressed in euros (€) or US dollars (USD) and is exclusive of tax and charges; any withholding tax applicable in the Client’s country will be automatically added to the amount of the Service Fee at the time of invoicing.

The amount of the Service Fee is set in consideration of use that complies with the Special Terms and Conditions, the General Terms and Conditions of Use of the Services and, more generally, customary practice. It is the Client’s responsibility to inform the Service Provider of any increase in its requirements in order to consider amending the Special Terms and Conditions.
The following services, all of which are optional, are not included in the Service Fee and will be invoiced separately:
• training services;
• technical support services other than User support and maintenance provided for in the Contract (see Article 10);
• more generally, any services not expressly included in the Application Services.
In addition, any amendment to the Special Terms and Conditions, or any request from the Client not provided for in the Special Terms and Conditions, is subject to the Service Provider’s agreement and may give rise to an additional charge, in accordance with the Service Provider’s price list, and to a reduction in any commercial discount granted when the amount of the Service Fee was set.
Any use that does not comply with the Special Terms and Conditions shall expose the Client to unilateral termination of the Contract by the Service Provider, without prejudice to the latter’s right to claim just compensation.

12.2 REVISION METHODS
12.2.1 Annual revision by indexation
The amount of the Service Fee may be revised upwards each year in line with the change in the consumer price index “CPI: All items excluding food and energy” (hereinafter referred to as the “CPI”) published by the Organisation for Economic Co-operation and Development (OECD) for the G7 zone, or by applying an increase of 5% if the change recorded, in accordance with the following stipulations, was lower.
The amount of the Service Fee after annual revision is obtained using the formula:
T (N+1) = T (N) x (1+max [5%, (S (N) / S (N-1))])
With:
T (N+1): Service Fee rate applicable for year N+1;
T (N): initial Service Fee rate defined in this Contract for the first revision, and then the Service Fee rate applicable for year N;
S (N): last CPI value published three (3) months before the Anniversary Date of year N;
S (N-1): value of the CPI for the year N-1 (or value of the CPI on the date of signature of the Contract for the first revision only).

12.2.2 Ad hoc revision
Apart from the option of annual revision by indexation, two types of ad hoc revision may be implemented at the Service Provider’s initiative:

• the option to revise the amount of the Service Fee prior to each renewal of the Contract, in accordance with Article 5 paragraph 4 of the General Terms and Conditions,
• the option to pass on automatically to the amount of the Service Fee any increase in the price (excluding tax) of hosting the Application Services or of any other service required for the proper operation of the Application Services and provided by an external service provider, subject to providing at least one (1) month’s notice, provided that the said increase is greater than 2% of the price (excluding tax) of the said service in force on the day of signature of the Contract with the Client. This option does not apply during the Initial term set out in Article 4 of the Special Terms and Conditions.

However, if the increase in the Service Fee resulting from passing on the said price increases exceeds 15% of the amount of the Service Fee for the current year, the Client may terminate the Contract early by sending a registered letter with acknowledgement of receipt to the Service Provider, subject to providing at least one (1) month’s notice.

12.3 TERMS OF SERVICES
Invoices are issued annually on a payable-in advance basis.
If the Client’s invoicing process requires the Service Provider to include a purchase order number, a commitment number or any other reference on its invoices, the Client must inform the Service Provider of these constraints when the Contract is signed.

12.4 TERMS OF PAYMENT
The Service Fee invoices are issued in euros or US dollars and are payable on receipt of the invoice, by bank transfer or direct debit, in euros or, if provided for in the Special Terms and Conditions, in US dollars.
In the event of a bank transfer, the transfer must be made into the account indicated in Annex 2 and, in any event, must be effective, at the latest, at the end of the month preceding the effective date of the Contract for the initial Term and, at the latest, at the end of the month preceding the anniversary date for renewals.
In the case of direct debit, this must be set up to take effect during the month preceding the effective date of the Contract. If the Client opts for direct debit during the term of the Contract, it must ensure that the direct debit takes effect during the month preceding the anniversary date.
In addition to the fixed collection charge of forty (40) euros in accordance with the legislation in force, any sum not paid on the due date will give rise to the payment by the Client of penalties set at five (5) times the legal interest rate in force, with a minimum amount of €500. The Service Provider shall automatically be liable for these penalties, without any formality or prior notice, and all sums owed by the Client shall become immediately payable, without prejudice to any other action that the Service Provider may be entitled to take in this respect, it being specified that the Service Provider also reserves the right to suspend or cancel the provision of any Services or other offerings to the Client.

12.5 NON-PAYMENT
In addition to late-payment penalties and without prejudice to any damages, failure by the Client to pay a Service Fee invoice or any other invoice from the Service Provider by the due date may result in the Service Provider automatically applying:

• additional bank charges and management fees (debt collection follow-up, fees for reminder letters and telephone calls, representation of direct debit refusals);
• immediate suspension of the Services;
• automatic termination of the Contract by the Service Provider 30 calendar days after formal notice has been served to the Client by registered letter with acknowledgement of receipt, without effect.

13. Warranties

13.1 GUARANTEE OF CONFORMITY
The Service Provider guarantees the Client that the Application Services comply with the documentation available online, which may be updated by the Service Provider.

13.2 WARRANTY AND LIMITATIONS INHERENT TO BUSINESS APPLICATIONS
The Service Provider guarantees the relevance and operation of the calculation formulas contained in the Business Applications when they are made available to the Client, but cannot guarantee the accuracy of the results obtained using the Business Applications because the Client itself configures the input data for the Business Applications.
In addition, Business Applications, although sophisticated, also have certain limitations, as they are a simplified representation of reality and do not claim to be an exact probabilistic representation of a process; they are intended to provide a reasonable representation of reality, taking account of the assumptions and the available data.
The Service Provider cannot guarantee, under any circumstances, that:

• the functionality of the Business Application will meet all the Client’s needs;
• the Business Applications will function if installed or used in combination with other models and/or software other than those of the Application Services;
• the results obtained thanks to the Business Applications will comply with the regulator’s requirements.

13.3 WARRANTY OF QUIET ENJOYMENT
The Service Provider represents and warrants that it holds all intellectual property rights which enable it to enter into the Contract and that the Application Services are not likely to infringe the rights of third parties. It guarantees the Client against any infringement action relating to the Software designated in the Special Terms and Conditions and, more generally, to the Application Services.
This warranty does not apply to open source components integrated or used within the Application Services. Nor does it apply in all cases of exclusion of maintenance or liability stipulated in the Contract.
Under this warranty, the Service Provider shall bear the costs of any damages awarded against the Client by a final court decision based exclusively on proof of infringement. The payment of such costs is subject to the following conditions: (i) that the Client has provided written notice, without delay, of the action for infringement or the declaration that preceded this action (ii) that the Service Provider has been able to defend its own interests and those of the Client and, to this end, that the Client has cooperated in good faith in the said defence by providing the elements, information and assistance required to carry out such defence.
Nevertheless, if a decision prohibiting the use of the Application Services is handed down by a state court as a result of an infringement action or as a result of a settlement signed with the plaintiff in the infringement action, the Service Provider shall endeavour, at its choice and at its own expense, either:

• to obtain the right for the Client to continue to use the Application Services; or,
• to replace the Application Services with an equivalent solution that is not the subject of an infringement action; or,
• to modify the Application Services in such a way as to avoid the prohibition of use.

14. Security

The Service Provider undertakes to host the Application Services and to implement security measures in accordance with the provisions of Annex 3 “Hosting & Security”.

15. Liability of the Parties

Each Party is liable for the consequences of its own negligence, errors or omissions as well as the negligence, errors or omissions of any of its subcontractors that may cause direct damage to the other Party.

In the event of proven negligence on the Client’s part, the Service Provider shall only be liable for the financial consequences of any direct and foreseeable damage resulting from the performance of the Application Services. It shall not be liable for any indirect or unforeseeable losses or damage suffered by the Client or third parties, notably including any loss of profit, any loss, inaccuracy or corruption of files or data, commercial loss, loss of turnover or profit, loss of clients, loss of opportunity, conviction for failure to take account of a professional risk or a regulatory obligation, cost of a substitute technology or service, in connection with or arising from the non-performance or negligent performance of the Application Services.

In all cases permitted by applicable law, the liability incurred by the Service Provider in the event of a breach of its obligations shall be limited to an amount equal to the annual Application Services Fee (excluding VAT) received by the Service Provider for the current contractual period.

The Service Provider shall not be held liable for the accidental destruction of Data by the Client or by a third party having accessed the Application Services using the Identifiers provided to the Client. Nor may it be held liable for any damage caused by an interruption or reduction in service by the telecommunications operator, the electricity supplier or a case of force majeure.

Furthermore, the Client is solely responsible for the Client Data and other content uploaded and processed via the Application Services, and in particular for its legality, quality, relevance and technical security (absence of any virus or other malware). Consequently, the Client is liable for any damage suffered by the Service Provider and/or its hosting subcontractor and/or third parties as a result of Client Data uploaded and/or actions carried out by the Client and/or its users via the Application Services. The Client indemnifies the Service Provider and holds it harmless against any action brought by a third party relating to damage caused by Client Data.

Notwithstanding the expiry, termination, annulment or cancellation of the Contract, this Article shall survive any such expiry, termination, annulment or cancellation.

16. Subcontracting

The Service Provider is authorised to use the subcontractors listed in the Special Terms and Conditions of the Contract. The Service Provider shall specifically inform the Client in writing of any plans to add or replace subcontractors (outside the ADDACTIS GROUP), at least 30 days in advance.

The Service Provider shall ensure that its subcontractors comply with the obligations to which it is personally is subject under the Contract.

In all circumstances, the Service Provider remains fully liable to the Client for the performance of its obligations by its subcontractors and may not act upon exceptions arising from its relationship with the subcontractor in order to avoid its contractual liability to the Client.

17. Force Majeure

The Party that observes the event must immediately inform the other Party of its inability to perform its service. Under these conditions, the suspension of obligations or the delay incurred shall not, under any circumstances, give rise to liability for non-performance of the obligation in question, nor result in the payment of late penalty fees.

18. Insurance

19. Early Termination Clause for Failure to fulfil Obligations

In the event of a breach by one Party of one or more of the contractual obligations set out below in this Article, the Contract may be terminated by operation of law thirty (30) days after formal notice has been served to the defaulting Party by the other Party by registered letter with acknowledgement of receipt, without effect. The formal notice shall mention the observed failure(s) to fulfil obligations and shall state the intention to apply this article.

The following contractual obligations are covered by this article:

1) With regard to the Client:

• the obligation to use the Application Services in accordance with the right of use granted to it and its Scope, as described in the Special Terms and Conditions and in Article 7 “Usage rights”;
• the obligation to pay the Service Fees in accordance with the conditions set out in the Special Terms and Conditions and in Article 12 “Financial Conditions”.

2) With regard to the Service Provider:

• the maintenance obligations set out in Article 10 “User Support & Maintenance”;
• the security obligations set out in Annex 3 “Hosting & Security”;
• the obligations associated with the Service Level Agreement.

In addition, in accordance with the European Regulation 2022/2554 of 14 December 2022 on the digital operational resilience of the financial sector, the Client may also terminate the Contract if any of the following circumstances apply:

a) the Service Provider has seriously infringed the applicable legislative, regulatory or contractual provisions;
b) the monitoring of the risks associated with the Client’s third party ICT service providers has revealed the existence of circumstances that could alter the performance of the functions provided for in the Contract, including significant changes that affect the Contract or the situation of the Service Provider;
c) the Service Provider is shown to have proven weaknesses in its overall ICT risk management, and especially in the manner in which it ensures the availability, authenticity, integrity and confidentiality of personal or otherwise sensitive data, or of non-personal data;
d) the competent authority can no longer effectively supervise the Client due to the terms of the Contract or to circumstances directly related to it;
e) if a competent authority requests modifications to the Contract which are not reasonably acceptable the Service Provider, the latter shall not be liable for the payment of compensation.

On the effective date of termination of the Contract, the Client shall immediately cease to use the Identifiers for accessing the Application Services and shall take all necessary steps to ensure that all Users cease to use the Application Services.

20. Reversibility

In the event of termination of the Contract, for whatever reason, the Service Provider undertakes to return at the Client’s first request and within a maximum period of thirty (30) days from the date of receipt of this request, all the Data belonging to the Client, in a standard format that can be read without difficulty in an equivalent environment. The Client shall cooperate actively with the Service Provider in order to facilitate the retrieval of its Data.

During the reversibility phase, the Service Level Agreement will not be enforceable against the Service Provider.

Upon termination of the Contract and no later than thirty (30) days after the return of the Client Data, unless otherwise agreed by the Parties, the Service Provider shall delete all Client Data including copies. Should the destruction or deletion of Client Data prove impossible for technical reasons, the Service Provider shall immediately inform the Client and shall implement all necessary measures to achieve a result that comes as close as possible to the complete and permanent deletion of the Data and to proceed with the complete and effective anonymisation of the remaining Data.

The Service Provider reserves the right to invoice potential transfer costs, up to the limit of the actual costs incurred, it being specified that these costs may include the cost of recovering the Data from the host and the support services invoiced at the Service Provider’s rate in force at the time of the transfer.

21. Non-solicitation of Personnel

The Client agrees to refrain from recruiting or employing, directly or through an intermediary, any employee of the Service Provider or, where applicable, its subcontractor, who has contributed to the performance of the Application Services, without the express prior consent of the Service Provider (or of its subcontractor, where applicable). This undertaking is valid for the entire duration of the Contract and for 12 months following its termination.

Should the Client fail to comply with this obligation, it undertakes to compensate the Service Provider (or its subcontractor, where applicable) by paying it immediately and on simple request, damages equal to 12 times the gross monthly remuneration of the employee concerned (at the time of their departure) plus the total amount of bonuses paid to the employee over the last 12 months prior to the date of the request.

22. Privacy

Each of the Parties undertakes (i) to maintain the confidentiality of all information that it receives from the other Party, and notably (ii) to refrain from disclosing the other Party’s confidential information to any third party whatsoever, other than employees who have a strict need to know; and (iii) to refrain from using the other Party’s confidential information other than for the purpose of exercising its rights and fulfilling its obligations under the terms of the Contract.

Notwithstanding the foregoing, neither Party shall have any obligation with respect to information which (i) may have entered or is likely to enter the public domain through no fault of the receiving Party, (ii) is independently developed by the receiving Party, (iii) is known to the receiving Party before disclosure to it by the other Party, or (iv) is required to be disclosed by law or a court order (in which case it shall only be disclosed to the extent required and with prior written notice to the providing Party, unless otherwise imperatively provided for).

The Parties’ obligations vis-à-vis confidential information shall remain in force throughout the term of the Contract and for as long after its expiry as the information concerned remains confidential for the Party disclosing it and, in any event, for a period of ten (10) years after the expiry of the Contract.

Each of the Parties must return all copies of documents and media containing the other Party’s confidential information as soon as the Contract is terminated, for any reason whatsoever.

The Parties also undertake to ensure compliance with these provisions by their staff and by any employee or third party who may be involved in the context of the Contract in any capacity whatsoever.

23. Auditing

Throughout the term of the Contract, each Party grants the other Party the right to conduct an audit for the following purposes:

• For the Client:
  • ensuring compliance with the Service Provider’s contractual obligations; and/or,
  • verifying the security level of the information system hosting its Application Services Environment,
• For the Service Provider:
  • ensuring compliance with the Client’s contractual obligations;
  • verifying that the Client’s use of Application Services complies with the terms and conditions of the Contract; and/or
  • requesting a list of the Users’ names.

This right to audit must comply with a minimum notice period of twenty (20) working days, except for events requiring inspection at shorter notice.
The Parties may not exercise their right to audit more than once (1 time) a year and must carry out such an audit remotely (unless this is impossible for justified reasons), during business hours so as to avoid significant disruption to the activities of the Party being audited. In the event of a major security incident involving the Application Services, the Client may exceptionally conduct an additional audit.

The Parties must send the audited Party a letter specifying the nature, dates and duration of the audit, the scope of the audit and the composition of the audit team. The audit may be carried out by the Party itself or by a specially authorised external auditor who may not be a competitor of the Service Provider in the SaaS market, and who shall be bound by a strict confidentiality undertaking.

The audited Party undertakes to cooperate in good faith with the auditing Party or the auditor, free of charge, for a maximum period of three (3) working days. Beyond this period, the audited Party reserves the right to invoice the auditing Party on the basis of the time spent, unless the audit reveals one or more significant breaches of the audited Party’s contractual obligations.

The audit will enable the auditing Party to access information and data relating to the Application Services as well as to IT documentation, whose distribution is compatible with the protection of the audited Party’s interests and provided that it is relevant with respect to the Application Services. Any audit of the Service Provider’s own information system is expressly excluded from the scope of this clause.

A copy of the final audit report will be given to each Party and will be examined jointly by the Parties by any suitable means (videoconference meeting, etc.).
In the event of persistent disagreement about the audit recommendations or conclusions, the Parties agree to use the services of a third-party expert who will be appointed by means of an application filed by the first Party to take action with the President of the competent Court.

The conclusions of the third-party expert will be rendered in the first instance and will only be subject to appeal to the competent court in the event of manifest error.
In addition, in the event of an inspection of the scope of the Services carried out by the Client’s administrative and/or professional inspection authorities, the Service Provider undertakes to inform the Client as soon as possible and to cooperate under the conditions specified above.

24. Miscellaneous & Applicable Law

24.1 COMMERCIAL REFERENCES
The Service Provider may include the Client’s name and logo or brand on its list of references, including its list of references divided into modules, options or additional services contracted. However, it may not make any reference to the content of the Contract, without an explicit agreement with the Client.

24.2 SEVERABILITY OF CLAUSES
The nullity, lapsing, lack of binding force or unenforceability of one of the stipulations of the Contract shall not entail the nullity, lapsing, lack of binding force or unenforceability of the other stipulations, which shall retain all their effects. However, the Parties may, by mutual agreement, agree to replace the invalid provision(s).

24.3 APPLICABLE LAW
The Contract is subject to Belgian law, to the exclusion of any other legislation.
If the Contract is drafted in several languages or if it is translated, only the English version shall be deemed authentic.

24.4 ADDRESS FOR SERVICE
For the purpose of this Contract and subsequent related matters, the Parties select their respective registered offices as stated at the beginning of this document as their addresses for service. Any change to the registered office or address of one of the Parties shall only be binding on the other Party eight calendar days after it has been duly notified thereof in writing.

25. Pursuit of an amicable solution and election of Jurisdiction

With a view to finding a joint solution to any dispute or difference which may arise in connection with the Contract, the Parties agree to use all means at their disposal to do so within a period of ten (10) working days. In the absence thereof within this period, each Party shall refer the matter to its senior management to enable the respective senior managers to meet and seek an amicable solution within a maximum period of eight (8) working days from the date of referral.

IF THE PARTIES FAIL TO REACH AN AGREEMENT ON A COMPROMISE OR A SOLUTION AT THE END OF THIS PERIOD, THE DISPUTE WILL THEN BE SUBMITTED TO THE FRENCH SPEAKING BRUSSELS ENTERPRISE COURT (BELGIUM), including in the event of warranty proceedings or multiple defendants.

26. Electronic Signature

In this case, the Parties expressly agree to use an electronic signature for all the constituent contractual documents of the Contract, via the UNIVERSIGN platform, which provides a sufficient degree of reliability to identify each signatory and guarantee the link with the contract to which the signature relates, thereby ensuring the validity, enforceability and admissibility as evidence of the said electronic signature in the context of the performance of the Contract or in the event of disputes. The Client’s validation of the electronic signature protocol is proof of its willingness to commit to all the clauses of the Contract.

APPENDIX

1. PROTECTION OF PERSONAL DATA

Each Party shall comply with national and/or European laws and regulations relating to the protection of Personal Data (hereinafter referred to as the “Applicable Regulations”), in particular the General Data Protection Regulation n°2016/679) (GDPR), in force and as they will subsequently be amended or modified.
The Data Processor has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address: dpo@addactis.com.

Under the Contract, ADDACTIS carries out processing of Personal Data on behalf of the Client; with respect to the GDPR, the Service Provider acts as Data Processor and the Client as Data Controller, it being specified that the Client is and remains the owner of all Personal Data it uses through the Application Services under the Contract.

Personal data within the meaning of the Applicable Regulation is hereinafter referred to as “the Data“. Capitalized terms in this Appendix that are not otherwise defined in the Master Agreement shall have the meaning given to them by the GDPR.

2. Obligations of the Data processor
2.1. Instruction
The Data Processor only processes Data upon documented instruction from the Data Controller.
The Data Processor undertakes to implement all the necessary measures to ensure that the natural persons acting under its authority and having access to Data do not process such Data outside of the framework of the Data Controller’s instructions as provided for in the Contract, unless required to do so under a mandatory provision applicable to Data processing.
In the event that the Data Processor is required to derogate from these obligations due to a mandatory provision resulting from European law or the law of a Member State applicable to the processing, the Data processor shall inform the Data controller of this legal obligation prior to the processing, unless prohibited by law for important reasons of public interest.
The Data Processor shall immediately inform the Data controller if, in its opinion, an instruction given by the Data controller constitutes a breach of the Applicable Regulations.

2.2. Purpose limitation
The Data Processor processes personal data solely for the purposes described in article 1 of this Annex, and unless otherwise instructed by the Data Controller.
Furthermore, the Data Processor shall refrain from the following vis-à-vis the Data Controller:

• to disclose to a third party, in any form whatsoever, all or part of the Data processed;
• to copy or store, in any form or for any purpose whatsoever, all or part of the information or Data contained in media or documents which have been entrusted to it, or which it has collected in the course of the execution of its maintenance operations, outside of the cases provided for in the present contract.

2.3. Confidentiality of the Data
The Data Processor undertakes to make the Data Controller’s Data accessible and consultable only to the Data processor’s personnel who are duly authorised and empowered by virtue of their functions and capacity, and only to the extent necessary for the performance of their duties.
The Data Processor ensures that the persons authorised to process Data undertake to comply with Data confidentiality or are subject to adequate legal obligation with regard to confidentiality.
The Data Processor takes all measures to prevent any diverted, malicious or fraudulent use of the Data.

2.4. Interconnections
The Data Processor is prohibited from carrying out Data processing interconnections for distinct purposes.

2.5. Data storage
In accordance with the provisions of the Contract, and unless otherwise provided for in European or EU Member State law applicable to the processing hereby concerned, the Data Processor undertakes to destroy or restore to the Data Controller all manual or computerised files storing collected Data, once the purpose of data processing has been achieved.
In the event of European or Member State law requiring the storage of Data, the Data Processor shall inform the Data Controller of this obligation.

2.6. Notification to the Controller
The Data Processor undertakes to notify the Data Controller immediately of any modification or change that may affect the processing of the Data.

2.7. Record of processing activities
The Data Processor undertakes to keep a record of all categories of data processing executed on behalf of the Data Controller, pursuant to the provisions of the Applicable Regulation.

3. Minimisation obligation and data quality
The Data Controller imports into the Application Services only the Data strictly necessary for such use of the Services and declares to have collected such Data in strict compliance with the Applicable Regulations.
The Data Controller is solely responsible for the quality, lawfulness and relevance of the Data it enters into the Application Services for the purposes of their use. The Data Processor declines all responsibility in the event that the Data does not comply with the Applicable Regulations.
The Data Controller is solely responsible for the Data, content and messages disseminated and/or downloaded via the Application Services; the Data Controller therefore indemnifies the Data Processor for any loss resulting from Data Processor being held liable by a third party in relation to the data, content and messages disseminated and/or downloaded via the Application Services.

4. Information to Data Subjects
In accordance with the Applicable Regulations, it is the responsibility of each Data Controller to inform the Data Subjects.
By entering into the Contract, the Data Controller warrants to the Data Processor that it has fulfilled all of its obligations as Data Controller and, in particular, that it has informed the Data Subjects of the use that will be made of their Data at the time such Data is collected. In this way, the Data Controller guarantees the Data Processor against any appeal, complaint or claim from a Data Subject whose Data is reproduced and hosted via the Application Services.
ADDACTIS informs Users of the Application Services, through the General Terms and Conditions of Use available in its Application Services, of the use made of their Data.

5. Incorporation of subsequent data processor
When the Data Processor engages a subsequent data processor to carry out a specific Processing operation on behalf of the Data Controller, it does so under the conditions set out in Article 17 of the General Terms and Conditions of the Contract.

6. Data security
Each Party undertakes to implement appropriate technical means to ensure the security of the Data.
Pursuant to the Applicable Regulation, the Data Processor undertakes to implement all the necessary precautions regarding the types of Data and the risks presented in its processing, to safeguard the security of Data and in particular to prevent any form of distortion, modification, damage, accidental or unlawful destruction, loss, disclosure and/or access to Data by a non-authorised third party.
The Data Processor implements all the appropriate technical and organisational means to protect Data, taking into account the state of knowledge, the implementation costs and the nature, scope, context and purpose of processing in addition to the risks, of varying degrees of probability and severity, to the rights and freedoms of natural persons, in order to guarantee an adequate level of security.

7. Breach of Data
The Data Processor undertakes to notify the Data Controller as soon as possible after becoming aware of any Data breach within the meaning of Article 33 of the GDPR, i.e. any breach of security, resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Data transmitted, stored or otherwise processed.
This notification must be sent to the Licensee at the address indicated in the introduction to this Appendix, by e-mail with acknowledgement of receipt. ADDACTIS Worldwide shall accompany its notification with any useful documentation enabling the Data Controller, if necessary, to notify the relevant Supervisory Authority of the Violation, namely :

• A description of the nature of the Personal Data Breach including, if possible, the categories and approximate number of persons affected by the Breach and the categories and approximate number of Data records ;
• The name and contact details of a contact point from which further information can be obtained ;
• Description of the likely consequences of the Data Breach ;
• A description of the measures taken to remedy the Data Breach and mitigate any negative consequences.

If, and to the extent that, it is not possible to provide all this information at the same time, the information may be provided in a staggered manner without undue delay.
In the event of a Data Breach, the Data Processor undertakes to carry out all useful investigations into the breaches of the protection rules in order to remedy them as soon as possible and to reduce the impact of such breaches on the persons concerned.
The Data Processor undertakes to actively cooperate with the Data Controller to ensure that it is able to meet its regulatory and contractual obligations. It is the sole responsibility of the Data Controller to notify the relevant Supervisory Authority of the Data Breach and, when appropriate, the data subjects.
The Data Processor undertakes not to inform third parties, including data subjects, of any personal data Breach without having obtained the prior written consent of the Data Controller.

8. Cross-border flow of Data
In the event of Data transfer to a third country not belonging to the European Economic Area or to an international organisation, the Data Processor shall obtain the prior written consent of the Licensee.
If such consent is granted, the Data Processor is authorised, to the strict extent necessary for the performance of the contract, to transfer the personal data required for the processing entrusted to the Data Processor subject to guaranteeing compliance with Chapter V of the GDPR, in particular by making use of the standard contractual clauses adopted by the European Commission and provided that the conditions for the use of these standard contractual clauses are met.

9. Cooperation
The Data Processor shall inform the Data Controller without delay of any request it has received from a data subject. It shall not itself act on such a request, unless authorised to do so by the Data Controller.
The Data Processor undertakes to cooperate with the Data Controller, to enable:

• where applicable, the management of requests from data subjects to exercise their rights, in particular their right of access to the Data concerning them ;
• the performance of any impact analysis that the Licensee may decide to carry out in order to assess the risks that a processing operation poses to the rights and freedoms of individuals and to identify the measures to be implemented to deal with these risks ;
• consultation with the Supervisory authority ;
• more generally, compliance with the Licensee’s obligations under the Applicable Regulations, such as its obligations to notify the supervisory authority and to communicate a Data breach to the persons concerned.

In the event of an inspection by a competent authority, the parties undertake to cooperate with each other and the inspection body.
In the case where the inspection carried out at the Data Processor concerns processing implemented in the name of and on behalf of the Data Controller, the Data Processor undertakes to notify the Data Controller immediately and shall not take any engagement on behalf of the latter.
In the event of an inspection of the Data Controller by a competent authority concerning Data protection and notably the services provided by the Data Processor, the latter undertakes to cooperate with the Licensee and provide all the information it may require or is deemed necessary.

10. Documentation and compliance
The Parties must be able to demonstrate compliance with these clauses.
At the Data Controller’s request, the Data Processor shall provide all the necessary information to demonstrating compliance with the obligations set out in these clauses and arising directly from the Applicable Regulations.
The Data Controller reserves the right to carry out any checks that it deems useful in order to ascertain compliance with the above-mentioned obligations, and in particular by carrying out an audit under the conditions set out in Article 24 of the General Terms and Conditions.

2. SERVICE PROVIDER’S BANK DETAILS

3. HOSTING & SECURITY