Terms and Conditions

This document defines the terms and conditions in the relationship (“Contract”) between the entity that contracts the services of Oct8ne (“Client”) and Manujola, S.L , domiciled at Av. Coll del Portell, 41 Local 1 – 08024 Barcelona (“OCT8NE”), which regulates the license to access and use of the “Sales Suite” Services of OCT8NE provided as Software as a Service mode by OCT8NE. These Terms and Conditions will apply to all subscriptions of the Services (as defined below) as set forth in the Subscription Details. Unless otherwise agreed in writing, these Terms and Conditions shall prevail over any contrary or additional provision indicated in an order or request, unless such circumstance is expressly mentioned and agreed upon by both Parties.

The Subscription Details (configuration, services, and price) are established in the Client’s registration form at oct8ne.com.

0.- Definitions

Unless otherwise indicated or clearly deduced from the context, words that start with capital letters have the specific meaning indicated below:

Agents: Customer’s commercial agents in their support centre for End Customers, who use the Service to interact with them.

End Customer: designates a customer or user (e.g. a consumer) of the Customer´s e-commerce site/s, with which the Customer´s Agents can communicate and interact through the Service.

Access Codes: refers to the codes (digital certificate, login name and password or other forms of identification) necessary for agents to access and use the Services.

Price: means the amounts to be paid by the Customer for the use of Services in accordance with this Contract.

Customer Data: designates any data, information or material that the Customer (including its Agents) and/or its End Customers transmits or uploads to the Service when using it, or is collected by the OCT8NE Technology through the use of the Service, including on a illustrative, catalogue, prices, sales and final customer data.

Details of the Subscription: means the conditions and particular data established in the sheet with the same name attached, or in a service offer accepted by the Customer and OCT8NE.

Technical Documentation: the technical manuals (including the Agent’s Guide) published by OCT8NE related to the Services, delivered to the Customer.

Subscription Period: period of time during which the Customer can access the Services as indicated in the Subscription Details.

OCT8NE Technology: means all the technology owned by OCT8NE (which includes -among others- the software, hardware, products, processes, algorithms, user interfaces, knowledge and processes, know-how, techniques, designs and other information or tangible technical materials or intangibles) whose functionalities are made available to the Customer when providing the Service.

Service(s): means the services provided by OCT8NE to allow Agents to interact with End Customers and accessed via simple (HTML code) or complete (through API) integration designed by OCT8NE, as described in the Technical Documentation. The Services include the maintenance and updates of said Services eventually implemented by OCT8NE.

1.- Subscription and Agents

1.1. Subject to compliance with the terms of this Contract, the Customer is granted a non-transferable and non-exclusive right to access and use the Services for Agents hired, solely for their own use and for providing value-added services for their End Customers in the use of their own e-commerce website indicated in the Subscription Details.

1.2. The Customer undertakes to (i) not license, sublicense, sell, resell, transfer, assign, disseminate or make available to third parties, or commercially exploit with third parties (except with Final Customers) the Service, in whole or in part; and (ii) not create a product, software or service with functionality identical to the Services and that may compete with them.

1.3. Additionally, the Customer agrees that, through or through the Service, neither he nor his End Customers and authorized internal users (i) will send or store material that contains any form of “malware”; (ii) interfere with or affect the integrity and functioning of the Service and the data it contains; or (iii) will attempt to obtain unauthorized access to the Service and related systems and networks.

1.4. For security reasons, OCT8NE monitors the use of the Service through the Customer Access Codes and will inform you of any suspicious use contrary to these Conditions or current regulations that may be detected in your account. OCT8NE reserves the right, upon notice to the Customer to put in place new mechanisms to verify and prevent unauthorized access or illegal activities.

2.- Obligations and responsibilities of the Customer

2.1. By signing this Contract, OCT8NE will provide the Customer (a) with the HTML code to perform the integration with the Service and (2) the Access Codes necessary to use the Services. The Customer will only be able to access and use the Services (and access to the data stored in the Service) by said codes.

2.2. The Customer is responsible for all and any activity carried out by its Agents and in their account (s) with their Access Codes. The Customer must comply with all laws and regulations, whether local, national or international, applicable to the use of the Service, including but not limited to those related to international communications and the transmission of technical or personal data and the rest of the regulations on personal data.

2.3. The Customer must: (i) maintain the confidentiality of its Access Codes; (ii) notify OCT8NE immediately of any unauthorized use of its passwords or accounts, or of any other known or suspected security breach; (iii) inform OCT8NE immediately and do everything possible to immediately stop any unauthorized use of the Services that the Customer or its authorized internal End Customers know or suspect; and (iv) not pretend to be another user of the Service or offer false information or identity to obtain access to or use of the Service.

3.- Price

3.1. The subscription price of the Services is established and invoiced in accordance with the terms established in the Subscription Details.

3.2. The Customer agrees to pay the Price on time, according to the Subscription Details in force at any time. The delay in payment will accrue legal interest for delay, from the date on which said payment was due until the effective payment date.

3.3. The right to use the Service may be suspended or cancelled if the payment is delayed or cannot be made for any reason in more than 10 days. In case of termination of the Contract, the Customer must pay all outstanding balances with respect to his account, calculated in accordance with the previous section, as well as the accrued interest.

3.4. Price updates. The Price of the Services may change annually with the renewal of the Contract with thirty (30) days written notice. The new Price will be applied to the next renewal period. If the Customer does not reject such change in writing requesting the termination of the Services, or if he continues to use the Services after the renewal date, the Customer will be deemed to have accepted the new Price.

4.- Data of the Customer

4.1. The Customer is responsible for the Customer Data loaded, transmitted or collected in the use of the Service, including with respect to its accuracy, quality, integrity and legality. Without prejudice to what is stated in clause 5 (Confidentiality and Privacy), neither OCT8NE nor its own suppliers will be responsible in case of the elimination, correction, destruction, damage, loss or error in the storage and processing of the Customer’s Data made or caused by the Customer through his use of the Services.

4.2. Upon the termination of this Contract (except for breach by the Customer as indicated in clause 6.4), at the request of the Client during a period of thirty (30) days following the termination, a file with all the Customer’s Data in that stored in the Service will be made available to the Customer.

4.3. For the purposes of maintenance, statistical analysis and for the improvement of the Service, OCT8NE can store, process and analyse the Customer’s Data anonymously. Customer Data, anonymous or not, may not be transferred or made available to third parties in any way.

5.- Confidentiality

5.1. Both Parties agree that during the term of this Contract, confidential information or information subject to intellectual and/or industrial property rights may be disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”). ) (together, the “Confidential Information”). The Confidential Information also includes any data received by the Customer and during the period in which you use the Services. The Confidential Information will not include information that the Receiving Party can demonstrate that (i) is, at the time of its disclosure, or subsequently converted, into the public domain through a source other than the Receiving Party; (ii) was known to the Receiving Party at the time of its disclosure; (iii) is developed independently by the Receiving Party; or (iv) has been subsequently facilitated by a third party that is not under a duty of confidentiality towards the Disclosing Party.

5.2. The Receiving Party will not use any Confidential Information of the Disclosing Party for any purpose not contained in this Contract, and will disclose the Confidential Information of the Disclosing Party only to employees or contractors of the Receiving Party who need to know it for the purposes of this Contract and that are subject to an obligation of confidentiality no less restrictive than the duty of confidentiality of the Receiving Party under this Contract. The Receiving Party shall protect the Disclosing Party’s Confidential Information from unauthorized use, access and disclosure in the same way that the Receiving Party protects its own confidential information or is subject to intellectual and/or industrial property rights of a similar nature.

5.3. Also, the Receiving Party may disclose the Confidential Information of the Disclosing Party to the extent that such disclosure is: (i) approved in writing by the Disclosing Party, (ii) necessary for the Receiving Party to defend its rights under this Contract in relation to a legal proceeding; or (iii) required by law or by order of a court or similar administrative or judicial body, provided that the Receiving Party timely notifies the Disclosing Party about such mandatory disclosure in writing and cooperates with the Disclosing Party, upon request, in any legal action challenging or restricting the scope of said mandatory disclosure.

6.- Personal Data

6.1. The data of the signatories of the Contract, as well as the data of the contact persons, will be collected and processed by the Parties as data controllers, with the registered office that appears in the Contract header. These personal data will be processed for the purposes of (i) carrying out an adequate management of the contractual relationship with the company in which you work or of which you are a representative, and (ii) maintaining commercial contact with the company in which you work or of which is representative. The legal basis that legitimizes the processing of personal data is (i) the existence of a legal relationship or contract, and (ii) the legitimate interest in carrying out an adequate management of customers and suppliers, through the processing of contact data. of the people who provide services in them or who represent them. The Parties will not communicate the data of the signatories or of the employees of the other Party to any third party, unless said data is integrated into management computer platforms provided by service providers of the Parties, or when this is necessary to execute the commitments. acquired, based on their legitimate interest, including when this involves an international transfer of data, provided that the appropriate guarantees are applied for the specific treatment. Those affected have the right to access, rectify, delete, limit and oppose the processing of the data, as well as to exercise the rest of the rights that are recognized in the current regulations on data protection, by contacting Octane: [privacy@ oct8ne.com] or Customer [customer email]. Likewise, they can inform the Spanish Agency for Data Protection of any situation that they consider violates their rights (www.aepd.es)

6.2. In the event that OCT8NE accesses personal data under the responsibility of the Client during the provision of the Services, the provisions of Annex 2 (DATA PROTECTION ADDENDUM) will apply. The Client declares and guarantees to OCT8NE that he has the informed consent of the End Clients, or other legitimation established by Law, for the treatment object of this Contract carried out by OCT8NE in the name and on behalf of the CLIENT.

6.3. Cookies: In addition, Annex 4 (cookies) indicates the cookies that will be implemented in the Final Customer’s equipment during the provision of the Service. OCT8NE will collaborate with the Customer to indicate any additional information requested by the Customer to comply with the regulations applicable to cookies.

6.4. The obligations set forth in this clause will apply after the expiration or termination of this Contract.

7.- Term and Termination

7.1. The term of this Agreement shall be as set out in the Subscription Details. Unless otherwise stated in the Subscription Details, it shall automatically renew at the same frequency chosen by the customer at the time of contracting (as applicable), except in the event of written termination by one Party to the other at least thirty (30) calendar days prior to the renewal date.

7.2. Each Party accepts and acknowledges that if it has materially violated this Contract for any reason (including, but not limited to, the failure to pay the outstanding Fees), and such breach has not been corrected within fifteen (15) days after of the notification of non-compliance, the other complying Party may terminate this Contract by notifying the other with immediate effect.

7.3. Notwithstanding the foregoing, OCT8NE may suspend the Services provided to the Customer based on any breach by him of clause 1 or 2 of the Contract, and/or (b) in the case of delay or non-payment of any Fee for more than 10 calendar days. If the delay is greater than 20 calendar days, or the Customer, for a second time, incurs in a delay of more than 15 calendar days, OCT8NE may terminate the provision of the Service immediately by written notice to the Customer, and without prejudice to payment claims, damages in their favour. OCT8NE shall not be liable for any liability or damage suffered by the Customer as a result of such suspension or termination in accordance with this provision.

7.4. In case of termination of this Contract by OCT8NE for just cause, unless otherwise agreed in writing with OCT8NE, all the Customers’ rights to access or use the Service will terminate immediately.

Clauses 5 to 10 of the Contract will remain binding for the parties even if the Contract has been terminated or its duration has simply ended.

8.- Warranty

8.1. The Customer declares and guarantees to OCT8NE that (i) it has the power and the authority to sign this Contract and comply with the obligations set forth in it; (ii) any information provided to OCT8NE for the purpose of formalizing this Contract is authentic, correct and updated; and that (iii) the Customer has all necessary rights over the data that is delivered to OCT8NE in the course of using the Services; and (iv) the Customer will use the Services only for legal purposes and will not infringe any law or right of third parties.

8.2. OCT8NE warrants to the Customer that (i) it has the power and authority to sign this Contract and comply with the obligations set forth therein; (ii) OCT8NE will provide the Services in an efficient, diligent and professional manner and with the competition that is expected in the sector; (iii) the Services will be substantially in accordance with the Technical Documentation; and that (iv) OCT8NE has and will have during the term of this Contract the right to grant the rights granted under Section 1.

8.3. The Service Level Agreement in Annex 1 to this Contract establishes the only guarantee and the sole obligation and responsibility of OCT8NE in relation to the availability and/or provision of the Service, or its lack of availability and/or non-compliance.

8.4. Except for the express warranties described in this section, and to the fullest extent permitted by applicable mandatory law, the Services and any technology or access to them that OCT8NE provides pursuant to this Agreement are provided “as which “and OCT8NE does not offer any kind of guarantees, either expressly or implicitly, including, without limitation, guarantees of merchantability or fitness for a particular purpose or breach of rights of third parties.

8.5. OCT8NE does not guarantee that the Services will be uninterrupted or error-free; and does not offer any guarantee in relation to the results that could be obtained from the use of the Services or in relation to the accuracy, veracity or content of any information, good or service contained in the Services or provided through them. OCT8NE is not responsible for the content or loss of any data transferred to the Customer or by it, or saved by the Customer or any Customer’s End of the Customer through the Services.

8.6. The above limitations do not affect OCT8NEs obligations as to processing of personal data, which are governed by the annex hereto

9.- Limitation of liability

9.1. To the fullest extent permitted by applicable law, neither Party shall be liable to the other or to any other person for any indirect damages (including loss of profits or loss of goodwill), for any reason related to this Contract or for the purpose thereof, including derivatives of the use or inability to use the Service, or due to the results obtained through the Service or any interruption, inaccuracy, error or omission thereof, regardless of whether such liability is affirmed in based on a contractual, extra-contractual or other way.

9.2. Also, the liability of any of the Parties under this Contract for any direct damages either contractual or extra contractual (including negligence or otherwise) will, in no case, exceed the actual amount paid by the Customer for the Services that gave rise to said damage prior to the date of the damage (provided that the above limitation of liability is not considered as a waiver of any rights of OCT8NE to enforce this Contract in relation to the fees due to OCT8NE by the Customer in accordance with to Clause 4).

9.3. These limitations do not apply to damages caused by (a) breaches of Intellectual Property Rights of the parties, and confidentiality and data protection obligations nor (b) wilful misconduct or gross negligence of the parties or with respect to any physical injury to individuals or their death,. In these cases (b), the Parties’ liability (and the liability of their affiliates, agents, content providers and service providers) will be limited to the extent permitted by applicable law.

10.- Intellectual and Industrial Property

10.1. OCT8NE and its licensors hold all intellectual and industrial property rights in the Service, including, but not limited to, the OCT8NE Technology, its contents, applications, the API and the user interface of the Service. All rights related to the Service not expressly granted in the Agreement are reserved to OCT8NE.

10.2. This Contract does not imply a sale of any product, and does not give the Customer any right of ownership in or on the Service, including, but not limited to, the underlying OCT8NE Technology of the Service or any other Industrial Property right or Intellectual property owned by OCT8NE and its licensors.

11.- Other provisions

11.1. Applicable law. The validity, interpretation, enforceability and compliance with this Contract must be governed and interpreted in accordance with the laws of Spain.

11.2. Jurisdiction. Any claims and conflicts shall be filed to the competent courts of the city of Barcelona, Spain, to the exclusion of any other jurisdiction that may correspond to the Parties.

11.3. Reference. The Customer agrees to: (i) serve as a reference for OCT8NE; (ii) collaborate in press releases that advertise or promote the relationship between both Parties; and (iii) collaborate on case studies or other marketing material.

11.4. Force Majeure: Neither Party will be responsible for failure or delay in fulfilling its obligations under it (other than the obligation to pay the Fees in respect of services that have been provided prior to Force Majeure event) if said breach or delay is due to circumstances beyond its reasonable control.

11.5. Independent contractors The Parties and their personnel are and shall be independent entities and neither party under this Contract shall have any right, power or authority to act or create any obligation, express or implied, on behalf of the other party. This Agreement or any Subscription does not establish any joint venture or association, and the fulfilment of any obligations derived from this Contract or any subscription of services will not give rise to the creation of such relations.

11.6. Modification. Unless otherwise provided, this Contract may not be modified without the written consent of the Customer and a management position of the OCT8NE.

11.7. No-resignation. Failure to exercise and delay in exercising any right, remedy or power under this Contract shall not constitute a waiver of same, and the individual or partial exercise of any right, remedy or power under this Contract shall not prevent any other exercise or subsequent exercise thereof or the exercise of any other right, remedy or power established in this Contract or in accordance with law or equity. The waiver of any of the Parties regarding the time of performance of any act or condition under this Contract shall not constitute a waiver of the act itself or of the condition itself.

11.8. Assignment. This Contract will be binding for the Customer, OCT8NE and each one of their respective successors and assignees, and will be of benefit to them. The Customer may not assign or transfer the rights or obligations of this Contract, in whole or in part, without the prior written consent of OCT8NE, consent that will not be unjustifiably denied. Any attempt of assignment or transmission that fails to comply with the above will be considered void.

11.9. Integrity. If a court with competent jurisdiction considers any provision of this Contract to be invalid, unenforceable or void, the remaining conditions of this Contract will remain in full force and effect and the excluded provision will be replaced, to the extent possible, by a legal provision, enforceable and valid that is as similar as possible to the disposition excluded to the extent provided by law.

11.10. Personalization requests. OCT8NE will consider in good faith any request from the Customer to customize the Services provided (or any part of them). Any customization work must be agreed in writing between both parties at the usual OCT8NE rates in force at any time. The fees corresponding to any personalization work must receive the prior approval of the Customer so that OCT8NE can perform the same.

11.11. Notifications Any notice under this Contract must be sent to the address of the other party indicated in the Subscription Details, in writing and by registered, certified or urgent postal mail, or by courier service, by fax or email, to the email address indicated above (in the latter case, it will only be valid with confirmation of effective reception of the email). The notification will be considered delivered at the time of delivery or three (3) days after shipment, duly addressed and postage paid, whichever occurs first.

11.12. Indivisible contract. This Contract, together with the documentation that is incorporated by reference, constitutes the complete and exclusive declaration of mutual understanding of the parties in relation to the object of the Contract and supersedes any other statements.

Annex 1 – OCT8NE Service Level

This Annex on OCT8NE support services establishes the levels of service and support to be expected in relation to the OCT8NE Sales Suite Service. The purpose of this Annex is to guarantee maximum quality and timely delivery of the Services to OCT8NE Customers. The service level agreements established in this section constitute the warranties of OCT8NE against any claim regarding service levels.

How to contact us:

Free Intranet Technical Support     Address: secure.oct8ne.com
Free Technical Email Support     support@oct8ne.com
Hot line (registration required)    Tel: (+34) +93285 65 13 / Time: 9:00-18:00 (GMT)

Definitions:

“Incidents applicable to Support” means:
(a) an availability failure of the OCT8NE Platform (the “Platform”); or
(b) a failure of the underlying technology in the Service (the “Software”) due to operating error or non-compliance with the specifications established in the Technical Documentation, which results in the impossibility of use, or the restriction in the use of services.

1.- Levels of Service. . OCT8NE offers the following levels of service:

• a) Service Availability : OCT8NE strives to provide the Services on a 24/7 basis. We try to avoid planning scheduled interruption periods during normal service hours or peak hours for the Service.
• b) Reliability of the Service: OCT8NE guarantees the time of availability of the Platform to 99% on an annual basis, except for scheduled interruptions and cases of force majeure. Scheduled interruptions will last less than 8 hours per month and will not exceed six (6) events/month. We will notify the Customer at least 48 hours before any scheduled interruptions.

Besides the scheduled interruption time, the availability of the service is guaranteed as follows:

Also, the level of reliability (“availability”) depends on the availability and response times of Microsoft Azure, whose policies are exposed in the links indicated at the end of the document.

• c) Maintenance Service: Unscheduled interruptions will be resolved according to the severity levels defined in Section 5.
• d) Backups of data Backup copies of customer data are made regularly using the systems provided by Microsoft Azure. At least one full backup is done every week and the copy is stored for 35 days. In each week at least one incremental copy is stored daily.
• e) Recovery of data: If the OCT8NE Service fails due to an error by OCT8NE or a third party that provides the hosting service to the Platform (currently Microsoft Azure) and requires data recovery, there will be no charge for services of data recovery by copying / restoring security of procedures enabled for OCT8NE.

2.- Support Services. The support services for OCT8NE Sales Suite (“Support Services”) include (a) the guarantee of making available the Platform as indicated and (b) the implementation of the resolutions of incidents supported in the Platform.

3.- Contact us. Unless otherwise agreed, all Support Services are offered through the designated technical support contacts, or through the panel of each Agent, where it has a section for incidents. Otherwise, for general falls, contact us at the indicated phone number or email.

4.- Incidents not supported. The Support Service does not include:

• a) Technical Assistance: questions about the use of the Services, the configuration or the customized development of computer systems (such as the customizations of any interface with the OCT8NE Sales Suite Service or the integration of the Service with data or software of any other manufacturer or provider), or technical problems not related to technical errors in the Platform or the Software.
• b) Improvement Requests due to a lack of the current characteristics of the OCT8NE Sales Suite Service, requiring new programming and/or requests for product improvements.

5.- Solutions and Critic nature. OCT8NE will make all commercially reasonable efforts to respond to the incidents subject to Support and display a solution designed to resolve an incident reported by the Customer in accordance with the Service Table below. When registering an incident, a priority level must be assigned, as described below in the Table, which will be confirmed or modified by OCT8NE.

6.- Technical Support Contact. The Support Services will be accessible by the number of designated contacts (“Technical Contacts”) of the Customer. Customers may modify their Technical Contacts at any time during the term of the Contract by electronic mail whose receipt is confirmed by OCT8NE, or through the Support website. The Technical Contacts will be the only point of contact for Support Services.

7.- Conditions to provide support. OCT8NE’s obligation to provide Support Services is conditioned to the following: (a) related to the Services, the Customer will make reasonable efforts to correct the incident after consulting OCT8NE, if its participation is necessary; (b) the Customer will provide OCT8NE with sufficient information and resources to identify and correct the incident through the Support Portal, as well as access to additional personnel, hardware and software involved in the discovery of the incident (if necessary); (c) the Customer will obtain, install and maintain all the equipment, telephone lines, communication interfaces, operating system software and hardware necessary to correctly access the Service.

8.- Exclusions from the Support Service. OCT8NE is not required to provide support services in the following situations:

• a) unsupported incidents referred to in section 4 above.</liA
• b) incidents caused by the integration or interface of technologies of the Customer with the Service performed by third parties (API integration, etc.), or negligence, the malfunction of the Customer’s hardware and software or other causes beyond our reasonable control;
• c) incidents caused by third-party software used to access the Service that is not indicated, authorized by or through OCT8NE; or
• d) Subscription fees for the provision of Support Services are pending payment.

9.- Suspension and termination of the provision of Support Services. OCT8NE reserves the right to suspend compliance with the Support Services if the Customer fails to pay any amount that must be paid under the applicable service contract, when such amount is due.

SLA Microsoft Azure:

https://azure.microsoft.com/es-es/support/legal/sla/virtual-machines/v1_6/

https://azure.microsoft.com/es-es/support/legal/sla/sql-database/v1_1/

https://azure.microsoft.com/es-es/support/legal/sla/storage/v1_2/

https://azure.microsoft.com/es-es/support/legal/sla/cdn/v1_0/

DATA PROCESSING ADDENDUM

This Addendum (the “Addendum”) regulates the processing of any Personal Data under the responsibility of the client (the “Client” or the “Data Controller”) by Manujola SL (the “Oct8ne” or the “Data Processor”) under the framework of the contractual relationship with any entities that contract the services of Oct8ne (the “Agreement”). When contracting the Oct8ne services and/or clicking on the acceptance button of this Addendum, the Client accepts the provisions of this Addendum.

With respect to provisions regarding processing of personal data, in the event of a conflict between the Agreement and this Addendum, the provisions of this Addendum shall prevail.

In compliance with the regulations in force in Protection of Personal Data, both parties freely agree to regulate the access and processing of the aforementioned personal data, based on the following

CLAUSES

1.- Definitions
For the purpose of this Addendum, the terms with capital letter defined in the GDPR shall have the same meaning set out therein.

2.- Appointment

In the context of the Agreement, Oct8ne may access certain Personal Data under the responsibility of the Client, in particular (but without limitation), the data set out in Annex 1 (“Client Personal Data”) relating to the indicated persons (“Data Subjects”).

The Client has entrusted the Oct8ne with the provision of the services of a software solution for the interaction with the users and Clients of electronic commerce in real time, marketed under the name “OCT8NE Sales Suite”, and offered to its clients remotely in “Software as a Service” mode.

3.- The Parties as Data Controller of the contact persons’ Personal Data

In accordance with the GDPR, processing the Personal Data of both Parties’ signatory, contact persons or their staff (name, address, professional email address) accessed during the course of the relationship established by this addendum is necessary for its preparation and performance.

This personal data will not be shared with any third Party, however, they may be processed by third party service providers with whom the Parties have a contract for data processing according to the applicable regulations. Each Party will keep this Personal Data for the duration of the Agreement and (blocked) for the period prescribed by law for legal or administrative reasons. The Parties declare that the data about the persons mentioned herein are correct and updated and each Party will promptly send any updates.

The above mentioned parties are informed of the possibility of exercising his/her rights of access, rectification, cancellation and opposition, limitation and restriction of processing in the terms established by the GDPR, by writing to the email addresses of the contact person of each Party. These persons may also, if so wished, file a complaint, if any, with the competent Supervisory Authority.

4.- Rights and responsibilities of the Data Controller

As established in the GDPR, the Client as Data Controller shall:

• a. Implement appropriate technical and organizational measures to ensure and be able to demonstrate that the processing is carried out in accordance with applicable legislation.
• b. Adopt data protection policies.
• c. Ensure that the Data Protection Officer or, in his / her absence, the Privacy Officer is involved in an adequate and timely manner in all matters relating to the protection of Client Personal Data.
• d. Keep a record of processing activities in the case of processing Client Personal Data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.
• e. Make available to the interested parties the essential aspects of this agreement, at the request of the Data Processor.
• f. Respond to the legal rights established by applicable law on the protection of Client Personal Data and comply with the stipulations indicated in clause 5 even if these were originally addressed to the Data Processor.

Client warrants that it has all the appropriate consents from the Data Subjects whose personal data are submitted to Oct8ne by Client during the provision of the Service. Oct8ne will indemnify and keep providers harmless from all claims, damages and losses we may suffer relating to or arising out of the processing of third-party personal data submitted to Oct8ne’s systems during the provision of the Service.

5.- Rights and responsibilities of OCT8NE as Data Processor

As established in the GDPR, the Data Processor shall:

• a. Process Client Personal Data only on the basis of documented instructions from the Data Controller, including transfers of Client Personal Data to a third country or international organization, unless otherwise required to do so under Union law or applicable Member State law; In such case, the Data Processor will inform the Data Controller of that legal requirement prior to the processing, unless otherwise prohibited by such law or in the public interest.
• b. Ensure that the persons authorised to process Client Personal Data have undertaken to respect confidentiality or are subject to an obligation of confidentiality of a statutory nature.
• c. Take all appropriate technical and organisational measures to ensure a level of safety appropriate to the risk of processing.
• d. Respect the conditions for having recourse to another Data Processor, as established in the current legislation on protection of Client Personal Data.
• e. Assist the Data Controller, taking into account the nature of the processing, through appropriate technical and organisational measures, whenever possible, so that it can comply with its obligation to respond to requests for the exercise of the rights of the data subjects.
• f. Assist the Data Controller in ensuring that they comply with their obligations, taking into account the nature of the processing and the information that is available to the Data Processor.
• g. At the choice of the Data Controller, either destroy or return all Client Personal Data once the processing services have been completed, and destroy any existing copies unless the retention of Client Personal Data is required under Union or applicable Member State law.
• h. Make available to the relevant Data Controller all information necessary to demonstrate compliance with the obligations established in herein, as well as to allow and contribute to the performance of audits, including inspections, by the controller or other authorised auditors for the Data Controller.
• i. Process the Client Personal Data placed at the disposal of the Data Processor in a way that ensures that the personnel in charge follow the instructions of the Data Controller.
• j. Ensure that the Data Protection Officer or, in his / her absence, the Privacy Officer is involved in an adequate and timely manner in all matters relating to the protection of Client Personal Data.
• k. Adhere to a Code of Conduct that is approved by the Commission or other competent authority.
• l. Keep a record of processing activities in the case of processing Client Personal Data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.

6.- Data subjects’ exercise of their rights

If the Data Subjects directs any request or exercises any of the rights established in the GDPR, the Data Controller and / or the Data Processor must provide the information requested and perform any required actions, without delay and, at the latest, within one month from receiving the request, which may be extended for a further two months if necessary, taking into account the complexity of the application and the number of applications.

Similarly, but in the event that the Data Controller and / or the Data processor do / does not proceed with the request of the Data Subject, he/she shall inform the latter without delay, and no later than one month after receipt of the request, shall provide the Data Subject with the reasons why he/she/they has/ve not acted and inform the Data Subject of his right to file a complaint before a competent authority and to file a judicial appeal. The response to the Data Subject’s request shall be made in the same format as that used by the person concerned, unless he/she requests that it be done otherwise.

7.- International transfer of data

International transfers of Partner Personal Data may only be performed if the requirements of the GDPR and other applicable regulations are met. Data Processor may only carry out international transfers of Client Personal Data with the Data Controller’s consent, provided that an agreement with appropriate contractual safeguard, as prescribed by law under the GDPR, is signed with each international provider/subcontractor. The authorized international transfers to subcontractors are indicated in Annex 3.

8.- Subcontracting

As Data Processor, Oct8ne may provide access to a subcontractor/subprocessors to Client Personal Data if he reasonably considers such access and processing necessary to the performance of the Services. In the event of such access and before the access takes place (with the Client’s pre-approve), Oct8ne shall ensure that an agreement with the third party is in place which is sufficient to require it to process personal data in accordance with the applicable provisions of this Addendum and applicable law. Authorised subcontractors are indicated in Annex 2

9.- Security breach of the Client Personal Data

Insofar as there exists an instruction from a competent supervisory authority, a development of a national legislation or a delegated act, in the event of a security breach of the Client Personal Data, the Data Controller shall notify the competent supervisory authority of such breach without undue delay, and if possible, no later than 72 hours after it happened. For such a reason, Data Processor, in the event of a data breach affecting Partner Personal Data, shall notify the Data Controller with undue delay, no later that 24 hours after being aware of it.

10.- Termination, resolution and expiration

In the event of termination, resolution or expiration of the contractual relationship for the provision of services hereunder between the Data Controller and the Data Processor, the latter shall not keep the Client Personal Data unless otherwise legally required to do so. Otherwise, upon termination, resolution or expiration, or when no longer legally required to keep the data, the Data Processor shall destroy or return to the Data Controller all Client Personal Data and any copies of it, as well as any support or other document containing any Client Personal Data.

ANNEX 1

In accordance with the provisions set out in herein and in the GDPR, the Data Processor shall process the type and category of Client Personal Data provided by the Data Controller set out hereunder:

ANNEX 2 – Authorized Sub-processors

ANEXO 3– International Transfer

ANNEX 4 – Oct8ne cookies