Service Subscription Agreement

THIS AGREEMENT GOVERNS YOUR ACQUISITION AND USE OF KOBITON SERVICES.

BY ACCEPTING THESE TERMS OF SERVICE, EITHER BY REGISTERING ON WWW.KOBITON.COM OR PORTAL.KOBITON.COM OR BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM OR ANY OTHER DOCUMENTATION THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” OR “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

IF YOU REGISTER FOR A FREE TRIAL OR FREE ACCOUNT FOR OUR SERVICES, THE APPLICABLE PROVISIONS OF THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL OR FREE ACCOUNT.

This Agreement was last updated on June 21, 2025. It is effective between You and Kobiton as of the date of Your acceptance of this Agreement.

The parties hereby agree to the following with respect to Your use, and Kobiton’s provision, of the Service (as defined below).

1. OVERVIEW

a. Introduction

Pursuant to this Agreement, Kobiton offers Services designed to enable customers to remotely access their websites and mobile applications across an array of mobile devices and operating systems.

b. Definitions

  1. “Account-Related Information” means contact information, payment information, and biographical information about Customer’s representatives and contacts used to open accounts to use Kobiton’s Services, to maintain existing accounts, and for marketing purposes.
  2. “Customer” means any customer of Kobiton who or which is being provided with the Services as set out in the Agreement.
  3. “Customer Content” means (i) data or content in the Customer Properties that Customer chooses to access through the Service (and for mobile applications, the application package itself); (ii) data Customer submits or creates as part of accessing the Service, including test scripts and Screenshots; and (iii) any other data Customer submits to Kobiton in connection with the use of the Services (not including Account-Related Information).
  4. “Customer Property” or “Customer Properties” means a mobile application or applications, respectively, submitted to the Services.
  5. “Documentation” means the technical user documentation provided with the Services.
  6. “Private Cloud” means a cloud implementation of the Kobiton Services, hosted by Kobiton, providing dedicated devices for the Customer’s exclusive use.
  7. “Hybrid Cloud” means a cloud implementation of Kobiton Services whereby the Customer hosts dedicated devices on the Customer’s premises and connect to Kobiton’s cloud infrastructure.
  8. “Kobiton Code” means any software component—such as SDKs, plug-ins, command-line tools, or on-prem/edge agents—provided by Kobiton for installation or execution within Customer’s environment (including browsers, CI/CD pipelines, or customer-hosted device labs) in connection with the Services.
  9. “Laws” means all applicable local, state, federal, foreign and international laws, regulations and conventions, including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of technical or personal data.
  10. “On-Premises” means a configuration where the Kobiton Software is installed and operated solely within the Customer’s infrastructure, without reliance on Kobiton’s cloud infrastructure.
  11. “Order Form” means each quote, order form, or and/or statement of work referencing this Agreement.
  12. “Open Source Software” means any open source, community or other free code or libraries of any type, including, without limitation, any code which is made generally available on the Internet without charge (such as, for example purposes only, any code licensed under any version of the MIT, BSD, Apache, Mozilla or GPL or LGPL licenses).
  13. Personal Information” means any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable living natural person, including but not limited to: (i) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, government identification card number, passport number, or other similar identifiers; (ii) any patient, medical records or other protected or regulated health information; (iii) any financial information (including bank account or payment card numbers) or any other information subject to regulation or protection under specific laws or regulations; or (iv) information defined as “personal information,” “personally identifiable information,” “personal data,” or similar expressions under applicable privacy laws or data security Laws.
  14. “Parallel Tests” means the number of tests that Customer’s Permitted Users (as defined below) are collectively running on Remote Access Environments at a given point in time.
  15. “Professional Services” means implementation, customization, training, or consulting services provided by Kobiton or a Kobiton partner beyond standard support services.
  16. “Public Cloud Deployment” means a deployment model where the Kobiton devices are hosted on shared cloud infrastructure, managed by Kobiton, and accessible to multiple customers.
  17. “Screenshot(s)” means an image or video of the Remote Access Environment display captured using the Services.
  18. “Services” means Kobiton’s proprietary software-as-a-service solution(s), described in the applicable Order Form. Subject to the terms herein, references to the Services also include the Documentation.
  19. “Subscription Term” means the period during which the Customer has the right to access and use the Kobiton Services, as specified in the applicable Order Form.
  20. “Remote Access Environment” means physical mobile devices, and device emulators on which Customer may use the Services to remotely access real devices or virtual devices.

2. KOBITON SERVICES

  1. Access to Services. Customer will purchase and Kobiton will provide the specific Services as specified in the applicable Order Form. Customer may access and use these Services during the Subscription Term (as defined below) solely for its own benefit and in accordance with the terms and conditions of this Agreement, the Documentation and any scope of use restrictions designated in the applicable Order Form (including any limits on Parallel Tests, Screenshots, and Permitted Users, if applicable). As part of its use of the Services and if required, Customer may copy and use the Documentation for Customer’s internal use in connection with the use of the Services.
  2. Permitted Users.
    1. In General. Use of and access to the Services is permitted by and only by the Customer’s employees, and other authorized personnel who are granted access to the Kobiton Services under Customer’s subscription (“Permitted Users”). If Customer is given passwords to access the Services on Kobiton’s systems, Customer will require that all Permitted Users keep user ID and password information strictly confidential and not share such information with any unauthorized person. User IDs are granted to individual, named persons and may not be shared. Customer will be responsible for any and all actions taken using Customer’s accounts and passwords.
    2. Contractors and Affiliates. Customer may permit individuals serving as its independent contractors and consultants who are not competitors of Kobiton (“Contractors”) and individual employees, contractors, or consultants of Affiliates (as defined below) to serve as Permitted Users, provided Customer remains responsible for compliance by each such Contractor or Affiliate Permitted User with all of the terms and conditions of this Agreement and any such use of the Services by such Contractor or Affiliate Permitted User is for the sole benefit of Customer. “Affiliate” means any entity controlling, controlled by, or under common control with the referenced entity, where the term “control” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise.
  3. General Restrictions. Customer will not (and will not permit any third party to): (a) rent, lease, provide access to or sublicense the Services to a third party; (b) use the Services to provide, or incorporate the Services into, any product or service provided to a third party; (c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APIs to the Services, except to the extent expressly permitted by applicable law (and then only upon advance notice to Kobiton); (d) copy or modify the Services or any Documentation, or create any derivative work from any of the foregoing; (e) remove or obscure any proprietary or other notices contained in the Services (including any reports or data printed from the Services); or (f) publicly disseminate information that discloses Kobiton Confidential Information or non‑public performance benchmarking.
  4. Trial Subscriptions. If Customer receives free access or a trial or evaluation subscription to one or more Services (a “Trial Subscription”), then Customer may use the Services in accordance with the terms and conditions of this Agreement for a period of thirty (30) days or such other period granted by Kobiton (the “Trial Period”). Trial Subscriptions are permitted solely for Customer’s use to determine whether to purchase a paid subscription to the Services. Certain Trial Subscriptions may include pre-release and beta products (“Beta Releases”). Trial Subscriptions may not include all functionality and features accessible as part of a paid Subscription. If Customer does not enter into a paid Subscription Term, this Agreement and Customer’s right to access and use the Services will terminate at the end of the Trial Period. Kobiton has the right to terminate a Trial Subscription at any time for any reason. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, KOBITON WILL HAVE NO WARRANTY, INDEMNITY, DATA ARCHIVING, SERVICE LEVEL, OR SUPPORT OBLIGATIONS WITH RESPECT TO TRIAL SUBSCRIPTIONS.

3. CUSTOMER CONTENT

  1. Rights in Customer Content. As between the parties, Customer will retain all right, title and interest (including any and all intellectual property rights) that Customer may have in and to the Customer Content as submitted to or accessed through the Services. Subject to the terms of this Agreement, Customer hereby grants to Kobiton a non-exclusive, worldwide, royalty-free right to use, copy, store, transmit, modify, create derivative works of and display the Customer Content solely to the extent necessary to provide the Services to Customer. For clarity, Kobiton hosts Customer Properties, but does not operate the Customer Properties remotely accessed by Customer. Further, Kobiton Services may include without limitation AI-powered capabilities or functionalities. Use of such Services may include technology provided by certain third-party tools and software(collectively referred to as “Third-Party AI Software”). Both Parties agree that Kobiton shall have no liability for any claims, damages, or losses, whether direct or indirect, arising from the use of Third-Party AI Software, including but not limited to errors, interruptions, or inaccuracies within the Third-Party AI Software. Customer may opt out of using such Services by requesting an alternative SKU.
  2. Customer Obligations.
    1. In General. Customer will ensure that Customer’s use of each Service and all Customer Content is at all times compliant with Customer’s privacy policies and all applicable local, state, federal and international laws, regulations and conventions, including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of technical or personal data. Customer is solely responsible for the accuracy, content and legality of all Customer Content. Customer represents and warrants to Kobiton that Customer has all necessary rights, consents and permissions to collect, share and use all Customer Content as contemplated in this Agreement (including granting Kobiton the rights in Section 3.1), and that no Customer Content will violate or infringe (i) any third party intellectual property, publicity, privacy or other rights or (ii) any Laws. If specified in the Documentation, Customer will submit certain types of Customer Content (e.g., mobile applications) in the format required by Kobiton.
    2. No Personal Information. Customer acknowledges that the Services are not designed for use with (and do not require) Personal Information included in Customer Content. Customer specifically agrees not to use the Services to collect, store, process or transmit any Personal Information other than Account-Related Information, and will not submit to the Services any Customer Content containing any Personal Information. Kobiton will have no liability under this Agreement for Personal Information included within Customer Content, or any security incident or breach regarding such Personal Information, notwithstanding anything to the contrary herein.
    3. Customer Content Guidelines. Customer will not use the Services with any Customer Content that (i) is deceptive, fraudulent, illegal, obscene, defamatory, libelous, threatening, harmful to minors, pornographic, indecent, harassing, hateful, religiously, racially or ethnically offensive, that encourages illegal or tortious conduct or that is otherwise inappropriate in Kobiton’s discretion; (ii) contains viruses, bots, worms, scripting exploits or other similar materials; or (iii) could otherwise cause damage to Kobiton or any third party.
  3. Indemnification by Customer. Customer will indemnify, defend and hold harmless Kobiton from and against any and all claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys’ fees and costs) arising out of or in connection with any claim arising from or relating to (a) any Customer Content or acts or omissions of Customer that constitute a breach or alleged breach by Customer of Section 3.3 (Customer Obligations) or (b) any service or product offered by Customer in connection with or related to the Services. This indemnification obligation is subject to Customer receiving (i) prompt written notice of such claim (but in any event notice in sufficient time for Customer to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense, or settlement of such claim; and (iii) all necessary cooperation of Kobiton at Customer’s expense. Notwithstanding the foregoing sentence, Kobiton may participate in the defense of any claim by counsel of its own choosing, at its cost and expense and Customer will not settle any claim without Kobiton’s prior written consent, unless the settlement fully and unconditionally releases Kobiton and does not require Kobiton to pay any amount, take any action, or admit any liability.

4. DATA PROTECTION

In accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the data protection terms relating to processing of Account-Related Information and Customer Content are contained in Exhibit A (Data Protection Addendum). To the extent that there is any conflict between any provision of the Agreement and the contents of Exhibit A, the contents of Exhibit A shall prevail in respect of such conflict in so far as the matters of data protection are concerned.

5. REGULATORY COMPLIANCE

Kobiton is currently in compliance with and shall at all times remain in compliance with the regulations of the Office of Foreign Assets Control (“OFAC”) of the Department of the Treasury and any statute, executive order, or other governmental action relating thereto. In accordance with the regulations, Kobiton does not offer services to users in specific sanctioned regions and hence does not allow users in such regions to access all of certain parts of the service, including certain products. More information about the sanctions programs administered by the Office of Foreign Assets Control (“OFAC”) of the US Department of the Treasury is available at https://www.treasury.gov/resource-center/sanctions/pages/default.aspx. Therefore, Customer and/or its Affiliates agree that they are not from such specific sanctioned regions and are currently in compliance with and will at all times during the Subscription Term of this Agreement remain in compliance with the regulations of OFAC and any statute, executive order, or other governmental action relating thereto.

6. OWNERSHIP

  1. Kobiton Technology. This is a subscription agreement for access to and use of the Services. Customer acknowledges that it is obtaining only a limited right to the Services and that irrespective of any use of the words “purchase”, “sale” or like terms in this Agreement no ownership rights are being conveyed to Customer under this Agreement. Customer agrees that Kobiton or its suppliers retain all right, title and interest (including all patent, copyright, trademark, trade secret and other intellectual property rights) in and to the Services, all Documentation, Professional Services deliverables and any and all related and underlying technology and documentation and any derivative works, modifications or improvements of any of the foregoing, including as may incorporate Feedback (collectively, “Kobiton Technology”). Except as expressly set forth in this Agreement, no rights in any Kobiton Technology are granted to Customer. Further, Customer acknowledges that the Services are offered as an on-premise or on-line, hosted solution, and that Customer has no right to obtain a copy of any of the Services.
  2. Feedback. Customer, from time to time, may submit comments, questions, suggestions or other feedback relating to any Kobiton product or service to Kobiton (“Feedback”). Kobiton may freely use or exploit Feedback in connection with any of its products or services without the need to pay compensation for any use of such Feedback.
  3. Usage Data. Notwithstanding anything to the contrary herein, Customer agrees that Kobiton may obtain technical data about Customer’s use of the Services that is non-personally identifiable with respect to Customer (“Usage Data”), and Kobiton may use the Usage Data to analyze, improve, market, support and operate the Services and otherwise for any business purpose during and after the term of this Agreement. For clarity, this Section 6.3 does not give Kobiton the right to identify Customer as the source of any Usage Data.

7. FEES & PAYMENT

  1. Fees and Payment.
    (a) Except as expressly stated in an Order Form, all fees are set forth therein, are non-cancellable and non-refundable, and are due thirty (30) days from the invoice date.
    (b) Renewal-Term Price Adjustment. Subject to the renewal mechanism in § 8.1, Kobiton may increase the recurring subscription fees for any Renewal Term by the greater of (i) eight percent (8 %) of the fees charged for the identical Services during the immediately preceding twelve-(12)-month period, or (ii) Kobiton’s then-current list price for the same SKU(s).
    (c) Notice Requirement. Any such fee increase will take effect on the first day of the Renewal Term only if Kobiton provides Customer with written notice of the new fees at least forty-five (45) days before the Renewal Term begins.If Kobiton fails to give timely notice, the expiring fees will remain in effect for that Renewal Term.
    (d) Volume Reductions. If Customer reduces subscription volume, units, or Subscription Term length for any Service in a Renewal Term, Kobiton may re-price the affected Services at then-current list rates without regard to the prior Term’s pricing.
    (e) Taxes; Late Payments. Customer is responsible for all applicable taxes, exclusive of taxes based on Kobiton’s net income. Late payments accrue interest at 1.5 % per month (or the maximum lawful rate, if lower).
  2. Suspension of Service. In addition to any of Kobiton’s other rights or remedies (including but not limited to any termination rights set forth herein), Kobiton reserves the right to suspend Customer’s access to the Services if: (i) Customer’s account is thirty (30) days or more overdue; (ii) Kobiton determines that Customer has breached Section 2.3 (General Restrictions) or Section 3.3 (Customer Obligations); or (iii) Kobiton determines that suspension is necessary to prevent harm or liability to other customers or third parties, or to preserve the security, stability, availability or integrity of the Services. Kobiton will have no liability for taking action as permitted above in this section. However, unless this Agreement has been terminated, Kobiton will cooperate with Customer to restore access to the Services once it verifies that Customer has resolved the condition requiring suspension.

8. TERM AND TERMINATION

  1. Term. This Agreement is effective as of the Effective Date. Either party may terminate this Agreement on written notice if there are no Order Forms in effect. Each Service is provided on a subscription basis for a set term designated on the Order Form and thereafter, will automatically renew for successive terms of equal length to the initial term unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current term (the initial term and each renewal term, a “Subscription Term”).
  2. Termination for Cause. Either party may terminate this Agreement (including all related Order Forms) if the other party (a) fails to cure any material breach of this Agreement (including a failure to pay fees) within thirty (30) days after written notice; (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against that party (and not dismissed within sixty (60) days thereafter).
  3. Effect of Termination. Upon any expiration or termination of this Agreement, Customer will immediately cease any and all use of and access to all Services (including any and all related Kobiton Technology) and delete (or, at Kobiton’s request, return) any and all copies of the Documentation, any Kobiton passwords or access codes and any other Kobiton Confidential Information in its possession. Provided this Agreement was not terminated for Customer’s breach, Customer may retain and use internally copies of all reports exported from any Service prior to termination. Customer acknowledges that following termination it will have no further access to any Customer Content input into any Service, and that Kobiton may delete any such data as may have been stored by Kobiton at any time. Except where an exclusive remedy is specified, the exercise of either party of any remedy under this Agreement, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise.
  4. Survival. The following Sections will survive any expiration or termination of this Agreement: 2.3 (General Restrictions), 2.4 (Trial Subscriptions), 3.3 (Indemnification by Customer), 6 (Ownership), 7.1 (Fees and Payment), 8 (Term and Termination), 9.2 (Warranty Disclaimer), 11 (Confidential Information) and 12 (General Terms).

9. LIMITED WARRANTY

  1. Limited Warranty. Kobiton warrants, solely for Customer’s benefit, that during the applicable Subscription Term each Service, when used in accordance with this Agreement and the Documentation, will materially conform to, and operate in all material respects as described in, the applicable Documentation (the “Limited Warranty”).
    Remedy. If the Services fail to meet this Limited Warranty and Customer provides written notice within thirty (30) days after discovery of the non-conformity, Kobiton will, at no additional cost to Customer and as Customer’s exclusive remedy: (i) use commercially reasonable efforts to correct the reported non-conformity or provide a workaround that achieves materially equivalent functionality, or (ii) if Kobiton determines that such remedies are not commercially feasible, either party may terminate the affected Order Form and Kobiton will refund any prepaid, unused fees for the remainder of the terminated Subscription Term.
    Exclusions. The Limited Warranty does not apply to: (a) errors or deficiencies resulting from misuse, accident, or unauthorized modification of the Services, or from combination of the Services with software, hardware, data, or processes not supplied or expressly authorized by Kobiton; (b) beta, evaluation, or Trial Subscriptions; or (c) Services provided free of charge.
  2. Warranty Disclaimer. EXCEPT FOR THE LIMITED WARRANTY IN SECTION 9.1, ALL SERVICES AND THE KOBITON CODE ARE PROVIDED “AS IS”. NEITHER KOBITON NOR ITS SUPPLIERS MAKES ANY OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. KOBITON DOES NOT WARRANT THAT CUSTOMER’S USE OF ANY SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, NOR DOES KOBITON WARRANT THAT IT WILL REVIEW THE CUSTOMER CONTENT FOR ACCURACY OR THAT IT WILL PRESERVE OR MAINTAIN THE CUSTOMER CONTENT WITHOUT LOSS. KOBITON WILL NOT BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR OTHER SYSTEMS OUTSIDE THE REASONABLE CONTROL OF KOBITON. CUSTOMER MAY HAVE OTHER STATUTORY RIGHTS, BUT THE DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, WILL BE LIMITED TO THE SHORTEST PERIOD PERMITTED BY LAW.
  3. Specific Disclaimers. TO THE EXTENT PERMITTED BY LAW, KOBITON IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR ANY OTHER LOSS OR DAMAGE RESULTING FROM (I) THE TRANSFER OF DATA OVER PUBLIC COMMUNICATIONS NETWORKS AND FACILITIES, INCLUDING THE INTERNET, OR (II) ANY DELAY OR DELIVERY FAILURE ON THE PART OF ANY OTHER SERVICE PROVIDER NOT CONTRACTED BY US, AND CUSTOMER ACKNOWLEDGES THAT THE SERVICE MAY BE SUBJECT TO LIMITATIONS, DELAYS AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. CUSTOMER ACKNOWLEDGES THAT KOBITON CANNOT GUARANTEE THE ABSOLUTE PREVENTION OF CYBER-ATTACKS SUCH AS HACKING, SPYWARE, AND VIRUSES. ACCORDINGLY, KOBITON SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED DISCLOSURE, LOSS OR DESTRUCTION OF CUSTOMER DATA ARISING FROM SUCH RISKS AS LONG AS SUCH RISK CANNOT BE ATTRIBUTED TO NEGLIGANCE OR FAILURE ON KOBITON’S PART.

10. LIMITATION OF REMEDIES AND DAMAGES

  1. Consequential Damages Waiver. EXCEPT FOR EXCLUDED CLAIMS (DEFINED BELOW), NEITHER PARTY (NOR ITS SUPPLIERS) WILL HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE SERVICES, THE DOCUMENTATION, OR THE KOBITON CODE FOR ANY LOSS OF USE, LOST DATA, LOST PROFITS, FAILURE OF SECURITY MECHANISMS, INTERRUPTION OF BUSINESS, OR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, OR CONSEQUENTIAL DAMAGES OF ANY KIND, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
  2. Liability Cap. KOBITON’S AND ITS SUPPLIERS’ ENTIRE LIABILITY TO CUSTOMER ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE SERVICES, THE DOCUMENTATION, OR THE KOBITON CODE AT ANY TIME SHALL BE SHALL NOT EXCEED THE AGGREGATE FEES PAID AND PAYABLE UNDER THE ORDER FORM GIVING RISE TO THE CLAIM IN THE TWELVE (12) MONTH PERIOD PRECEDING THE CLAIM.
  3. Intellectual Property Indemnification.
    1. Defense & Payment. Kobiton will, at its own expense, defend Customer, its affiliates, and their respective officers, directors, and employees (“Customer Indemnitees”) against any third-party claim, suit, or proceeding (each, a “Claim”) alleging that the Services, as delivered by Kobiton and used in accordance with this Agreement, directly infringe a United States patent issued as of the Effective Date or any registered U.S. copyright or trademark. Kobiton will pay (i) all reasonable attorneys’ fees it incurs in the defense and (ii) any damages or costs finally awarded against a Customer Indemnitee (or agreed to by Kobiton in a settlement it approves).
    2. Exclusions. Kobiton has no obligation under this Section for Claims arising from (a) use of the Services in combination with software, hardware, data, or processes not supplied by Kobiton if the Claim would have been avoided but for that combination; (b) modifications to the Services made by anyone other than Kobiton or its authorized contractors; (c) Customer’s continued use of the Services after Kobiton notifies Customer to stop because of an infringement allegation; (d) Customer’s failure to implement an update or replacement offered by Kobiton to avoid a Claim; or (e) Customer Content or third-party products.
    3. Infringement Mitigation. If a Claim is made or, in Kobiton’s opinion, is likely, Kobiton may, at its option and expense: (i) procure the right for Customer to continue using the Services; (ii) replace or modify the Services so that they are non-infringing and substantially equivalent in functionality; or (iii) if neither (i) nor (ii) is commercially reasonable, terminate the affected Order Form and refund any prepaid, unused fees for the remainder of the applicable Subscription Term.
    4. Procedures. Customer must promptly notify Kobiton in writing of any Claim, grant Kobiton sole control of the defense and settlement (except that Kobiton may not settle any Claim imposing liability or obligations on Customer without Customer’s prior written consent, not to be unreasonably withheld), and provide reasonable cooperation at Kobiton’s expense.
    5. Cap & Exclusive Remedy. Kobiton’s aggregate liability under this Section will not exceed the total fees paid and payable by Customer under the Order Form giving rise to the Claim during the twelve (12)-month period immediately preceding the first notice of the Claim, and this Section states Customer’s sole and exclusive remedy for any third-party allegation of intellectual-property infringement relating to the Services.
  4. Excluded Claims. “Excluded Claims” means any claim arising (a) from Customer’s breach of Section 2.3 (General Restrictions); (b) under Section 3.3 (Customer Obligations) and Section 3.3 (Indemnification by Customer); or (c) from a party’s breach of its obligations in Section 11 (Confidential Information) (but excluding claims related to Customer Content).
  5. Nature of Claims and Failure of Essential Purpose. The parties agree that the waivers and limitations specified in this Section 10 apply regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose.

11. CONFIDENTIAL INFORMATION

Each party (as “Receiving Party”) agrees that all code, inventions, know-how, business, technical and financial information it obtains from the disclosing party (“Disclosing Party”) constitute the confidential property of the Disclosing Party (“Confidential Information”), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any Kobiton Technology, performance information relating to any Service, and the terms and conditions of this Agreement will be deemed Confidential Information of Kobiton without any marking or further designation. Customer Content will be deemed Confidential Information of Customer without the need for any marking or further designation. Except as expressly authorized herein, the Receiving Party will (1) hold in confidence and not disclose any Confidential Information to third parties and (2) not use Confidential Information for any purpose other than fulfilling its obligations and exercising its rights under this Agreement. The Receiving Party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know (including, for Kobiton, its subcontractors), provided that such representatives are bound to confidentiality obligations no less protective of the Disclosing Party than this Section 11 and that the Receiving Party remains responsible for compliance by any such representative with the terms of this Section 11. The Receiving Party’s confidentiality obligations will not apply to information that the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of the Receiving Party who had no access to such information. The Receiving Party may make disclosures to the extent required by administrative or judicial process, applicable law, or court order, provided the Receiving Party notifies the Disclosing Party in advance and cooperates in any effort to obtain confidential treatment. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.

12. GENERAL TERMS

  1. Assignment. This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns. Neither party may assign this Agreement without the advance written consent of the other party, except that either party may assign this Agreement in connection with a merger, reorganization, acquisition or other transfer of all or substantially all of such party’s assets or voting securities. Any attempt to transfer or assign this Agreement except as expressly authorized under this Section 12.a will be null and void.
  2. Severability. If any provision of this Agreement will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement will otherwise remain in effect.
  3. Governing Law; Jurisdiction and Venue. This Agreement will be governed by the laws of the State of Georgia and the United States without regard to conflicts of laws provisions thereof, and without regard to the United Nations Convention on the International Sale of Goods. All disputes relating to or arising out of this Agreement shall be resolved in a state or federal court located in or encompassing Atlanta, Georgia, USA, and the parties hereby consent to the jurisdiction of such courts.
  4. Promotional Rights. Customer agrees that Kobiton may refer Customer’s name, trademarks, logos, Feedback, comments, suggestions, case studies, testimonials, name and picture of individual issuing testimonials or comments in its marketing, advertising, customer references and website.
  5. Attorneys’ Fees and Costs. The prevailing party in any action to enforce this Agreement will be entitled to recover its attorneys’ fees and costs in connection with such action.
  6. Notice. Any notice or communication required or permitted under this Agreement will be in writing to the parties at the addresses set forth on the Order Form or at such other address as may be given in writing by either party to the other in accordance with this Section and will be deemed to have been received by the addressee (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch or (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail.
  7. Amendments; Waivers. No supplement, modification, or amendment of this Agreement will be binding, unless executed in writing by a duly authorized representative of each party to this Agreement. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. No provision of any purchase order or other business form employed by Customer will supersede the terms and conditions of this Agreement, and any such document relating to this Agreement will be for administrative purposes only and will have no legal effect.
  8. Entire Agreement. This Agreement, as may be updated from time to time and posted at https://kobiton.com/service-subscription-agreement/, is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this Agreement. Any additional or different legal terms contained in any Customer purchase order (such as a reference to Customer’s online terms of use) will not apply – even if accepted by Kobiton in writing. Customer acknowledges that the Services are subscription-based products, and that in order to provide improved customer experience Kobiton may make changes to the Services, and Kobiton will update the applicable Documentation accordingly.
  9. Force Majeure. Except with respect to pay amounts owed hereunder, neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events that occur after the signing of this Agreement and that are beyond the reasonable control of such party (each, a “Force Majeure Event”), including but not limited to, such an act of God, a strike, blockade, war, act of terrorism, riot, governmental action, natural disaster, epidemic or pandemic, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.
  10. Independent Contractors. The parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the parties. Neither party will have the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.
  11. Export Control. In its use of the Services, Customer agrees to comply with all export and import laws and regulations of the United States and other applicable jurisdictions. Without limiting the foregoing, (i) Customer represents and warrants that it is not listed on any U.S. government list of prohibited or restricted parties or located in (or a national of) a country that is subject to a U.S. government embargo or that has been designated by the U.S. government as a “terrorist supporting” country, (ii) Customer will not (and will not permit any of its users to) access or use the Services in violation of any U.S. export embargo, prohibition or restriction, and (iii) Customer will not submit to the Services any information that is controlled under the U.S. International Traffic in Arms Regulations.
  12. Government End-Users. Elements of the Services are commercial computer software. If the user of the Services is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. All Services and Kobiton Code were developed fully at private expense. All other use is prohibited.
  13. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will be considered one and the same agreement. Facsimile signatures, signatures on an electronic image (such as .pdf or .jpg format), and electronic signatures shall be deemed to be handwritten signatures.

EXHIBIT A – DATA PROTECTION ADDENDUM

1. Definitions

  1. Agreement: the terms of service agreement to which this Exhibit is attached.
  2. Appropriate Safeguards: means the measures set out in Article 46 of GDPR.
  3. Appropriate Technical and Organizational Measures: has the meaning given to such term in Data Protection Legislation (including, as appropriate, the measures referred to in Article 32(1) of the GDPR).
  4. Authorized Person: the personnel authorized on Customer’s behalf to provide instructions to Kobiton in relation to the Processing provisions in this Exhibit.
  5. Business Purpose: the provision of the Services.
  6. Customer: means any customer of Kobiton who or which is being provided with the Services as set out in the Agreement.
  7. Data: any data or information, in whatever form, including but not limited to images, still and moving, and sound recordings.
  8. Data Controller: has the meaning given to such term in Data Protection Legislation.
  9. Data Processor: has the meaning given to such term in Data Protection Legislation.
  10. Data Protection Legislation: means applicable laws and regulations relating to the privacy and security of Personal Information, including but not limited to GDPR and the Data Protection Acts 1988 to 2018 of Ireland, and to privacy including the E-Privacy Directive 2002/58/EC and the European Communities (ElectronicCommunications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”) of Ireland, as such laws shall be supplemented, amended, revised or replaced from time to time.
  11. Data Protection Officer: a data protection officer appointed pursuant to Data Protection Legislation.
  12. Data Subject: an individual who is the subject of Personal Information (including any [Permitted User]).
  13. Delete: to remove or obliterate Personal Information such that it cannot be recovered or reconstructed.
  14. EEA: European Economic Area.
  15. GDPR: General Data Protection Regulation (EU) 2016/679.
  16. Kobiton System: any information technology system or systems owned or operated by Kobiton to which Customer Content is delivered or on which the Services are performed.
  17. Personal Data Breach: means any “personal data breach” as defined in the GDPR in respect of the Personal Information within Account-Related Information which is caused by Kobiton.
  18. “Non-PI Security Breach” means the acquisition, access, use, or disclosure of Account-Related Information or Customer Content not containing Personal Information in a manner that violates the security requirements in this Exhibit and compromises the security of Account-Related Information or Customer Content.
  19. Permitted User: has the meaning given to that term in Clause 2.2(a).
  20. Processing: has the meaning given to such term in Data Protection Legislation, and Processed and Process shall be interpreted accordingly.
  21. Representatives: Party’s employees, officers, representatives, advisers or subcontractors involved in the provision or receipt of the Services.
  22. Restricted Transfer: any transfer of Personal Information in Account-Related Personal Information to countries outside of the EEA which are not subject to an adequacy decision by the European Commission, where such transfer would be prohibited by Data Protection Legislation.
  23. Security Features: any security feature, including any encryption, pseudonymisation, key, PIN, password, token or smartcard.
  24. Specific Instructions: instructions meeting the criteria set out in paragraph 2.2. of this Exhibit.
  25. Standard Contractual Clauses: the contractual clauses dealing with the transfer of Personal Information outside the EEA, which have been approved by (i) the European Commission under Data Protection Legislation, or (ii) by a competent supervisory authority under Data Protection Legislation.
  26. Sub-processor: has the meaning given to such term in Clause 11 of this Section.

2. Provision of Services

  1. Kobiton is the Data Processor and Customer is the Data Controller under the Agreement.
  2. Kobiton shall not act on any specific instructions given by Customer from time to time during the Term in respect of Processing Account-Related Information unless they are:
    1. in writing (including by electronic means); and given by an Authorised Person.
  3. Kobiton shall Process Account-Related Information for the Business Purpose only and in compliance with Customer instructions from time to time, which may be:
    1. Specific Instructions; or the general instructions set out in this Agreement unless required to do otherwise by law, in which case, where legally permitted, Kobiton shall inform Customer of such legal requirement before Processing.
  4. The types of Personal Information to be Processed pursuant to this Agreement include but are not limited to the Personal Data as set out in Appendix 1 of the Standard Contractual Clauses set out here, and the categories of Data Subject to whom such Personal Data relates may include but is not limited to employees, customers, suppliers and business contacts.
  5. Kobiton’s privacy practices regarding Account-Related Information are governed by the then-current version of Kobiton’s privacy policy at https://kobiton.com/privacy-policy, as it is amended from time to time, and which is incorporated by reference herein.

3. Parties’ Obligations

  1. Kobiton shall only make copies of the Account-Related Information and Customer Content to the extent reasonably necessary for the Business Purpose (which, for clarity, may include for generating logs in relation to Customer’s use of the Services, back-up, mirroring (and similar availability enhancement techniques), security, disaster recovery and testing the Services).
  2. In general, Customer Content and any logs created by Kobiton relating to Customer Content will be kept and stored for 60 days from the date of upload/creation, after which point it will then be automatically deleted, Customer may also retrieve and delete Customer Content using Kobiton API.
  3. At Customer’s request and cost, Kobiton shall provide to Customer a copy of all Customer Content held by Kobiton in a commonly used format.
  4. Any proposal by Kobiton to in any way use or make available Customer Content other than as provided for pursuant to this Agreement shall be subject to prior written approval of Customer.
  5. Customer acknowledges that Kobiton is under no duty to investigate the completeness, accuracy or sufficiency of (i) any instructions received from Customer, or (ii) any Customer Content.
  6. Customer shall:
    1. ensure that Customer is entitled to transfer Account-Related Information to Kobiton so that Kobiton may lawfully process and transfer (if applicable) Account-Related Information in accordance with this Agreement;
    2. ensure that the relevant Data Subjects have been informed of, and have given their consent to, such use, processing, and transfer as required by Data Protection Legislation;
    3. notify Kobiton in writing without delay of any situation or envisaged development that shall in any way influence, change or limit the ability of Kobiton to process Account-Related Information as set out in this Agreement;
    4. ensure that Account-Related Information sent to Kobiton to Process pursuant to this Agreement is:
      1. obtained lawfully, fairly and in a transparent manner in relation to the Data Subject (including in respect of how consent is obtained);
      2. collected and processed for specified, explicit and legitimate purposes, and not further processed in a manner incompatible with those purposes;
      3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
      4. accurate, and where necessary kept up to date;
      5. erased or rectified without delay where it is inaccurate, having regard to the purposes for which they are processed;
      6. kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Information within the Account-Related Information is processed (subject to circumstances where Personal Information may be stored for longer periods insofar as it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and subject to the implementation of Appropriate Technical and Organisational Measures);
      7. processed in a manner that ensures appropriate security of the Account-Related Information, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using Appropriate Technical and Organisational Measures; and
    5. provide such information and such assistance to Kobiton as may be reasonably required, and within the timescales reasonably specified by Kobiton, to allow  Kobiton to comply with its obligations under Data Protection Legislation.
    6. Account-Related Information provided to Kobiton shall not be kept by Customer for a period that is longer than necessary.

4. Kobiton Employees

Kobiton shall take reasonable steps to ensure the reliability of all its employees who have access to Customer Content and Account-Related Information, and to ensure that such employees have committed themselves to a binding duty of confidentiality in respect of Customer Content and Account-Related Information.

5. Records

Kobiton shall keep at its normal place of business records (including in electronic form) relating to all categories of Processing activities carried out on behalf of Customer, containing:

  1. the general description of the security measures taken in respect of Customer Content and Account-Related Information, including details of any Security Features and the Appropriate Technical and Organisational Measures;
  2. the name and contact details of Kobiton; any sub-processor; and where applicable Kobiton representatives; and where applicable any Data Protection Officer appointed by Kobiton;
  3. the categories of Processing done by Kobiton on behalf of Customer; and
  4. the time limits for erasure of the Personal Information in the Customer Content and Account-Related Information; and
  5. details of any non-EEA Personal Information transfers, and the safeguards in place in respect of such transfers.

6. Data Subject Requests

  1. Taking into account the nature of Kobiton’s Processing of Customer Content and Account-Related Information and at Customer cost, Kobiton shall assist Customer by employing Appropriate Technical and Organisational Measures, insofar as this is possible, in respect of the fulfilment of Customer’s obligations to respond to requests from a Data Subject exercising his/her rights under Data Protection Legislation regarding Account-Related Information.
  2. Kobiton shall, at Customer’s cost, notify Customer as soon as reasonably practicable if it receives:
    1. a request from a Data Subject for access to the Data Subject’s Personal Information (relating to the Services);
    2. any communication from a Data Subject (relating to the Services) seeking to exercise rights conferred on the Data Subject by Data Protection Legislation in respect of Personal Information in the Account-Related Information or Customer Content; or
    3. any complaint or any claim for compensation arising from or relating to the Processing of such Personal Information in the Account-Related Information or Customer Content.
  3. Kobiton shall not disclose the Personal Information to any Data Subject or to a third party other than at the request of Customer, as provided for in this Exhibit, or as required by law in which case Kobiton shall to the extent permitted by law inform Customer of that legal requirement before Customer discloses the Personal Information to any Data Subject or third party.
  4. Kobiton shall not respond to any request from a Data Subject except on the documented instructions of Customer or an Authorised Person or as required by law, in which case Kobiton shall to the extent permitted by law inform Customer of that legal requirement before Kobiton responds to the request.

7. Data Protection Officer

  1. Kobiton shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation in connection with the performance of the Services, and provide Customer with the contact details of such Data Protection Officer.
  2. Customer shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation, and provide Kobiton with the contact details of such Data Protection Officer.

8. Security

  1. Kobiton shall, in accordance with requirements under Data Protection Legislation, implement Appropriate Technical and Organisational Measures to safeguard the Account-Related Information from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage, and that, having regard to the state of technological development and the cost of implementing any measures (and the nature, scope, context and purposes of Processing, as well as the risk to Data Subjects), such measures shall be proportionate and reasonable to ensure a level of security appropriate to the harm that might result from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage and to the nature of the Personal Information in the Customer Content and Account-Related Information to be protected.
  2. Kobiton shall maintain reasonable and appropriate administrative, physical, and technical safeguards to protect Customer Content and Account-Related Information and provide assurances that they can only be accessed by persons and systems that are authorised by Kobiton and necessary to meet the Business Purpose, and that all equipment used by Kobiton for the Processing of Customer Content or Account-Related Information may be maintained by Kobiton in a physically secure environment.
  3. Customer shall make a back-up copy of Screenshots as often as is reasonably necessary and record the copy on media from which Screenshots can be reloaded in the event of any corruption or loss of Customer Content.

9. Breach Reporting

  1. Kobiton shall, without undue delay, inform Customer if any of Account-Related Information or Customer Content is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of Account-Related Information or Customer Content. In such case, Kobiton will use commercially reasonable efforts to restore Account-Related Information or Customer Content at Customer’s expense (except where the incident was caused by Kobiton’s negligent act or omission, in which case it will be at Kobiton expense), and will comply with all of its obligations (if any) under Data Protection Legislation in this regard.
  2. Kobiton must inform Customer of any Personal Data Breaches, or any complaint, notice or communication in relation to a Personal Data Breach, without undue delay. Taking into account the nature of Kobiton’s Processing of the Account-Related Information and the information available to Kobiton and at Customer cost Kobiton will provide sufficient information and assist Customer in ensuring compliance with Customer’s obligations in relation to notification of Personal Data Breaches (including the obligation to notify Personal Data Breaches to the applicable supervisory authority within seventy two (72) hours), and communication of Personal Data Breaches to Data Subjects where the breach is likely to result in a high risk to the rights of such Data Subjects. Taking into account the nature of Kobiton’s Processing of the Personal Information in Account-Related Information and the information available to Kobiton and at Customer cost, Kobiton shall co-operate with Customer and take such reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

10. Restricted Transfers

  1. A Restricted Transfer may not be made by Kobiton (other than transfers to Kobiton Affiliates and by any agents and contractors for the purposes of performing the Services, and Customer shall use commercially reasonable efforts to obtain explicit consent from relevant Data Subjects in respect of such potential transfers) without the prior written consent of Customer (such consent not to be unreasonably withheld, delayed or conditioned), and if such consent has been obtained (or is unnecessary), such Restricted Transfer may only be made where there are Appropriate Safeguards in place with regard to the rights of Data Subjects (including but not limited to the Standard Contractual Clauses, binding corporate rules, or any other model clauses or transfer mechanism approved by the applicable supervisory authority).
  2. Subject to Clause 10.5, in the event of any Restricted Transfer by Kobiton to a contracted Sub-processor, to any Affiliate of Customer or otherwise (“Data Importer”) for which Customer’s consent has been obtained (or is unnecessary), Kobiton and Customer shall ensure that (i) Customer (where the RestrictedTransfer is being made at the request of Customer) or Kobiton acting as agent for and on behalf of Customer (where the Restricted Transfer is being made at the request of Kobiton), and (ii) the Data Importer, shall enter into the Standard Contractual Clauses in respect of such Restricted Transfer. The Party who is entering into the Standard Contractual Clauses with a Data Importer shall comply with the guidance of any relevant regulatory authority on Restricted Transfers in particular with respect to the use of Standard Contractual Clauses and any additional measures required to be taken in the context of any such Restricted Transfers.
  3. Subject to Clause 10.5, any Restricted Transfer made by one Party (“Data Exporter”) to the other Party (“Data Importer”) shall be made subject to the provisions set out in the Standard Contractual Clauses contained here, and such Standard Contractual Clauses (except for any optional provisions contained in same, which shall not apply) are hereby specifically incorporated into this Agreement by reference for such purpose.
  4. Subject to Clause 10.5, in the event that a transfer of Personal Data from the EEA to the United Kingdom is considered a Restricted Transfer, because the United Kingdom has left the European Union, Parties shall procure that the Data Importer shall enter into the Standard Contractual Clauses in respect of such Restricted Transfer.
  5. Clauses 10.1 or 10.2 shall not apply to a Restricted Transfer if other compliance steps (which may include, but shall not be limited to, obtaining explicit consents from Data Subjects) have been taken to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Legislation.
  6. In the event that there is any conflict between the Standard Contractual clauses and the other provisions of this Agreement, such Standard Contractual Clauses shall take precedence in respect of such conflict (other than in respect of legislative references etc. which have been updated pursuant to Data Protection Legislation since the date of approval of such Standard Contractual Clauses.)

11. Sub-processors

  1. Customer agrees and acknowledges that Kobiton may have Account-Related Information and Customer Content Processed by any of Kobiton Affiliates and by any agents and contractors for the purpose of providing the Service (a “Sub-processor”). A current list of the categories of Sub-processors used by Kobiton is maintained on Kobiton’s website at https://www.kobiton.com/sub-processors. Customer specifically authorizes the engagement as Sub-processors of (a) those entities listed at the URL mentioned herein, and (b) all other Kobiton Affiliates from time to time. Customer generally authorizes the engagement as Sub-processors of any other third parties. In case Kobiton intends to add a new Sub-processor, Kobiton shall update the website ten (10) days prior to authorizing any new Sub-processor to Process Account-Related Information and Customer Content in connection with the provision of the applicable Services.
  2. Customer may reasonably object to Kobiton’s use of a new Sub-processor by notifying Kobiton promptly in writing within the ten (10) days after Kobiton updates its website in accordance with the mechanism set out in Clause 11.a. In the event Customer objects to a new Sub-processor, as permitted in the preceding sentence, Kobiton will use reasonable efforts to make available to Customer a change in the Services. If Kobiton is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the applicable Order Form(s) by providing written notice to Kobiton.
  3. With respect to each Sub-processor, Kobiton shall, before the Sub-processor first Processes Account-Related Information), ensure that the Sub-processor is capable of providing the level of protection for Account-Related Information required by this Exhibit.
  4. Kobiton will remain fully liable to Customer in respect of any failure by the Sub-processor to fulfil its data protection obligations regarding Account-Related Information.
  5. If Customer has entered into the Standard Contract Clauses, the authorizations given by the Customer under this Section 11 shall constitute Customer’s prior written consent to the subcontracting by Kobiton of the processing of personal data.

12. Audit Rights

  1. Kobiton Audits: Kobiton uses external auditors to verify the adequacy of its security measures. This audit: (a) will be performed at least annually; (b) will be performed according to relevant standards; (c) will be performed by independent third party security professionals at Kobiton’s selection and expense; and (d) will result in the generation of System and Organization Controls (SOC) 2 Report (“Report”), which will be Kobiton’s Confidential Information.
  2. Audit Reports: At Customer’s written request, and provided that the parties have an applicable NDA in place, Kobiton will provide Customer with a copy of the Report and other documents and information via questionnaires, so that Customer can reasonably verify Kobiton’s compliance with its obligations under this DPA.
  3. Customer agrees to exercise any right it may have to conduct an audit or inspection, under the Standard Contractual Clauses if they apply, by instructing Kobiton to carry out the audit described in Section 12.a. If Customer wishes to change this instruction regarding the audit, then Customer has the right to request a change to this instruction by sending Kobiton a written notice as provided for in the Agreement. If a written notice is sent by the Customer, including under the Standard Contract Clauses if they apply, Kobiton will allow Customer or an independent auditor appointed by Customer to conduct audits once every five (5) years, if required by law and in accordance with this Section:
    1. Customer must send a written request for audits to Kobiton.
    2. Following receipt by Kobiton of such request, Kobiton and Customer shall discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of the SOC 2 report; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit.
    3. Customer shall be solely responsible for any and all costs / expenses pertaining to such an audit.
    4. Kobiton may object in writing to an auditor appointed by the Customer to conduct any audit if the auditor is, in Kobiton’s reasonable opinion, not suitably qualified or independent, a competitor of Kobiton, or otherwise manifestly unsuitable. Any such objection by the Kobiton will require the Customer to appoint another auditor or conduct the audit itself.
      If Kobiton declines to follow any instruction requested by Customer regarding audits or inspections, Customer is entitled to terminate this DPA and the Agreement.If the Standard Contractual Clauses apply, except for providing clarification on their implementation, nothing in this Section varies or modifies the Standard Contractual Clauses nor affects any supervisory authority’s or data subject’s rights under the Standard Contractual Clauses.

13. Warranties

  1. Kobiton warrant and undertake to Customer that:
    1. Kobiton will Process Account-Related Information and Customer Content in compliance with Kobiton’s obligations under Data Protection Legislation;
    2. Kobiton will maintain Appropriate Technical and Organisational Measures against the unauthorised or unlawful Processing of Account-Related Information and Customer Content and against the accidental loss or destruction of, or damage to, Account-Related Information and Customer Content; and
    3. Kobiton will discharge its obligations under this Section with all due skill, care and diligence.
  2. Customer hereby warrants and undertakes that:
    1. Customer has complied with and shall comply with its obligations under Data Protection Legislation;
    2. Customer has the right to transfer (or to authorise Users to transfer) Personal Information and Customer Content to Kobiton in accordance with the terms of this Agreement;
    3. Customer shall and shall cause, appropriate notices to be provided to, and valid consents to be obtained from, Data Subjects, in each case that are necessary for Kobiton to Process (and have Processed by Sub-processors) Personal Information in Account-Related Information under or in connection with this Agreement, including Processing outside the EEA on the basis of any of the legal conditions for such transfer and Processing set out in Clause 11 above;
    4. Customer shall not, by act or omission, cause Kobiton to violate any Data Protection Legislation, notices provided to, or consents obtained from, Data Subjects as a result of Kobiton or its Sub-processors Processing Personal Information; and
    5. notwithstanding anything contained in this Agreement, Customer shall reimburse Kobiton for costs incurred or likely to be incurred, at Kobiton’s option in advance under this Section (where matters are to be at Customer’s cost).

14. Consequences of Termination on Customer Content

Upon termination or expiry of this Agreement, at the choice of Customer, Kobiton shall delete or return all Customer Content to Customer and delete existing copies of Customer Content, unless legally required/entitled to store Customer Content for a period of time. If Customer makes no such election within a ten (10) days period of termination or expiry of this Agreement, Kobiton may delete any of Customer Content in Kobiton’s possession; and if Customer elect for destruction rather than return of Customer Content, Kobiton shall as soon as reasonably practicable ensure that all Customer Content is deleted from Kobiton System, unless legally required/entitled to store Customer Content for a period of time. The Customer Content will be deleted in accordance with the applicable product data retention policies as may be in place and amended or replaced from time to time.

Ready to accelerate delivery of
your mobile apps?

Request a Demo