These Terms of Service are entered into by and between rewardly s.r.o., ID No. 56441339, with its registered seat at Lermontovova 911/3, 811 05 Bratislava -- Old Town, Slovak Republic (the "Provider") and the entity using the Services in any manner (the "Customer").

These Terms of Service constitute an integral part of the Agreement (the "Agreement"). The Agreement consists of these Terms of Service, any attachments or exhibits identified below and all applicable Order Forms (as defined below) which refer to these Terms of Services.

The "Effective Date" of the Agreement is the date which is the earlier of (a) Customer's initial access to any Services (as defined below) or (b) the effective date of the first Order Form referencing this Agreement.

The Agreement is effective as of the Effective Date and expires on the date of expiration or termination of all Subscription Terms.

‍DEFINITIONS

‍Other than the terms defined in the body of the Agreement , these terms have the following meaning

"Affiliate" means any entity under the control of a Party where "control" means ownership of or the right to direct greater than 50% of the voting securities of such entity.

"Beta Offerings" mean pre-release services, features, or functions identified as alpha, beta, preview, early access, or words or phrases with similar meanings.

"Contractor" means an independent contractor or consultant of the Customer who is not a competitor of the Provider.

"Customer Data" means any data of any type that is submitted to the Services by or on behalf of the Customer, including without limitation data submitted, uploaded, or imported to the Services by the Customer (including from Third-Party Platforms).

"DPA" means the data processing addendum attached hereto as Exhibit A.

"Documentation" means the technical user documentation provided with the Services.

"Feedback" means comments, questions, suggestions, or other feedback relating to the Services, but excluding any Customer Data.

"Intellectual Property Rights" include all valid patents, trademarks, copyrights, trade secrets, moral rights, feedback, and other intellectual property rights, as may exist now or hereafter come into existence, and all renewals and extensions thereof, and all improvements to any of the foregoing, regardless of whether any of such rights arise under the laws of any state, country, or other jurisdiction.

"Laws" mean all applicable local, state, federal, and international laws, regulations, and conventions.

"Order Form" means a written or electronic form to order the Services referencing this Agreement. Upon execution by the authorized Parties each Order Form will be subject to the terms and conditions of this Agreement.

"Party" means either the Provider or the Customer; the "Parties" both the Provider and the Customer.

"Permitted User" means an employee or a Contractor of the Customer or its Affiliate who is authorized to access the Services.

"Renewal Term" means successive periods equal to Subscription Term, beginning after the then-current Subscription Term.

"Sensitive Personal Information" means any of the following: (i) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards ("PCI DSS"); (ii) patient, medical or other protected health information regulated by the Health Insurance Portability and Accountability Act ("HIPAA"), if applicable; or (iii) any other personal data of an EU citizen deemed to be in a "special category" (as identified in the EU General Data Protection Regulation or any successor Laws).

"Services" mean the Provider's proprietary software-as-a-service solution which consists of a digital platform for businesses offering loyalty programs and their management, including all related products, services, and software provided by the Provider to the Customer.

"Subscription Term" means a set term designated in an Order Form during which the Services are provided to the Customer or then-current Renewal Term.

"Support" means standard technical support and maintenance of the Services.

"Taxes" mean any sales, use, GST, value-added, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on the income of the Provider.

"Third-Party Platform" means any software, software-as-a-service, data sources or other products or services not provided by the Provider that are integrated with or otherwise accessible through the Services.

‍PROVIDER SERVICES

Provision of Services. The Services are provided on a subscription basis for a Subscription Term. The Customer will purchase, and the Provider will provide the Services identified and agreed upon in the applicable Order Form.

‍Access to Services. The Customer may access and use the Services solely for its own benefit and in accordance with the terms and conditions of this Agreement, the Documentation, and any scope of use restrictions designated in the applicable Order Form. Use of and access to the Services is permitted only by Permitted Users. If Customer is given API keys or passwords to access the Services on the Provider's systems, the Customer will require that all Permitted Users keep API keys, user ID and password information strictly confidential and not share such information with any unauthorized person. User IDs are granted to individual, named persons, and may not be shared. If the Customer is accessing the Services using credentials provided by a third party (e.g., Google), then the Customer will comply with all applicable terms and conditions of such third-party regarding provisioning and use of such credentials. The Customer will be responsible for all actions taken using Customer's accounts and passwords. If a Permitted User who has access to a user ID is no longer an employee or Contractor of the Customer, then the Customer will promptly delete such user ID and otherwise terminate such Permitted User's access to the Services.

‍Contractors and Affiliates. The Customer may permit its Affiliates and Contractors to serve as Permitted Users, provided the Customer remains responsible for compliance by such individuals with all the terms and conditions of this Agreement, and all use of the Services by such individuals is for the sole benefit of the Customer.

‍Modifications to Services. Without limiting any other terms herein, as a part of on-going development of the Services, the Provider reserves the right in its sole discretion to add, change, discontinue or otherwise modify any elements and features to the Services specified in the Agreement (the "Modification"). The Provider will provide the Customer with reasonable advance notice if any Modification materially degrades the provided Services (e.g. if a material feature is removed from the applicable Services).

General Restrictions. The Customer will not (and will not permit any third party to): (a) rent, lease, provide access to, or sublicense the Services to a third party; (b) use the Services to provide, or incorporate the Services into, any product or service provided to a third party; (c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APIs to the Services, except to the extent expressly permitted by applicable law (and then only upon advance notice to the Provider); (d) copy or modify the Services or any Documentation, or create any derivative work from any of the foregoing; (e) remove or obscure any proprietary or other notices contained in the Services (notices on any reports or data printed from the Services); or (f) publicly disseminate information regarding the performance of the Services.

‍Provider APIs. If the Provider makes access to any APIs available as part of the Services, the Provider may monitor the Customer's usage of such APIs and limit the number of calls or requests Customer may make if the Provider believes that the Customer's usage is in breach of this Agreement or may negatively affect the security, operability or integrity of the Services (or otherwise impose liability on the Provider).

‍Apps. To the extent the Provider provides applications for use with the Services (the "Apps"), subject to all the terms and conditions of this Agreement, the Provider grants to the Customer a limited, non-transferable, non-sublicensable, non-exclusive license only during an applicable Subscription Term to use the object code form of the Apps internally, but only in connection with the Customer's use of the Services and otherwise in accordance with the Documentation and this Agreement.Trial Subscriptions. If the Customer receives free access or a trial or evaluation subscription to the Services (a "Trial Subscription"), then the Customer may use the Services in accordance with the terms and conditions of this Agreement for a period specified in the Order Form (the "Trial Period"). Trial Subscriptions are permitted solely for the Customer's use to determine whether to purchase a paid subscription to the Services. Trial Subscriptions may not include all functionality and features accessible as part of a paid Subscription Term. If the Customer does not enter into a paid Subscription Term, this Agreement and the Customer's right to access and use the Services will terminate at the end of the Trial Period. The Provider has the right to terminate a Trial Subscription at any time for any reason. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, THE PROVIDER WILL HAVE NO WARRANTY, LIABILITY, INDEMNITY, SUPPORT, OR OTHER OBLIGATIONS WITH RESPECT TO TRIAL SUBSCRIPTIONS.

‍Beta Offering.From time to time, the Provider may make Beta Offerings available to the Customer at no charge. The Customer may elect to try such Beta Offering in its sole discretion. Beta Offerings are intended for evaluation purposes and not for production use, are not supported, and may be subject to additional terms. Beta Offerings are not considered "Services" under this Agreement; however, all restrictions, our ownership and the Customer obligations concerning the Services shall apply. Unless otherwise stated or communicated to the Customer, any Beta Offerings trial period will expire upon the date that a version of the Beta Offerings becomes generally available without the applicable Beta Offerings designation. The Provider may discontinue Beta Offerings at any time in its sole discretion and may never make them generally available. Beta Offerings may not be supported and may be modified at any time without notice. Beta Offerings may not be as reliable, available, or subject to the same security requirements as the Services.

‍Customer DATA

Data Processing by the Provider. All data processing activities in connection with the Services will be governed by the DPA.

‍Rights in Customer Data. As between the Parties, the Customer will retain all right, title, and interest (including all Intellectual Property Rights) in and to the Customer Data as provided to the Provider. Subject to the terms of this Agreement, the Customer hereby grants to the Provider a non-exclusive, worldwide, royalty-free right to use, copy, store, transmit, modify, and display the Customer Data solely to the extent necessary to provide the Services to the Customer.

‍Storage of Customer Data. The Provider does not provide an archiving service. The Provider agrees only that it will not intentionally delete any Customer Data from the Services prior to termination of the Customer's applicable Subscription Term and expressly disclaims all other obligations with respect to storage.

‍Customer Obligations.

In General. The Customer is solely responsible for the accuracy, content, and legality of all Customer Data. The Customer represents and warrants to the Provider that the Customer has all necessary rights, consents, and permissions to collect, share, and use all Customer Data as contemplated in this Agreement (including granting the Provider the rights in Section 3.2 (Rights in Customer Data)) and that no Customer Data will violate or infringe (i) any third party Intellectual Property Rights or publicity, privacy, or other rights, (ii) any Laws, or (iii) any terms of service, privacy policies or other agreements governing Customer's accounts with any Third-Party Platforms. The Customer further represents and warrants that all Customer Data complies with the Agreement. The Customer will be fully responsible for all Customer Data submitted to the Services by any person as if it was submitted by the Customer.

No Sensitive Personal Information. Except as otherwise expressly agreed between the Parties in writing, the Customer specifically agrees not to use the Services to collect, store, process, or transmit any Sensitive Personal Information. The Customer acknowledges that the Provider is not a payment card processor and that the Services are not PCI DSS compliant. Except for the Provider's obligations as a business associate pursuant to this Agreement, the Customer shall be responsible for any Sensitive Personal Information it inadvertently submits to the Services, and the Provider will treat such submissions as Customer Data as defined in this Agreement such that the Provider is not subject to any additional obligations that apply to Sensitive Personal Information.

Compliance with Laws. The Customer agrees to comply with all applicable Laws in its use of the Services. Without limiting the generality of the foregoing, the Customer will not engage in any unsolicited advertising, marketing, or other activities using the Services, including without limitation any activities that violate the applicable Laws.

‍Aggregated Anonymous Data. Notwithstanding anything to the contrary herein, the Customer agrees that the Provider may obtain and aggregate technical and other data about Customer's use of the Services that is non-personally identifiable with respect to the Customer ("Aggregated Anonymous Data"), and the Provider may use the Aggregated Anonymous Data to analyze, improve, support, and operate the Services and otherwise for any business purpose during and after the term of this Agreement, including without limitation to generate industry benchmark or best practice guidance, recommendations, or similar reports for distribution to and consumption by the Customer and other the Provider customers. For clarity, this Section 3.5 does not give the Provider the right to identify the Customer as the source of any Aggregated Anonymous Data.

‍THIRD-PARTY INTEGRATIONS

Third-Party Integrations. The Services may support integrations with certain Third-Party Platforms. To enable the Services to access and receive Customer's information from a Third-Party Platform, the Customer may be required to input its credentials for such Third-Party Platform. By enabling use of the Services with any Third-Party Platform, the Customer authorizes the Provider to access Customer's accounts with such Third-Party Platform for the purposes described in this Agreement. The Customer is responsible for complying with any relevant terms and conditions of the Third-Party Platform and for maintaining appropriate accounts in good standing with the providers of the Third-Party Platforms.

‍No responsibility for Third-Party Platforms. Customer acknowledges and agrees that the Provider has no responsibility or liability for any Third-Party Platform, or how a Third-Party Platform uses or processes Customer Data after such is exported to a Third-Party Platform. The Provider cannot ensure that the Services will maintain integrations with any Third-Party Platform and the Provider may disable integrations of the Services with any Third-Party Platform at any time with or without notice to the Customer. For clarity, this Agreement governs Customer's use of and access to the Services, even if accessed through an integration with a Third-Party Platform.

‍OWNERSHIP

Provider's Technology. This is a subscription agreement for access to and use of the Services. The Customer acknowledges that it is obtaining only a limited right to the Services and that irrespective of any use of the words "purchase", "sale", or like terms in this Agreement, no ownership rights are being conveyed to the Customer under this Agreement. The Customer agrees that the Provider or its suppliers retain all right, title, and interest (including all Intellectual Property Rights) in and to the Services and all Documentation, Professional Services' deliverables and all related and underlying technology and documentation and any derivative works, modifications or improvements of any of the foregoing, including Feedback (collectively, the "Provider's Technology"). Except as expressly set forth in this Agreement, no rights in the Provider's Technology are granted to the Customer. Further, the Customer acknowledges that the Services are offered as an on-line, hosted solution, and that the Customer has no right to obtain a copy of any of the Services, except for the Code and the Apps in the format provided by the Provider.

‍Feedback. The Customer may, from time to time, submit Feedback to the Provider. The Provider may freely use or exploit Feedback in connection with the Services and may also disclose such Feedback to third party. The Provider shall not disclose the name of the Customer in any use or exploitation of the Feedback.

‍Term AND TERMINATION

Subscription Term and Renewals. The Subscription Term will be as set forth in the applicable Order Form. Unless otherwise specified in the applicable Order Form, each Subscription Term will automatically renew for subsequent period equal to the Subscription Term, unless either Party gives the other written notice of termination at least thirty (30) days prior to expiration of the then-current Subscription Term.

‍Termination for Cause. Either Party may terminate this Agreement (including all related Order Forms) if the other Party (a) fails to cure any material breach of this Agreement (including with respect to the Customer any of the events set forth in Section 7.3 (Suspension)) within thirty (30) days after delivery of a written notice; (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors' arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against that Party (and not dismissed within sixty (60) days thereafter)

.Effect of Termination. Upon any expiration or termination of this Agreement, the Customer will immediately cease all use of and access to all Services (including all related Provider's Technology) and delete (or, at the Provider's request, return) all copies of the Documentation, all passwords or access codes and all other Provider's Confidential Information in its possession. The Customer acknowledges that thirty (30) days following termination it will have no further access to any Customer Data input into any Services, and that the Provider may delete any such data as may have been stored by the Provider at any time thereafter. Except where an exclusive remedy is specified, the exercise of either Party of any remedy under this Agreement, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise. If Customer terminates this Agreement due to the Provider's uncured material breach, the Provider will refund any prepaid fees covering the remainder of the Term of the affected Order Form(s) after the effective date of termination. If the Agreement is terminated by the Provider due to Customer's uncured material breach, Customer agrees that it shall remain responsible for all outstanding fees payable to the Provider for the Subscription Term and the Provider may declare all such fees immediately due and payable. Customer acknowledges that such amounts are liquidated damages reflecting a reasonable measure of actual damages and not a penalty.

‍Survival. The following Sections will survive any expiration or termination of this Agreement: 2.5 (General Restrictions), 2.8 (Trial Subscriptions), 3.3 (Storage of Customer Data), 3.5 (Aggregated Anonymous Data), 5 (Ownership), 6 (Term and Termination), 7 (Fees and Payment), 8 (Limited Warranty), 10 (Limitation of Remedies and Damages), 11 (Indemnification), 12 (Confidential Information), and 14 (General Terms).
‍
‍FEES & PAYMENT

Fees and Payment. All fees are as set forth in the applicable Order Form and will be paid by the Customer in accordance with the payment terms set forth in the Order Form. Except as expressly set forth in the Agreement all fees are non-refundable. Any late payments will be subject to a default interest equal to 1.5% per month of the amount due or the maximum amount allowed by law, whichever is less.

‍Taxes and Withholding Tax. The Customer is responsible for paying all Taxes, and all Taxes are excluded from any fees set forth in the applicable Order Form. If the Customer is required by Law to withhold any Taxes from Customer's payment, the fees payable by the Customer will be increased as necessary so that after making any required withholdings, the Provider receives and retains (free from any liability for payment of Taxes) an amount equal to the amount it would have received had no such withholdings been made.

‍Suspension of Service. Without limiting the Provider's termination or other rights hereunder, the Provider reserves the right to suspend Customer's access to the applicable Services (and any related Professional Services and Support) in whole or in part, without liability to the Customer: (i) if Customer's account is thirty (30) days or more overdue; (ii) for Customer's breach of Sections 2.5 (General Restrictions) or 3.4 (Customer Obligations); or (iii) to prevent harm to other customers or third parties or to preserve the security, availability or integrity of the Services. Unless this Agreement has been terminated, the Provider will restore Customer's access to the Services promptly after the Customer has resolved the issue requiring suspension.

‍LIMITED WARRANTY

Limited Warranty. The Provider warrants, for Customer's benefit only, that the Services will operate in substantial conformity with the applicable Documentation and in accordance with applicable law. The Provider's sole liability (and Customer's sole and exclusive remedy) for any breach of this warranty will be, at no charge to the Customer, for the Provider to use commercially reasonable efforts to correct the reported non-conformity, or if the Provider determines such remedy to be impracticable, either Party may terminate the applicable Subscription Term and the Customer will receive as its sole remedy a refund of any fees the Customer has pre-paid for use of such Services for the terminated portion of the applicable Subscription Term. The limited warranty set forth in this Section 8.1 will not apply: (i) unless the Customer makes a claim within thirty (30) days of the date on which the Customer first noticed the non-conformity, (ii) if the non-conformity was caused by misuse, unauthorized modifications, or third-party hardware, software, or services, or (iii) to use provided on a no-charge, Trial, Beta Offerings or evaluation basis.

‍Warranty Disclaimer. EXCEPT FOR THE LIMITED WARRANTY IN SECTION 8.1, ALL Services, SUPPORT, and PROFESSIONAL SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE", THE PROVIDER AND ITS affiliates DISCLAIM TO THE GREATEST EXTENT POSSIBLE UNDER THE APPLICABLE LAWS ALL OTHER WARRANTIES, guarantees, or undertakings, whether EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, QUALITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THE PROVIDER does not warrant that Customer's use of THE ServiceS will be uninterrupted or error-free, OR THAT IT WILL MEET ITS NEEDS. THE PROVIDER SHALL NOT BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICES' FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS, THIRD-PARTY PLATFORMS, OR OTHER SYSTEMS OUTSIDE THE REASONABLE CONTROL OF The Provider. PARTIES ALSO EXCLUDE THE APPLICATION OF BUSINESS PRACTICES.

‍Professional Services

‍The Provider will provide professional consulting services (the "Professional Services") purchased in the applicable Order Form. The scope of Professional Services will be as set forth in a Statement of Work (which may be included directly in the Order Form) referencing this Agreement and executed by both Parties describing the work to be performed, fees and any applicable milestones, dependencies and other technical specifications or related information (an "SOW"). Unless the Professional Services are provided on a fixed-fee basis, the Customer will pay the Provider at the per-hour rates set forth in the Order Form (or, if not specified, at the Provider's then-standard rates) for any excess services. The Customer will reimburse the Provider for reasonable travel and lodging expenses if incurred. The Customer may use anything delivered as part of the Professional Services in support of authorized use of the Services and subject to the terms regarding Customer's rights to use the Services set forth in Section 2 (Provider Services) and the applicable SOW, but the Provider will retain all right, title, and interest in and to any such work product, code, or deliverables and any derivative, enhancement, or modification thereof created by the Provider. For any Professional Services provided to the Customer at no charge, the Customer further acknowledges and agrees that the Provider will not warrant the performance of such Professional Services.

‍Limitation of Remedies and Damages

‍10.1.Consequential Damages Waiver.NEITHER PARTY (NOR ITS AFFILIATES) SHALL HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOSS OF USE, LOST DATA, LOST PROFITS, FAILURE OF SECURITY MECHANISMS, INTERRUPTION OF BUSINESS, OR ANY INCIDENTAL, PUNITIVE, EXEMPLARY, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.

IF THE CUSTOMER IS IN THE EUROPEAN ECONOMIC AREA, REFERENCES TO "INCIDENTAL, PUNITIVE, EXEMPLARY, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES" SHALL ALSO MEAN ANY LOSSES OR DAMAGES WHICH: (A) WERE NOT REASONABLY FORESEEABLE BY BOTH PARTIES; (B) WERE KNOWN TO THE CUSTOMER BUT NOT TO THE PROVIDER; OR (C) WERE REASONABLY FORESEEABLE BY BOTH PARTIES BUT COULD HAVE BEEN PREVENTED BY THE CUSTOMER SUCH AS, FOR EXAMPLE, LOSSES CAUSED BY VIRUSES, MALWARE, OR OTHER MALICIOUS PROGRAMS, OR LOSS OF OR DAMAGE TO CUSTOMER DATA.

10.2.Liability Cap.EXCEPT FOR EXCLUDED CLAIMS (DEFINED BELOW), EACH PARTY'S ENTIRE LIABILITY TO THE OTHER ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED IN AGGREGATE THE AMOUNT ACTUALLY PAID OR PAYABLE BY THE CUSTOMER TO THE PROVIDER UNDER THIS AGREEMENT IN THE 12 MONTHS PRIOR TO ACT THAT GAVE RISE TO LIABILITY.

10.3.Limitations to Exclusions. NOTHING IN THIS SECTION SHOULD BE CONSTRUED AS LIMITING A PARTY'S LIABILITY FOR DEATH OR BODILY HARM, WILFUL MISCONDUCT, OR GROSS NEGLIGENCE. ADDITIONALLY, SOME JURISDICTIONS DO NOT ALLOW OTHER EXCLUSIONS OR LIMITATIONS OF LIABILITY SPECIFIED IN THIS SECTION 10. IN SUCH CASE THESE EXCLUSIONS AND LIMITATIONS WILL BE ENFORCED TO THE GREATEST EXTENT PERMITTED BY THE APPLICABLE LAW.

10.4.Excluded Claims."Excluded Claims" means any claim arising under Section (a) 2.5 (General Restrictions) and (b) 11.2 Indemnification by Customer).

10.5.Nature of Claims and Failure of Essential Purpose. The Parties agree that the waivers and limitations specified in this Section 10 apply regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose.

‍INDEMNIFICATION

‍11.1.Indemnification by Provider. The Provider will indemnify and defend the Customer against any unrelated claim by a third party to the extent that such claim alleges that the Services infringe any United States, United Kingdom or European Union patent right or trademark of a third party. The foregoing obligation shall not apply with respect to any claim arising from or relating to (i) the Customer's use of the Services other than in accordance with and as contemplated by this Agreement or other breach of this Agreement by the Customer; (ii) the combination of the Services with any other products, services, materials or technology, if the Services would not be infringing without such combination; (iii) any open source software; or (iv) modification to the Services not specifically authorized in writing by the Provider. If the Services become the subject of an intellectual property infringement claim, the Provider may, at its sole option, (1) procure for Customer a license to continue using the Services in accordance with this Agreement; (2) replace or modify the allegedly infringing portion of the Services to avoid the infringement; or (3) terminate this Agreement and refund any prepaid unused Fees as of the date of termination. This Section 11.1 sets forth the Customer's sole remedy in the event of any third-party infringement claim regarding the Services.

11.2.Indemnification by Customer. Customer shall indemnify, defend and hold harmless (including any reasonable attorney's fees) the Provider against any claim to the extent such claim is arises from: (i) Customer Data; (ii) Customer's use of a Third Party Platform; or (ii) from Customer's use of the Services in violation of Laws or other breach of this Agreement.

11.3.Each Party's obligations under this Section 11 (Indemnification) shall be conditioned on the Party seeking indemnification providing the indemnifying party with (i) prompt notice of any claim, (ii) sole control of the defense and settlement of any such claim and (iii) reasonable cooperation in such defense and settlement. The indemnifying party will not enter into any settlement or compromise of any such claim without the indemnified party's prior written consent if the settlement would require admission of fault or payment by the indemnified party. Subject to the requirements set forth herein, the indemnifying party shall pay reasonable costs incurred by the indemnified party directly related to the claim.

‍CONFIDENTIAL INFORMATION

‍Each Party (as "Receiving Party") agrees that all code, inventions, know-how, business, technical and financial information it obtains from the other party (the "Disclosing Party") constitute the confidential property of the Disclosing Party (the "Confidential Information"), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any Provider's Technology, performance information relating to the Services, and the terms and conditions of this Agreement will be deemed Confidential Information of the Provider without any marking or further designation. Except as expressly authorized herein, the Receiving Party will (1) hold in confidence and not disclose any Confidential Information to third parties and (2) not use Confidential Information for any purpose other than fulfilling its obligations and exercising its rights under this Agreement. The Receiving Party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know (including the Provider's Affiliates and the subcontractors referenced in Section 14.9 (Subcontractors) (the "Representatives"), provided that such Representatives are bound to confidentiality obligations no less protective than this Section 12 and that the Receiving Party remains responsible for compliance by any such Representative with the terms of this Section 12.

The Receiving Party's confidentiality obligations will not apply to information that the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of the Receiving Party who had no access to such information. The Receiving Party may make disclosures to the extent required by law or court order, provided the Receiving Party notifies the Disclosing Party in advance (if legally permissible) and cooperates in any effort to obtain confidential treatment. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law. This confidentiality obligation applies for 3 years after the lapse of all Subscription Terms.

‍PUBLICITY

‍The Customer agrees that the Provider may disclose the Customer as a customer of the Provider, including on the Provider's public website. The Customer hereby authorizes the Provider to use Customer's name and logo for the purpose of providing the Services, on the Provider's website and in the Provider's promotional materials. The Provider agrees that any such use shall (a) only be related to the Customer's use of the Services; (b) be subject to the Provider complying with any written guidelines that the Customer may deliver to the Provider regarding the use of its name; and (c) not be deemed the Customer's endorsement of the Services.

‍GENERAL TERMS

‍14.1.Assignment. Neither Party may assign this Agreement without the advance written consent of the other Party, except that either Party may assign this Agreement in connection with a merger, reorganization, acquisition, or other transfer of all or substantially all of such Party's assets or voting securities. Any attempt to transfer or assign this Agreement except as expressly authorized under this Section 14.1 will be null and void.

‍14.2.Severability. If any provision of this Agreement will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement will otherwise remain in effect.

‍14.3.Governing Law; Dispute Resolution.

Governing Law. This Agreement is construed and governed by the Laws of Slovakia, and without reference to applicable jurisdiction's conflict of laws principles.

Dispute Resolution. In the event of any dispute, claim, question, or disagreement arising from or relating to this Agreement, whether arising in contract, tort or otherwise, (the "Dispute"), the Parties shall first use their best efforts to resolve the Dispute amicably.

If the Parties are unable to reach a resolution of the Dispute in accordance with the previous sentence, then the Dispute shall subsequently be resolved via litigation before the applicable court as set forth below.

Litigation. Any lawsuit will be filed in the courts in Bratislava, Slovakia, and both Parties consent to personal jurisdiction in such courts for resolution on Disputes and agree that such venue is appropriate.

‍Notice. Any notice or communication required or permitted under this Agreement will be in writing to the Parties at the addresses set forth on the Order Form or at such other address as may be given in writing by either Party to the other in accordance with this Section and will be deemed to have been received by the addressee (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch or (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail or (iv) next business day if sent by email.

‍Amendments; Waivers. All waivers and amendments must be in a writing signed by both Parties, except as otherwise provided herein. Neither Party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under the Agreement.

‍Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this Agreement. No provision of any Order Form or other business form employed by the Customer will supersede the terms and conditions of this Agreement, and any such document relating to this Agreement will be for administrative purposes only and will have no legal effect.

‍Modifications to this Agreement. From time to time, the Provider may modify this Agreement. Unless otherwise specified by the Provider, changes become effective for the Customer upon renewal of Customer's current Subscription Term or entry into a new Order Form. The Provider will use reasonable efforts to notify Customer of the changes through communications via Customer's account, email or other means. In any event, continued use of the Services after the updated version of this Agreement goes into effect will constitute Customer's acceptance of such updated version. If the Provider specifies that changes to the Agreement will take effect prior to Customer's next renewal or order (such as for legal compliance or product change reasons) and the Customer objects to such changes within 10 calendar days, the Provider may either (i) move the effective date of a change of the Agreement to Customer's next renewal or order; or (ii) terminate the applicable Subscription Term and give to the Customer as its sole remedy a refund of any fees the Customer has pre-paid for use of the applicable Services for the terminated portion of the Subscription Term, commencing on the date notice of termination was received or a different date the Parties agree on. The Provider may make changes to the Services, and the Provider will update the applicable Documentation accordingly.

‍Force Majeure. Neither Party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events that occur after the signing of this Agreement and that are beyond the reasonable control of such Party, such as a strike, blockade, war, act of terrorism, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.

‍Subcontractors. The Provider may use the services of subcontractors and permit them to exercise the rights granted to the Provider in order to provide the Services under this Agreement, provided that the Provider remains responsible for for the overall performance of the Services as required under this Agreement.

‍Court Orders. Nothing in this Agreement prevents the Provider from disclosing Customer Data to the extent required by law, subpoenas, or court orders, but the Provider will use commercially reasonable efforts to notify the Customer where permitted to do so.

‍Independent Contractors. The Parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise, or agency created hereby between the Parties. Neither Party will have the power to bind the other or incur obligations on the other Party's behalf without the other Party's prior written consent.

‍Export Control. In its use of the Services, the Customer agrees to comply with all export and import laws and regulations of the applicable jurisdictions.

‍Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will be considered one and the same agreement.

‍Exhibit A

DATA PROCESSING ADDENDUM

INITIAL PROVISIONS

Agreement. This Data Processing Addendum (the "DPA") forms an integral part of the Agreement and is referenced in the Agreement.

‍Data Processing Agreement. By entering into the Agreement with the Provider, the Customer, acknowledges that it has read and understood this DPA and agrees to be bound by it.

‍Definitions

‍Other than the terms defined in the body of this DPA or in the Agreement, these terms have the following meaning:

"CCPA" means the California Consumer Privacy Act, California Civil Code §§1798.100 et seq., including any amendments and implementing regulations that become effective on or after the effective date of this DPA. Terms "business", "service provider" and "sale" have the same meaning given to it under the CCPA.

"Data Breach" means a breach of security of the Services leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by the Provider under this DPA.

"Data Protection Legislation" means, as applicable to a Party and its Processing of Personal Data: (i) EU Data Protection Law (ii) UK Data Protection Law, (iii) CCPA and any national data protection laws made under the CCPA, (iv) any other law applicable for the provision of the Services.

"EU Data Protection Laws" mean Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the "GDPR") and the EU e-Privacy Directive (Directive 2002/58/EC). Terms "Controller", "Processor", "Process", "Processing", and "Data Subject" shall have the same meanings given to them under the GDPR.

"Personal Data" means any information that (i) is protected as "personal data", "personal information" or "personally identifiable information" under Data Protection Legislation; and (ii) is Processed by the Provider on behalf of Customer in the course of providing the Services, as more particularly described in Annex A of this DPA.

"Restricted Transfer" means a transfer of Personal Data from the European union/EEA to any other country which is not subject based on adequacy regulations pursuant to Article 45 of Regulation (EU) 2016/679.

"Sub-processor" means any third party engaged by the Provider to assist in fulfilling its obligations with respect to providing the Services and that Processes Personal Data as Processor.

"Standard Contractual Clauses" means: (i) where the GDPR applies, the standard contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 (the "EU SCCs"); and (ii) where the UK GDPR applies, standard data protection clauses adopted pursuant to Article 46(2)(c) or (d) of the UK GDPR ("UK SCCs").

"UK Data Protection Law" means: (i) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the "UK GDPR"); (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i) or (ii); in each case, as may be amended or superseded from time to time.

‍Provider's obligations


Roles. For the purposes of the GDPR and similar Data Protection Legislation, Customer (or third party on whose behalf Customer is authorized to instruct the Provider) is the Controller of Customer Data that are Personal Data, and the Provider shall Process Personal Data as a Processor (or sub-Processor, as applicable to Customer's use of the Services); and for the purposes of the CCPA (to the extent the CCPA is applicable), Customer is the business and the Provider is the service provider.

‍Permitted Purposes. The Provider shall Process Personal Data for the purposes described in Annex A and in accordance with Customer's documented lawful instructions ("Permitted Purposes"), except where otherwise required by the applicable Data Protection Legislation. In particular and to the extent the CCPA is applicable, Customer's transfer of Personal Data to the Provider is not a sale, and the Provider provides no monetary or other valuable consideration to Customer in exchange for Personal Data. To the extent required by Data Protection Legislation, this Section 3.2 constitutes the certification from the Provider to the Processing instructions herein. The Provider is obliged at all times to Process Personal Data in compliance with Data Protection Legislation and fulfil all its obligations arising out of Data Protection Legislation.

‍Processing Instructions. The Provider shall immediately inform Customer if it becomes aware that Customer's Processing instructions infringe Data Protection Legislation. If the Provider is unable to Process Personal Data in accordance with the Customer's documented lawful instructions, the Provider is obliged to promptly notify Customer of its inability to comply.

‍Security Measures. The Provider shall implement and maintain reasonable and appropriate technical and organizational measures designed to protect Personal Data from Data Breaches and preserve their security, integrity, and confidentiality. Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. At a minimum, these measures must include the measures identified in Annex C of this DPA.

‍Access and Confidentiality. The Provider shall ensure that any person it authorizes to Process the Personal Data (including Provider's staff, agents and Sub-processors) ("Personnel") are under appropriate obligations of confidentiality (whether a contractual or statutory duty), have received proper training, and are informed about the confidential nature of the Personal Data, their obligations related to it and have access to Personal Data only on need-to-know basis. The Provider shall ensure that Personnel Processes the Personal Data only as necessary for the Permitted Purposes.

‍Data Returns and Deletion. Upon termination or expiration of the Agreement, the Provider must delete or return to the Customer all Personal Data in its possession or control except for one copy for archival and compliance purposes.

‍audit rights

Right to conduct audits. The Customer shall have the right to conduct an audit to verify Provider's compliance with its obligations laid down in Art. 28 GDPR (if applicable) and in this DPA. The Provider shall allow the Customer to carry out the audit if (i) the Customer requests to carry out the audit via a written notice at least 30 (thirty) days in advance; (ii) the Customer will specify the agenda for such audit in such notice; (iii) the audit shall not take place more than once a year; (iv) all associated costs and expenses shall be borne by the Customer or reimbursed to the Provider on demand; and (v) the audit shall last no longer than the equivalent of 1 working day (8 hours) of Provider's representative. On the request of the Customer, the Provider will provide the Customer with the estimated cost that it expects to incur during such audit according to the extent specified in the agenda provided by the Customer.

‍Independent Auditor. In case the Customer requests the audit by an independent party -- external licensed auditor, the Provider may object to an external licensed auditor appointed by the Customer to conduct the audit if the auditor is, in Provider's reasonable opinion, not suitably qualified or independent, a competitor of the Provider, or otherwise manifestly unsuitable. Any such objection will require the Customer to appoint another auditor.

‍customer's obligations

Customer's Processing of Personal Data. The Customer shall, in its use of the Services, Process Personal Data in accordance with Data Protection Legislation. The Customer shall have the sole responsibility for the accuracy, quality, and legality of Personal Data and how the Customer acquired Personal Data.

‍Customer's Compliance. The Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Legislation in respect of its Processing of Personal Data and any Processing instructions it issues to the Provider; (ii) it has provided notice and obtained (or shall obtain) all consents or any other necessary authorizations (as applicable) under Data Protection Legislation for the Provider to Process Personal Data for the Permitted Purposes; (iii) it shall be responsible for providing any notices required by Data Protection Legislation to the relevant data subjects with respect to sharing their Personal Data with the Provider; (iv) it has fulfilled (or shall fulfil) all registration or notification obligations to which the Customer is subject to under the Data Protection Legislation; and (v) it is responsible for its own Processing of Personal Data, including integrity, security, maintenance, and appropriate protection of Personal Data under Customer's control.

‍Technical and Organizational Measures. The Customer is responsible for its secure use of the Services, protecting the security of Personal Data when in transit to and from the Services, and taking any appropriate technical, organizational, and security measures to securely encrypt or backup any Personal Data uploaded to the Services. The Customer is also responsible for the use of the Services by any person the Customer authorized to access or use the Services, and any person who gains access to its Personal Data or the Services as a result of its failure to use reasonable security precautions, even if the Customer did not authorize such use. The Customer agrees to notify the Provider immediately upon becoming aware of any unauthorized use of the Services or of any other breach of security involving the Services.

‍cooperation

Data Subject Rights. To the extent that the Customer is unable to access the relevant Personal Data within the Services independently, the Provider shall, taking into account the nature of the Processing, provide assistance (including by appropriate technical and organizational measures) to provide reasonable cooperation to the Customer in order to (i) respond to any requests from a data subject seeking to exercise any of its rights under Data Protection Legislation (including its right of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the Processing of the Personal Data (collectively "Correspondence").

In the event that any such Correspondence is made directly to the Provider, it shall promptly notify the Customer and shall not respond directly unless legally compelled to do so. If the Provider is required to respond to such Correspondence, the Provider shall promptly notify the Customer and provide it with a copy of the request, unless legally prohibited from doing so.

‍Data Protection Impact Assessment. To the extent required by Data Protection Legislation, the Provider shall provide reasonable cooperation regarding the Services to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by Data Protection Legislation.

‍Request for Disclosure. The Provider is obliged to promptly notify the Customer about any legally binding request for disclosure of the personal data by a judicial or regulatory authority unless otherwise prohibited, such as the obligation under criminal law to preserve the confidentiality of a judicial enquiry and to assist the Customer accordingly (at Customer's expense).

‍security incidents

Data Breach. Upon becoming aware of a Data Breach, the Provider shall notify the Customer without undue delay and shall provide such timely information and cooperation as the Customer may reasonably require in order to fulfil its data breach reporting obligations under Data Protection Legislation, including the type of data affected and the identity of the affected person(s) as soon as such information becomes known or available to the Provider.

‍No acknowledgement. The Customer agrees that any notification that the Provider provides to the Customer in relation to a Data Breach shall not be construed or understood as an acknowledgement of any fault or liability.

‍Further Conduct. The Provider shall further take all such measures and actions as are reasonable to remedy or mitigate the effects of the Data Breach and shall keep Customer informed of all developments in connection with the Data Breach.

‍Cooperation. If a Data Breach is caused or materially contributed to by the Customer, the Provider will cooperate in the investigation of the Data Breach subject to Customer's obligation to compensate the Provider for its expenses and costs.

‍sub-processing

Authorized Sub-processors. The Customer provides a general authorization for the Provider to engage Sub-processors to Process Personal Data on Customer's behalf. The Sub-processors currently engaged by the Provider are listed in Annex B.

‍New Sub-processors. The Provider shall provide at least ten (10) days prior written notice to the Customer of the engagement of any new Sub-processor (including details of the Processing and location).

‍Objections.If the Customer has a reasonable objection to any new sub-processor, it shall notify the Provider of such objections in writing to hello@rewardly.me within ten (10) days from receiving the notification and the Parties will seek to resolve the matter in good faith. If Customer does not provide a timely objection to any new sub-processor in accordance with this Section 8.3, Customer will be deemed to have consented to the sub-processor and waived its right to object.

‍Liability for sub-processors. The Provider remains liable for any breach of this DPA caused by an act, error, or omission of such Sub-processor.

‍Data transfers

International Data Transfers. The Provider shall take all such measures necessary to ensure that the Processing and transfer of Personal Data in or to a territory other than the territory in which the Personal Data was first collected complies with Data Protection Legislation.

‍Application of Standard Contractual Clauses. The Parties agree that when and to the extent the transfer of Personal Data from the Customer to the Provider is a Restricted Transfer and EU Data Protection Laws or UK Data Protection Laws require that appropriate safeguards are put in place, such transfer shall be governed by the EU SCCs, which shall be incorporated by reference into and form an integral part of this DPA.

‍EU Data. For the purposes of Personal Data that is subject to the EU Data Protection Laws ("EU Data"):

Where the Customer is a Controller of Personal Data, Module Two (Controller to Processor Clauses) will apply and where the Customer is a Processor acting on behalf of third-party Controllers, Module 3 (Processor to Processor Clauses) will apply;

in Clause 7 (Docking Clause), the optional docking clause will apply;

in Clause 9 (Use of Sub-processors), Option 2 will apply, and the time period for prior notice of sub-processor changes shall be as set out in Section 8.2 of this DPA and the period for notification of objections in Section 8.3 of this DPA;

in Clause 11 (Redress), the optional language to permit data subjects to lodge complaints with an independent dispute resolution body will not apply;

in Clause 17 (Governing Law), Option 1 will apply, and the EU SCCs will be governed by Slovak law;

in Clause 18(b) (Choice of forum and jurisdiction), disputes shall be resolved before the courts of Bratislava, Slovakia;

‍UK Data. For the purposes of Personal Data that is subject to the UK Data Protection Laws ("UK Data"), the EU SCCs will also apply in accordance with paragraphs 9.3.a) to 9.3.d) above, with the following modifications:references to "Regulation (EU) 2016/679" shall be interpreted as references to UK GDPR;

references to specific Articles of "Regulation (EU) 2016/679" shall be replaced with the equivalent article or section of UK GDPR;

references to "EU", "Union", "Member State" and "Member State law" shall be replaced with references to the "UK" and "UK law";

the term "member state" shall not be interpreted in such a way as to exclude data subjects in the UK from the possibility of suing for their rights in their place of habitual residence (i.e., the UK);

Clause 13(a) of the EU SCCs and Part C3of Annex A of the DPA are not used and the "Supervisory authority" is the UK Information Commissioner's Office;

references to the "competent supervisory authority" and "competent courts" shall be replaced with references to the "Information Commissioner" and the "courts of England and Wales";

in Clause 17, the Standard Contractual Clauses shall be governed by the laws of England and Wales; and with respect to transfers to which UK GDPR apply, Clause 18 shall be amended to state "Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceeding against the data exporter or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts",

unless the EU SCCs, implemented as described above, cannot be used to lawfully transfer Personal Data in compliance with the UK GDPR, the UK SCCs shall instead be incorporated by reference and form an integral part of this DPA and shall apply to such transfers. Where this is the case, the relevant Annexes or Appendices of the UK SCCs shall be populated using the information contained in Annexes A, B and C (as applicable).

‍limitation of liability

‍Customer's remedies, including its Affiliates, and the Provider's liability arising out of or in relation to this DPA (including Standard Contractual Clauses), are subject to those limitations of liability and disclaimers set forth in the Agreement. For the avoidance of doubt, nothing in this DPA is intended to limit the rights a Data Subject may have against either Party arising out of such Party's breach of the Standard Contractual Clauses, where applicable.

‍final provisions

11.1.Third-Party Beneficiaries. Data Subjects are the sole third-party beneficiaries to the Standard Contractual Clauses, and there are no other third-party beneficiaries to this DPA, unless specified to the contrary in the Agreement.

‍11.2.Governing Law and Jurisdiction. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless and to the extent required otherwise by the Data Protection Legislation or the Standard Contractual Clauses.

‍11.3.Scope of this DPA. For the avoidance of doubt, the processing of information other than Personal Data for the Permitted Purposes does not fall under the scope of this DPA.

‍11.4.Term. This DPA shall continue to be in effect for the term of the Agreement plus the period from expiry of the Agreement until the Provider ceases to process Personal Data on behalf of the Customer (the "Processing Term").

‍Annex A - Description of the Processing Activities / Transfer

Annex A(1) List of Parties:

Annex A(2) Description of Transfer:

Annex A(3): Competent supervisory authority
‍With respect to EU Data the competent supervisory authority is The Office for Personal Data Protection of the Slovak Republic (the "Supervisory Authority").

‍Annex B - Approved Sub-processors

Annex C - Technical and Organizational Measures

‍The Provider has implemented the following technical and organisational measures that ensure an appropriate level of security taking into account the nature, scope, context, and purposes of the processing, and the risks for the rights and freedoms of natural persons:

‍Access Control Measures
‍Controls to specify authorized individuals permitted to access personal data
‍Data Encryption & Pseudonymization
‍Secure key management procedures
‍Network & System Security
‍Regular vulnerability scanning and patch management
Regular security awareness training for employees
Confidentiality obligation for employees
‍Physical Security
‍Secure data centers with controlled access
‍Audit & Compliance
‍Regular internal security audits