Governing Services Agreement (GSA)

LAST UPDATED: 10 AUGUST 2022

Main terms

1. DEFINITIONS.

"Affiliate" means any entity that directly or indirectly controls, is controlled by or is under common control with an entity. “Control” in the preceding sentence means direct or indirect ownership or control of more than 50% of the voting interests of the relevant entity.

"Article 28" means Article 28 of the General Data Protection Regulation (Regulation (EU) 2016/679).

"Customer" or "you" means that the Customer accepts this Agreement and is identified on the face of this Agreement.

"Customer data" means all data (including personal data and end user data) that is delivered to the Supplier by, or on behalf of, the Customer through the Customer's use of the services, and all data that third parties send to the Customer through the services.

"Data Protection Impact Assessment" means a Data Protection Impact Assessment as referred to in Article 35 of the General Data Protection Regulation (Regulation (EU) 2016/679).

"Data Protection Legislation" means (i) the GDPR and any other applicable EU, EEA or EU internal market laws or regulations or any update, amendment or replacement thereof that apply to the processing of personal data under this Agreement; (ii) all US laws and regulations applicable to the processing of Personal Information under this Agreement; (iii) all laws and regulations applicable to the processing of personal data under this Agreement from time to time in place in the United Kingdom and Canada, and the terms "controller", "data subject", "data protection impact assessment", "personal data", "process" , "processing", "processor", "supervisory authority" have the same meaning as in the GDPR (as defined above).

"End Users" means the Customer's employees, agents, independent contractors and other persons authorized by the Customer to access and use the Services.

"Respondent" means a natural person who answers a questionnaire or similar.

"Intellectual Property Rights" means current and future worldwide rights under patent, copyright, design rights, trademarks, trade secrets, domain names and other similar rights, whether registered or unregistered.

"Supplier" means the relevant Supplier defined in section 14 (Supplier table).

"Order Form" means an order form, sales order, sales offer or similar document that refers to and is made pursuant to this Agreement and signed by the parties.

"Personal Information" means information relating to a living individual that is, or can reasonably be identified from information, either alone or together with other information (a "data subject"), within the Customer's control and that is stored, collected or processed in one of the Customer's instant end user accounts.

"Services" means the products and services offered by the Supplier and ordered by the Customer.

"Effective Date" means the date on which the parties signed the Order Form.

"SSTs" means service-specific terms that apply to specific services at https://legal.retailx.no/sst/ and which are incorporated into and form part of this agreement.

"Standard contractual clauses" means "Standard contractual clauses" attached to the European Commission's decision of: (i) 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries in accordance with the GDPR or (ii) until the Supplier has entered into the standard contractual clauses outlined on 5 February 2010 for transfer of customer personal data to processors established in third countries pursuant to Directive 95/46/EC and where the UK GDPR applies, the applicable standard data protection clauses for data processors adopted pursuant to Article 46(2)(c) or (d) of the UK GDPR ("UK SCCs") or (iii) such other standard contractual clauses or contractual terms as may be amended or approved now or in the future for the purpose of facilitating the transfer of personal data across national borders.

2. SERVICES.

2.1. Delivery of services. The Supplier will deliver the Services to the Customer in accordance with this Agreement, including any order forms and any applicable SSTs.

2.2. Order forms. The parties may enter into order forms under this agreement for the purchase of services. The customer's affiliated companies may enter into order forms under this agreement. Any such order form may be signed by the Supplier or a company affiliated with the Supplier in accordance with the requirements of section 14. Any reference in the agreement to "Customer" will refer to the Customer Entity signing the order form and any reference in the agreement to "the Supplier" will refer to the signing supplier the order form. Each Order Form will incorporate the terms and conditions of this Agreement and will be a separate contract between the entities entering into the Order Form.

2.3. Third Party Services. If Customer integrates the Services with a third-party service not provided by Provider (for example, a third-party service that uses an application programming interface (API)), Customer acknowledges that such third-party service may access or use Customer Data and Customer permits the third-party service provider to access customer data required for the interoperation of this third party service with the Services. The customer is solely responsible for the use of such third-party services and the loss of data or other losses it may suffer as a result of the use of such services.

3. SaaS SERVICES.

3.1. License and Terms.

a) License. Where the Services are sold to the Customer as a subscription, the Provider grants the Customer a non-exclusive, non-transferable worldwide right to access and use the Services during the subscription period.

b) Subscription period. The first period for each subscription is specified on the order form. Subscriptions will automatically renew at the end of each subscription period for further periods equivalent to one year, unless one of the parties gives the other written notice of non-renewal at least 90 days before the end of the then applicable subscription period.

c) Subscription units added in the middle of the subscription period. An order form can be used to add multiple subscription units (eg units or packages) to a subscription during a subscription period. The price per unit for these additional subscription units will be as specified on the order form for the underlying subscription (or, in the absence of such specification, at the same price per unit as the underlying subscription price). Any such additional subscription units will renew or terminate on the same date as the underlying subscription. Subscription units associated with a service cannot be reduced during a subscription period for that service.

4. SERVICE FUNCTIONS.

4.1. Changes in services. The provider changes and improves the services continuously. The Supplier will give the Customer prior written notice if the Supplier makes a change to the service(s) that results in a significant reduction in core functionality used by the Supplier's general customer base. In such cases, the parties agree to cooperate in order to minimize the impact of such a change for the Customer.

5. FEES.

5.1. Charges. The Customer shall pay the Supplier all applicable fees for the services specified in each order form. Except as otherwise specified in this Agreement or prohibited by applicable law, payment obligations are non-cancellable and fees paid are non-refundable.

5.2. Invoicing and payment terms. Payment terms must be specified in each order form. An invoice will be issued upon completion of the order form. Multi-year orders and renewals will be invoiced quarterly.

Taxes and government charges are your responsibility. If you are exempt from paying taxes and/or government fees, please let us know and send us proof.

5.3. Taxes. All amounts to be paid by the Customer in accordance with this agreement are exclusive of applicable taxes, fees, duties or similar government assessments of any kind (including value added tax, sales and use taxes, but excluding withholding taxes and taxes based on the Supplier's income, property, or employees ) ("Taxes") that may arise in connection with the Customer's purchase in accordance with this agreement. If such taxes are incurred, the Customer will pay such taxes in addition to all other amounts payable under this Agreement, unless the Customer provides the Supplier with a valid tax exemption certificate or other documentary evidence issued by an appropriate taxing authority that no tax shall be charged. If the Customer is required by law to withhold taxes from its payments to the Supplier, the Customer must provide the Supplier with an official tax receipt or other appropriate documentation to support such payments.

5.4. Currency. All monetary amounts in this agreement are denominated in the currency indicated on the order form. Fee payments from the Customer must be received by the Supplier in the same currency in which such fees were invoiced.

5.5. Fees due. The Supplier may charge the Customer interest on overdue fees (except amounts disputed reasonably and in good faith) at a rate of 1.5% per month (or the highest rate permitted by law, if less) on the overdue amount. If an undisputed amount owed by the Customer in good faith is overdue by thirty (30) days or more, the Supplier may limit functionality or suspend delivery of Services to the Customer until such amounts are paid in full.

5.6. Surplus fees. During the subscription period, the Supplier may review the number of units and/or responses used and discuss options for purchasing additional units with the Customer. Customer agrees to pay for either: (i) the additional units which will be at the price per unit as specified on the order form for the underlying subscription (or, in the absence of such specification, at the same price per unit as the underlying subscription price), or ( ii) the additional packages that apply based on usage.

6. CUSTOMER'S OBLIGATIONS.

6.1. Customer's responsibility.

a) Account security. Customer is responsible for maintaining the confidentiality of its own passwords and all other credentials used by it and its end users to access the Services. The Customer will use commercially reasonable measures to prevent unauthorized use of the Services and will terminate any unauthorized use of which the Customer becomes aware. The Customer will notify the Supplier immediately if the Customer becomes aware of unauthorized access to the accounts.

b) End User Activities. The customer is responsible for ensuring that end users comply with this agreement. The Customer is responsible for the actions of its End Users and any activity that occurs in its End User Accounts (other than activity for which the Supplier is directly responsible that is not performed in accordance with the Customer's instructions).

c) One person per account. End user accounts and passwords cannot be shared and can only be used by one person per account.

6.2. Acceptable use by the Customer. The customer agrees to comply with the guidelines for acceptable use at https://legal.retailx.no/en-us/aup/

6.3. Third Party Requests. The parties may receive a request from a third party for records related to the Customer's use of the services, including information in a Customer's end-user account or identifying information about a Customer's end-user, excluding requests for access to data subjects as specified under the GDPR ("Third Party Request"). Third party requests include search warrants, subpoenas and other forms of legal process.

The Customer is responsible for responding to Third Party requests via its own access to the information, and will only contact the Supplier if the Customer is unable to obtain such information after diligent effort. If the Supplier receives a valid third party request, the Supplier will, to the extent permitted by law:

a) may inform the third party issuing such a request that it should follow up the request directly with the Customer; and

b) will: (i) immediately notify the Customer of the third party request; (ii) cooperate, at Customer's expense, with Customer's reasonable requests regarding Customer's attempt to oppose a third party request; and (iii) after giving the Customer an opportunity to respond to or object to the third party request, the Supplier may comply with that request if the Supplier determines that it is legally required or permitted to do so.

6.4. Embargoes. Customer represents and warrants that it is not prohibited by applicable law from being provided with the Services. The services cannot be used in any country that is subject to an embargo from Norway, the EU or the USA that applies to the services. The customer must ensure that: (a) the end users do not use the services in violation of any export restrictions or embargoes from Norway, the EU or the USA; and (b) it does not provide access to the Services to persons on the US Department of Commerce's list of denied persons or entities, or the US Treasury Department's list of specially designated nationals.

6.5. Closure of services.The Provider may limit or shut down the Services to perform scheduled maintenance or to stop a violation of section 6.2 (acceptable use by the Customer), to prevent material harm to the Provider or its customers or as required by applicable law. The Supplier will make reasonable efforts to provide the Customer with reasonable advance notice of any restriction or closure, so that the Customer can plan around it or resolve the problem that has caused the Supplier to take such measures. There may be certain situations, for example security emergencies, where it is not practically possible for the Supplier to give such advance notice. Provider will use commercially reasonable efforts to limit the scope and duration of the restriction or closure necessary to resolve the issue that led to such action.

7. SECURITY AND PRIVACY.

7.1. Safety. The provider has, taking into account the latest technology, the costs of implementation, the nature, scope, context and purposes of the services, and the level of risk, implemented appropriate technical and organizational measures to enable a level of security appropriate to the risk of unauthorized or illegal processing, accidental loss of and/or damage to customer data. At reasonable intervals, the Provider tests and evaluates the effectiveness of these technical and organizational measures to enable the security of the processing.

7.2. Data protection. Where the Supplier processes personal data for the Customer, the Supplier will:

a) do so only upon documented instructions from the Customer and in accordance with applicable law, including with respect to transfers of personal data to other jurisdictions or an international organization, and the parties agree that this Agreement constitutes such documented instructions from the Customer to the Supplier to process customer data.

b) to the extent applicable, for data transfers, the Provider relies on standard contractual provisions and/or consent for the transfer of personal data to countries that do not have adequate levels of data protection as determined by the European Commission, the United Kingdom or other jurisdictions that approve and require standard contractual clauses;

c) with respect to any transfer of personal data out of the EEA and the UK that may be required in relation to or in connection with the agreement and the provision of the services hereunder, the parties shall comply with and be subject to all obligations imposed on a "data importer" or "data exporter" (as applicable) as set out under the Standard Contractual Clauses;

d) ensure that all the Supplier's personnel who are involved in the processing of personal data are subject to confidentiality obligations with respect to the personal data;

e) make available information that is necessary for the Customer to be able to demonstrate compliance with Article 28 obligations (if applicable for the Customer) where such information is held by the Supplier and is not otherwise available to the Customer through the Customer's account and user areas or on the Supplier's websites, provided that the Customer gives the Supplier at least 14 days' written notice of such an information request;

f) co-operate as reasonably requested by the Customer to enable the Customer to comply with any exercise of rights by a Data Subject granted to Data Subjects under Data Protection Legislation in respect of Personal Data processed by the Supplier during the provision of the Services;

g) provide assistance, where necessary, with all requests received directly from a data subject with respect to a data subject's personal data submitted through the Services;

h) upon deletion, by you, not retain customer personal data from your account other than to comply with applicable laws and regulations and which may otherwise be retained in routine backups made for disaster recovery and business continuity purposes subject to our retention guidelines;

i) cooperate with any supervisory authority or any successor or successor body from time to time (or, to the extent required by the Customer, any other data protection or privacy regulator under data protection legislation) in the performance of such supervisory authority's duties where necessary;

j) do not store personal data (in a format that allows the identification of relevant data subjects) for longer than is necessary for the purposes for which the data is processed, except to the extent that such retention is necessary for legitimate business purposes (with regard to, for example, security and invoicing ), to comply with applicable laws and regulations and which may otherwise be retained in routine backups made for disaster recovery and business continuity purposes;

k) where required by data protection legislation, inform the Customer if it comes to the attention of the Supplier that instructions received from the Customer violate the provisions of data protection legislation, provided that notwithstanding the foregoing, the Supplier shall have no obligation to assess the legality of any instructions received from The customer; and

l) assist the Customer as reasonably necessary where the Customer (i) conducts a data protection impact assessment involving the Services (which may include by providing documentation to allow the Customer to conduct its own assessment); or (ii) is required to notify a security incident (as defined below) to a supervisory authority or a relevant data subject.

7.3. Use of sub-processors. The Customer gives a general authorization to the Supplier to engage prospective sub-processors, subject to compliance with the requirements of this Section 7. The Supplier will, subject to any confidentiality provisions under this Agreement or as otherwise required by the Supplier:

a) make available to the Customer a list of the Supplier's subprocessors (" Subprocessors ") who are involved in the processing or subprocessing of personal data in connection with the provision of the services, together with a description of the nature of the services provided by each subprocessor ("Subprocessor List" ) . A copy of this subprocessor list is available at https://legal.retailx.no/en-us/subprocessors/

b) ensure that all sub-processors on the sub-processor list are bound by contract terms that are in all material respects no less onerous than those contained in this Agreement; and

c) be liable for the acts and omissions of its sub-processors to the same extent that the Supplier would be liable if they performed the services of each of these sub-processors directly under the terms of this Agreement.

7.4. New/replacement sub-processors. The supplier will give the customer written notice of the addition of a new sub-processor at any time during the contract period ("New sub-processor notification"). The customer can register on an e-mail list by sending an e-mail to legal@retailx.no . Such notices will be delivered via e-mail or alternatively check for updates in the list at https://legal.retailx.no/en-us/subprocessors/ . If the Customer has a reasonable basis for objecting to the Supplier's use of a new or replacement sub-processor, the Customer shall immediately notify the Supplier in writing and in any event within 30 days of receipt of a New Sub-processor notification. In the event of such reasonable objections, either the Customer or the Supplier may terminate that part of the Agreement relating to the Services that cannot reasonably be provided without the new sub-processor (which may involve termination of the entire Agreement) with immediate effect by offering in writing message to the counterparty.

7.5. Security incident.If the Supplier becomes aware of unauthorized or illegal access to, or acquisition, alteration, use, disclosure or destruction of, personal data ("Security Incident"), the Supplier will notify the Customer without undue delay. Such notice shall not be construed or interpreted as an admission of fault or responsibility by the Supplier. A security incident does not include failed attempts or activities that do not compromise the security of personal information, including failed login attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or network systems. The Supplier will also reasonably cooperate with the Customer with regard to any investigations related to a security incident by preparing any necessary notifications,

7.6. Supervision. The Customer shall give the Supplier at least one month's written notice of any audit, which may be carried out by the Customer or an independent auditor appointed by the Customer (provided that no person carrying out the audit shall be, or shall act on behalf of, a competitor of the Supplier) (" Accountant"). The scope of an audit will be as follows:

a) The Customer will only be entitled to carry out an audit once per year (during a 12-month subscription) unless otherwise legally compelled or required by a regulator with established authority over the Customer to carry out or facilitate the performance of more than 1 audit in the same year (in which circumstances the Customer and the Supplier, in advance of such audits, will agree on a reasonable reimbursement rate for the Supplier's audit expenses.

b) The Supplier agrees, subject to appropriate and reasonable confidentiality restrictions, to provide evidence of all certifications and compliance standards it maintains, and will, upon request, make available to the Customer a summary of the Supplier's most recent annual penetration tests, which summary shall include remedial actions taken by the Supplier pursuant to of such penetration tests.

c) The scope of an audit will be limited to the Supplier's systems, processes and documentation relevant to the processing and protection of personal data, and auditors will carry out audits subject to all appropriate and reasonable confidentiality restrictions requested by the Supplier.

d) The Customer will immediately notify and provide the Supplier with full details of any perceived non-compliance or security issues discovered during an audit.

e) The parties agree that, unless otherwise required by order or other binding decree from a regulator with authority over the Customer, this section 7.6 sets out the full scope of the Customer's audit rights in relation to the Supplier.

7.7. The customer's privacy obligations. The Customer shall ensure, and hereby guarantees and represents that it is entitled to transfer the customer data to the Supplier so that the Supplier can process and transfer the personal data legally on behalf of the Customer in accordance with this agreement. The customer must ensure that relevant data subjects have been informed about and have given their consent to such use, processing and transfer as required by all applicable data protection legislation.

7.8. Types of data processing. The parties agree that the purpose and nature of the processing of personal data, the types of personal data and categories of data subjects are as stated in Appendix A.

8. INTELLECTUAL RIGHTS.

8.1. The customer's IR. As between the parties, the Customer retains ownership of all intellectual property rights in the Customer Data. This agreement does not grant the Supplier any licenses or rights to the customer data, with the exception of the following:

a) Customer grants Supplier and its affiliates a worldwide, royalty-free, non-exclusive, limited license to use, host, copy, transmit, modify, display and distribute Customer Data solely for the limited purposes of providing the Services to Customer and improving the services.

b) The Customer grants the Supplier and its affiliates a worldwide, royalty-free right to use anonymised customer data for analysis and benchmarking in order to deliver such services to the Customer and improve the services for all. This clause will survive any expiration or termination of this Agreement.

c) If the Customer gives the Supplier feedback about the services, the Supplier can use this feedback and incorporate it into its products and services without any obligation to the Customer.

8.2. Supplier's IR. As between the parties, the Supplier retains ownership of the Services and all related intellectual property rights. No licenses or rights are granted to the Customer by the Supplier other than what is expressly stated in this agreement. With the exception of what is permitted by the Supplier's guidelines for the use of brands and trademarks, this agreement does not give the Customer any right to use the Supplier's trademarks or other brand elements.

8.3. Publicity. The Supplier can identify the Customer by name and logo as a Customer of the Supplier on the Supplier's website and on other advertising material. All goodwill arising from the use of the Customer's name and logo will benefit the Customer.

9. CONFIDENTIALITY.

9.1. Definition."Confidential Information" means information disclosed by one party ("Discloser") to the other party ("Recipient") in connection with the use or provision of the Services that is either marked as confidential or that would reasonably be considered confidential in the circumstances . Customer Confidential Information includes Customer Data. Provider's confidential information includes the terms of this Agreement and all security information about the Services. Notwithstanding the foregoing, does not include Confidential Information that: (a) is or becomes public through no fault of the recipient; (b) the recipient already lawfully knew; (c) was lawfully provided to the recipient by an unaffiliated third party without restrictions on disclosure; or (d) was independently developed by the recipient without reference to the discloser's confidential information.

9.2. Confidentiality.The Recipient will: (a) protect the Discloser's Confidential Information using commercially reasonable measures; (b) use Discloser's Confidential Information only as permitted by this Agreement, including to exercise Recipient's rights and fulfill Recipient's obligations under this Agreement; and (c) not disclose Discloser's confidential information without Discloser's prior consent, except to affiliates, contractors, agents and professional advisors who have a need to know and have consented in writing (or, in the case of professional advisors, are otherwise bound) to to keep it confidential on terms comparable to those under this section. The recipient may disclose the discloser's confidential information when and to the extent required by law or legal process, but only after the recipient,

9.3. Return or Destruction of Confidential Information. Upon termination or expiration of the Agreement and all Order Forms under the Agreement, each party will immediately return to the other party or destroy all Confidential Information of the other party in its possession or control within a reasonable time in accordance with the Recipient's data destruction practices. Notwithstanding the termination or expiration of this Agreement, the Recipient's confidentiality obligations with respect to the Confidential Information will continue for two (2) years after the date the Confidential Information was disclosed to the Recipient (except with respect to any trade secrets identified by the Discloser as such at the time of disclosure, where such confidentiality obligations will continue as long as the information remains a trade secret).

10. WARRANTIES.

10.1. Guarantees. Each party represents and warrants that: (a) it has full power and authority to enter into this Agreement; and (b) it will comply with all laws and regulations applicable to its provision or use of the Services.

10.2. Disclaimers. THE PROVIDER MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SERVICES. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE SUPPLIER DISCLAIMS ANY IMPLIED OR STATUTORY WARRANTIES, INCLUDING ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

11. COMPENSATION.

11.1. By the Supplier. If a third party claims that the Services Provider provides to you infringes or misappropriates that party's intellectual property rights, Provider will defend you against that claim at its own expense and pay all costs, damages and attorneys' fees ultimately awarded by a court or included in a settlement approved by The supplier. However, under no circumstances will the Supplier have any obligation or liability as a result of: (a) use of services in modified form or in combination with software, technologies, products or devices not provided by the Supplier or intended as part of the use of the services ; or (b) content or data provided by Customer, End Users or Third Parties; or (c) Services for which there is no fee or charge.

11.2. By the Customer . If a third party claims that Customer Data infringes or misappropriates that third party's intellectual property rights, or if Customer's use of the Services violates Supplier's acceptable use guidelines, Customer will defend Supplier against any such claim or investigation at Customer's expense and pay all costs, damages and attorneys' fees as a court finally awards or which is included in a settlement approved by the Customer.

11.3. Potential infringement. If the Supplier believes that the technology used to provide the Services may infringe or may be alleged to infringe a third party's intellectual property rights, the Supplier may: (a) obtain the right for the Customer, at the Supplier's expense, to continue using the Services; (b) provide a non-infringing functionally equivalent substitute; or (c) modify the Services so that they are no longer infringing. If the Supplier does not believe that the above alternatives are commercially reasonable, the Supplier may suspend or terminate the Customer's use of the affected services and provide a pro rata refund of any fees prepaid by the Customer, applicable for the period following the termination of such services.

11.4. Damages Procedures.A party seeking damages will immediately notify the other party of the claim and reasonably cooperate with the other party (to the extent applicable) to defend the claim. The indemnifying party will have full control and authority over the defense, except that: (a) any settlement requiring the indemnified party to admit liability, perform any act or pay money will require the indemnified party's prior written consent (such consent not to be unreasonably withheld or delayed) and (b) the indemnified party may participate in the defense with its own attorney at its own expense. The provisions of this Section 11 set forth the entire liability of each party and constitute the other party's sole and exclusive financial remedy for any claims for damages. Notwithstanding the foregoing,

12. LIABILITY.

12.1. Waiver of consequential damages. TO THE EXTENT PERMITTED BY APPLICABLE LAW, UNDER NO CIRCUMSTANCES WILL ANY PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT FOR: (A) ANY INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE OR EXEMPLARY DAMAGES, OR (B) LOSS OF OR DAMAGE TO: (i) DATA, (ii) BUSINESS, (iii) REVENUE, OR (iv) PROFITS (IN EACH CASE, DIRECT OR INDIRECT), EVEN IF THE PARTY KNEW OR SHOULD HAVE KNEW SUCH DAMAGES WERE POSSIBLE, AND EVEN IF AN EMPLOYEE FAILS IN ITS ESSENTIAL PURPOSE.

12.2. Limitation of liability.TO THE EXTENT PERMITTED BY APPLICABLE LAW, AND NOTWITHSTANDING ANY TERMS OF THIS AGREEMENT, EACH PARTY'S AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OF ANY KIND SHALL NOT EXCEED THE AMOUNT PAID OR PAYABLE BY CUSTOMER TO SUPPLIER PURSUANT TO THIS AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE EVENT THAT TRIGGERED THE LIABILITY ("GENERAL LIMITATION"). NOTWITHSTANDING THE FOREGOING, EACH PARTY'S AGGREGATE LIABILITY UNDER OR CONNECTED WITH THIS AGREEMENT FOR ALL CLAIMS RELATED TO A PARTY'S BREACH OF ITS OBLIGATIONS UNDER SECTION 7 (“SECURITY AND PRIVACY”) AND SECTION 9 (“CONFIDENTIALITY”) ABOVE SHALL NOT EXCEED TWO (2) TIMES THE AMOUNT ACTUALLY PAID BY THE CUSTOMER UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE EVENT THAT TRIGGERED THE LIABILITY ("EXTENDED LIMITATION").

12.3. Excluded claims. SECTIONS 12.1 AND 12.2 SHALL NOT APPLY TO CLAIMS RELATING TO: (A) ANY PARTY'S INDEMNIFICATION OBLIGATIONS, (B) FRAUD OR WILLFUL ABUSE, (C) DEATH OR PERSONAL INJURY, OR (D) CUSTOMER'S OBLIGATION TO PAY ANY UNDISPUTED CHARGES OR INVOICES.

13. DURATION AND TERMINATION.

13.1. Agreement period. The terms of this agreement start on the Effective Date and last for a minimum of 12 months, and are automatically renewed 12 months at a time and shall remain in force until one of the parties terminates with written notice to the other party no later than 90 days before the new agreement period begins.

13.2. Termination for cause. A party may terminate this Agreement (including any related Order Forms):

a) upon 90 days' written notice to the other party of a material breach if such breach remains uncured at the expiration of such period; or

b) if the other party ceases its business operations or becomes the subject of a bankruptcy petition or other procedure related to insolvency, estate administration, administration, liquidation or transfer for the benefit of creditors.

13.3. Consequences of termination of agreement. If this Agreement is terminated, any applicable Order Forms will remain in effect in accordance with their terms (including the terms of this Agreement which are incorporated by reference), but no new Order Forms may be entered into under this Agreement.

13.4. Consequences of cancellation of order form.

a) If an order form is terminated by the Customer due to the Supplier's material breach, the Supplier will provide the Customer with a pro rata refund of any fees paid by the Customer in advance, applicable for the period following the effective date of the termination of that order form.

b) If an Order Form is terminated by the Provider due to Customer's material breach, the Customer will remain liable to pay the full outstanding Subscription Fee on the effective date of termination of that Order Form. The Supplier will invoice, and the Customer will pay, all accrued but uninvoiced fees and any unpaid interest and fees covering the remainder of the duration of the Order Form if it had not been terminated.

c) If an Order Form is terminated for convenience by the Customer, the Customer will remain liable to pay the full outstanding Subscription Fee on the effective date of termination of that Order Form. The Supplier will invoice and the Customer must pay any unbilled fees and any unpaid fees covering the remainder of the order form if it had not been terminated.

13.5. Survival. The following sections will survive any expiration or termination of this Agreement: 5 and 9 through 15.

14. SUPPLIER'S CONTRACTING PARTY.

14.1. Supplier table. In the table below, "Customer Location" refers to where the Customer is located (as determined by the Customer's business address on the order form, if specified) and determines which table row applies to the Customer:

a) Supplier. Refers to the current Vendor specified in the Vendor's Vendor Table. The Services are provided by that Provider.

b) Applicable law and venue. This Agreement, and any disputes arising out of or related to it, will be governed exclusively by applicable law above, without giving effect to any of its conflict of laws, rules or principles. The courts located at the appropriate location above will have exclusive jurisdiction to decide any dispute arising out of or related to this Agreement or its construction, interpretation or enforcement. Each party hereby consents and submits to the exclusive jurisdiction of such courts.

15. GENERAL.

15.1. Changes. This agreement can only be amended if authorized representatives of each party agree in writing.

15.2. Assignment. This Agreement may not be assigned or otherwise transferred by either party in whole or in part without the express prior consent of the other party; provided that the sale of substantially all of the assets of a party (or any of its subsidiaries) or its acquisition by or merger with another company shall not be deemed an assignment of this Agreement by such party. This agreement shall inure to the benefit of and be binding on the successors and assigns of the parties hereto.

15.3. Counterparties. This Agreement may be executed in any number of counterparts, each of which will be deemed an original and all of which together will constitute a single instrument.

15.4. The whole deal. This Agreement (including all documents incorporated herein by reference to a URL or otherwise, and any order form or other agreement executed between the parties in connection with this Agreement) constitutes the entire agreement between the Customer and the Supplier, and supersedes all prior or contemporaneous agreements or terms and conditions, written or oral, relating to its subject matter. Any terms and conditions that appear on a purchase order or similar document issued by the Customer, or in the Customer's purchasing, invoicing or supplier portal do not apply to the Services, do not override or form part of this Agreement, and are invalid.

15.5. Force Majeure. Neither the Supplier nor the Customer shall be liable for any delay, inadequate performance or failure to fulfill any obligation under this Agreement to the extent caused by a condition (including, but not limited to, natural disasters, acts of war or terrorism, earthquakes , pandemic or health crisis, riot, government order, act or inaction, denial of service attack or failure, delay or disruption in the service provider, which was beyond the party's reasonable control.

15.6. Independent contractors. The relationship between the Supplier and the Customer is that of independent contractors, and not legal partners, employees, joint ventures or agents of each other.

15.7. No disclaimer. A party's failure or delay in enforcing any provision of this Agreement is not a waiver of its right to do so later.

15.8. Alerts.

a) Give notice. All notices must be in writing and will be deemed given when: (i) personally delivered, (ii) confirmed by written receipt, if sent by mail with confirmation of receipt service or courier, (iii) received, if sent by mail without confirmation of receipt, or (iv) confirmed by automated receipt or electronic logs if sent by email.

b) Notifications to the Supplier. Notes to the Supplier must be sent to the address of the Customer's Supplier defined in section 14 (Supplier table), marked for the legal department, with a copy to support@retailx.no . Email is insufficient to provide non-routine legal notices (including claims for damages, breach notices and termination notices) ("non-routine legal notices") to Supplier. The customer may provide approvals, permissions, extensions and consents via e-mail.

c) Notes to the Customer. Notices to the Customer may be sent to the email address associated with the Customer's designated primary administrator for the relevant Service ("Primary Administrator"). Billing-related notices (including late payment notices) may be sent to the relevant billing contact designated by the Customer. If Customer has provided contact information for legal notices on the face of this Agreement, any non-routine legal notices will be provided to such contact instead, with a copy to the email address associated with Customer's primary administrator.

d) Keep contact information up to date. The Customer and its End Users must keep the contact details relating to their User Accounts and Billing Contacts up to date and accurate and notify the Supplier in writing of any changes to such details.

15.9. Precedence. If a conflict exists between the following documents, the order of priority will be: (1) the applicable Order Form, (2) this Agreement, and (3) the applicable SSTs. Any terms set out under the "Special Terms" heading in any of the preceding documents will prevail over any other terms to the contrary in that document.

15.10. Separability. If any provision of this Agreement is determined to be unenforceable by a court of competent jurisdiction, that clause will be waived and the remainder of the Terms will apply in full.

15.11. Third party beneficiaries. There are no third party beneficiaries to this agreement. The Customer's end users are not third-party beneficiaries of the Customer's rights under this agreement.

15.12. Language. This agreement was drawn up and written in Norwegian. Any non-Norwegian translations of this Agreement that may be made available are provided for convenience only and are not valid or legally binding.

 

* * *

APPENDIX A

PURPOSE AND NATURE OF PERSONAL DATA PROCESSING, CATEGORIES OF PERSONAL DATA, DATA SUBJECT

 

PURPOSE AND NATURE OF THE PROCESSING

The supplier may process personal data as necessary to technically perform the services, including where applicable:

• Hosting and storage;
• Backup and disaster recovery;
• Technically improve the service;
• Service Change Management;
• Problem Solving;
• Provide secure, encrypted services;
• Adopt new product or system versions, patches, updates and upgrades;
• Monitoring and testing system usage and performance;
• Proactively detect and remove errors;
• IT security purposes including incident management;
• Maintenance and performance of technical support systems and IT infrastructure;
• Migration, implementation, configuration and performance testing;
• Making product recommendations;
• Provide customer support; transfer data, and
• Assist with requests from the data subject (as needed).

 

CATEGORIES OF PERSONAL INFORMATION

The Customer may submit personal data to the Services, and may request that the Customer's respondents submit personal data to the Services, the scope of which is determined and controlled by the Customer at its sole discretion, and which may include, without limitation:

• Personal data of all types that can be submitted by the Customer's respondents to the Customer via the user of the services (for example via surveys or other feedback tools). For example: name, geographic location, age, contact information, IP address, occupation, gender, financial status, personal preferences, personal shopping or consumer habits (including bong data and other import values), and other preferences and other personal details requested by the Customer or wish to collect from their respondents.
• Personal data of all types that may be included in forms and surveys hosted by the services for the Customer (such as may be included in surveys).
• The Customer's respondents may submit special categories of personal data to the Customer via the Services, the scope of which is determined and controlled by the Customer. For the sake of clarity, these special categories of personal data may include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of health or sex life data.

 

DATA SUBJECTS

Data subjects include:

• Natural persons who submit personal data to the Supplier via use of the services (including via online surveys and forms hosted by the Supplier on behalf of the Customer);
• Natural persons whose personal data may be sent to the Customer by Respondents via use of the Services;
• Natural persons who are employees, representatives or other business relations of the Customer;
• The Customer's users who are authorized by the Customer to access and use the Services.