background

Master Subscription Agreement

If you started a subscription before September 7, 2022, your use of the Zenkraft Services is governed by the terms here: https://www.zenkraft.com/msa/legacy

Redlines Please note that Zenkraft does not allow modifications to this document for annual contracts under $15,000/year.

BRINGG (FORMERLY ZENKRAFT) ON Salesforce® MASTER SUBSCRIPTION AGREEMENT

Last updated: August 11, 2022

THIS MASTER SUBSCRIPTION AGREEMENT BETWEEN YOU AND US, INCLUDING ITS SCHEDULES AND EXECUTED ORDER FORM(S) (COLLECTIVELY THE “AGREEMENT”) GOVERNS YOUR FREE TRIAL OF THE SERVICES (AS DEFINED BELOW) AND YOUR PURCHASE OF AND ONGOING USE OF THE SERVICES. BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THIS AGREEMENT, IN WHICH CASE THE TERMS “YOU” “YOUR” OR “CUSTOMER” SHALL REFER TO SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THE TERM OF THIS AGREEMENT YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

You may not access the Service if You are Our direct competitor, except with Our prior written consent. In addition, You may not access the Services for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.

This Agreement was last updated on 17 May 2022. It is effective between You and Us as of the Effective Date (defined below).

For good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:

1. DEFINITIONS

Any capitalised terms not otherwise defined in this Agreement shall have the meaning given below:

“Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Applicable Data Protection Laws”: all applicable statutory and regulatory requirements regarding privacy and the protection of “personal data” or “personally identifiable information” (as defined by such laws) and as amended from time to time, including without limitation, Regulation (EU) 2016/679 of the European Parliament (“GDPR”), the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419) (“UK GDPR”), the CCPA (as defined below) and any applicable acts and regulations which bring it into force; and the terms “personal data”, "data controller", “data processor”, "process" "processing" shall have the meaning set out in the Applicable Data Protection Laws and “subprocessor” means any third party appointed by or on behalf of Us to process the Personal Data in connection with this Agreement.

Bringg” means Bringg UK Limited, the entity which directly controls Zenkraft, Bringg Delivery Technologies Ltd., the group's ultimate parent company, and/or any of Bringg's Affiliates.

"Bringg Delivery Hub” means a centralised service developed by Bringg which operates as a network of third-party carriers enabling You to expand Your delivery coverage by establishing a connection to relevant carriers

"CCPA" means the California Consumer Privacy Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199), the CCPA Regulations (Cal. Code Regs. tit. 11, §§ 999.300 to 999.337), and any related regulations or guidance provided by the California Attorney General;

“Effective Date” means the date of Your acceptance of the terms and conditions of this Agreement through either clicking a box indicating Your acceptance or by executing an Order Form (manually or submitting electronically the Order Form) as applicable.

“Force Majeure Event” means any event caused by circumstances beyond Our reasonable control, including without limitation, acts of God, acts of government, floods, fires, earthquakes, civil unrest, acts of terror, strikes or other labour problems (other than those involving Our employees), Internet service provider failures or delays and denial of service attacks.

IDTA” means the International Data Transfer Addendum to the EU SCC issued by the Information Commissioner's Office in the UK and effective as of March 21, 2022;

“Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.

“Non-Zenkraft Applications” means any third party online applications and/or services and/or offline software products that are provided by entities or individuals other than Us, and that interoperate with the Service You have subscribed to as outlined in Schedule 2.

“Order Forms” means the orders placed hereunder that are entered into between You and Us for the purchase of subscriptions to the relevant Service either electronically or in writing signed by the parties. Order Forms shall be deemed incorporated herein by reference.

“Personal Data” means Your and Your Users' “personal data” (as defined in the Applicable Data Protection Laws) which is part of Your Data.

“Purchased Service” means the Services for which You purchase User Subscriptions to use such relevant Service under an Order Form, as distinguished from those provided pursuant to a free trial.

"Restricted Transfer" means: (i) where the GDPR applies, a transfer of personal data from the EEA to a country outside of the EEA which is not subject to an adequacy determination by the European Commission; and (ii) where the UK GDPR applies, a transfer of personal data from the United Kingdom to any other country which is not based on adequacy regulations pursuant to Section 17A of the Data Protection Act 2018;

Services” means the relevant software as a service offerings made available by Us and subscribed to and purchased by You, including, any specific modules, such as the Bringg Delivery Hub and the applicable APIs associated therewith, as indicated in the relevant Order Form and as further described in Schedule 2, but excludes any SFDC Products and/or Professional Services and any Non-Zenkraft Applications.

“SFDC” means salesforce.com.

“SFDC Products and/or Services” means the relevant SFDC products and/or services provided by SFDC and which interoperate with the relevant Service (as indicated in the table in Schedule 2) and which are governed by the SFDC Terms.

“SFDC Terms” has the meaning given in section 4.1.

Standard Contractual Clauses” or “SCC” means: (i) where the GDPR applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR ("EU SCC"); and (ii) where the UK GDPR applies, standard data protection clauses set out in Decision 2010/87/EC, as amended or replaced from time to time, pursuant to Article 46 of the UK GDPR ("Prior SCC");

“Subscription Fees” means the fees payable by You for the use of the Purchased Service during the Subscription Term as set out in the applicable Order Form.

“Subscription Term” means, the period of Your subscription to use the relevant Services in accordance with this Agreement commencing on the later of (i) the effective date of the applicable Order Form (or such other effective date as specified in the Order Form) and (ii) Our receipt of Your payment of the applicable Subscription Fees and continuing for the period set out in the Order Form.

“Support” means the relevant Support package, as indicated in the Order Form, purchased by You and described in such Order Form or any such other documentation as provided by Us to You from time to time.

“Testing” means the completion by You of an assessment of the Services enabling you to satisfy yourself that it will meet your requirements in respect of volume, intended carriers, service types, any special services and destinations and “Test” shall be interpreted accordingly.

“Trial Period” has the meaning given in Section 2 of this Agreement.

“User Guide” means the online user guide for the Services, accessible via www.zenkraft.com, as updated from time to time.

“User Subscriptions” means each subscription licenses purchased by You for the number of Users indicated in the applicable Order Form for such Users to access and use the Purchased Service in accordance with this Agreement.

“Users” means those individuals who are authorised by You to use the Services, who have been supplied user identifications and passwords by You (or by Us or SFDC at Your request), and in the case of Purchased Service, for whom User Subscriptions have been purchased. Users may include but are not limited to Your employees, consultants, contractors and agents, and third parties with which You transact business.

“We”, “Us”, “Our” and “Zenkraft” means the applicable entity You are contracting with under the applicable Order Form, which may be any Zenkraft entity as set forth in Schedule 1 and/or any of Zenkraft's Affiliates and/or successors.

“You” “Your” or “Customer” means the company or other legal entity for which You are accepting this Agreement for the purchase of the User Subscriptions to use the Purchased Service in accordance with the terms and conditions of this Agreement.

“Your Data” means all electronic data or information submitted by You when using the relevant Services.

2. FREE TRIAL

2.1 We will make the relevant Services available to You on a trial basis free of charge from the date You register for the trial of the relevant Services until the earlier of (a) the end of the free trial period for which You registered or are registering to use the applicable Service as identified at the time of registering or (b) the start date of any Purchased Service ordered by You (“Trial Period”). Additional trial terms and conditions may appear on the trial registration web page, such as the restrictions on the number of users/subscribers of the Services authorized by You to use the Services on a trial basis for the Trial Period. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

2.2 NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS”, “AS AVAILABLE” AND WITHOUT ANY WARRANTY OR SUPPORT WHATSOEVER. SECTIONS 5, 9 AND 10 DO NOT APPLY FOR ANY FREE TRIALS OF THE SERVICES.

2.3 Please review the User Guide during the trial period so that You become familiar with the features and functions and limitations of the Services before You make Your purchase. Services does not support all carriers, nor does it support all services offered by the carriers it does support.

3. SERVICES

3.1 Provision of Purchased Service. We shall make the Purchased Service available to You pursuant to this Agreement and the applicable Order Form(s) during each Subscription Term. You agree that Your purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Us regarding future functionality or features.

3.2 Your Affiliates. To the extent the parties agree in the applicable Order Form for the right and license to use the Services in accordance with this Agreement to extend to Your Affiliates, any such Affiliates shall be entitled to perform any of the obligations and exercise any of Your rights under this Agreement, but only You shall be entitled to enforce the rights granted to You under this Agreement, for and on behalf of such Affiliates. Any act or omission of any such Affiliates shall for the purpose of this Agreement be deemed to be an act or omission of You and You shall be liable for any breach of the terms of this Agreement by such Affiliates. Any loss, damage, liability, costs and expenses incurred by any such Affiliate in connection with this Agreement, shall be deemed to be incurred by You.

3.3 Rights. Subject to the restrictions of use set out herein and in the relevant Order Form and Your responsibilities in section 3.6 below, We grant to You a non-exclusive, non-transferable right to permit the Users to use the relevant Services subscribed to and purchased by You during the Subscription Term only and in accordance with this Agreement and solely for Your internal business operations.

3.4 User Subscriptions. Unless otherwise specified in the applicable Order Form, (i) Purchased Service are purchased as User Subscriptions and may be accessed by no more than the specified number of Users as set out in the relevant Order Form, (ii) additional User Subscriptions may be added during the applicable Subscription Term at the same pricing as that for the pre-existing subscriptions thereunder, prorated for the remainder of the then current Subscription Term in effect at the time the additional User Subscriptions are added, and (iii) the added User Subscriptions shall terminate on the same date as the pre-existing User Subscriptions. User Subscriptions are for designated Users only and cannot be shared or used by more than one User, but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Purchased Service. In the event the Parties agree to an unlimited number of User Subscriptions, such information will be included in the Order Form.

3.5 Our Rights and Responsibilities. We shall: (i) provide the relevant Support for the Purchased Service to You in accordance with the applicable service levels for the Support package you have selected to purchase, as set out and described in the applicable Order Form, such service levels available at http://zenkraft.com/docs/support/scope-of-support  (ii) use commercially reasonable efforts to make the Purchased Service available 24 hours a day, 7 days a week, except for: (a) emergency downtime, or planned downtime as notified to You from time to time, or (b) any unavailability caused by a Force Majeure Event; and (iii) provide the Purchased Service in accordance with applicable laws and government regulations. You may change the Support package upon written request to Us at any time during the Subscription Term (subject to paying the relevant additional fees for higher Support packages). Any change to a higher Support package will be effective upon payment of the relevant additional fees and a change to a lower level shall be effective at the start of the next renewal period of the Subscription Term; (iv) We may move carrier communications to a centralised API service (e.g.: the Bringg Delivery Hub) if we in our absolute discretion consider that doing so will improve the Services. We shall have no obligation to inform you of any such change.

3.6 Your Responsibilities. You shall (i) be responsible for Users' compliance with this Agreement and ensure such Users shall keep a secure password for his/her use of the Services and change such password frequently and keep such password confidential, (ii) not authorize more Users to access and use the Services than the maximum number of User Subscriptions You have purchased from time to time; (iii) be responsible for the accuracy, quality and legality of Your Data and of the means by which You acquired Your Data, (iv) use commercially reasonable efforts to prevent unauthorized access to or use of the Services, and notify Us promptly of any such unauthorized access or use, (v) and shall procure that Your Users shall use the Services only in accordance with the User Guide and applicable laws and government regulations; (vi) be responsible for obtaining all necessary licenses and consents required to use Your Data (if any) as part of the Services and You warrant and represent that such licenses and consents have been obtained; (vii) be solely responsible for procuring and maintaining Your network connections and telecommunications links and all problems, conditions, delays and delivery failures arising from or relating to Your network connections or telecommunications links; (viii) be solely responsible for satisfying yourself as to the appropriateness of the Services for your intended use through Testing before the Services is put into a live production environment and We may charge additional fees for assisting You with the Tests or remedying any failure by You to complete adequate Testing once the Services is used in a production environment. “Adequate testing” in respect of volume of transactions means testing to at least 1.5 times your anticipated use volume; (ix) be solely responsible for ensuring that the Services are used only by reasonably qualified individuals; (x) nominate a maximum of 3 individuals who may raise Support queries. In so doing, you will notify Us of the individual email addresses associated with those individuals. We shall have no obligation to respond to Support requests raised by anyone other than those nominated individuals; (xi) be solely responsible for ensuring that you have a SFDC administrator who is responsible for the maintenance and upkeep of your SDFC Products and/or Services. You shall not and shall procure that Your Users shall not (a) use the Services for any unlawful purposes, (b) make the Services available to anyone other than Users, (c) sell, resell, rent or lease the Services, (d) use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy or other rights and We reserve the right to remove any content where, in Our sole and reasonable discretion, we suspect such content to be inappropriate, upon notice to You, (e) use the Services to store or transmit Malicious Code, (f) interfere with or disrupt the integrity or performance of the Services or third-party data contained therein, or (g) attempt to gain unauthorized access to the Services or their related systems or networks.

3.7 Compliance with Use Limitation. In respect of the Purchased Service, You shall permit Us to verify Your use of the Purchased Service is in compliance with the use limitation as set forth in this Agreement and the applicable Order Form, including in order to establish the name and password of each User. Such verification may be conducted no more than once per year, at Our expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with Your normal conduct of business. If any such verifications reveal that any password has been provided to any individual who is not an authorized User, then without prejudice to Our other rights, You shall promptly disable such password and we shall not issue any new passwords to any such individual. If any such verifications reveal that You have underpaid Subscription Fees to Us, then without prejudice to Our other rights, You shall pay to Us an amount equal to such underpayment as calculated in accordance with the prices set out in the then current price list and in accordance with the payment terms set out in this Agreement.

3.8 Professional Services. Upon the terms and subject to the conditions set forth at https://zenkraft.com/legal/additional-services, We will provide, and You agree to accept and make payment for the Professional Services performed by Us.

3.9. Bringg Delivery Hub Specific Terms. You will have the right to integrate third party delivery services available in the Bringg Delivery Hub (each, an “External Carrier”) with the Services, subject to Our written approval of each such External Carrier, and, as applicable, further subject to each such External Carrier entering into or having entered into, an integration agreement with Us in a form and substance reasonably satisfactory to Us. When adding each External Carrier to the Services, You will ensure to obtain all rights and/or receive all consents, as may be required under applicable law for Us to process such External Carrier's Personal Data in connection with the Services (such as driver name, mobile number, and location) (“Privacy Consents”).

You instruct Us to provide Your Data to each of the External Carriers selected by You in connection with Our provision of the Services. We will not be responsible for any act or omission of the External Carrier and/or the performance or functionality of any External Carrier services or software. We agree to use commercially reasonable efforts to integrate with such External Carriers; provided, however, that You acknowledge that certain aspects of integration activities are outside of Our control and agree that a failure by Us to integrate with such External Carriers despite Our commercially reasonable efforts shall not constitute a breach of the Agreement by Us. External Carrier integrations may require additional fees and will be quoted upon request.

Where You elect to receive the services from an External Carrier through a commercial contract that Bringg has executed with such External Carrier (“OneTouch Program”), such services will be subject to supplemental OneTouch terms and conditions available at https://www.bringg.com/onetouchsupplement/, as may be updated from time to time and as shall apply mutatis mutandis to this Agreement. Specifically, for the purpose of this Agreement, all references to “Bringg MSA” in the OneTouch terms and conditions shall be read as references to this Agreement. External Carriers' services under the OneTouch Program may be subject to You agreeing to External Carriers' end user terms and conditions, made available to You by Bringg.

4. SFDC PRODUCTS AND/OR SERVICES AND NON-ZENKRAFT APPLICATION PROVIDERS

4.1 SFDC PRODUCTS AND/OR SERVICES. This Agreement is between You and Us. You warrant and confirm to Us that You have a separate valid direct agreement in place with SFDC for Your access to and use of the SFDC Products and/or Services in connection with the Services (“SFDC Terms”) and such SFDC Terms shall govern and apply to Your use of such SFDC Products and/or Services in connection with the Services, Separate licensing terms may also apply for Your use of the SFDC Products and/or Services as made available to You by SFDC and shall form part of the applicable SFDC Terms. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, YOU ACKNOWLEDGE AND AGREE THAT WE SHALL NOT BE RESPONSIBLE OR LIABLE FOR SUCH SFDC PRODUCTS AND/OR SERVICES OR FOR THE ACTS OR OMISSIONS OF SFDC.

4.2 Interoperability with Non-Zenkraft Applications and other Third Party Products and Services. The Services may contain features designed to interoperate with Non-Zenkraft Applications and may incorporate or rely on third party products and/or services. To use such features, You may be required to obtain access to such Non-Zenkraft Applications from their providers and/or comply with such providers applicable terms of use. If the provider of any such Non-Zenkraft Application ceases to make the Non-Zenkraft Application available for interoperation with the corresponding Services features on reasonable terms, We may cease providing such Services features without entitling You to any refund, credit, or other compensation. You acknowledge and agree that We shall not be responsible or liable for any such Non-Zenkraft Applications, including for their accuracy, reliability or availability, and information provided by the Services in reliance thereon, or for the acts or omissions of such providers of Non-Zenkraft Applications or for any volume or other restrictions imposed by Non-Zenkraft Applications. You should note that PrintNode, maps, SMS and other messaging services, information regarding traffic and road conditions, driving directions, payments and the GPS and internet functionality in External Carriers' mobile devices, are Non-Zenkraft Applications.

5. FEES AND PAYMENT FOR PURCHASED SERVICES

5.1 Subscription Fees. You shall pay all Subscription Fees specified in all Order Forms hereunder in accordance with this Agreement and the Order Form. Except as otherwise specified herein or in an Order Form, (i) subject to section 5.2 below, all Subscription Fees are based on services purchased and not actual usage, (ii) payment obligations are non-cancellable and fees paid are non-refundable, and (iii) the number of User Subscriptions purchased cannot be decreased during the relevant Subscription Term stated on the Order Form. Subscription Fees are based on annual periods that begin at the start of the Subscription Term.

5.2 Third Party Fees. Our prices and fees do not include payments to providers of third party services that are or may be integrated into the Services as detailed in Section 4.2 above, and specifically in connection with the Bringg Delivery Hub, such as SMS service providers and credit card payment vendors (“Third Party Fees”). You will be solely responsible for payment of all Third Party Fees. In the event that We pay any Third Party Fees on Your behalf, You will promptly reimburse Us in full within thirty (30) days from a reasonable proof of payment provided to You.

5.3 Invoicing and Payment. Subscription Fees will be invoiced in full, in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, fees are due immediately upon the date of the applicable Order Form. Unless otherwise agreed by Us in writing, You will not be given access to the Services until such payment is received by Us. Unless otherwise agreed by Us, You shall pay such invoices either by credit card payment, cheque payment or wire transfer. You are responsible for providing complete and accurate billing and contact information to Us and notifying Us of any changes to such information. You acknowledge and agree that any credit card or other means of payment and related billing and payment information that You provide to Us may be shared by Us with companies who work on Our behalf, such as payment processors and/or credit agencies, solely for the purposes of checking credit, effecting payment to Us and servicing Your account.

5.4 Overdue Charges. If any amounts invoiced hereunder are not received by Us by the due date, then at Our discretion, (a) such charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid, and/or (b) We may condition future subscription renewals and Order Forms on payment terms shorter than those specified in the “Invoicing and Payment” section above.

5.5 Suspension of Service. Subject to section 5.5, if any undisputed charge owing by You is thirty (30) days or more overdue, We may, without limiting Our other rights and remedies, suspend the Services until such undisputed amounts are paid in full, provided We have given You ten (10) or more days' prior notice that Your account is overdue in accordance with the “Notices” section below.

5.6 Payment Disputes. We shall not exercise Our rights under the “Suspension of Service” sections above if You are disputing the applicable charges reasonably and in good faith and cooperating diligently to resolve the dispute.

5.7 Taxes. Unless otherwise stated, Our fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added tax (VAT), sales and use, or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”). You are responsible for paying all Taxes associated with Your purchases hereunder. If We have the legal obligation to pay or collect Taxes for which You are responsible under this paragraph, the appropriate amount shall be invoiced to and paid by You, unless You provide Us with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, We are solely responsible for taxes assessable against Us based on Our income, property and employees.

5.8 Price changes. We may change Our prices for User Subscriptions at any time upon sixty (60) days written notice to You prior to the commencement of any renewal Subscription Term.

6. PROPRIETARY RIGHTS

6.1 Reservation of Rights. Subject to the limited rights expressly granted by or to Us hereunder, We, Our suppliers and/or licensors reserve all rights, title and interest in and to the Services (and all underlying Software and applications) and User Guides, and all modifications, carrier set-up and improvements thereto and any suggestions, enhancement requests, recommendations or other feedback provided by You and/or Users relating to the operation of the Services, including all related intellectual property rights. There are no implied licenses under the terms set forth in this Agreement and no rights are granted to You hereunder other than as expressly set forth herein.

6.2 Restrictions. You shall not (i) permit any third party to access the Services except as permitted herein or in an Order Form, (ii) create derivative works based on the Services, (iii) copy, frame or mirror any part or content of the Services, other than copying or framing on Your own intranets or otherwise for Your own internal business purposes, (iv) reverse engineer, decompile or otherwise attempt to derive the sourcecode of the Services, or (v) access the Services in order to (a) build a competitive product or service, or (b) copy any features, functions or graphics of the Services.

6.3 Your Applications and Code. You, a third party acting on Your behalf, or a User may create applications or program code which sits on top of the Services as permitted in the User Guide. In such cases, You authorize Us and Our service providers to host, copy, transmit, display and adapt such applications and program code, solely as necessary for Us to provide the Services in accordance with this Agreement; provided that We are not responsible or liable in anyway for any such applications or program code or their effect on Services or performance thereof. Subject to the above, We acquire no right, title or interest from You or Your licensors under this Agreement in or to such applications or program code, including any intellectual property rights therein.

6.4 Marketing. We or Our Affiliates may use Your name and logo for inclusion on Our website and in Our customer and/or supplier lists, and promotional, marketing and investment materials. You will work with us in good faith to prepare a mutually acceptable press release on execution of the Agreement, together with assisting in the preparation of a case study once operational. You agree to act as a customer reference for Us, but we will only ask you to complete a maximum of 3 customer references on our behalf so that this does not become an onerous obligation.

7. CONFIDENTIALITY

7.1 Definition of Confidential Information. As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information shall include Your Data; Our Confidential Information shall include the Services; and Confidential Information of each party shall include the terms and conditions of this Agreement and all Order Forms, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information (other than Your Data) shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

7.2 Protection of Confidential Information. The Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates' employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. Neither party shall disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates and accountants and SFDC where you are using the SFDC Products and/or Services in connection with the Services. without the other party's prior written consent.

7.3 Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party's Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.

7.4 The confidentiality obligations in this Section 7 shall survive the termination of this Agreement for a period of five (5) years.

8. YOUR DATA

8.1 Ownership. You shall own and retain full ownership of Your Data and shall have sole responsibility and liability for the legality, appropriateness, completeness, reliability, integrity, accuracy and quality of Your Data.

8.2 Your Data. You acknowledge and agree that We have no obligation to monitor or edit Your Data on the Services and We are not responsible for the accuracy, completeness, appropriateness, or legality of Your Data or any other information or content You may provide or be able to access using the Services. You further acknowledge and agree that: (i) any communication with others (including with the External Carriers) while using the Services is solely and exclusively Your responsibility, and (ii) We will not be held responsible in any way for any copyright infringement or violation, or the violation of any other person's rights or the violation of any laws arising or relating to Your Data. You acknowledge and agree that where SFDC is responsible for the hosting and/or processing of Your Data, as indicated in the table in Schedule 2, We (i) do not have any responsibility or liability for Your Data; and (ii) are not liable or responsible for the security and/or for any loss or destruction of any such Your Data. We are further not responsible for any disclosure, modification, destruction or deletion of Your Data resulting from the SFDC Products and/or Services or Your use thereof or from any access by or Your use of any third-party application, including, without limitation, any Non-Zenkraft Applications or in connection with any program code or applications created by or for You.

8.3 Your Responsibilities. You acknowledge that it is Your responsibility to use a secure encrypted connection if You wish to protect Your Data when You are transmitting it to Us and to keep Your own backup copies of Your Data. You acknowledge and agree that it is Your responsibility to keep backup copies of Your Data to protect Your passwords, limiting access to Your computers and devices, and for signing out of the Services when You are not using them.

8.4 Licence to use Your Data. You grant Us and Our Affiliates a non-exclusive, worldwide, licence to use, copy and transmit Your Data only as strictly necessary for Us to provide the Services to You in accordance with and for the duration of this Agreement. You further grant Us and Our Affiliates a non-exclusive, worldwide, transferable, licence for the duration of this Agreement to transfer Your Data to third party service providers used by Us, including without limitation our hosting providers as detailed in the DP Terms, only to the extent required for the provision of the Services and/or to address service or technical problems, or at Your request in connection with customer support matters. You acknowledge and agree that Your Data will be hosted and stored by such third party hosting providers.

8.5 Anonymised Data. You authorise Us to (i) keep, use, and share with Our affiliates or third parties, any data and information derived from Your, Your Affiliates and/or users' use of and interaction with the Services including browser data, all in an anonymized form (Anonymised Data), to enable Us to make product or service improvements, including with respect to the Services and to develop new products and services, training and machine learning; and (ii) We may at any time and at Our discretion retain, process, and analyse Anonymised Data, and/or create and/or use systems that retain, process, and analyse Anonymised Data for Our legitimate business purposes, including those described in this clause 8.5, and all rights, title and interest, including all Intellectual Property Rights, in such systems, data or databases (including in any machine learning programs), shall be solely owned by Us, Our affiliates or Our licensors.

8.6 SFDC Products and/or Services Data Security. SFDC host the Services purchased through the SFDC site and accessed via or in connection with the SFDC Products and/or Services and additional terms applicable in respect of such hosting of Your Data will be set out in the SFDC Terms

8.7 Right to remove Your Data. We reserve the right to remove (or require SFDC to remove in accordance with the SFDC Terms) any of Your Data (or third party information) which we reasonably believe breaches any laws or regulations or any third party's rights or this Agreement and/or is deemed, in our reasonable opinion, to be inappropriate content. We will notify You of any such removal of (or request to remove) any of Your Data (or third party information) in accordance with this section. We disclaim all liability of any kind in respect of Your Data (except for our obligations to accurately reproduce such data for the purposes of providing the Services), third party information and any other material which can be accessed using the Services and for any fraud committed in connection with the Services.

8.8 Non-Zenkraft Applications and Your Data. If You install or enable Non-Zenkraft Applications for use with Services, You acknowledge that such providers of those Non-Zenkraft Applications will have access Your Data as required for the interoperation and support of such Non-Zenkraft Applications with the Services and SFDC Products and/or Services, as applicable. We shall not be responsible for any disclosure, modification or deletion of Your Data resulting from any such access by Non-Zenkraft Application providers. The Services shall allow You to restrict such access by restricting Users from installing or enabling such Non-Zenkraft Applications for use with the Services.

9. WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS

9.1 Our Warranties. We warrant that (i) we have validly entered into this Agreement and have the legal power to do so, (ii) the Purchased Service shall perform materially in accordance with the User Guide during the Subscription Term, and (iii) subject to the “Interoperability with Non-Zenkraft Applications” section above, the functionality of the Purchased Service will not be materially decreased during a Subscription Term. In the event of a breach of the warranty above during the Subscription Term, We will at Our expense either (i) repair or replace the affected part of the Services or (ii) in the event We cannot reasonably repair or replace the affected part of the Services after using commercially reasonable effort, We will terminate Your right to use the affected Services and refund You the prepaid fees for the period of the Subscription Term remaining after the date of termination.

9.2 Warranty Exclusions. Notwithstanding the foregoing, We (a) do not warrant (i) that Your use of the Services will be uninterrupted or error-free; or (ii) that the Services will meet Your requirements; or (iii) any program code or applications created by or for You in connection with theServices (b) are not responsible for any delays, delivery failures, or any other loss or damage resulting from Your access to and use of any program code or applications created by or for You, the Services through and/or in connection with SFDC Products and/or Services or Non-Zenkraft Applications; or (c) are not responsible any delays, delivery failures or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and You acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities; and (d) nor Our suppliers or third-party service providers or software vendors, shall have any liability whatsoever for the accuracy, completeness, or timeliness of Your Data, or for any decision made or action taken by You, any User, or any third party in reliance upon any of Your Data. 9.3 Your Warranties. You warrant that You have validly entered into this Agreement and have the legal power to do so.

9.4 DISCLAIMER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE WARRANTIES AND REMEDIES PROVIDED IN THIS SECTION 9 ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, TERMS AND CONDITIONS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OR TERMS AND CONDITIONS OF MERCHANTABILITY, ACCURACY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE, ALL OF WHICH, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ARE EXPRESSLY DISCLAIMED BY US.

10. MUTUAL INDEMNIFICATION

10.1 Indemnification by Us. Subject to section 10.2 below, We shall defend You against any claim, demand, suit or proceeding made or brought against You by a third party alleging that the use of the Purchased Service as permitted hereunder infringes or misappropriates the intellectual property rights of a third party in the United States of America and the European Economic Area (a “Claim Against You”), and shall be responsible for payment of any damages, finally awarded against You as a result of, and for amounts paid by You under a court-approved settlement of, a Claim Against You and for any reasonably legal fees incurred in connection with Our defense of the Claim Against You; provided that You (a) promptly give Us written notice of the Claim Against You, (b) gives Us sole control of the defense and settlement of the Claim Against You (provided that We may not settle any Claim Against You unless the settlement unconditionally releases You of all liability), (c) provide to Us all reasonable assistance, at Our expense; and (d) use reasonable endeavors to mitigate any loses in connection with such claims. In the event of a Claim Against You, or if We reasonably believe the Purchased Service may infringe or misappropriate, We may in Our discretion and at no cost to You (i) modify the Purchased Service so that they no longer infringe or misappropriate, without breaching Our warranties under “Our Warranties” above, (ii) obtain a license for Your continued use of the Purchased Service in accordance with this Agreement, or (iii) terminate Your User subscriptions for such Purchased Service upon 30 days' written notice and refund You any prepaid fees covering the remainder of the term of such terminated User subscriptions after the effective date of termination.

10.2 Exclusions. We and Our Affiliates shall not be liable to You to the extent that the alleged Claim Against You is based on: (a) a modification of the Services by anyone other than Us; (b) Your use of the Services in a manner contrary to this Agreement or the instructions given to You by Us; (c) Your use of theServices in connection with the SFDC Products and/or Services or Non-Zenkraft Applications to the extent such SFDC Products and/or Services or Non-Zenkraft Applications cause the infringement Claim, or (d) Your use of the Services after notice of the alleged or actual Claim Against You from Us or any appropriate authority.

10.3 Indemnification by You. You shall indemnify, defend and hold Us harmless from any damages, attorney fees and costs finally awarded against Us as a result of, and for any amounts paid by Us under a court-approved settlement of any claim, demand, suit or proceeding made or brought against Us by a third party (i) alleging that Your Data, any program code or applications created by or for you or Your use of the Services in breach of this Agreement, infringes or misappropriates the intellectual property rights of a third party or violates applicable law; (ii) arising out of Your failure to obtain the Privacy Consents or the consent of any External Personnel or any User on Your behalf to receive any SMS, email or other messages as part of the Services (a “Claim Against Us”); provided that We (a) promptly give You written notice of the Claim Against Us, (b) give You sole control of the defense and settlement of the Claim Against Us (provided that You may not settle any Claim Against Us unless the settlement unconditionally releases Us of all liability), and (c) provide to You all reasonable assistance, at Your expense.

10.4 EXCLUSIVE REMEDY. THIS “MUTUAL INDEMNIFICATION” SECTION IS SUBJECT TO SECTION 11 AND STATES THE INDEMNIFYING PARTY'S SOLE LIABILITY TO, AND THE INDEMNIFIED PARTY'S EXCLUSIVE REMEDY AGAINST, THE OTHER PARTY FOR ANY TYPE OF CLAIM DESCRIBED IN THIS SECTION.

11. LIMITATION OF LIABILITY

11.1 SUBJECT TO SECTION 11.2, IN NO EVENT SHALL EITHER PARTY'S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED THE AMOUNT PAID BY YOU HEREUNDER IN THE TWELVE MONTHS IMMEDIATELY PRECEDING THE EVENTS GIVING RISE TO THE LIABILITY. THE FOREGOING LIMIT SHALL NOT APPLY TO YOUR PAYMENT OBLIGATIONS UNDER THE “FEES AND PAYMENT FOR PURCHASED SERVICE” SECTION ABOVE OR BREACH OF YOUR CONFIDENTIALITY OBLIGATIONS OR YOUR INFRINGEMENT OF OUR PROPRIETARY RIGHTS.

11.2 THE EXCLUSIONS IN THIS SECTION 11 SHALL APPLY TO THE FULLEST EXTENT PERMISSIBLE AT LAW BUT NEITHER PARTY EXCLUDES LIABILITY FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR THAT OF ITS OFFICERS, EMPLOYEES, CONTRACTORS OR AGENTS; FRAUD OR FRAUDULENT MISREPRESENTATION; OR ANY OTHER LIABILITY WHICH CANNOT BE EXCLUDED BY LAW.

11.3 SUBJECT TO SECTION 11.2, IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED OR FOR LOSS OF PROFITS, ANTICIPATED SAVINGS, BUSINESS OPPORTUNITY, GOODWILL OR DATA (INCLUDING CORRUPTION OF OR DAMAGE TO DATA), WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

11.4 IN ADDITION TO THE OTHER EXCLUSIONS SET OUT IN THIS SECTION 11 AND SUBJECT TO SECTION 11.2, WE SHALL HAVE NO LIABILITY: (A) FOR THE SFDC PRODUCTS AND/OR SERVICES, NON-ZENKRAFT APPLICATIONS OR FOR ANY ACTS OR OMISSIONS OF SFDC OR THE PROVIDERS OF SUCH NON-ZENKRAFT APPLICATIONS, INCLUDING WITHOUT LIMITATION WHERE SUCH ACTS OR OMISSIONS CAUSE A BREACH OF THIS AGREEMENT, OR (B) FOR ANY PROGRAM CODE OR APPLICATIONS CREATED FOR YOU BY YOU PURSUANT TO SECTION 6.3, (C) WHERE ANY FAILURE TO PROVIDE THE SERVICES IS CAUSED BY: (I) A NETWORK, HARDWARE OR SOFTWARE FAULT IN EQUIPMENT WHICH IS NOT UNDER OUR CONTROL; (II) ANY ACT OR OMISSION BY YOU AND/OR YOUR USERS; (III) USE OF THE SERVICES IN BREACH OF THIS AGREEMENT; (IV) SFDC, SDFC PRODUCTS AND/OR SERVICES OR ANY NON- ZENKRAFT APPLICATIONS OR PROVIDERS OF SUCH NON-ZENKRAFT APPLICATION; (V) ANY UNAUTHORISED ACCESS TO THE SERVICES INCLUDING A MALICIOUS SECURITY BREACH; OR (VI) A FORCE MAJEURE EVENT, OR (D) FOR ANY ACT OR OMISSION OF THE EXTERNAL CARRIER AND/OR THE PERFORMANCE OR FUNCTIONALITY OF ANY EXTERNAL CARRIER SERVICES OR SOFTWARE.

11.5 ZENKRAFT SHALL NOT BE LIABLE FOR ANY SHIPPING COSTS AND FEES INCURRED BY YOU, INCORRECTLY SENT SHIPMENTS, MISSING TRADE DOCUMENTS OR COMPLIANCE REQUIREMENTS AND YOU ARE SOLELY RESPONSIBLE AND LIABLE FOR ALL SHIPPING REQUIREMENTS AND HOW YOU SHIP USING THE SERVICES.

11.6 ZENKRAFT SHALL NOT BE LIABLE FOR ANY PERCEIVED OR ACTUAL DELAY, ERRORS OR ANY OTHER MATTER GIVING RISE TO ADDITIONAL COSTS WHICH ARISE AS A RESULT OF YOUR FAILURE TO TEST OR THE COMPLETION OF INADEQUATE TESTING.

12. TERM AND TERMINATION

12.1 Term of Agreement. This Agreement commences on the Effective Date and continues until all Subscriptions Terms have expired or been terminated. If You elect to use the Services for a Trial Period and do not purchase a subscription for the Services before the end of that Trial Period, this Agreement will terminate at the end of such Trial Period.

12.2 Subscription Term(s). User Subscriptions for Purchased Service commence on the later of (i) the start date (effective date) specified in the applicable Order Form; or (ii) Our receipt of Your payment of the applicable Subscription Fees and continuing for the Subscription Term and if no such term is specified, it shall be for a minimum period of 12 months from the start date. Thereafter the Subscription Term for User Subscriptions will automatically renew for successive periods of 12 months or such other period as specified in the Order Form, unless either party terminates such subscriptions upon sixty (60) written notice prior to the end of the then current Subscription Term.

12.3 Termination for Cause. A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors or analogous event or proceeding in any applicable jurisdiction.

12.4 Obligations Upon Termination. On termination of this Agreement for any reason: (a) all rights of use granted under this Agreement shall immediately terminate and You shall immediately cease the use of the Services; (b) You shall promptly pay all monies due or to become due under this Agreement and/or relevant Order Form(s) through the effective date of termination and covering the remainder of all Subscription Term(s) after the date of termination and for the avoidance of any doubt, any fees already paid by You shall not be refunded; (c) each party shall return and make no further use of any equipment, property, Services, User Guides, Confidential Information and other items (and all copies of them) belonging to the other party; (d) SFDC may destroy or otherwise dispose of any of Your Data in accordance with Your agreement with SFDC and the SFDC terms set forth in Schedule 2. You acknowledged and agree that We have no rights or control over the disposal or back up of Your Data; and (e) the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced.

12.5 Surviving Provisions. The sections titled “Fees and Payment for Purchased Service,” “Proprietary Rights,” “Confidentiality,” “Mutual Indemnification,” “Limitation of Liability,” “Surviving Provisions,” “Notices,” ”Governing Law and Arbitration,” and “General Provisions” shall survive any termination or expiration of this Agreement.

13. NOTICES, GOVERNING LAW AND JURISDICTION

13.1 Governing Law and Jurisdiction. This Agreement, Order Form(s) and all the Schedules shall be governed by the applicable laws and subject to the applicable jurisdiction set forth in Schedule 1 to this Agreement.

13.2 Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after mailing, (iii) the second business day after sending by confirmed facsimile, or (iv) the first business day after sending by email (provided email shall not be sufficient for notices of termination or an indemnifiable claim). Notices to You shall be addressed to the system administrator designated by You for Your relevant Services account, and in the case of billing-related notices, to the relevant billing contact designated by You. Notices to Us shall be addressed to the applicable Zenkraft entity address set forth in Schedule 1 to this Agreement.

14. GENERAL PROVISIONS

14.1 Export Compliance. The Services, other Our technology, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. You shall not permit Users to access or use Services in a U.S.-embargoed country or in violation of any U.S. export law or regulation.

14.2 Anti-Corruption. Each party will comply with all applicable laws, statutes, regulations and codes relating to anti-bribery and anti-corruption, including but not limited to the Bribery Act 2010 and the U.S. Foreign Corrupt Practices Act 1977 (“FCPA”). If a party learns of any request or demand for any undue financial or other advantage of any kind received by either party in connection with the performance of this Agreement, it will promptly notify the other party's Legal Department.

14.3 Relationship of the Parties. The parties are independent contractors. This Agreement (i) does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties and (ii) shall not prevent Us from entering into similar agreement with third parties, or from independently developing, using selling or licensing products, documentation and/or services which are similar to those provided under this Agreement

14.4 No Third-Party Beneficiaries. Except for SFDC as set forth in the SFDC Terms attached as Schedule 1 to this Agreement, there are no other third-party beneficiaries to this Agreement. No other person who is not a party to this Agreement shall have any right (including without limitation under the Contracts (Rights of Third Parties) Act 1999 where this Agreement is governed by the laws of England and Wales) to enforce any term of this Agreement.

14.5 Insurance. We will carry and maintain for the term of this Agreement insurance coverage reasonably required for the provision of the Services hereunder.

14.6 Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such party of any of its obligations under Sections 3.6, 6.1, 6.2 and 7 would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other party will be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise.

14.7 Waiver. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.

14.8 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

14.9 Assignment. Except as provided below, neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the other party. A party's sole remedy for any purported assignment by the other party in breach of this paragraph shall be, at the non-assigning party's election, termination of this Agreement upon written notice to the assigning party. In the event of such a termination, We shall refund to You any prepaid fees covering the remainder of the term of all subscriptions after the effective date of termination. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

14.10 Entire Agreement. This Agreement, including all exhibits and addenda hereto and all Order Forms, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. However, to the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any schedule or addendum hereto or any Order Form, the terms of such schedule, addendum or Order Form shall prevail except where any terms of an Order Form expressly state that such terms shall take precedence over the terms of the Agreement. Notwithstanding any language to the contrary therein, no terms or conditions stated in Your purchase order or in any other order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

Schedule 1 - Contracting entity, Governing law and Jurisdiction

This table outlines which entity You are contracting with and the relevant governing law and jurisdiction for this Agreement and associated order forms.

If You are domiciled in:

You are contracting with:

The law governing this Agreement and associated order forms as well as the jurisdiction is:

USA or Canada

Zenkraft Inc. Office: 200 Continental Drive, Suite 401, Newark, DE, 19713, UnitedStates

The laws of the State of New York, excluding its conflicts of law rules. The parties agree that all disputes arising out of this Agreement shall be subject to the exclusive jurisdiction and venue in the federal and state courts within Delaware, US. The parties hereby consent to and waive defenses of the personal and exclusive jurisdiction and venue of these courts. The United Nations Convention on the International Sale of Goods (CISG) and the Uniform Computer Information Transactions Act shall not apply. Waiver of Jury Trial. Each Party acknowledges and agrees that any controversy that may arise under this Agreement, including any exhibits, schedules, attachments and appendices attached to this Agreement, is likely to involve complicated and difficult issues and , therefore, each Party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement, including any exhibits, schedules, attachments and appendices attached to this Agreement, or the transactions contemplated hereby. Each Party certifies and acknowledges that (a) no Representative of the other Party has represented, expressly or otherwise, that the other Party would not seek to enforce the foregoing waiver in the event of a legal action, (b) it has considered the implications of this waiver, (c) it makes this waiver voluntarily, and (d) it has been induced to enter into this Agreement by, among other things, the mutual waivers and certifications in this Section.

Any where other than the USA

Zenkraft Limited 88 Wood Street, 10th-11th Floor, London, EC2V 7RS, UnitedKingdom

The laws of England and Wales and the parties submit to the exclusive jurisdiction of the English courts without regard to choice or conflicts of law rules, the United Nations Convention on the International Sale of Goods (CISG), or the Uniform Computer Information Transactions Act.

 

Schedule 2 - Service Types

Depending on the Services purchased and subscribed to by You as indicated in the relevant Order Form, the following will apply to the relevant Services.

Service

Interoperates with the below listed SFDC Products and/or Services (as may be updated from time to time)

Service Hosted by

Your Data hosted/stored by

Personal Data processed by Available

Available Non-Zenkraft Applications

Zenkraft Managed Package

Service Cloud, CPQ, Field Service Lightning, Sales Cloud, B2B Commerce, any other “Native” Salesforce Cloud

SFDC and Bringg Sub-Processors (in connection with the Bringg Delivery Hub)

SFDC and Bringg Sub-Processors (in connection with the Bringg Delivery Hub)

SFDC (or Zenkraft only where data is accessed via SFDC account (at Your request) for dealing with limited Support requests, and Bringg Sub-Processors. No data is stored by Zenkraft.)

-PrintNode and other Bringg Sub-Processors (where applicable)

-Carriers (such as UPS, FedEx, and other carriers available in the Bringg Delivery Hub)

-Carrier Aggregator services

Bringg Delivery Hub

___________

Bringg Sub-Processors

Bringg and Bringg Sub-Processors

Bringg, Bringg Affiliates, Bringg Sub-Processors

Carriers in the Bringg Delivery Hub (such as Doordash, Skipcart, Shipt, Uber, etc.)

Zenkraft Commerce Cloud Cartridge Commerce Cloud

Commerce Cloud (B2C)

SFDC and Zenkraft

Commerce Cloud hosts all data except for Shipping Accounts (Contains no Personal Data) which are hosted by Zenkraft

SFDC and Zenkraft (no Personal Data is stored by Zenkraft and is only transmitted through the Services)

-Print Node

-Carriers (such as UPS, FedEx)

-Carrier Aggregator services

-Twilio Services (SMS and WhatsApp messaging functionality)

Schedule 3 - Data Protection Terms (DP Terms)

The following terms and conditions govern Our processing of any of Your and/or Your Users Personal Data in the provision of the Services (as indicated in Schedule 2).

1.    Definitions. Any capitalized terms not otherwise defined herein shall have the meaning set out in Section 1 of the Agreement.

2.    Data Protection Laws. Each party shall comply with Applicable Data Protection Laws and its applicable obligations under such Applicable Data Protection laws in respect of the provision and use of the Services and related Support and You warrant to Us that You have all necessary and appropriate consents and notices towards Your Users and end customers and to enable the lawful transfer and processing of any such Personal Data for the purposes of this Agreement in compliance with Applicable Data Protection Laws.

3.    Our security procedures and practices are implemented in accordance with all applicable data protection laws, are appropriate to the nature of the information collected and are aligned with industry best practices for the management, transport, and storage of User Information. We have achieved accredited certification to ISO 27001 demonstrating that our organization has defined and put in place best-practice information security processes.

4.    Data Processing.

Where indicated in the table in Schedule 2 that We process Personal Data contained in Your Data, For the purposes of this Agreement, you are both the data controller and the Business (as defined in the CCPA). We may process such Personal Data solely for the purposes and the duration of processing as set out in Appendix A and We shall:

a.     only process such Personal Data in accordance with this Schedule and any other written instructions from You and not for Our own purposes;

b.    ensure that people processing the Personal Data are subject to the same duties of confidence as set out in this Agreement and agreed by the Parties;

c.   within a reasonable period of time following the end of the Subscription Term, at Your option, either securely destroy or return such Personal Data to You and delete existing copies, except where We are required by law to keep a copy and subject to any rights in this Agreement to use Your Data in an anonymised format post termination;

d.    where Personal Data is processed in a country within the European Economic Area (EEA) or the UK, not to conduct any Restricted Transfer unless We have complied with Our applicable obligations under Applicable Data Protection Laws in ensuring adequate safeguards in relation to such transfer, as further described below;

e.    in the event that We receive a request, notification or complaint from a data subject or a regulatory authority which is addressed to, or intended for, You, promptly pass on such request, notification, complaint or communication to You;

f.    assist You by implementing appropriate technical and organisational measures within Our systems and processes to assist with Your obligation to respond to requests from data subjects seeking to exercise their rights under Applicable Data Protection Laws, to conduct a data protection impact assessment under Applicable Data Protection Laws and to consult with regulatory authorities under Applicable Data Protection Laws;

g.    implement and maintain appropriate technical and organisational measures to protect Your Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the Your Personal Data and having regard to the nature of the Personal Data which is to be protected. As a minimum, these should include any requirements under Applicable Data Protection Laws and the requirements set out in the DP Terms of this Agreement or an Order Form (as applicable); and

h.    notify You without undue delay if we become aware of any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the Your Personal Data (a “Security Incident”) and provide sufficient detail of the Security Incident for You to take action to remedy the Security Incident.

5.    You consent to Us appointing subprocessors of such Personal Data under this Agreement, provided that We have entered or (as the case may be) will enter with such third party subprocessors into a written agreement incorporating terms which are the same as or substantially similar to those set out in this clause 3. You hereby grant us a general authorization to use the subprocessors listed below to process Personal Data for the purpose of providing the Services. We will notify You of any changes to such list at least seven (7) days prior to any such change. As between You and Us, We shall remain fully liable for all acts or omissions of any subprocessor appointed by Us pursuant to the Agreement and this clause 3. All such Sub-processors shall be Service Providers (as defined in the CCPA) for purposes of the CCPA.

Sub-Processor

Nature of Service

Entity Country/Location

Heroku, Inc.

cloud computing services

USA and Ireland

PrintNode Limited.

a hosted printing service that faciliatates the printing of labels for Customers

United Kingdom

In addition, in connection with the Bringg Delivery Hub, you hereby grant us a general authorization to use the subprocessors listed here (the “Bringg Sub-Processors”).

6.   International Transfers

All Restricted Transfers shall be conducted under the following terms:

a.    in relation to Personal Data that is protected by the GDPR, the Module Two of the EU SCCs will apply, and the parties elect as follows: (i) include optional Clause 7; (ii) in Clause 9(a), Option 2 will apply, and the time period for prior notice of Sub-processor changes shall be seven (7) days; (iii) in Clause 11, the optional language will not apply; (iv) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by Irish law; (v) in Clause 18(b), disputes shall be resolved before the courts of Ireland; (vi) Annex I of the EU SCCs shall be deemed completed with the information set out in Appendix A to these DP Terms; (vii) Annex II of the EU SCCs shall be deemed completed with the information set out in Appendix B to these DP Terms; and

b.    in relation to Personal Data that is protected by the UK GDPR, for so long as it is lawfully permitted to rely on Prior SCC for transfers of Personal Data from the United Kingdom, the Prior SCC shall apply between the parties on the following basis: (i) Appendix 1 shall be completed with the relevant information set out in Appendix A hereto; (ii) Appendix 2 shall be completed with the relevant information set out in Appendix B hereto; (iii) the optional illustrative indemnification Clause will not apply, references in the Prior SCC to “the law of the Member State in which the data exporter is established” shall be deemed to mean “the laws of England and Wales”; and (iv) any other obligation in the Prior SCCs determined by the Member State in which the data exporter is established shall be deemed to refer to an obligation under UK GDPR.

c.   Where the Prior SCCs do not apply and the parties are lawfully permitted to rely on the EU SCC for transfers of Personal Data from the UK subject to completion of the IDTA, then the EU SCC, completed as set out above shall also apply to transfers of such Personal Data, subject to the provision that the IDTA shall be deemed executed between the parties, and the EU SCC shall be deemed amended as specified by the IDTA in respect of the transfer of such Personal Data.

d.   If neither sub-section (b) or sub-section (c) applies, then the parties shall cooperate in good faith to implement appropriate safeguards for transfers of such Personal Data as required or permitted by the UK GDPR without undue delay.

e.   In the event that any provision of these DP Terms contradicts, directly or indirectly, the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

f.   We shall maintain complete and accurate records to demonstrate Our compliance with these DP Terms and shall allow You and Your respective auditors or authorised agents, at Your own cost and expense and upon reasonable prior written notice, to conduct audits or inspections during the Term and for 12 months thereafter and provide all reasonable assistance in order to assist You in exercising its audit rights under this clause. Any such audit shall be conducted not more frequently than once in a calendar year and in a manner that ensures minimum disruption to Our day to day business operations. The purposes of an audit pursuant to this clause shall be to verify that We and Our subprocessors (if applicable) are processing Your Personal Data in accordance with the obligations under this Agreement and Applicable Data Protection Laws.

Appendix A

Subject Matter of the Processing: The Personal Data is collected and processed by Zenkraft when You gain access to Zenkraft proprietary SaaS-based managed package (including access to the Bringg Delivery Hub).

Type of Personal Data: Name, Email, Phone, Address, location, list of delivered goods, any other data required to process a shipment and fulfil an order until its delivery, and any other data Customer or a carrier requires to add to the labels on the delivered goods.

Categories of Data Subjects: External Carriers, Users and Customers.

Purpose of Processing: For the provision of the Services, “Zenkraft Commerce Cloud Cartridge” and for the provision of certain support requests from You which require log in access to Your SFDC account to carry out debugging and other related support services.

Duration of Processing: For the duration of the Subscription Term

To the extent the Module Two of the EU SCCs applies to this DP Terms:

Frequency of the transfer: Continuous, as required for the Services.

Personal Data Retention Period:

We will retain Personal Data we process hereunder only for as long as required to provide the Services pursuant to this Agreement. Unless otherwise agreed in writing by the parties, after a request from You to delete any Personal Data or upon termination or expiration of the Agreement, an automated process will begin that permanently deletes the data in accordance with the timelines set forth in the tables below:

Type

Timeline for Deletion

Order information (including Personal Data contained in such order)

Following 90 days from the placement of each such order by a User the data will be hashed for anonymization

Personal Data in Customer's account

Upon request following the termination of the contractual relationship, within 14 days from such request

Database backups

Following 30 days

Logs

8 weeks

Labels

after the labels are printed. If not printed instantly, then up to 14 days.

Appendix B

Technical and Organisational Measures

We will implement the technical and organizational security measures as detailed at: https://www.bringg.com/trust-center/ and as further described below:

In order to protect the confidentiality, integrity, and availability of Your Data (including Personal; Data) We have implemented an information security program that includes the following technical, administrative/organizational, and physical controls:

We utilize advanced tools, security procedures and engineering practices to store in a secure fashion, and protect against accidental or unlawful destruction or loss, or unauthorized disclosure or access, all user confidential or sensitive information (“User Information”) that is collected by us as part of the operation of the Services (the “Services”).

Our Multi-Carrier Shipping App operates inside Salesforce CRM where we integrate seamlessly with carriers. Our Carrier API is hosted on Salesforce Heroku and we have data centers in EU and USA. Certain elements and components of our Services leverage Bringg's SDKs and APIs and as such are hosted on Amazon Web Services (“AWS”) and Google Cloud Platform (“GCP”).

The Bringg Delivery Hub implements a cloud-based SaaS model, currently with the use of the cloud solutions offered by AWS and GCP. By using AWS and GCP we are able to leverage the high performance, durability, scalability, availability and security of the AWS and GCP infrastructures and procedures in the provision of our Services. All User Information collected by us as part of the operation of the Services is stored and hosted on compute resources provided by AWS and/or GCP and controlled by us (the “Database”).

Our security procedures and practices are implemented in accordance with all applicable data protection laws, are appropriate to the nature of the information collected and are aligned with industry best practices for the management, transport, and storage of User Information.

Without limiting the foregoing, we ensure that the following systems and procedures are in place:

1.   Governance and organizational controls:

1.1. Reporting relationships, organizational structures, and proper assignment of responsibilities for system controls, including the appointment of the Chief Information Security Officer (CISO) with responsibility for oversight of service organization controls for security, availability, processing integrity, confidentiality, and privacy of User Information, are documented and communicated.

1.2. Bringg has established a risk assessment framework used to evaluate risks throughout the company on an ongoing basis. The risk management process incorporates management's risk tolerance, and evaluations of new or evolving risks.

2.    Business Continuity

The infrastructure of the data storage facilities used to host the Database has a high level of availability and provides a resilient IT architecture. Such infrastructure is designed to tolerate system or hardware failures with minimal User impact.

3.   Network Security

3.1.The Database is protected by effective network security, to control both inbound and outbound data transport, including proper monitoring of Bringg network components to detect unauthorized access.

3.2. The Database is protected by network devices, including firewall and other boundary devices, in order to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists, and configurations to enforce the flow of User Information to or from the Database.

3.3. Access control lists, or traffic flow policies, are established on each managed interface, which manage and enforce the flow of User Information traffic.

3.4. Access to the Database may only be made through a limited number of access points. These access points are encrypted in transit using SSL communication protocol, which establishes a secure communication session with the Database.

3.5. All User Information transmitted to or from the Database and kept in the Database is protected by a minimum of 256-bit AES encryption.

4.   Network Monitoring and Protection

4.1.The network on which User Information is transmitted to or from the Database is constantly monitored by a wide variety of automated monitoring systems, which are designed to detect unusual or unauthorized activities and conditions at communication points.

4.2.  These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts and set custom performance metrics thresholds for unusual activity.

4.3.  We implement Network Intrusion Detection or Prevention Systems (NIDS/NIPS) to monitor traffic of User Information to or from the Database.

4.4.  Security monitoring tools help identify, and where applicable initiate a response process against or prevent, several types of denial of service (DoS) attacks, including distributed, flooding, and software/logic attacks and also against other traditional network security issues such as Distributed Denial of Service (DDoS) Attacks, Man in the Middle (MITM) Attacks, IP Spoofing, Port Scanning and Packet Sniffing.

4.5.  We review the security of the Services on a periodic basis including testing for common vulnerabilities such as for the malicious activities mentioned above and also including uninformed outsider testing and informed insider testing.

4.6.  All security issues that are identified shall be addressed within an appropriate timeframe.

5.   Organizational Security

5.1. Only authorized staff can grant, modify or revoke access to the Database.

5.2.  We apply internal security policies and procedures, which define Bringg personnel roles and their privileges, how access to the Database is granted, changed and terminated, addresses appropriate segregation of duties, and defines the logging/monitoring requirements and mechanisms.

5.3.  We implement internal security policies and procedures required to classify sensitive information assets and clarify security responsibilities.

5.4.  Our development team utilizes secure coding techniques and best practices, focused around the OWASP Top Ten. Specifically, developers of Bringg are formally trained in SDL (Secure Development lifecycle) practices annually by the Security Engineering team.

5.5.  We implement a security awareness program to train Bringg personnel about their security obligations. This program includes training about data classification obligations; physical security controls; security practices and security incident reporting.

5.6.  We have clearly defined roles and responsibilities for our personnel. We conduct appropriate screening before hiring any personnel who may have access to the Database or User Information.

5.7.  We ensure that User Information contained in the Database cannot be read, copied, modified or deleted by any Bringg personnel without proper authorization, for the purpose of facilitating provision of Services.

5.8.  We insure that our hosting service provider or we conduct, on at least a yearly basis, an SSAE-16 SOC 2 audit, by an authorized auditor and/or inspector. Such audit shall include the facilities on which the Database is stored and the applicable network systems.

6.   Account Security

6.1.  When a User subscribes to use our Services it is required to create one or more user, administrator or “super-user” accounts, each providing deferred functions made available by the Services.

6.2.  We utilize a variety of tools and features to keep your accounts safe from unauthorized disclosure or use.

6.3.  To help ensure that only authorized Users can login and access their accounts, we use several types of credentials for authentication, including a unique user identification and passwords.

6.4.  You specify the password when you first create the account, and you can change it at any time. Passwords may contain text, numeric figures and special characters, so we encourage you to create a strong password that cannot be easily guessed.

6.5.  Because credentials passwords can be misused if they fall into the wrong hands, we encourage you to save them in a safe place.