Licensing Agreement and Terms of Use

This Licensing Agreement and Terms of Use, including all Order Forms, addenda, exhibits and schedules hereto (“Agreement”) is a legal contract between you (either an individual or organization) and QuotaPath Inc. (“QuotaPath”).

This Agreement governs Customer’s use of the QuotaPath software-as-a-service application (located at https://app.quotapath.com and described at https://www.quotapath.com/automate-commission-tracking), including all versions and updates to the application, the related documentation, and all other related software, mobile applications, content, data, and services provided by QuotaPath (collectively, the “Services”).

This Agreement is effective upon the earliest of Customer’s acceptance of this Agreement, the creation of an account, or Customer’s access or use of the Services.

1. License Grant, Restrictions, Use of Services

1.1 License. In the event of a conflict between the terms in an Order Form and this Agreement, the terms in the Order Form shall control with respect the Services provided under such Order Form. QuotaPath will make the Services available on a worldwide, limited, revocable, non-transferable, non-exclusive basis, subject to and conditioned on the terms and conditions set forth in this Agreement and all other applicable policies, rules, and agreements posted via the Services. Customer is responsible for all acts and omissions of all persons who use the Services via Customer’s QuotaPath account (each, a “User”) and for ensuring their compliance with this Agreement.

1.2 Mobile Apps. QuotaPath may make available mobile software applications for access to and use of certain components of the Services (collectively, “Mobile Apps”). Customer’s access to and use of Mobile Apps is subject to and governed by this Agreement and all other applicable policies, rules, and agreements posted via the Services. Use of any Mobile App downloaded from app store provider (each, an “Mobile App”) is further subject to Customer’s compliance in all material respects with the terms and conditions of the terms and conditions set forth in the app store provider’s terms of service, as applicable.

1.3 Restrictions.

1.3.1 No Reverse Engineering and other Limitations. Customer will not (and will not allow Users to) (a)reverse engineer, decompile, disassemble or translate the Services, or otherwise attempt to derive source code, trade secrets, or know-how in or underlying the Services or any portion thereof; (b) interfere with, modify, disrupt, or disable features or functionality of the Services, including without limitation any such mechanism used to restrict or control the functionality, or defeat, avoid, bypass, remove, deactivate, or otherwise circumvent any software protection or monitoring mechanisms of the Services; (c) copy, sell, rent, lease, sublicense, transfer, distribute, redistribute, syndicate, create derivative works of, assign, or otherwise transfer or provide access to, in whole or in part, the Services (including the content or data therein) to any third party except as expressly permitted herein; (d) provide use of the Services on a service bureau, rental or managed services basis, provide or permit other individuals or entities to create Internet “links” to Services or “frame” or “mirror” the Services on any other server, or wireless or Internet-based device; (e) use the Services for any illegal, unauthorized, or otherwise improper purposes, including without limitation, to store or transmit infringing, libelous, or otherwise unlawful or tortious material, to store or transmit malicious code, or to store or transmit material in violation of third-party privacy rights; (f) interfere with or disrupt the integrity or performance of the Services including by disrupting the ability of any other person to use or enjoy the Services, or attempt to gain unauthorized access to the Services or related systems or networks; (g) access the Services in order to build a similar or competitive product or service; (h) remove or alter any proprietary notices or marks on the Services; or (i) use spiders, crawlers, robots, scrapers, automated tools, or any other similar means to access the Services (including the content or data therein), or substantially download, reproduce, or archive any portion of the Services or such content or data.

1.3.2 Prohibited Use. Customer is solely responsible and liable for all content, data, information, and other materials that Users submit to the Services (“Customer Content”). For example, Users may not use the Services to abuse, harass, or annoy other users or individuals; to violate contractual obligations to others (such as contractual obligations of confidentiality); or to violate the intellectual property, privacy, and other rights of others. Users will not submit, upload, or post to the Services or otherwise provide to QuotaPath (a) any production data or any legally protected information, such as protected health information or consumer financial information; (b) infringing, libelous, or otherwise unlawful or tortious material; (c) software viruses, malware, or any other code, files or programs designed to interrupt, destroy or limit the functionality of any software or hardware (“Viruses”). Customer agrees that it is solely responsible for determining whether Users have sufficient rights to share Customer Content in such manner, and QuotaPath shall have no liability whatsoever for any injuries, losses or damages arising from such misuse of the Services, or any components or modifications thereof. QuotaPath may immediately suspend Customer’s access to the Services or delete or prevent Users from accessing some or all of the materials in Customer’s account upon receipt of a complaint from a third party claiming that any Users have shared content, data, information, documents, or other materials to or via use of the Services in violation of such third party’s rights. QuotaPath’s failure to enforce any of these prohibitions shall not act as a waiver for any future enforcement, will not be considered a breach of this Agreement by QuotaPath, and does not create a private right of action for any other party.

1.4 Account. Users may not share account password(s) with any third party. Customer agrees to immediately notify QuotaPath of any loss or unauthorized access, disclosure, or use of any User account, personal User login, or password. Customer is fully responsible for all activities that occur under any User account.

2. Modifying and Terminating the Services.

2.1 Modifying the Services. QuotaPath may add or remove functionalities or features or suspend or stop a part or all of the Services altogether for any reason, including without limitation for non-compliance with our terms or policies or if we are investigating suspected misconduct.

2.2. Terminating the Services. Either party may terminate this Agreement for cause upon 30 calendar days’ prior written notice to the other party of a material breach by the other party, if such breach remains uncured at the end of such period.

3. Payment and Fees.

3.1 Fees and Expenses. Customer shall pay all agreed upon fees for the Services as set forth in the applicable Order Form (“Fees”) and in accordance with terms set forth in such Order Form.

3.2 Payment Terms. QuotaPath will provide Customer with an invoice for the Fees. Customer will pay the Fees in U.S. dollars within 30 days of the invoice date.

3.3 Late Payments. QuotaPath may revoke or suspend the Services for failure to pay any past due invoice. QuotaPath may charge interest on all past due invoices at a rate of 1.5% per month, or the highest rate allowed by applicable law, whichever is lower. If Customer is delinquent inits payments for two (2) consecutive months, QuotaPath may, upon written notice to Customer, modify the payment terms to require full pre-payment of any or all Order Forms (both currently contracted and in the future), or require other assurances to secure Customer’s payment obligations hereunder.

3.4 Taxes. QuotaPath’s Fees do not include any taxes, and Customer is responsible for paying all taxes associated with its purchases hereunder, including any withheld taxes.

3.5 Automatic Renewal. At the end of the term outlined in the applicable Order Form(the “Service Term”), this Agreement shall be renewed automatically for succeeding terms of equal duration (“Renewal Terms”) unless either party gives written notice to the other at least 30 days prior to the expiration of the Term of said party’s intention not to renew this Agreement.

4. Proprietary Rights

4.1 Reservation of Rights in the Services. The Services furnished under this Agreement are licensed and not sold to Customer, and all rights not expressly granted in this Agreement are reserved by QuotaPath. QuotaPath possesses all right, title and interest in and to the Services and all copyrights, patents, trademarks, service marks, trade names, trade dress, trade secrets andany other proprietary rights that are associated with the Services throughout the world.Customer acknowledgesthat it receivesno right, title or interest to the Services,except for the limited rights provided within this Agreement. QuotaPath also retains title to any and all copies made of any embodiments or features of the Services, and,upon any termination of this Agreement, all such copies must be returned to QuotaPath or destroyed, at QuotaPath’s instruction. Customer has no rights to receive any source or object code for the Services, or touse the Services except as expressly set forth in this Agreement. Customer agrees not to contest QuotaPath’s title and intellectual property rights in or to the Services.

4.2 Workspace Domains. QuotaPath may assign or approve a dedicated domain name for Customer to use in connection with the Services.Such domain names ae referred to asa “Workspace”(e.g., “Acme.QuotaPath.com”). QuotaPath retains all rights in or to the Workspace, and may revoke such Workspace if the Services are suspended, terminated.4.3 Confidential Information.

4.3.1 Nondisclosure. “Confidential Information” means the proprietary information provided or made available by one party (the “Disclosing Party”) to the other party (the “Receiving Party”), which is marked “confidential” or “proprietary” at the time of disclosure by the Disclosing Party, or by its nature or content would reasonably be considered confidential under the circumstances by the Receiving Party, including without limitation, information (tangible or intangible) regarding a party’s technology, designs, techniques, research, know-how, specifications, product plans, pricing, customer information, user data, current or future strategic information, current or future business plans, policies or practices, employee information, and other business and technical information. Confidential Information of QuotaPath includes the Services and the pricing of the Services. Receiving Party agrees that it will not (a) use the DisclosingParty’s Confidential Information in any way, for its own benefit or the benefit of any third party, except as expressly permitted by, or as required to implement, this Agreement, or (b) disclose Confidential Information of the Disclosing Party to any third party except as expressly permitted by this Agreement, required by law or to such party’s attorneys, accountants, and other advisors as reasonably necessary to implement this Agreement, provided that such individuals are bound by written confidentiality provisions at least as restrictive as this Agreement. Receiving Party will secure and protect the confidentiality of the Confidential Information of the Disclosing Party using precautions that are at least as stringent as it takes to protect its own Confidential Information, but in no case less than reasonable precautions.

4.3.2 Exceptions. Receiving Party will have no obligations of confidentiality under Section 4.3.1 for information that is proven by Receiving Party (a) to have been known to Receiving Party prior to its receipt from Disclosing Party from a source other than one having an obligation of confidentiality to Disclosing Party; (b) to have become publicly known, except through a breach of this Agreement by Receiving Party; or (c) to have been entirely independently developed by Receiving Party without use of or reference to the Confidential Information of Disclosing Party. Receiving Party may disclose Confidential Information pursuant to the requirements of a governmental agency or applicable law, provided that, to the extent permitted, it will give Disclosing Party reasonable prior written notice sufficient to permit Disclosing Party to contest such disclosure.

4.4 Feedback. All discoveries, developments, techniques, advice, feedback, suggestions, improvements and similar information developed or provided by Customer related to the Services (“Feedback”) shall be the sole property of QuotaPath, and Customer hereby assigns to QuotaPath all rights, title, and interest in and to any such Feedback. QuotaPath shall be the sole owner of all patents, copyrights, and other rights arising therefrom or in connection therewith, and may freely use, sell and exploit the Feedback without Customer’s consent or any obligation to render an accounting or share profits or royalties.

4.5 Customer Content.

The Services allow Users to submit Customer Content to QuotaPath or the Services. All Customer Content shall be the sole property of Customer, and QuotaPath shall take all commercially reasonable measures to minimize its and its personnel’s access to such Customer Content in an unencrypted form. However, Customer acknowledges and agrees that by uploading or otherwise submitting Customer Content to QuotaPath or the Services,QuotaPath may compile and use anonymized and/or aggregated information related to Customer and Customer’s use of the Services for its lawful business purposes, including analyzing, improving, and enhancing the quality and nature of Services.QuotaPath shall not use, sell, lease, rent, transfer, distribute or otherwise make available or disclose Customer Content, except as provided herein. Customer shall retain all right, title, and interest in and to the Customer Content.

5. Data Privacy.

The provisions of QuotaPath’s Data Privacy Addendum (at Addendum A) and QuotaPath’s Privacy Policy (at https://www.quotapath.com/privacy) are hereby incorporated into this Agreement by reference.

6. Warranties and Disclaimers.

6.1 Mutual Warranties. Each party warrants to the other that: (a) it has the legal power and authority to enter into this Agreement; (b) it shall at all times comply with all privacy, data security and other laws and regulations applicable to their activities and geographic territory; (c) the performance of its obligations and duties pursuant to this Agreement does not conflict with any contractual obligations owed to any third party (including, without limitation, obligations of confidentiality); and (d) in administering and using the Services, neither party will infringe on the intellectual property rights of third parties.

6.2 No Warranty. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, AND EXCEPT FOR THE EXPRESS WARRANTIES SET OUT IN THIS AGREEMENT, THE SERVICES, INCLUDING ANY DOCUMENTATION, ARE PROVIDED “AS IS,” “AS AVAILABLE,” WITH ALL FAULTS, AND CUSTOMER’S USE OF THE SERVICES IS AT CUSTOMER’S SOLE RISK. QUOTAPATH MAKES, AND CUSTOMER RECEIVES, NO OTHER EXPRESS OR IMPLIED WARRANTIES OF ANY KIND, AND QUOTAPATH SPECIFICALLY DISCLAIMS AND EXCLUDES ALL OTHER REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT;ALL WARRANTIES ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE; AND ALL STATUTORY REMEDIES. QUOTAPATH DOES NOT WARRANT THAT THE SERVICES, OR ANY OTHER PRODUCT OR SERVICE PROVIDED HEREUNDER, WILL BE UNINTERRUPTED, ERROR-FREE, VIRUS-FREE OR SECURE. NO STATEMENT, WHETHER MADE BY QUOTAPATH’S EMPLOYEES, AGENTS, OR OTHERWISE, SHALL BE DEEMED TO BE A WARRANTY BY QUOTAPATH FOR ANY PURPOSE OR TO GIVE RISE TO ANY LIABILITY ON THE PART OF QUOTAPATH. WITHOUT LIMITING THE GENERALITY OF ANY OF THE FOREGOING, QUOTAPATH DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES, AND SPECIFICALLY DISCLAIMS, THAT CUSTOMER WILL EARN ANY COMMISSIONS, INCOME, OR OTHER REVENUES (OR EXPERIENCE AN INCREASE IN ANY OF THE FOREGOING) THROUGH USE OF THE SERVICES, AND NO ASPECT OF THE SERVICES SHALL BE CONSTRUED TO PROVIDE ANY LEGAL OR FINANCIAL ADVICE (INCLUDING, WITHOUT LIMITATION, PERTAINING TO THE VALIDITY, INTERPRETATION, OR ENFORCEABILITY OF ANY CONTRACTS PERTAINING TO THE PAYMENT OR EARNING OF COMMISSIONS OR OTHER INCOME). THIS DISCLAIMER OF WARRANTY MAY NOT BE VALID IN SOME JURISDICTIONS,AND CUSTOMER MAY HAVE WARRANTY RIGHTS UNDER LAW THAT MAY NOT BE WAIVED OR DISCLAIMED. ANY SUCH WARRANTY EXTENDS ONLY FOR THIRTY (30) DAYS FROM THE EFFECTIVE DATE OF THIS AGREEMENT (UNLESS SUCH APPLICABLE LAW PROVIDES OTHERWISE).

7. Indemnification.

7.1 Customer Indemnification. Customer hereby agrees to defend, at Customer’s own expense, and hold harmless QuotaPath from and against all third party claims, suits, and actions (“Claims”) against QuotaPath to the extent resulting from or arising out of (a) the Users’ actual or alleged breach of any of Customer representations, warranties, or obligations under the Agreement; (b) the Users’ use or misuse of the Services, including, without limitation, by using the Services in violation of this Agreement or any other applicable policies, agreements, or rules posted via the Services or otherwise made available to Customer; or (c) any content or data submitted by the Users through the QuotaPath Services, including any Viruses or other material that violates any third-party proprietary rights or any contractual or fiduciary obligation owed to a third party (including, without limitation, contractual confidentiality obligations owed to a third party). Customer further agrees to fully indemnify QuotaPath from all losses, expenses, damages and costs (including, but not limited to, reasonable attorneys’ fees), to the extent arising from such a claim, suit, or action.

7.2 Mutual Indemnification. Each Party agrees to defend, at its own expense, and hold harmless the other Party from and against all Claims to the extent resulting from or arising out of any third-party claim alleging any (a) gross negligence or willful misconduct in connection with the performance of its obligations under this Agreement, or (b) any violation of the representations and warranties herein.

7.3 Indemnification Procedure. In connection with any Claim or action described in this Section 7, the party seeking indemnification will (a) give the indemnifying party prompt written notice of such Claim or action; (b) cooperate with the indemnifying party (at the indemnifying party’s expense) in connection with the defense and settlement of such Claim or action, and (c) permit the indemnifying party to control the defense and settlement of such Claim or action; provided that the indemnifying party will not under any circumstances (i) settle such Claim or action without the indemnified party’s prior written consent (which will not be unreasonably withheld or delayed), or (ii) make an admission of liability on behalf of the indemnified party without the indemnified party’s prior written consent and further provided that the indemnified party shall be entitled to participate (at its expense) in the defense and settlement of such Claim or action.

8. Limitation of Liability

8.1 Waiver of Consequential Damages. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY NOR ITS AFFILIATES WILL BE RESPONSIBLE FOR ANY LOST PROFITS OR REVENUES, LOSS OF OR INABILITY TO ACCESS DATA, INFORMATION, AND OTHER CONTENT, LOSS OF GOODWILL OR FINANCIAL LOSSES, OR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES.

8.2 Damages Cap. EXCEPT REGARDING VIOLATIONS OF SECTIONS 4.3 (CONFIDENTIALITY);SECTION 5,INCLUDING ADDENDUM A (DATA PRIVACY);SECTION 6.1 (REPRESENTATIONS AND WARRANTIES);AND SECTION 7 (INDEMNIFICATION), ANDTO THE FULLEST EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF EACH PARTY AND ITS AFFILIATES FOR ANY AND ALL CLAIMS UNDER THIS AGREEMENT, INCLUDING RELATED TO USE OF THE SERVICES, IS LIMITED TO, IN THE AGGREGATE,THE AMOUNT CUSTOMER PAID FOR THE SERVICES IN THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE THE CLAIM(S) FIRST AROSE.

8.3 Exclusions. IN NO CASE SHALL EITHER PARTY OR ITS AFFILIATES BE LIABLE FOR ANY LOSS OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE OR THAT IS DUE TO EVENTS OUTSIDE OF THE OTHER PARTY’S REASONABLE CONTROL, SUCH AS WARS, CRIMINAL ACTIVITIES, STORMS, NATURAL DISASTERS, ACTS OF GOVERNMENT, ACTS OF THIRD PARTIES, SUPPLY INTERRUPTIONS, HEALTH EMERGENCIES, OR TELECOMMUNICATION OR INTERNET FAILURES. IN NO EVENT WILL QUOTAPATH HAVE ANY LIABILITY WHATSOEVER WITH REGARD TO ANY CONTENT, DATA, OR OTHER MATERIAL UPLOADED TO THE SERVICES BY CUSTOMER.THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS, INCLUDING DISCLAIMERS OF WARRANTIES, SHALL APPLY REGARDLESS OF WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. INSOFAR AS APPLICABLE LAW PROHIBITS ANY LIMITATION ON LIABILITY HEREIN, THE PARTIES AGREE THAT SUCH LIMITATION WILL BE AUTOMATICALLY MODIFIED, BUT ONLY TO THE EXTENT SO AS TO MAKE THE LIMITATION COMPLIANT WITH APPLICABLE LAW. THE PARTIES AGREE THAT THE LIMITATIONS ON LIABILITIES SET FORTH HEREIN ARE AGREED ALLOCATIONS OF RISK AND SUCH LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

9. General

9.1 Governing Law. This Agreement and any claim, controversy or dispute arising under or related to this Agreement shall be governed in all respects by the laws of the State of Delaware, USA, without giving effect to any law that would result in the application of a different body of law. The United Nations Convention for the International Sale of Goods and the Uniform Computer Information Transaction Act shall not apply to this Agreement. Any controversy or dispute arising under or related to this Agreement shall be adjudicated in the state and federal courts in and for Delaware (including their applicable appellate courts), and each party consents to the exercise of jurisdiction and venue by such courts; provided, however, that QuotaPath may seek temporary or emergency injunctive relief, as well as specific performance, in any court of competent jurisdiction to protect or preserve its rights in its intellectual property or its Confidential Information, without the need for posting bond. THE PARTIES AGREE THAT ALL CLAIMS SHALL BE RESOLVED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED OR REPRESENTATIVE ACTION OR OTHER SIMILAR PROCESS (INCLUDING ARBITRATION). IF FOR ANY REASON A CLAIM PROCEEDS IN COURT, THE PARTIES WAIVE ANY RIGHT TO A JURY TRIAL.

9.2 Notices. All notices or reports shall be in writing and shall be delivered by personal delivery, overnight mail or by certified or registered mail, return receipt requested, and shall be deemed given upon personal delivery, five days after deposit in the mail, or upon receipt of personal delivery. Notices to QuotaPath shall be sent to QuotaPath Inc., 2803 Manor Road, Austin, TX 78722 (or such other address as QuotaPath designates by notice sent pursuant to this paragraph), and shall be addressed to QuotaPath’s CEO, with a copy (which shall not constitute notice) to the attention of Ryan Gravelle, at Kastner Gravelle LLP, 1000 N. Lamar Blvd., Suite 300, Austin, TX 78703. All notices to Customer may be sent to the latest business or e-mail address associated with Customer’s account for the Services.

9.3 No Agency. The parties to this Agreement are independent contractors and nothing in this Agreement shall be deemed to create a joint venture, partnership, or agency relationship between the parties in this Agreement. There are no third-party beneficiaries to this Agreement.

9.4 Waiver. If one party fails to enforce a provision of this Agreement, it shall not be precluded from enforcing the same provision at another time. To be effective any waiver must be in writing and executed by an authorized signatory of the party to be charged with such waiver.

9.5 Severability. If any provision of this Agreement is deemed unenforceable or invalid by law or by a court decision, the provision shall be changed and interpreted, if possible, to accomplish the intent of the provision within the constraints of the law. Only that provision that is deemed unenforceable or invalid, and not the entire Agreement, shall be invalidated.

9.6 Assignment. Either party may assign the Agreement in its entirety, without the other party’s consent in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets; provided, however, that the assigning party must notify the other party as soon as reasonably possible after the completion of any such change in control. Following such assignment, the non-assigning party shall have the ability to terminate the agreement with immediate effect should that non-assigning party reasonably determine that the change in control was to: (i) a direct competitor or (ii) an affiliate of a direct competitor of the non-assigning party.

9.7 Trademarks. Neither party shall have the right to use the other party’s name, trademarks, tradenames without the prior written approval of the other party in each instance (such consent to be granted or withheld in such party’s sole discretion), provided that, during the term of this Agreement,QuotaPath may list Customer’s name and/or logo to indicate Customer as a customer of QuotaPath on its website and in its marketing and sales materials.

9.8 Entire Agreement. This Agreement, including all applicable orders, addenda, exhibits and attachments hereto, constitutes the sole, final and entire agreement between the parties with respect to the subject matter hereof, and supersedes any and all prior and contemporaneous understandings and agreements (and all such agreements are hereby terminated), written and oral, regarding such subject matter. This Agreement may only be amended by a written document signed by authorized representatives of the parties. Any terms and conditions agreed to in a mutually agreed upon and executed order or addendum shall be binding on both parties. The provisions of any such order and addendum shall govern and take precedence over any conflicting or inconsistent provisions of this Agreement.

9.9 Compliance with Laws. Each party will comply with all applicable foreign, federal, state, and local laws, rules and regulations, including without limitation, U.S. export laws and import and use laws of the country where the Services are delivered or used, and all applicable laws relating to bribery or corruption. Under these laws, the Services may not be sold, leased, downloaded, moved, exported, re-exported, or transferred across borders without a license, or approval from the relevant government authority, to any country, including countries embargoed by the U.S. Government (currently Cuba, Iran, North Korea, Northern Sudan and Syria); or to any restricted or denied end-user including, but not limited to, any person or entity prohibited by the U.S. Office of Foreign Assets Control; or for any restricted end-use. Customer will maintain throughout its use of the Services all rights and licenses that are required with respect to such use.

Addendum A: Data Processing Addendum

Insofar as QuotaPath Inc. (“Data Processor”) processesPersonal Data (defined herein) on Customer’s behalf (“Data Controller”) in the course of performing QUOTAPATH’S LICENSING AGREEMENT AND TERMS OF USE (the “Agreement”), the terms of this Data Processing Addendum (“Addendum”) shall apply. Any capitalized terms not otherwise defined in this Addendum shall have the meaning given to them in the Agreement. In the event of a conflict between any provisions of the Agreement and this Addendum, the provisions of this Addendum shall govern and control with regard to the processing of Personal Data. References to “Data Protection Laws”shall mean any law applicable to Data Processor’s processing or use of Personal Data, including (to the extent applicable), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”), and The California Consumer Privacy Act of 2018, AB375, Title 1.81.5, including any implementing law, as amended (“CCPA”), as amended from time to time. For purposes of this Addendum, “Personal Data” shall mean any data, information or record that is processed in connection with the Services (i) relating to an identified or identifiable natural person, or (ii) that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, regardless of the media in which it is maintained. “Data Subject” shall mean any natural person whose Personal Data are transferred by the Data Controller to the Data Processor or from either Party to a subprocessor.

1. Processing

Responsibilities of the Data Controller

The Data Controller represents and warrants that it has all necessary rights to provide the Personal Data to the Data Processor for the processing to be performed in connection with the Services. To the extent required by Data Protection Laws, the Data Controller is responsible for providing all necessary privacy notices to data subjects, and, unless another legal basis set forth in the Data Protection Laws supports the lawfulness of the processing, for obtaining any necessary consents from Data Subject to authorize the processing required under the Agreement. Should such a consent be revoked by a Data Subject, the Data Controller will inform the Data Processor of such revocation, and the Data Processor is responsible for implementing Data Controller’s instruction with respect to the processing of such Personal Data.
Data Controller is also responsible for fulfilling requests from Data Subjects regarding their Personal Information, with reasonable assistance from the Data Processor.

Responsibilities of the Data Processor

Data Processor will only process, store, and use the Personal Data it receives from the Data Controller as necessary to provide the Services, to fulfill its rights and obligations in the Agreement and Addendum, and pursuant to Data Controller’s prior written instructions. The Data Processor shall never retain, use, disclose, sell, or process the Personal Data other than as specified in the Data Controller’s documented instructions or as otherwise permitted by law.

The Data Processor further undertakes (i) to implement appropriate security measures in order to preserve the confidentiality and the integrity of the Personal Data; (ii) to give access to the Personal Data only to its employees, agents, and the subprocessors duly authorized as a result of their position and qualification and in accordance with Article 6 herein (“Subprocessors”) and to limit such access to what is necessary for the Services; (iii) to inform the Data Controller of all requests addressed directly by a Data Subject with regard to its right of access, communication, rectification and/or opposition or any other right related to its Personal Data and shall not answer to such request without the written prior consent of the Data Controller; (iv) to cooperate with the Data Controller and/or the competent authorities in the event of a control, inspection or audit required by the said authorities; (v) to inform and cooperate promptly with the Data Controller (a) if it believes that it may no longer be able, or no longer is able, to comply with this Addendum, particularly in case it receives or must reasonably expect to receive a request or order of a competent authority requiring it to disclose, or refrain from further processing, some or all Personal Data to which this Agreement applies; or (b) if any accidental or unauthorized access has occurred.

At any time upon written request of the Data Controller, the Data Processor shall return to the Data Controller the Personal Data or delete all or part of the Personal Data in the possession of the Data Processor and all copies and shall confirm it to the Data Controller upon written request.

2. Confidentiality.

The Data Processor shall treat all Personal Data as Confidential Information under the Agreement, and it shall inform all its employees, agents and approved subprocessors engaged in processing the Personal Data of the confidential nature of the Personal Data. The Data Processor shall ensure that all such persons or parties given access to Personal Data have signed confidentiality agreements with obligations no less restrictive in the use and protection of Confidential Information than those in the Agreement and this Addendum.

3. Security Measures.

a) Considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor shall implement appropriate technical and organizational measures to ensure a level of security of the processing of Personal Data appropriate to the risk. The Data Processor shall maintain and follow written security policies that are fully implemented and applicable to the processing of Personal Data. At a minimum, such policies will include assignment of internal responsibility for information security management, devoting adequate personnel resources to information security, carrying out verification checks on permanent staff who will have access to the Personal Data, conducting appropriate background checks, requiring employees, vendors and others with access to Personal Data to enter into written confidentiality agreements, and conducting training to make employees and others with access to the Personal Data aware of information security risks presented by the processing.

b) At the written request of the Data Controller, the Data Processor shall reasonably demonstrate the measures it has taken pursuant to this Article 3 and shall allow the Data Controller to audit such measures, to the extent it does not require providing access to other customers’ data. Subject to such restriction, the Data Processor shall reasonably cooperate with such audits carried out by or on behalf of the Data Controller, shall grant the Data Controller ́s auditors reasonable access to any premises and devices involved with the processing of the Personal Data, and shall provide the Data Controller ́s auditors with access to any information relating to the processing of the Personal Data as may be reasonably required by the Data Controller to ascertain the Data Processor ́s compliance with this Addendum.

4. Data Transfers.

To the extent Data Controller transfers any Personal Data from (a) the European Economic Area, or (b) a jurisdiction where a European Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC is in force and covers such transfer, then the parties agree that such Personal Data is subject to the model contractual clauses annexed to EU Commission Implementing Decision (EU) 2021/915 (the “Clauses”), which are located at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0915 and hereby incorporated into the Agreement. In such cases, Data Controller is the ‘data exporter’ and Data Processor is the ‘data importer’ as defined in the Clauses.

To the extent that Data Controller transfers any Personal Data from the United Kingdom, the parties agree to use either the UK international data transfer agreement (IDTA) or the UK Addendum in addition to the Clauses, which are located here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/#:~:text=The%20IDTA%20and%20Addendum%20form,2021%20to%2011%20October%202021

5. Security Breach.

The Data Processor will notify the Data Controller without undue delay upon discovery of any suspected or actual security or confidentiality breach or other compromise of Personal Data, describing the breach in reasonable detail, the status of any investigation or mitigation taken by the Data Processor, and, if applicable, the potential number of data subjects affected. Data Processor will not communicate with any third party regarding any security breach except as specified by other party or by applicable law.

6. Subprocessors.

The Data Processor may subcontract any of its Services-related activities or allow any Personal Data to be processed by a third party with Data Controller’s prior consent. With respect to subprocessors, Data Processor shall (i) take reasonable steps to ensure that the subprocessor is committed by written contract to provide the level of protection for Personal Data required by the Agreement, this Addendum, and Data Protection Laws; (ii) identify all subprocessors used to Process Personal Data upon Data Controller’s reasonable request; and (iii) provide Data Controller with prior notice and the opportunity to object within a reasonable time to any changes to such subprocessors. Where the subprocessor fails to fulfil its data protection obligations under such written agreement, the Data Processor shall remain fully liable to the Data Controller for the performance of the subprocessors’ obligations under such contract.
The Data Processor’s current list of subprocessors can be found at Addendum B, and shall be deemed accepted by Data Controller upon signature of the Agreement.

7. Data Subject Rights.

The Data Processor shall assist the Data Controller by appropriate technical and organizational measures, insofar as it is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights under the Data Protection Laws.

Addendum B: List of Subprocessors

QuotaPath uses the following subprocessors:

NameEntitySubproccessor TypeEntity Countries
Google Cloud PlatformGoogle LLCCore Infrastructure, Web Hosting ServicesUSA
SlackSlack, Inc.Customer Support & FeedbackUSA
IntercomIntercom R&D Unlimited CompanyCustomer Support & FeedbackUSA
Mozart DataMozart Data, Inc.Data StorageUSA
FullStoryFullStory, Inc.Product AnalyticsUSA
AmplitudeAmplitude, Inc.Product AnalyticsUSA
Google AnalyticsGoogle LLCProduct AnalyticsUSA
New RelicNew Relic, Inc.Infrastructure MonitoringUSA
WorkatoWorkato, Inc.Integration AutomationUSA