TERMS OF USE

In consideration of the arrangements set out in the applicable agreements or order forms, the following terms of use (the “Terms of Use” or “Terms”) shall establish the terms of use of Services:

1. Definitions

Except to the extent expressly provided otherwise, in the Agreement:

"Affiliate" means an entity that controls, is controlled by, or is under common control with the relevant entity;

"Application" means a software downloadable on the mobile phones form Google Store or App Store allowing an access to Hosted Services for Client

"Agreement" means the applicable arrangement concluded with Galleon by any person using the Platform and/or Application and/or Hosted Services described in this Terms, order form or any other document signed between Client and Provider concerning the matters covered by this Terms;

"Business Day" and "Business Hours" means any weekday other than a bank or public holiday in the Republic of Malta; and latter means the hours of 09:00 to 17:00 CET on a Business Day;

“Client” means the client of the Provider or any person uses the Platform and/or Application and/or Hosted Services described in this Terms;

"Data" means all data, works and materials: uploaded to or stored on the Platform by the Client; transmitted by the Platform at the instigation of the Client; supplied by the Client to the Provider for processing, uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Client;

"Personal Data" means any Personal Data that is processed by the Provider on behalf of the Client in relation to the Agreement but excludes data with respect to which the Client is a data controller;

"Client Systems" means the hardware and software systems of the Client that interact with, or may reasonably be expected to interact with, the Hosted Services;

"Confidential Information" means the information disclosed by either party, in writing, orally or otherwise, marked as confidential or which should have been reasonably understood to be confidential by the party in receipt of such disclosure.

“Customization(s)” means a customization of the Hosted Services, whether made through the development, configuration or integration of software or otherwise;

"Data Protection Laws" means all applicable laws relating to the processing of Personal Data including, while it is in force and applicable to Client Data, the General Data Protection Regulation (Regulation (EU) 2016/679), as well as, the Data Protection Act CAP. 586;

“Documentation” means any and all ‘Application Programming Interface’ documentation detailing the functions, classes, return types, arguments or any other information provided to effectively use the Hosted Service;

“EEA” means the European Economic Area.

"Effective Date" means the date of execution of the applicable Sales Order incorporating these Terms;

“Force Majeure Event” means any of the following: riot, civil unrest, war, act of terrorism, threat of act of terrorism, fire, earthquake, extraordinary storm, flood, abnormal weather conditions or other natural catastrophe or strikes, lock-outs or other industrial disputes to the extent that such event has materially affected the ability of the party relying on the Force Majeure Event to perform its obligations in accordance with the terms of the Agreement.

"Hosted Services" means online identity and document verification services, and/or background checks as specified in the Hosted Services Specification, which will be made available by the Provider to the Client as a service via the internet in the Application in accordance with this Terms;

"Hosted Services Defect" means a defect, error or bug in the Platform having an adverse effect on the appearance, operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:

a) any act or omission of the Client or any person authorized by the Client to use the Platform or Hosted Services;

b) any use of the Platform or Hosted Services contrary to the Documentation, whether by the Client or by any person authorized by the Client;

c) a failure of the Client to perform or observe any of its obligations in the Agreement; and/or

d) an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Hosted Services Specification;

"Hosted Services Specification" means the specification for the Platform and Hosted Services set out in Schedule 1 and in the Documentation;

"Intellectual Property Rights" means all intellectual property rights wherever in the world, whether registrable or un-registrable, registered or unregistered, including any application or right of application for such rights (and these "intellectual property rights" include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trademarks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semiconductor topography rights and rights in designs);

"Personal Data" has the meaning given to it under the General Data Protection Regulation (Regulation (EU) 2016/679);

"Platform" means the platform managed by the Provider and used by the Provider to provide the Hosted Services, including the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;

"Product(s)" means any or all of the Services as are specified in the Agreement and may include the online or offline verification service, AML checks etc.

"Provider" means the party providing Hosted Services;

"Schedule" means any schedule attached herein below with these Terms;

"Services" means any services that the Provider provides to the Client, or has an obligation to provide to the Client, under the Agreement;

"Support Services" means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;

"Supported Web Browser" means the browsers specified by the Provider for online or offline verifications, and may include the current or latest release, from time to time, of Mozilla Firefox, Google Chrome or Apple Safari, or any other web browser that the Provider agrees in writing, shall be supported;

"Third Party Services" means any or all Products or Services ancillary to the Hosted Service(s) and may include any Products or Services provided by the Provider's sub-processors.

"Update" means a hotfix, patch or minor version update to any Platform software; and

"Upgrade" means a major version upgrade of any Platform software.

2. Hosted Services

2.6 The Provider shall grant to the Client a worldwide, non-exclusive license to use the Hosted Services by means of a Supported Web Browser or Application for identity and document verification of the Client’s customers (the end users) in accordance with the Documentation.

2.7 Except to the extent expressly permitted in the Terms or as required by law, the license granted by the Provider to the Client is subject to the following prohibitions:

(a) the Client must not sub-license its right to access or use the Hosted Services;

(b) the Client must not permit any unauthorized person to access or use the Hosted Services;

(c) the Client must not republish or redistribute any content or material from the Hosted Services; and

(d) the Client must not make any alteration to the Platform, except as permitted by the Documentation.

2.8 The Client shall use reasonable endeavors, including reasonable security measures relating to access details, to ensure that no unauthorized person may gain access to the Hosted Services using the Client’s account.

2.9 The Client acknowledges and agrees that Schedule 2 shall govern the availability of the Hosted Services.

2.10 The Client acknowledges that the Provider shall not be responsible for any data communicated to or transmitted to the Hosted Services. The Client shall use the Hosted Services exclusively for authorized and legal purposes consistent with all applicable laws, regulations and any acceptable use policy the Provider may make part of these Terms from time to time.

2.11 The Client must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.

2.12 The Client must not use the Hosted Services:

(a) in any way that is unlawful, illegal, fraudulent or harmful; or

(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

2.13 For the avoidance of doubt, the Client has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

2.14 All Intellectual Property Rights in any Customizations designed, developed or implemented in accordance with Agreement between parties shall be the exclusive property of the Provider (unless the parties agree otherwise in writing).

3. Client Obligations

3.1 The Client must provide to the Provider, or procure for the Provider, such co-operation, support and advice; and information and documentation as may be required from time to time for compliance with any relevant applicable laws such as the data protection laws;

3.2 The Client must provide to the Provider, or procure for the Provider, such access to the Client's computer or mobile phone hardware, software, networks and systems as may be reasonably required by the Provider to enable the Provider to perform its obligations under the Agreement.

3.3 The Client shall ensure that the Client Systems are compatible with or support the Hosted Services, and continue to comply, throughout the Term with the requirements of Schedule 1 in all material respects, subject to any changes agreed in writing by the Provider.

3.4 The Client shall not under any circumstances white-label, resell or pass off the Hosted Services without express written agreement with the Provider which may be subject to due discussions and negotiations.

4. Client Personal Data

4.1 The Client warrants to the Provider that the Client Personal Data, when used by the Provider in accordance with the Agreement, will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law.

4.2 Use of Material:

a) The Client authorizes the Provider to use its name, logo, and/or trademark without notice or explicitly signed consent, in connection to creation of promotional material, to be disseminated to public, either through print or electronic media. The promotional material may include, but is not restricted to, press releases, announcements, video recordings, radio productions, periodicals, advertisements, website content etc.

b) The Provider hereby grants the Client permission to use its name, logo, and/or trademark to an extent that allows for promotion of Services provided by Provider and does not infringe upon or take ownership of any material or technology that is owned by the Provider.

c) The Client hereby grants the Provider the sole ownership of all revenues, profits, leads etc. generated, by the Provider, with respect to marketing, branding and content promotion.

5. Integrations with Third Party Services

1. The Client consents to the Client’s integration with a Third Party Service in order to provide full set of services.

2. The Provider may remove, suspend or limit any Third Party Services integration at any time in its sole discretion.

3. The Client acknowledges that:

a) the integration of Third Party Services may entail the transfer of Client Data from the Hosted Services to the relevant Third Party Services;

b) the Provider has no control over, or responsibility in respect of, any disclosure, modification, deletion or other use of Client Data resulting from any integration with any Third Party Services;

c) the Provider shall not be liable to the Client in respect of any loss or damage that may be caused by any Third Party Services or any provider of Third Party Services.

7. Confidentiality Obligations

7.1 Both parties shall:

a) keep the other party’s Confidential Information strictly confidential using the same degree of care to protect the other party’s Confidential Information as that party uses to protect its own Confidential Information of a similar nature;

b) not disclose the other party’s Confidential Information to any person without that other party’s prior written consent, and even then, only under conditions of confidentiality approved in writing by the party whose Confidential Information is being disclosed;

c) act in good faith at all times in relation to the other party’s Confidential Information; and

d) not use any of the other party’s Confidential Information except for the purpose it was divulged to the receiving party.

7.2 A party's Confidential Information may be disclosed by the other party to its officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Confidential Information that is disclosed for the performance of their work with respect to the Agreement and who are bound by a written agreement or any executed non-disclosure agreement to protect the confidentiality of the disclosed Confidential Information.

7.3 No obligations are imposed by this Clause 7 with respect to a party's Confidential Information if that Confidential Information:

a) is known to the other party before disclosure under the agreement and is not subject to any other obligation of confidentiality;

b) is or becomes publicly known through no act or default of the other party; or

c) is obtained by either party from a third party in circumstances where the other party has no reason to believe that there has been a breach of an obligation of confidentiality.

7.4 The restrictions in this Clause do not apply to the extent if any Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of either party on any recognized stock exchange.

7.5 Upon the termination of the Agreement, each party must immediately cease to use the other party’s Confidential Information; within five (5) Business Days following the date of receipt of a written request for termination from the other party, the relevant party shall destroy or return to the other party (at the other party's option) all media, tangible or intangible, containing the other party's Confidential Information, and must delete or destroy the other party's Confidential Information.

7.6 The provisions of this Clause shall continue in force indefinitely following the termination of the Agreement.

7.7 The parties shall not make any public disclosures relating to the Agreement or the contents of the Agreement (including disclosures in press releases, public announcements and marketing materials) without the prior written consent of the Provider, such consent not to be unreasonably withheld or delayed.

8. Data Protection

8.1 Each party shall comply with the Data Protection Laws with respect to the processing of the Personal Data under the agreement and the Provider shall only process the Data on the documented instructions of the Client as set out in the Terms or any other document agreed by the parties in writing.

8.2 Notwithstanding any other provision of the Terms, the Provider may process the Data if and to the extent that the Provider is required to do so by applicable law. In such a case, the Provider shall inform the Client of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

8.3 The Client warrants to the Provider that it has the legal right to disclose all Personal Data to the Provider under or in connection with the Terms, moreover, the Client shall only supply to the Provider, and the Provider shall only process, in each case under or in relation to the Terms, the Personal Data of data subjects falling within the categories and of the types specified in Schedule 6; and the Provider shall only process the Data for the purposes specified in Schedule 6.

8.5 The Provider shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

8.6 The Provider and the Client shall each implement appropriate technical and organizational measures to ensure an appropriate level of security for the Data.

8.7 The Provider is hereby authorized by the Client, as at the Effective Date, to engage third parties to process the Client Data. The Provider shall inform the Client at least fourteen (14) days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Client objects to any such changes before their implementation, the Client may terminate the Agreement. The Provider shall ensure that each third party processor is subject to equivalent legal obligations as those imposed on the Provider by this Clause.

8.8 The Client acknowledges that the Client Data may be transferred outside the EEA in connection with exercise of this Terms and that the appropriate consents for any such potential transfer shall be acquired by the Client. For this, the Provider may also require a separate data processing agreement to be entered into with the Client as and when required by the applicable Data Protection Laws.

8.9 The Provider shall assist the Client in ensuring compliance with the obligations relating to the security of processing of Personal Data, the notification of Personal Data breaches to the supervisory authority, the communication of Personal Data breaches to the data subject, data protection impact assessments, prior consultation in relation to high-risk processing and fulfilment of the Client's obligation to respond to requests exercising a data subject's rights under the Data Protection Laws.

8.10 The Provider shall, at the choice of the Client, delete or return any or all of the Client Personal Data to the Client after the provision of Hosted Services relating to the processing, and shall delete existing copies save to the extent that applicable law requires the storage of said Personal Data.

8.11 If any changes or prospective changes to the Data Protection Laws results in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data as set out under the Agreement, then the parties shall promptly use their best endeavors to agree such variations to the Agreement as may be necessary to remedy such non-compliance.

9. Warranties

9.1 The Provider warrants to the Client that:

a) the Provider has the legal right and authority to perform its obligations under the Terms;

b) the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider's rights and the fulfilment of the Provider's obligations;

c) the Platform will incorporate security features reflecting the requirements of good industry practice: and

d) that the Hosted Services, when used by the Client in accordance with the Terms, will not breach any laws, statutes or regulations applicable under Maltese law and will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.

9.2 The Client acknowledges that:

a) use of the Hosted Services is at the Client’s sole risk, that the Provider cannot and does not warrant that the service will meet all requirements of the Client, or that the operation of the Hosted Services will be uninterrupted or error-free.

b) the Hosted Services and anything related thereto are provided "as is" and "as available", with all faults and without warranty of any kind, and Provider hereby expressly disclaims all warranties and conditions with respect to the Hosted Services and anything related thereto, either express, implied or statutory, including, but not limited to, the implied warranties and/or conditions of merchantability, of satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and of non-infringement of third party rights. No oral or written information or advice given by the Provider or its Affiliate shall mean or intend to create a warranty, express or implied.

c) complex software is never wholly free from defects, errors bugs etc. nor entirely free from security vulnerabilities; and subject to the other provisions of the Terms, the Provider gives no warranty or representation that the Hosted Services will be entirely secure or that the Hosted Services will be wholly free from defects, errors and/or bugs or that such defects shall be corrected promptly by the Provider.

d) the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.

e) the Provider may not be able to ensure exactly 100% accuracy in results or go by the sharp 30-second verification time; these figures may vary slightly as the verification process can be delayed owing to heavy website traffic or the clarity of the verification document.

9.4 All of the parties' warranties and representations in respect of the subject matter of the Agreement are expressly set out in the Terms.

10. Indemnities

10.2 The Client shall indemnify and shall keep indemnified the Provider against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Provider and arising as a result of any breach by the Client. Further, the Client shall:

a) provide to the Provider all such assistance as may be reasonably requested by the Provider;

b) allow the Provider, when the Provider so requires, the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties; and

c) not admit liability to any third party or settle any disputes or proceedings involving a third party without the prior written consent of the Provider.

10.3 The indemnity protection set out in this Clause shall be subject to the limitations and exclusions of liability set out in Clause 11 of the Agreement.

11. Limitations and Exclusions of Liability

11.1 Nothing in the Terms shall limit or exclude (i) any liability for death or personal injury resulting from negligence; (ii) any liability for fraud or fraudulent misrepresentation; (iii) any liabilities in any way that is not permitted under applicable law; or (iv) any liabilities that may not be excluded under applicable law.

11.2 The limitations and exclusions of liability set out in this Clause and elsewhere in the Agreement:

a) are subject to Clause 11.1; and

b) govern all liabilities arising under the Agreement or relating to the subject matter of the Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in the Agreement.

11.3 Neither party shall be liable to the other party in respect of any losses arising out of a Force Majeure Event; loss of profits, income, revenue or business opportunities; any special, indirect or consequential loss or damages.

11.4 Neither party shall be liable to the other party in respect of any loss or corruption of any data, database or software.

11.5 The liability of Provider to the client party under the Terms in respect of any event or series of related events shall not exceed the greater of EUR 4,500.

12. Force Majeure Event

12.1 If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under the Terms, that obligation will be suspended for the duration of the Force Majeure Event.

12.2 A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under the Terms must promptly notify the other party and inform the other party of the period for which it is estimated that such failure or delay will continue.

12.3 A party whose performance of its obligations under the Terms is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

13. Term and Termination

13.1 Unless otherwise set forth in the applicable order form, the Agreement shall remain in full force and effect for the duration of use of the Platform, Application, Hoisted Services and afterwards for the time required by law.

14. Effects of Termination

14.1 Upon the termination of the Agreement, all of the provisions of the Agreement shall cease to have effect, save that the following provisions of the Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 7, 8, 9, 10, 11, 14, 16, 18, 19, 20, 21, 22, 23, 24 and 25.

14.2 Except to the extent that the Terms expressly provides otherwise, the termination of the Agreement shall not affect the accrued rights of either party.

16. Notices

16.1 Any notice given under the Terms must be in writing, whether or not described as "written notice" in the Terms.

16.2 Any notice given by either party under the Terms must be sent by email using the relevant contact details which may be updated from time to time by a party giving written notice of the update to the other Party.

16.3 A party receiving from the other party a notice via email must acknowledge receipt by email promptly.

17. Subcontracting

The Client acknowledges and agrees that the Provider may subcontract the performance of any part of the Hosted Services to a reputable third party.

18. Assignment

18.1 Client shall not assign, transfer or otherwise deal with its contractual rights and/or obligations under the Agreement without the prior written consent of the Provider. The Provider may assign the entirety of its rights and obligations under the Agreement to any Affiliate of the Provider or to any successor to all or a substantial part of the business of the Provider from time to time.

18.2 Nothing in the Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Client, or from the Client to the Provider.

18.3 Either party shall remain responsible to the other party for the performance of any assigned obligations.

19. No waivers

19.1 No breach of any provision of the Terms shall be waived except with the express written consent of the party not in breach.

19.2 No waiver of any breach of any provision of the Terms shall be construed as a further or continuing waiver of any other breach of that provision or any breach of any other provision of the Terms.

20. Severability

20.1 If any provision of the Terms is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions shall continue in full force and effect.

20.2 If any unlawful and/or unenforceable provision of the Terms would be lawful or enforceable if part of it were deleted, that part shall deemed to be deleted, and the rest of the provision shall continue in full force and effect.

21. Third Party Rights

21.1 The Terms is for the benefit of the parties and is not intended to benefit or enforced by any third party.

21.2 The exercise of the parties' rights under the Agreement is not subject to the consent of any third party.

22. Amendments

The Terms may not be amended from time to time by the Provider. The changes of the Terms shall take effect after 30 days from publication.

24. Law and Jurisdiction

24.1 The Terms shall be governed by and construed in accordance with the laws of the Republic of Malta.

24.2 Any disputes relating to the Agreement shall be subject to the exclusive jurisdiction of the courts of the Republic of Malta.

25. Interpretation

25.1 The headings of the Clauses herein are for reference only and shall not affect the interpretation of any of the terms of the Terms.

25.2 References in the Terms to "calendar months" are to the twelve (12) named periods (January, February and so on) into which a year is divided.

25.3 In the Terms, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

SCHEDULE 1 (HOSTED SERVICES PARTICULARS)

1. Specification of Hosted Services

Online or Offline Client Verification using Passport, Driving License, ID card and/or Credit/Debit card.

2. Client Systems

Clients can integrate the Hosted Service with their website or smartphone applications.

3. Financial Provisions

The Agreement shall only become effective on payment of the setup fee to the Provider in accordance with the applicable Sales Order.

4. Representatives

The Client shall ensure that all instructions given by the Client in relation to the matters contemplated in the Terms will be given by a Client Representative to a Provider Representative, and the Provider:

(a) may treat all such instructions as the fully authorized instructions of the Client; and

(b) may decline to comply with any other instructions in relation to that subject matter.

5. Contractual Notices

For any contractual notices, the Client shall communicate with the Provider at: [email protected]

SCHEDULE 2 (AVAILABILITY SLA)

1. Introduction to Availability SLA

1.1 This Schedule 2 sets out the Provider's availability commitments relating to the Hosted Services.

1.2 In this Schedule 2, "uptime" means the percentage of time during a given period when the Hosted Services are available at the gateway between public internet and the network of the hosting services provider for the Hosted Services.

2. Availability

2.1 The Provider shall use all reasonable endeavors to ensure that the uptime for the Hosted Services is at least 99% during each quarter of the year.

2.2 The Provider shall be responsible for measuring uptime and shall do so using any reasonable methodology.

3. Exceptions

3.1 Downtime caused directly or indirectly by any of the following shall not be considered when calculating whether the Provider has met the uptime given in Paragraph 2.1:

(a) a Force Majeure Event;

(b) a fault or failure of the Provider's hosting infrastructure services provider, unless such fault or failure constitutes an actionable breach of the contract between the Provider and that company;

(c) a fault or failure of the Client's computer systems or networks;

(d) any breach by the Client of the Agreement; or

(e) scheduled maintenance carried out in accordance with the Agreement.

SCHEDULE 3 (MAINTENANCE SLA)

1. Introduction

This Schedule 3 sets out the service levels applicable to the Maintenance Services.

2. Scheduled Maintenance Services

2.1 The Provider gives, where practicable, to the Client seven (7) Business Days' prior notice of scheduled Maintenance Services that are likely to affect the availability of the Hosted Services or are likely to have a material negative impact on the Hosted Services.

2.2 The Provider ensures, to the extent possible, to provide all scheduled Maintenance Services outside Business Hours.

3. Updates

3.1 The Provider gives to the Client, if practically possible, a notice of the application of any security Update to the Platform and, if practically possible, seven (7) Business Days' prior notice of the application of any non-security Update to the Platform.

3.2 The Provider shall apply Updates to the Platform as follows:

(a) third party security Updates shall be applied to the Platform promptly following release by the relevant third party, provided that the Provider may act reasonably decide not to apply any particular third party security Update;

(b) the Provider's security Updates shall be applied to the Platform promptly following the identification of the relevant security risk and the completion of the testing of the relevant Update; and

(c) other Updates shall be applied to the Platform in accordance with any timetable notified by the Provider to the Client or agreed by the parties from time to time.

4. Upgrades

4.1 The Provider may produce Upgrades from time to time.

4.2 The Provider gives, if practically possible, to the Client seven (7) Business Days' prior notice of the application of an Upgrade to the Platform.

4.3 The Provider applies each Upgrade to the Platform within any period notified by the Provider to the Client or as agreed by the parties in writing.

SCHEDULE 4 (SUPPORT SLA)

1. Introduction

This Schedule 4 sets out the service levels applicable to the Support Services.

2. Help Desk

2.1 The Provider shall make available to the Client a help desk.

2.2 The Client may use the help desk for the purposes of requesting and, where applicable, receiving the Support Services; and the Client must not use the help desk for any other purpose.

2.3 The Provider shall ensure that the help desk is accessible by email and using the Provider's web-based ticketing system.

2.4 The Provider shall ensure that the help desk is operational and adequately staffed during Business Hours.

2.5 The Client shall ensure that all requests for Support Services that it may make from time to time shall be made through the help desk.

3. Response and Resolution

3.1 Issues raised through the Support Services shall be categorized as follows:

(a) critical: Hosted Services are inoperable or a core function of the Hosted Services is unavailable;

(b) serious: a core function of the Hosted Services is significantly impaired;

(c) moderate: a core function of the Hosted Services is impaired, where the impairment does not constitute a serious issue; or a non-core function of the Hosted Services is significantly impaired; and

(d) minor: any impairment of the Hosted Services not falling into the above categories; and any cosmetic issue affecting the Hosted Services.

3.2 The Provider shall determine, acting reasonably, into which category an issue falls.

3.3 The Provider shall ensure that its response to a request for Support Services shall include the following information (to the extent such information is relevant to the request): an acknowledgement of receipt of the request, where practicable an initial diagnosis in relation to any reported error, and an anticipated timetable for action in relation to the request.

4. Time of response:

(a) critical: 8 Business Hours;

(b) serious: 16 Business Hours;

(c) moderate: 5 Business Days; and

(d) minor: 7 Business Days.

6. Provision of Support Services

The Support Services shall be provided remotely.

7. Limitations on Support Services

7.1 If the total hours spent by the personnel of the Provider performing the Support Services during any calendar month exceeds ten (10) then:

(a) the Provider will cease to have an obligation to provide Support Services to the Client during the remainder of that period; and

(b) the Provider may agree to provide Support Services to the Client during the remainder of that period, but the provision of those Support Services will be subject to chharges.

7.2 The Provider shall have no obligation to provide Support Services in respect of any issue caused by:

(a) the improper use of the Hosted Services by the Client; or

(b) any alteration to the Hosted Services made without the prior consent of the Provider.

SCHEDULE 6 (DATA PROCESSING INFORMATION)

1. Categories of Data Subject

a) Client’s RAW API Requests data

b) End users’ verification data

2. Types of Personal Data

End user’s images, videos, documents or any other inputs given in real-time which discloses personal information such as a name, an identification number, location data, physical, physiological, genetic, mental, economic, cultural, social identity etc.

3. Purposes of Processing

All Personal Data will be used to perform identity verifications and/or background checks only.

4. Personal Data Retention

Personal Data of end users shall be retained as per the written instruction of the Client at the time of contract. In case of no specific instructions, the Provider shall store data for a maximum of five (5) years without any Charges.

5. Security Measures for Personal Data

All the data is transmitted over Secure Sockets Layer (SSL) and stored in secure data centers. All personal information is secured using SHA-256 Cryptographic Hash Algorithm for maximum protection.