GENERAL TERMS AND CONDITIONS

These Cinco General Terms and Conditions (“General Terms and Conditions”) shall apply by and between:-

• 9118-2162 Quebec Inc (Cinco inc.), a corporation existing under the laws of Québec, having its principal place of business at 139 Saint-Paul West, Suite 6, Montreal, Quebec, H2Y 1Z5 (“Cinco”), and
• The client entity named in the applicable Statement of Work to which these Terms and Conditions apply (“Client”).

Cinco and the Client may be individually referred to hereinafter as a “Party” or, collectively, as the “Parties”.

BACKGROUND

• A: WHEREAS, Cinco is a marketing, sponsorship management, brand activation, content, AI, digital, and experiential Client operating its own internal innovation lab called “CincoLab”;
• B: WHEREAS, the Client desires to engage Cinco, on a case-by-case basis, to provide services within Cinco’s areas of expertise;
• C: WHEREAS, the Parties wish to establish in this document the general terms and conditions governing the performance of services by Cinco for the Client, subject to additional service specific terms that may be set out under any relevant Statement of Work.

Defined terms used in this Background section are set out hereinafter.

OPERATIONAL PROVISIONS

NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions hereinafter set forth, and intending to be legally bound hereby, the Parties agree as follows:

1. DEFINED TERMS

   The following definitions shall apply under these General Terms and Conditions:-

   “Additional Services” means services additional to the Services that CINCO provides to Client under the Agreement. Such Additional Services may include, but are not limited to: (i) additional implementation and customisation services in respect of the Client Experience Platform; (ii) training services and (iii) additional volume of existing service or new Services.

   “Affiliate”means any entity directly or indirectly controlled by, controlling, or under common control with a Party, and where “control” means the power to direct or cause the direction in the management or decision making of that entity, and whether by way of share ownership, under contract or otherwise.

   “Agreement” for any relevant Services, means these General Terms and Conditions, together with its relevant Appendices, and any applicable Statement of Work, and any other documents incorporated by reference herein or under the relevant Statement of Work.

   “Applicable Laws” means all laws and regulations in force and applicable to a Party to the Agreement in respect of its rights and obligations under the Agreement, and/or applicable to the supply or receipt of Services (including, where relevant. the EU AI Act or other applicable laws where Services use or deploy artificial intelligence), including Data Protection Laws (as defined in the DPA), and any order of a court of competent jurisdiction and the rules or directions of any competent regulatory authority.

   “Applicable Taxes” means any sales, use, consumption, goods and services, or value-added taxes or withholding taxes applicable to the Services or payments made in respect of the Services, except taxes imposed on Cinco’s income.

   “Authorized User” means any employee or contractor of Client or other individual or entity who is authorized by Client to access and use the Services. Authorized Users will be identified by Client to Cinco.

   “Change Request” or “CR” means a written document agreed to by Cinco describing a modification to the Services.

   “Client Customer” means any existing or prospective customer of Client products and/or services in any relevant territory.

   “Client Customer Data” means any data or content (in any medium or format) transmitted by or on behalf of Client Customer to Client and/or CINCO in connection with Client Customer access to and use of the Client Experience Platform.

   “Client Customer Terms” means the terms and conditions governing Client Customer access to, and use of, the Client Experience Platform, and consisting of (1) the Terms of Use and (2) Client Privacy Policy.

   “Client Data” means any data or content (in any medium or format) transmitted by or on behalf of Client to CINCO in connection with Client use of Services, and whether in respect of Professional Services implementation of the Client Experience Platform, or Operational Services use by the Client following the Operational Services Commencement Date.

   “Client Experience Platform” or “Client Experience Portal” means the Cinco owned and operated online platform (also known as the “Cinco AI Experience”) provided as a fully white-labelled solution for Client with certain AI Technology capabilities, permitting Client via a Client branded and content led version of the platform, to promote, showcase and advertise Client product and service offerings, and/or link to its own proprietary, transactional websites where Client product and service offerings may be purchased by Client Customers in relevant territories.

   “Client Privacy Policy” means the policy maintained at URL: https://www.privacy.wearecinco.com, and which provides the default, standard privacy policy and part of the Client Customer Terms for the Client Experience Platform as hereinafter described.

   “Client Side Software” means a specific piece of software that, if provided as part of the Services, and whether in respect of Client use of the Client Experience Portal or otherwise, Client may download for use on a non-transferable, non-exclusive, subscription basis in conjunction with and for the duration of the subscription for use of the Services.

   “Cloud Services” means any element of the Services delivered using cloud computing technology.

   “Commencement Date” is a several reference to the date(s) on which one or more relevant Services may commence under any applicable Statement of Work and as set out therein.

   “Confidential Information” means any information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”) which: (i) is marked as proprietary and/or confidential by Disclosing Party; or (ii) Receiving Party should reasonably understand to be confidential.

   “Contract Year” in respect of each Agreement means each 12 month period during the Agreement Term, the first commencing on the relevant Commencement Date, and each subsequent 12 month period which begins on each anniversary of the Effective Date.

   “Data Protection Laws” has the meaning set out in the DPA (Appendix 1).

   “Default Event” means the occurrence of any one of the following in respect a Party:- (i) (Client only) failure to pay Fees when due; (ii) that Party fails to perform any material term or condition of the Agreement and such failure is not cured within 30 days of written notice from the other Party; (iii) that Party ceases the conduct of active business; (iv) any proceedings under any Applicable Law bankruptcy code or other insolvency laws are instituted by or against that Party, or if a receiver shall be appointed for that Party or any of its assets; or (v) that Party makes an assignment for the benefit of creditors, or admit in writing its inability to pay its debts as they come due.

   “Documentation” means the written user documentation provided or made available by CINCO to Client under the OF relating to the Services.

   “DPA” means the Data Processing Agreement set out in Appendix 1 to these General Terms and Conditions.

   “EU AI Act” means the European Union´s Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence.

   “Infringement Claim” means claims, suits, actions, or proceedings brought against Client in a court of competent jurisdiction by a third-party that allege an infringement by the Services of a third-party’s patent, copyright, or trade secret.

   “Intellectual Property Rights” means all patents, trademarks, service marks, copyright and related rights, domain names, rights in get-up, design rights, database rights, topography rights, and all other similar proprietary rights, in each case whether registered or unregistered and including all applications (or rights to apply) for, and renewals or extensions of, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

   “Operational Services” is a several or collective reference, as the context permits, to the provision of the Client Experience Platform, Cloud Services, AI Technology and Support.

   “Person” means, as the context requires, any natural person or legal entity, including bodies corporate, unincorporated associations and partnerships.

   “Professional Services” means any Client Experience Platform customization, implementation and training services agreed under any implementation project detailed in any relevant Statement of Work.

   “Services” is a several or collective reference to Operational Services and Professional Services (and as more specifically described in a relevant Statement of Work).

   “Statement of Work” means a document agreed upon by the Parties, describing (i) the provision of relevant Services, (ii) applicable timeline for commencement and duration of Professional Services and/or Operational Services, and (iii) Fees, and (iv) any other additional terms and conditions (if any). A Statement of Work may be agreed in physical or electronic form, incorporates these General Terms and Conditions, and may include other documents which are incorporated by reference into the applicable Statement of Work.

   “Support” means the operational and technical support services applicable to the Services, as defined in any part of the Agreement, including these General Terms and Conditions, Statement of Work or any Documentation.

   “Terms of Use” or “TOU” or “Client Customer Terms” means those terms and conditions governing the access to, and use of, the Client Experience Platform by Client Customers. The binding relationship of this document is between the Client and the Users of the Client Experience Platform. The TOU are maintained at URL: https://www.appterms.wearecinco.com.

2. TERM OF AGREEMENT

   1. These General Terms and Conditions take effect and will be binding upon Client and Cinco from its Effective Date, and will apply to all Statements of Work entered into under and subject to these General Terms and Conditions (or which incorporate these General Terms and Conditions by reference).
   2. The term of any Agreement for applicable Professional Services will begin on the Commencement Date indicated in the relevant Statement of Work, and continue until the end of the period referenced in the Statement of Work.
   3. The term of any Agreement for applicable Operational Services will begin on the Commencement Date indicated in the relevant Statement of Work and continue until the end of the minimum services subscription period shown in the “Commercial Conditions” or equivalent section of the Statement of Work (“Initial Term”). Unless otherwise set forth in the Statement of Work, the Agreement for applicable Operational Services shall automatically renew for successive 12 month renewal terms (each a “Renewal Term”) on expiration of the Initial Term or subsequent Renewal Term, unless the SOW indicates differently or the Agreement is terminated to the end of the Initial Term or a Renewal Term. Either Party may terminate the Agreement, effective at the end of the Initial Term or then-current Renewal Term, by providing the other Party at least 90 days’ prior written notice. The Initial Term and any Renewal Term(s) may be collectively referred to as the “Agreement Term”. Except in the event of an uncured material breach or as expressly provided in the Agreement, neither Party will be permitted to terminate the Agreement prior to the end of the Initial Term or applicable Renewal Term.

3. AGREEMENT FOR SERVICES

   1. CINCO will provide Client the Client Experience Platform together with other relevant, agreed Services pursuant to the Agreement (and more particularly described in a relevant Statement of Work).
   2. In the event of any conflict or inconsistency among the documents that constitute the Agreement, the documents will be interpreted in the following descending order of precedence: (i) these General Terms and Conditions; (ii) the Statement of Work, and (iii) any other documents incorporated by reference in these General Terms and Conditions or any applicable Statement of Work.
   3. As necessary to reflect changes in its business, technology and service offerings, CINCO may change its rules of operation, access procedures, software, the Services, or the Documentation.
   4. CINCO may employ its Affiliates and third parties in the performance of the Services, and CINCO shall remain primarily responsible to Client in respect thereof.
   5. Some of the Services may be designed to upload, download, and synchronize files between Client’s computer or other devices and CINCO servers.
   6. Client’s failure to adhere to schedules or complete tasks within Client’s control, or failure to provide timely access to programs, files, data, or other materials, or failure to provide complete and accurate information in a timely manner, may impact CINCO’s performance of the Services. CINCO shall not be liable for any delays or defects in performing the Services to the extent caused by such Client failure.

4. IMPLEMENTATION AND OPERATION OF THE CLIENT EXPERIENCE PLATFORM

   1. Implementation Period:
   2. If a Statement of Work specifies an acceptance test for any Professional Service deliverables, CINCO will notify Client when a deliverable is ready for acceptance. Client and Cinco will then perform an agreed acceptance test (“Acceptance Test”) within an agreed time period with respect to each deliverable (“Acceptance Period”) to verify that the deliverable functions materially in accordance with any written specifications as stated in the Statement of Work. Acceptance occurs when the deliverable meets all material requirements of the Acceptance Test. Client will notify CINCO promptly in writing of Client’s acceptance. If Client does not conduct the Acceptance Test and notify within the Acceptance Period or, if no Acceptance Period is specified, then within five (5) business days after delivery of the deliverable, the deliverable will be deemed accepted.
   3. If Client notifies CINCO in writing within the Acceptance Period that the deliverable does not function in all material respects with the written specifications stated in the Statement of Work, and further describes the deficiencies in sufficient detail for CINCO to identify or reproduce them, CINCO will work diligently to correct and redeliver the affected deliverable.
   4. Operational Services Period:
   5. Client acknowledges and agrees that the Client Experience Platform may only be operated and made available to Client Customers by Client on the basis of the Client Customer Terms, and any other terms that CINCO may reasonably require (and notify in writing to Client) from time to time. Client understands that the use of the Client Customer Terms is mandatory (and describes the minimum requirements as stipulated by CINCO, regarding access and use of the Client Experience Platform, and the Client and Client Customer corresponding rights and obligations in respect thereof).
   6. Client Customer Terms must be displayed in the Client Experience Platform in the designated area agreed with CINCO, and be capable of clear and unequivocal Client Customer acceptance (through use of the “I accept” button or similar functionality provided in the Client Experience Platform) or confirmed acceptance whenever Client Customer visits the Client Experience Platform.
   7. Client undertakes to ensure it will do nothing to circumvent the application and use of the Client Customer Terms in the Client Experience Platform, or seek or attempt to modify or actually modify any of its provisions as they appear in the Client Experience Platform, nor behave in any manner in its dealings with Client Customers that would harm or limit any rights that CINCO has under this Agreement, or impose any obligation or liability on CINCO in conflict with the Agreement.
   8. Client acknowledges that CINCO may require certain acknowledgements and attribution to appear within the Client Experience Platform, including certain CINCO trade and service marks and copyright, and/or identifying CINCO as the entity powering the Client Experience Platform (without presenting CINCO at any time as a party to the Client Customer Terms or in any way identifiable as a part of the Client´s organization (and not an independent, underlying service provider)).
   9. For the avoidance of doubt, to the maximum extent permitted by Applicable Law, nothing in the Client Customer Terms shall operate or be interpreted as between the Parties to this Agreement, to limit, reduce or override any of CINCO´s rights under the Agreement, or result in any increase in CINCO liability or obligations under the Agreement.

5. SERVICE RESTRICTIONS

   1. Client and its Authorized Users shall only use the Services for Client’s business operations contemplated and authorized under the Agreement. Only Client’s Authorized Users may access and use the Services, and permit Client Customers access to the Client Experience Platform as described in Section 4 above.
   2. Client shall not: (i) resell the Services to third parties without CINCO’s prior express written agreement; (ii) create multiple free accounts under different or fake identities or otherwise that enables Client to exceed the usage limits, if any, associated with the Services; (iii) modify, reverse engineer, decompile, or otherwise attempt to discover the source code of the Client Experience Platform, Client Side Software or any of CINCO’s or its third-party providers’ software that may be included in the Services.
   3. Client does not have any rights to the Client Experience Platform, Client Side Software or to any of CINCO’s or its third-party providers’ software that are included in the Services, other than the use and access thereof on a subscription basis as part of and for the duration of receiving the Services.
   4. If Client Side Software is provided as part of the Services, Client may use the Client Side Software, and make copies thereof, for the sole purpose of facilitating Client’s use of the Services in accordance with the Agreement. Each copy of the Client Side Software made by Client must contain the same copyright and other notices specified by CINCO.

6. AI ENABLED SERVICE

   1. The Services (and in particular the Client Experience Platform) provided by CINCO may include and/or enable the use of predictive algorithms, generative artificial intelligence, machine learning, and/or other components as artificial intelligence technologies (“AI Technology), some of which may be provided or supported by Third Party Providers (refer Section 7 below).
   2. In respect of any use, access or deployment of AI Technology as part of the Services provided to the Client (and experienced by Client Customers in their interactions (with Client) on the Client Experience Platform), Client agrees to the following:
      1. The AI Technology may use or analyze Client Data and/or Client Customer Data based on parameters that have been determined, identified, and/or defined by Client and/or otherwise agreed with CINCO. Client’s choice of parameters and the types of Client Data and Client Customer Data which are input into or made available by Client and Client Customers (“Inputs”) via the Client Experience Platform or other relevant Services, may include assumptions, biases and limitations which will affect the effectiveness, quality, relevance and accuracy of the corresponding Outputs.
      2. The quality of the outputs resulting from such AI Technology (“Outputs”) therefore depends on the quality of the Inputs. The quality of the Inputs is the sole responsibility of Client.
      3. Use of AI Technology via the Client Experience Portal does not (and is not intended to) replace decision-making and judgement by natural individuals (including Client Customers). The AI Technology is intended to provide additional knowledge and information to support such decision making and judgement. Client remains solely responsible for any decisions taken and judgements as a result of the Outputs. Client agrees that CINCO shall have no liability resulting from (i)  the creation and/or use of the Outputs, and/or (ii)  any decisions resulting from the use of the Outputs (including without limitation any Client Customer decisions). Unacceptable risk or prohibited AI System use (as defined in EU AI Act or per mandatory industry standards) is prohibited. Furthermore, CINCO AI Technology does not support, nor is intended to support AI systems or models that are classifiable as “high risk” (under the EU AI Act or other Applicable Laws or mandatory industry standards), and Client will never attempt or actually make use of/deploy, or seek to modify, the AI Technology or any visible branding or other IPR associated with, or displayed to Clients in regards to, such AI Technology, in any manner that might result in the AI Technology being designated or re-classified as constituting high risk or that would result in Client being designated under Applicable Laws as provider of such AI Technology (in place of CINCO or its relevant underlying Third Party Providers).
      4. For all AI Technology that uses large language models supplied by Third Party Providers (including other technology affiliated with generative artificial intelligence and GPAI models, as the term GPAI is used in the EU AI Act), the nature of the technology may limit (i) the protection of privacy, (ii) rights to use, and/or (iii) the accuracy of the Outputs. Therefore, CINCO does not guarantee (a) the protection of privacy, (b) rights to use, and/or (c) the accuracy of the Outputs, with regard to such AI Technology and/ or use of such models and related technologies.
      5. Access to and use of any Third Party Provider services and/or products including and/or enabling AI Technology may be subject to Client agreeing to additional terms as notified to Client or its Authorized User(s) at the time of order, installation, enablement, access or use of the relevant Third Party Provider service/product.
      6. Applicable Laws may provide for additional requirements concerning the use of AI Technology in certain contexts, services or projects. Client is solely responsible for identifying and complying with the requirements applicable to the implementation and use of the relevant services and products (including AI Technology) in Client’s processes, and in respect of any Client products and services (and related Client websites) which Client may advertise, market, show case or otherwise make available via the Client Experience Platform or via other linked independent Client websites.

7. USE OF THIRD PARTIES

   1. CINCO may use third-party providers (each a “Third Party Provider”) to provide or support any element of the Services (including for example cloud infrastructure or hosting for the Client Experience Platform or functionality utilizing artificial intelligence). In some cases, certain obligations related to data security may be fulfilled by the Third Party Provider, as applicable (for example, as permitted by the Third Party Provider, CINCO may provide copies of the Third Party Provider’s summary security reports or certifications to Client regarding the portions of the Service they provide). Access to such reports or other audit activities requested by Client, or any data protection authorities having jurisdiction over Client will, to the extent such report access and/or audit activities are permitted by the Third Party Provider, be limited in scope to that allowed by the Third Party Provider and may be subject to additional charges which will be the responsibility of Client.
   2. If Client intends to utilize a third-party auditor where such audit activities are permitted by the Third Party Provider, CINCO or the Third Party Provider may object in writing to such auditor where such auditor is: (i) not reasonably qualified; or (ii) not independent; or (iii) a competitor of CINCO or the Third Party Provider. Where Client requires functionality which requires any additional processing service offered by a Third Party Provider (e.g., online language translation services), such additional processing services may be subject to the additional terms and restrictions of the Third Party Provider which shall be deemed to be incorporated herein. A Third Party Provider shall be considered a sub-processor, where applicable. The Third Party Provider may utilize subcontractors provided that such Third Party Provider remains liable for any subcontracted obligations to the same extent it has committed to CINCO. If CINCO utilizes a Third Party Provider, access to stored Client Data may be limited to the time period made available by such Third Party Provider. Requests for deletion of Client Data following termination may be subject to delay of up to 180 days by the Third Party Provider, during which time period, all restrictions on use and confidentiality shall continue to apply.

8. CLIENT RESPONSIBILITIES

   1. Client is responsible for:- (i) obtaining, installing, and maintaining the equipment, communication lines, and related support services necessary to access the Services; and (ii) ensuring that its Internet and telecommunications connections (if applicable), hardware, devices, and software are secure and compatible with the Services. If Client elects to use a third-party contractor to perform work interfacing with the Services, such work shall be subject to CINCO’s prior written consent. Client is solely responsible for any work performed by, and any acts or omissions of, such third-party contractor, as well as any defect or issue with the Services to the extent resulting from third-party contractor’s work.
   2. Client shall be liable for:- (i) acts or omissions by its Authorized Users; (ii) maintaining the confidentiality of access credentials (including usernames, passwords, and keys) used by Client or its Authorized Users; (iii) ensuring compliance with the Agreement by each Authorized User, including compliance with CINCO’s AUP; and (iv) ensuring compliance with Applicable Laws in connection with the use of the Services, including, but not limited to, those related to: (a) laws and regulations pertaining to telemarketing, commercial e-mail, spam, use of artificial intelligence systems; (b) export compliance; and (c) data privacy.

9. CLIENT DATA AND CLIENT CUSTOMER DATA

   1. Client represents and warrants to CINCO that Client is the owner of all rights to the Client Data, or that Client has the right to reproduce, distribute, and transfer the Client Data to CINCO or otherwise permit CINCO use and access thereof, for the purposes of the Agreement and Services provision. Client further represents and warrants that it will at all times have the right to reproduce, distribute, and transfer and make available to CINCO, any relevant Client Customer Data for the purposes of the Agreement, and provision of Services (including by means of ensuring Client secures such rights through its TOU with Client Customers). Client represents and warrants that CINCO is entitled, in accordance with Client´s ownership or licences (as the case may be), to access, modify, re-arrange and maintain Client Data and Client Customer Data provided to CINCO by or on behalf of Client or Client Customer, (A) in the case of Client Data, both in the development and operation of the Client Experience Platform (consistent with the agreed Statement of Work) and other Services, and (B) in the case of Client Customer Data in the operation, delivery and improvement of Services and in particular the Client Experience Platform.
   2. CINCO will safeguard the Client Data and Client Customer Data in accordance with the administrative, technical, and physical security controls and procedures defined in the Agreement or otherwise notified to the Client by CINCO from time to time.
   3. Client acknowledges that the performance of the Services may include transmission of Client Data and Client Customer Data to third parties in the course of the performance of the Services (e.g. transmission of Client Data and/or Client Customer Data to third party partners as part of Cloud Services consisting of electronic data interchange services), and that CINCO is responsible for ensuring any onwards disclosure of Client Data or Client Customer Data to such third parties is consistent with CINCO rights to use of such data under this Agreement.
   4. Client remains solely responsible for the Client Data and use of the Services in compliance with the Agreement and with all legal and regulatory obligations applicable to the Client. Client remains responsible for ensuring it procures that Client Customer Data provided by Client Customers is compliant with Applicable Law, to the maximum extent possible. Client shall be responsible: (i) for the correctness and completeness of the Client Data; (ii) for the Client Data being free from viruses, worms, trojan horses, and any other malicious code; and (iii) for storing and maintaining back-up copies of the Client Data, unless such is included in the Services. Client undertakes to pass through or impose on Client Customers terms substantially similar to those in this Section 9.4 in respect of the accuracy, integrity and lawfulness of Client Customer Data. Notwithstanding the foregoing, if any portion of the Client Data or any Client Customer Data contains material that is harmful to CINCO’s systems (e.g., a virus) or otherwise places CINCO in breach, or at risk, of breaching Applicable Law, CINCO reserves the right to protect CINCO’s systems and mitigate/prevent CINCO harm or liability, by suspending or limiting Client’s access and/or use of the Services (or the Client Customer use of the Client Experience Platform) until the matter is rectified to CINCO´s satisfaction, acting reasonably.
   5. Client agrees that CINCO may use and store Client Data and Client Customer Data that is submitted to, or generated by, any AI Technology (and whether Inputs or Outputs) to (i) perform its obligations and Services under the Agreement and (ii) to develop, train and improve CINCO's AI Technology, and (iii) develop best practices, benchmarking and data analytics, but only on the basis that Client Data and Client Customer Data used for such purposes is aggregated or anonymized in accordance and will not be disclosed to any third-party in a manner that would allow them to identify Client, Client Customers or Client personal data. Client undertakes to ensure it will secure CINCO rights in respect of Client Customer Data described in this Section 9, through the TOU terms.
   6. If any Client Data or Client Customer Data may be subject to governmental regulation or may require security measures beyond those specified by CINCO for the Services, Client will not provide, allow access to, or input such Client Data or Client Customer Data into the Services for processing or allow CINCO access to such Client Data to provide the Services, unless (i) expressly permitted in the applicable Statement of Work, or (ii) CINCO has expressly agreed in writing to implement additional security measures with respect to such Client Data or Client Customer Data.
   7. With respect to the Client Data and any Client Customer Data, any applicable data retention period and/or any data return service provided with the Services, as well as any fees payable by Client therefor, will be specified in the applicable Statement of Work. Subject to Applicable Law, CINCO shall have no obligation to retain or delete Client Data or Client Customer Data nor to return Client Data or Client Customer Data to Client except as provided in the Agreement or any Statement of Work. Any Client Data and Client Customer Data not deleted or returned by CINCO shall remain subject to the terms of the Agreement including compliance with Applicable Law.
   8. In order to protect Client Data and Client Customer Data, CINCO will (i) implement and maintain adequate technical and organization measures (as more fully described in the DPA) appropriate to the nature of the Client Data and Client Customer Data including without limitation, technical, physical, administrative and organizational controls, and will maintain the confidentiality, security and integrity of such Client Data and Client Customer Data; (ii) implement and maintain industry standard systems and procedures for detecting, preventing and responding to attacks, intrusions, or other systems failures and regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designate an employee or employees to coordinate implementation and maintenance of its security measures; and (iv) identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of Client Data and Client Customer Data that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks.

10. FEES, PAYMENT AND TAXES

    1. Client shall pay CINCO the Service fees and charges (“Fees”) specified in the Statement of Work. Client will pay charges for its use of the Services as recorded by CINCO’s systems and fees for any Additional Services and other charges described in any Statement of Work, plus any Applicable Taxes. CINCO will submit invoices against the Statement of Work for (A) Professional Services and (B) ongoing provision of the Services, as confirmed in the Statement of Work. Unless otherwise specified in the applicable Statement of Work, the Fees are subject to an increase of up to five percent (5%) (the “Annual Price Adjustment” or “APA”) which will be applied annually during the Initial Term, and during each subsequent Renewal Term at the beginning of each Contract Year.
    2. Unless otherwise determined in the Statement of Work, payments are due 30 days from the date of invoice. Invoices shall be issued as set forth in the Statement of Work. Fees owed by Client not paid when due shall accrue interest at the lesser of one and one-half percent (1.5%) per month or the highest rate permitted by the Agreement governing law. If Client has a bona fide dispute with any Fees, it will make timely payment of all other Fees not in dispute pending resolution of the disputed Fees, which the Parties agree to undertake promptly. If invoiced amounts not subject to a bona fide dispute remain unpaid following at least 10 days written notice by CINCO, CINCO may (reserving all other legal remedies and rights) (i) suspend the Services until the invoiced amounts are paid, and (ii) if the invoiced amounts remain unpaid for 30 days after such notice, terminate the Agreement without further prior notice. Client shall bear all of CINCO’s costs of collection of overdue fees, including reasonable attorneys’ fees. All fees are non-refundable.
    3. All payments referred to in this Agreement are in USD and exclusive of all Applicable Taxes. To the extent relevant Client will be responsible for and pay any such Applicable Taxes in accordance with Applicable Law.

11. INTELLECTUAL PROPERTY AND LICENCES

    1. As between CINCO and Client, CINCO owns all right, title, and interest, including all related Intellectual Property Rights in and to (i) the Client Experience Platform (including modifications, improvements, upgrades, derivative works and all other intellectual property rights embodied therein) and all other Services, (ii) the Documentation, (iii) Client Side Software, and (iv) any suggestions, ideas, requests, feedback, recommendations or other information provided by Client or any other party relating to the foregoing (other than Client Data), and CINCO reserves all rights to use, modify, and allow others to use such materials. Client may not remove CINCO’s copyright or other proprietary notices from the Documentation or any part of the Services save that in the case of the Client Experience Platform Client will be entitled to present its own Client branding as the prominent branding in the form and manner expressly agreed with CINCO (without diluting any of Client obligations or CINCO rights in respect of CINCO underlying proprietary rights and interest (including Intellectual Property Rights in) the Client Experience Platform).
    2. As between Client and CINCO, the Client Data belongs to Client of Client authorised licensors, and CINCO makes no claim to any right of ownership in the Client Data. However, Client grants CINCO a non-exclusive, fully paid up, worldwide right and licence to access, display, modify and make use of the Client Data for the purpose of CINCO performing is obligations and providing the Services (including delivery of the Client Experience Platform in the form and with the data content and functionality (including AI-Enabled Service elements) agreed with Client pursuant to any Statement of Work which forms part of the overall Agreement).

12. LIMITED WARRANTY

    1. CINCO warrants that the Services will be rendered in a professional and workmanlike manner and will function in all material respects in accordance with the Agreement.
    2. THE FOREGOING IS A LIMITED WARRANTY, AND EXCEPT AS EXPRESSLY PROVIDED IN THE AGREEMENT, THE SERVICES ARE PROVIDED WITHOUT EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CINCO DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS, INCLUDING ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, OF SATISFACTORY QUALITY, OR OF FITNESS FOR A PARTICULAR PURPOSE, OR THOSE ARISING BY LAW, STATUTE, USAGE OF TRADE OR COURSE OF DEALING. CINCO DOES NOT WARRANT THAT THE SERVICES WILL BE ERROR FREE OR WILL OPERATE WITHOUT INTERRUPTION. CLIENT ASSUMES THE RESPONSIBILITY TO TAKE ADEQUATE PRECAUTIONS AGAINST DAMAGE TO ITS CLIENT DATA OR OPERATIONS THAT COULD BE CAUSED BY SERVICES DEFECTS, INTERRUPTIONS, OR MALFUNCTIONS.
    3. CINCO’s sole obligation and Client’s sole remedy under the foregoing limited warranty are strictly and exclusively limited to either the correction of any errors in the affected Services which are made known to CINCO by written notice from Client describing such errors in detail or, at the election of CINCO, a pro rata refund of the Fees paid by Client for the particular portion of the Services which is in error.

13. INDEMNITIES

    1. Provided Client is not in material breach of the Agreement and is current with payment obligations, CINCO will defend Client from any Infringement Claim, to the extent it arises solely from Client’s use of the Services in accordance with the provisions of the Agreement. This defense will not apply to an Infringement Claim to the extent caused by: (i) modification of the Services by any party other than CINCO or no expressly authorised by CINCO; or (ii) the combination or use of the Services with software, hardware, firmware, data, or technology not provided by CINCO to Client; or (iii) the Client Data. As to any such Infringement Claim referenced under the preceding items (i) or (ii) or (iii), CINCO assumes no liability for infringement and Client will hold CINCO harmless against any infringement claims arising therefrom.
    2. CINCO’s obligations in this Section are conditioned upon: (i) Client notifying CINCO in writing within 10 days of Client becoming aware of an Infringement Claim; (ii) Client’s not making an admission against CINCO’s interests; (iii) Client’s not agreeing to any settlement of the Infringement Claim without the prior written consent of CINCO; (iv) Client providing reasonable assistance to CINCO in connection with the defense, litigation, and settlement by CINCO of the Infringement Claim; and (v) CINCO’s maintaining sole control over legal counsel, litigation, and settlement of the Infringement Claim. CINCO will indemnify Client from any judgment finally awarded, or payments made in settlement of, the Infringement Claim where all the conditions of this Section are satisfied.
    3. If the Services become, or in CINCO’s opinion may become, the subject of an Infringement Claim, CINCO will, at no expense to Client: (i) obtain an authorization for Client to continue using the Services; (ii) modify the Services so they become non-infringing but still provide substantially the same functionality as the infringing Services; or (iii) terminate the Services and refund the unused portion of any prepaid fees received by CINCO from Client. CINCO’s entire liability and Client’s sole and exclusive remedy with respect to any Infringement Claim shall be limited to the remedies set forth in this Section 13.
    4. Client shall defend, indemnify, and hold harmless CINCO, its Affiliates, directors, employees and subcontractors from any damages, losses, claims, and expenses arising from any claim or other legal action related to: (i) Client Data that CINCO uses, processes and/or manages in connection with the Services; (ii) Client’s or any Authorized User’s use of the Services; and/or (iii) Client’s or any Authorized User’s breach of the Agreement.

14. LIABILITY

    1. Exclusion. Subject to Sections 14.3 and 14.4, neither Party nor its Affiliates will be liable for: (i) indirect, incidental, special, consequential, aggravated, exemplary, or punitive damages; or (ii) damages, compensation or reimbursement for lost sales, lost revenue, lost profits, loss of anticipated savings, downtime costs, lost or corrupted data, cost of substitute services or products or facilities, re-procurement amounts, or due to Force Majeure under Section 19.13 below.
    2. Limitation. Subject to Sections 14.1, 14.3 and 14.4, the maximum collective liability of CINCO and its Affiliates:
       1. for all claims in the aggregate arising from or relating to the Agreement or the Services during or in relation to an individual Contract Year, is limited to the total Fees paid by Client for the Services for the applicable Contract Year; and
       2. for all claims in the aggregate arising from or relating to the Agreement or the Services during or in relation to an Agreement Term that is longer than two (2) Contract Years, is limited to an amount equal to the sum of the total Fees paid by Client for the Services in the first two (2) Contract Years, with such amount being inclusive of and not in addition to the total liability determined under Section 14.2.1.
    3. Exceptions. Nothing in the Agreement shall exclude or limit liability for: (i) death or personal injury caused by negligence; (ii) fraud; or (iii) any other liability that cannot be excluded by Applicable Law.
    4. Disclaimer. The limitations and exclusions in the Agreement apply in regard to any and all claims arising out of or relating to the Agreement or the Services, in tort, equity, at law, strict product liability, or otherwise, including claims of negligence, breach of contract or warranty, regardless of the form of action, or whether any such claim relates to acts or omissions of the party claimed against or any other Person or entity (including, without limitation, such party’s subcontractors), and even if: (i) a party is advised of the possibility of such damages or claims; (ii) such damages or claims were foreseeable; or (iii) a party’s remedies fail in their essential purpose. The remedies specified in the Agreement are exclusive.

15. CONFIDENTIALITY

    1. Each Disclosing Party may disclose to the Receiving Party Confidential Information pursuant to the Agreement. Each Receiving Party agrees, for the Agreement Term and for three (3) years thereafter, to hold Disclosing Party’s Confidential Information in strict confidence, not to disclose such Confidential Information to third parties (other than to Affiliates, (or Third Party Providers in CINCO´s case) and to professional advisers who are bound by appropriate written obligations of confidentiality) unless authorized to do so by Disclosing Party, and not to use such Confidential Information for any purpose except as expressly permitted hereunder. Each Receiving Party agrees to take reasonable steps to protect Disclosing Party’s Confidential Information from being disclosed, distributed or used in violation of the provisions of this Section.
    2. The foregoing prohibition on disclosure of Confidential Information shall not apply to any information that: (i) is or becomes a part of the public domain through no act or omission of Receiving Party; (ii) was in Receiving Party’s lawful possession without confidentiality obligation prior to disclosure by the Disclosing Party; (iii) is lawfully disclosed to Receiving Party by a third party without restriction on disclosure; (iv) subsequently becomes publicly available through no fault of the Recipient Party; (v) is Client Data, which is governed by Section 9 (Client Data) above; (vi) is independently developed by Receiving Party or its employees or agents without use of Disclosing Party’s Confidential Information; or (vii) is required to be disclosed by Receiving Party as a matter of law or by order of a court or by a regulatory body, provided that Receiving Party promptly notifies Disclosing Party (where lawfully permitted to do so) so that Disclosing Party may intervene to contest such disclosure requirement and/or seek a protective order or waive compliance with this Section. Each Receiving Party is responsible for any actions of its Affiliates, employees and agents in breach of this Section.
    3. The Recipient Party shall, upon the expiry or termination of the Agreement or on demand of the Disclosing Party, use reasonable endeavours to:
       1. return to the Disclosing Party, or destroy (as the disclosing party may direct), all of the Confidential Information and not retain any copies, extracts or other reproductions in whole or in part of the Confidential Information (except to the extent required by Applicable Law);
       2. destroy all documents, memoranda, notes and other writings whatsoever prepared by it or for it or in its possession which incorporate any of the Confidential Information (except to the extent required by any Applicable Law); and
       3. within thirty (30) days following a written request by the Disclosing Party, provide a certificate executed by a duly authorised officer of the Recipient Party confirming that the Recipient Party has complied with all of its obligations under this Section 15.3.

16. DATA PROTECTION

    1. Data Processing Agreement (Appendix 1 to these General Terms and Conditions). CINCO will provide the Services in accordance with applicable Data Protection Law requirements described under the DPA (Appendix 1). The DPA describes the Parties´ specific roles and responsibilities under applicable Data Protection Law in regards to the Services and Client Customers, and their specific roles as data processor (CINCO) and data controller (Client) (as such terms are defined in the DPA). It also describes the technical and organisational security measures and standards applied by CINCO and/or its Third Party Providers in respect of the processing of relevant data to which the DPA applies.
    2. Client Privacy Policy (Client Customers). The Client Privacy Policy will appear on, be readily accessible to, and apply to all Client Customer access and use of the Client Experience Platform. Such Client Privacy Policy identifies Client as the data controller of Client Customer personal data, and that Client makes use of third data processors such as CINCO to carry out relevant personal data processing).

17. TERMINATION AND SUSPENSION

    1. Services Suspension. CINCO may suspend the Services without CINCO incurring liability for such suspension in order to support compliance with Applicable Laws or to prevent damage, liability, risk or other harm to CINCO, CINCO Affiliates, suppliers/service providers, Client, Client Customers or to CINCO’s other clients. Upon written notice to Client, CINCO may require Client’s assistance in verifying usage of the Services in compliance with the terms of the Agreement. CINCO will be entitled to terminate the Agreement if CINCO reasonably believes that the circumstances causing suspension are not likely to be resolved in a timely manner.
    2. Client Default Event. Upon occurrence of any Client Default Event, CINCO may terminate the Agreement and/or cease or suspend the performance of Services. In addition, in the event of any Client Default Event all accrued Fees will become immediately due and payable. Any such termination shall be without prejudice to any other rights or remedies which CINCO may have against Client with respect to such default, and shall not entitle Client to a refund, in whole or in part, any fees or charges. No remedy referred to in this Section is intended to be exclusive, but shall be cumulative and in addition to any other remedy referred to herein or available to CINCO at law or in equity.
    3. CINCO Default Event. Upon occurrence of any CINCO Default Event, Client may terminate the Agreement. Any such termination shall be without prejudice to any other rights or remedies which Client may have against CINCO with respect to such default. Upon such termination, CINCO shall refund to Client a prorated amount of any fees prepaid by Client for a period following the effective date of such termination. No remedy referred to in this Section is intended to be exclusive, but shall be cumulative and in addition to any other remedy referred to herein or available to Client at law or in equity.
    4. Termination For Cause. If either Party is in material breach of this Agreement, the other Party may terminate this Agreement at the end of a written 30-day notice/cure period, if the breach has not been cured.
    5. For material breaches relating to the rights granted or restrictions in Sections 5 (Restrictions on use); 8 (Client Responsibilities); 9 (Client Data); 10 (Fees, payment and taxes); 11 (Intellectual Property and Licences); 15 (Confidentiality); or 16 (Data Protection), no such cure period will be granted and such termination may be immediate. Except in the event of a material breach or as specifically provided in the Agreement, neither Party will be permitted to terminate the Agreement prior to the end of the Agreement Term. Actions upon termination. Upon any termination of the Agreement: (i) CINCO shall cease to perform the Services; (ii) Client shall immediately pay all accrued Fees; (iii) Client will immediately either return to CINCO or destroy all copies of (a) Documentation, and (b) Client Side Software; (iv) each Party shall destroy or promptly return all copies, partial copies, and any documentation or materials evidencing the other party’s Confidential Information; and (v) return of Client Data shall be governed by Section 9 (Client Data) above. Survival. The following provisions shall survive termination or expiration of the Agreement: Sections 5 (Restrictions on use); 8 (Client Responsibilities); 9 (Client Data); 10 (Fees, payment and taxes); 11 (Intellectual Property and Licences); 13 (Indemnities); 14 (Liability); 15 (Confidentiality); or 16 (Data Protection), and any provisions that by their nature should survive termination.

18. ADDITIONAL SERVICES

    1. Additional Services may be requested by Client in the Statement of Work, or via an amendment or Change Request to the Statement of Work.
    2. With respect to the materials produced for Client as a result of Additional Services, CINCO provides to Client a non-exclusive, non-transferable subscription to access and use such materials solely in connection with Client’s use of the Services. All rights, title, and interest in such materials remain with CINCO.

19. GENERAL

    1. Entire agreement; amendment; waiver. The Agreement represents the entire agreement of the parties, and supersedes any prior or current understandings, whether written or oral with respect to the subject matter of the Agreement. It is expressly agreed that if Client issues a purchase order or other document in connection with the Agreement, such document will be deemed to be for Client’s internal administrative convenience only, any provisions contained therein shall not amend or be used in interpreting the Agreement, and not providing a purchase order does not relieve Client from the responsibility to make timely payments as set forth in the Agreement. Any amendment of the Agreement must be in writing and signed by both parties. Neither party will be deemed to have waived any of its rights under the Agreement by lapse of time or by any statement other than by a written waiver signed by a duly authorized representative. No waiver constitutes a waiver of any prior or subsequent breach. Section headings are for convenience only and will not be construed as a part of this Agreement.
    2. Right to notify. Notwithstanding any other term of the Agreement, Client agrees that CINCO shall have a right to notify law enforcement if, during the performance of the Services, CINCO: (a) observes information that, in the opinion of CINCO, may be unlawful or constitute a criminal offence; believes in its reasonable opinion that continued performance of the Services will commit or aid and abet any crime. In such an event, CINCO may notify Client of such evidence, and Client agrees that CINCO has a right to discontinue performance of the Services and/or terminate the affected Statement of Work, without liability or penalty.
    3. No solicitation.During the Agreement Term and for a period of one (1) year after its termination, Client agrees not to solicit the employment of, nor hire or retain as a contractor or consultant, any individuals who are or were CINCO employees performing the Services under the Agreement. The foregoing restriction shall not apply in the event Client employs a current or former CINCO employee who responds to an employment position opening made public by Client via a major newspaper, industry publication, or Internet job posting site.
    4. Relationship of the Parties. The relationship of the parties created by the Agreement is that of independent contractor and not that of employer/employee, principal/agent, partnership, joint venture or representative of the other. Neither party is authorized to make any representation, contract or commitment on behalf of the other party. The establishment of the terms of any commercial or legal relationship between Client and any third-party by means of the use of the Services provided hereunder is the sole responsibility of Client. The provision of such Services by CINCO will not be interpreted as conferring any authority or responsibility on CINCO with respect to such relationships or the establishment, continuation or binding effect of such terms.
    5. Services Statistics. CINCO shall be entitled to use, develop or share its experience and knowledge (including processes, ideas, statistical and other information) acquired by it in connection with the services and/or products (“Services Statistics”), provided that any such use of the Services Statistics by CINCO is in a manner or form whereby: (i) the Client is not identified as a source of any such Services Statistics; and (ii) any data arising from the Services Statistics is anonymized.
    6. Third party rights. No term of the Agreement is intended to confer a benefit on, or to be enforceable by, any person or entity which is not a party to the Agreement; provided that either party’s Affiliate which is defined as an Authorized User under a Statement of Work shall be deemed a party to the Agreement for the purposes of that Statement of Work.
    7. Assignment. Client may not assign or otherwise transfer any of its rights or obligations under the Agreement, in whole or in part, without the prior written consent of CINCO. Any assignment in breach of this Section is null and void. Except to the extent identified in this Section, the Agreement will be binding upon and inure to the benefit of the respective successors and permitted assigns of the parties.
    8. Publicity. Client shall not use in any advertising, publicity, promotion, marketing, or other similar activity, any name, trade name, trademark, or other designation including any abbreviation, contraction, or simulation of CINCO, without CINCO’s prior written consent.
    9. Export laws. The Services (which for purposes of this Section include any Client Side Software, Documentation and technical data stored or transmitted via the Services) may be subject to export and import control laws of Canada, the United States, the European Union, or other countries. Client agrees to comply strictly with all applicable export and import regulations, including, but not limited to (i) the Export Administration Regulations maintained by the U.S. Department of Commerce, and (ii) the trade and economic sanctions maintained by the U.S. Department of Treasury Office of Foreign Assets Control, and will not allow use of the Services in a manner that breaches or facilitates the breach of such regulations. Client has the responsibility to obtain any licenses required to export, re-export, or import the Services, including deemed exports. The Services shall not be provided to nor used by anyone: (a) located in any applicable embargoed or sanctioned countries or by any Foreign National of a U.S. embargoed country; or (b) included on the U.S. Treasury Department’s list of Specially Designated Nationals; (c) the U.S. Department of Commerce’s Denied Persons or Entity List; or (d) subject to trade control sanctions or blocking measures. By using the Services, Client represents and warrants that neither Client nor any Person provided access to the Service by Client is located in any such country or on any such list.
    10. Force Majeure. At times, the action or inaction of parties or systems not controlled by CINCO or other events beyond CINCO’s control can impair, disrupt or delay CINCO’s ability to provide the Services or Client’s ability to access the Services. CINCO disclaims, and Client shall not hold CINCO responsible for, any and all liability resulting from or related to such actions or events, including acts of God, acts of governmental authority, unavailability of third-party communication facilities or energy sources, fires, transportation delays, or pandemics, or any cause beyond CINCO´s reasonable control (collectively “Force Majeure”).
    11. Notices. Any notice under the Agreement that must be given by a Party in writing is to be sent either (i) via certified or registered mail, postage prepaid, or (ii) via express mail or nationally recognized courier service to the other Party’s address specified in the Agreement or on the most recent Statement of Work, and shall be effective when received.
    12. Severability. If any provision of the Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of the Agreement shall remain in effect.
    13. Governing Law and Jurisdiction. The Agreement shall be governed by, construed, and interpreted in accordance with the laws of the jurisdiction in which the Client is incorporated (as indicated in this Agreement), EXCEPT that where the Client is incorporated in any territory outside of the United States of America, Canada, the United Kingdom or the European Economic Area, the Province of Québec and the laws of Canada shall govern this Agreement and the Province of Québec shall constitute the forum/jurisdiction for any applicable disputes arising hereunder.
    14. Language. The Parties have expressly requested that this Agreement and any notice or other document in connection therewith (including SOW and PO) be prepared in the English language. Les parties ont demandé spécifiquement que cette convention ainsi que tous les avis et autres documents y afférents (y compris tout devis ou bon de commande) soient rédigés en anglais.
    15. Execution. This Agreement may be executed in counterparts, each of which so executed shall be deemed to be an original, and together which shall be deemed to be but one and the same instrument. Delivery or acceptance of this Agreement or any portion thereof by facsimile transmission or digitally, or in any electronic fashion, shall have the same effect as if delivered personally and any such transmission signature, initial, or notation, shall have the same effect as if it were an original and shall be binding upon the maker thereof.

APPENDIX 1
DATA PROCESSING ADDENDUM (DPA)

This Data Processing Addendum, including its Schedules, ("DPA”) forms part of the Agreement between Cinco and you ("Client” or "you”) for the purchase of the Services (the “Agreement”) to reflect the Parties’ agreement with regard to the Processing of Personal Data.

Client enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates. For the purposes of this DPA only, and except where indicated otherwise, the term "Client” shall include Client and Authorized Affiliates All capitalized terms not defined herein shall have the meaning set forth in the Agreement.

In the course of providing the Services to Client pursuant to the Agreement, Cinco may Process Personal Data on behalf of Client and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

If the Client entity signing this DPA has executed a Statement of Work (“SOW”) or Services Order with Cinco or its Affiliate pursuant to the Agreement, but is not itself a party to the Agreement, this DPA is an addendum to that SOW and applicable renewal SOW, and the Cinco entity that is party to such SOW is party to this DPA.

1. DATA PROCESSING TERMS

   "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity.

   "Control," for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

   "Authorized Affiliate"" means any of Client’s Affiliate(s) which is permitted to use the Services pursuant to the Agreement between Client and Cinco, but has not signed its own SOW with Cinco and is not a ‘‘Client’’ as defined under this DPA.

   "CCPA" means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act, and its implementing regulations.

   "Cinco" means Cinco Services. LLC, a company incorporated in the Province of Quebec, Canada, incorporated under the number 9118-2162 Quebec Inc .

   "Controller" means the entity which determines the purposes and means of the Processing of Personal Data.

   "Cookies" means cookies, pixel tags and other similar technologies.

   "Client" means the entity that executed the Agreement together with its Affiliates (for so long as they remain Affiliates) which have signed SOW.

   "Client Data" means any electronic data or materials provided or submitted by or for Client to or through the Services. This DPA does not apply to non-Cinco applications.

   "Client Data Incident" means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Client Data, including Personal Data, transmitted, stored or otherwise Processed by Cinco or its Sub-processors.

   "Data Protection Laws and Regulations" means all laws and regulations applicable to the Processing of Personal Data under the Agreement and the placement of Cookies, including those of the European Economic Area, Switzerland, the United Kingdom and the United States and its states.

   "Data Subject" means the identified or identifiable person to whom Personal Data relates.

   "Data Subject Request" means, a Data Subject's legal right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making as set out in applicable Data Protection Laws and Regulations.

   "Europe" means the European Economic Area, Switzerland and the United Kingdom.

   "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), including as implemented or adopted under the laws of the United Kingdom.

   "Personal Data" means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Client Data.

   "Processing" or “Process" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

   "Processor" means the entity which Processes Personal Data on behalf of the Controller, including as applicable any “service provider” as that term is defined by the CCPA.

   "Public Authority" means a government agency or law enforcement authority, including judicial authorities.

   "Standard Contractual Clauses" means Standard Contractual Clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and the Council approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as currently set out at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

   "Sub-processor" means any Processor engaged by Cinco.

   "UK GDPR" means the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).

2. PROCESSING OF PERSONAL DATA

   1. Roles of the Parties. Unless otherwise provided in this DPA, the parties acknowledge and agree that with regard to the Processing of Personal Data, Client is a Controller or a Processor, Cinco is a Processor and that Cinco will engage Sub-processors pursuant to the requirements set forth in section 6 “Sub-processors” below.
   2. Client’s Personal Data Obligations. Cinco will not Process any Personal Data on behalf of Client except upon its documented instructions and consistent with the stated nature and purpose of the processing (as set forth in the attached Schedule 1 – Description of Processing/Transfer), or as required by applicable law Data Protection Laws and Regulations and following reasonable notice to Client (where legally permitted). Client hereby instructs Cinco to Process Personal Data to provide Services in accordance with the Agreement and this DPA. Client shall promptly confirm oral instructions in writing. CINCO shall inform Client immediately if Cinco has a good faith belief that an instruction violates applicable Data Protection Laws and Regulations. Cinco shall then be entitled to suspend execution of the relevant instructions until Client confirms or changes them to comply with applicable law.
   3. Details of the Processing. The subject-matter of Processing of Personal Data by Cinco is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 (“Description of Processing/Transfer”) to this DPA.

3. RIGHTS OF DATA SUBJECTS

   1. Cinco will rectify, erase, or restrict the Processing of data that is being processed on behalf of Client on Client’s documented instructions to the extent Client is unable to do it on his account.
   2. To the extent legally permitted, if a Client’s Data Subject contacts Cinco directly concerning a rectification, erasure, or restriction of Processing, or complaint, Cinco will immediately, and in all cases within five (5) business days, forward the Data Subject’s request to the Client.
   3. Cinco will assist Client in fulfilling Data Subject requests to exercise rights of rectification, erasure, restriction, objection, data portability, or access in accordance with documented instructions from Client, or with dealing with a complaint from a Data Subject, without undue delay to the extent commercially practicable. Cinco may charge a reasonable fee to assist Client in the fulfilling of its obligations under this Addendum

4. CINCO PERSONNEL

   1. Confidentiality. Cinco shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Cinco shall ensure that such confidentiality commitments survive the termination of the personnel engagement.
   2. Reliability. Cinco shall take commercially reasonable steps to ensure the reliability of any Cinco personnel engaged in the Processing of Personal Data.
   3. Limitation of Access. Cinco shall ensure that Cinco' access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.

5. ARTIFICIAL INTELLIGENCE

   1. CINCO uses AI Technology to enhance the functioning and quality of the Services it provides to Client. Cinco does not use your Personal Data to train the algorithms in any AI Technology we use in connection with the provision of the Platform and the Services.
   2. Cinco is committed to ensuring that the use of AI Technology in connection with the Services complies with applicable data protection laws.
   3. Should Cinco wish to use Client's Personal Data in the future for training its algorithms in any AI technology, it will do so only with Client’s explicit consent (when legally required).

6. SUB-PROCESSORS

   1. Appointment of Sub-processors. Client acknowledges and agrees that (a) Cinco’ Affiliates may be retained as Sub-processors; and (b) Cinco and Cinco’ Affiliates respectively may engage third-party Sub-processors in connection with the provision of the Services. In this case, Cinco or a Cinco’s Affiliate shall enter into an agreement with each Sub-processor containing, in substance, the same data protection obligations than those in the Agreement with respect to the protection of Client Data to the extent applicable to the nature of the Services provided by such Sub-processor.
   2. List of Current Sub-processors and Notification of New Sub-processors. The current list of Sub-processors engaged in Processing Personal Data for the performance of each applicable purchased Services, including a description of their processing activities and countries of location, is listed Schedule 1 attached. Clients hereby consent to the use of these Sub-processors, as it pertains to their Personal Data. Client is responsible for re-checking the sub-processor with Cinco (available upon request) to obtain future changes.

7. SECURITY

   1. Controls for the Protection of Client Data. Cinco shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Client Data), confidentiality and integrity of Client Data, as set forth in Schedule 2 attached. Cinco regularly monitors compliance with these measures. Cinco will not materially decrease the overall security of the Services as a result of change(s) to its security measures.
   2. Audit. Cinco shall maintain an audit program to help ensure compliance with the obligations set out in this DPA and shall make available to Client information to demonstrate compliance with the obligations set out in this DPA, including those obligations required by applicable Data Protection Laws and Regulations, as set forth in this section 7.2.
   3.      Legally Mandated On-Site Audits: Where applicable Data Protection Laws and Regulations mandate that Cinco must be subject to an audit by the Client, Cinco will permit Client to conduct documentary audit of the Processing undertaken by Cinco in respect of the provision of the Services. Such documentary audits shall take place on reasonable notice and no more than annually, or more frequently if there are indications of non-compliance with this DPA.

8. DATA PROTECTION IMPACT ASSESSMENT

            Upon Client’s request, Cinco shall provide Client with reasonable cooperation and assistance needed to fulfill Client’s obligation under Data Protection Laws and Regulations to carry out a data protection impact assessment related to Client's use of the Services, to the extent Client does not otherwise have access to the relevant information, and to the extent such information is available to Cinco.

9. CLIENT DATA INCIDENT MANAGEMENT AND NOTIFICATION

   1. Notification. Cinco maintains security incident management policies and procedures. Cinco shall notify the Client without undue delay (not to exceed 72 hours) after becoming aware of a “Client Data Incident”.
   2. Cinco Responsibilities. In respect of such Client Data Incident, Cinco shall: (i) make reasonable efforts to identify the cause; (ii) take such steps as Cinco deems necessary and reasonable to remediate the cause to the extent the remediation is within Cinco's reasonable control; (iii) cooperate reasonably with the Client and provide Client with the information needed to fulfill its data breach obligations under Data Protection Laws and Regulations; (iv) take other further measures and actions that Cinco determines are necessary to remedy or mitigate the effects of the security incident, and (v) except as required by law, Cinco will not take action to notify Data Subjects of any security incident.
   3. Exclusions. The obligations imposed on Cinco and set out in section 9.2, shall not apply to incidents that are caused by Client or Client’s users.

10. RETURN AND DELETION OF CLIENT DATA

    1. Cinco may not create copies or duplicates of the Client's Personal Data without the Client’s knowledge and consent, except (i) as required to provide Services, (ii) for back-up copies to the extent necessary to ensure orderly data processing and disaster recovery, or (iii) to the extent required by applicable law or regulatory requirements to retain data.
    2. Upon Client’s written request within 30 days after termination or expiration of the Agreement, Cinco will make Client Personal Data available to Client in an industry standard format. After such a 30-day period, Cinco has no obligation to maintain the Client Data and will destroy it; provided that Cinco may maintain the Client Data to the extent required for legitimate business purposes, including to comply with legal obligations, resolve disputes and conduct audits.

11. DATA TRANSFERS

    1. Should Client Personal Data originates from and/or be processed within the United Kingdom (“UK”), a Member State of the European Union (“EU”) or within a Member State of the European Economic Area (“EEA”), any subsequent transfer of Such Personal Data to Cinco in a country that is not the UK, a Member State of either the EU or the EEA, such transfer shall occur only if the specific conditions of Article 44 et seq GDPR or the UK GDPR, as applicable, have been fulfilled. For the avoidance of doubt, signature of this document shall be deemed to constitute the signature and acceptance of the EU Standard Contractual Clauses (if applicable), including it applicable module (The EU C-to-P Transfer Clauses or EU P-to-P Transfer Clauses, as applicable), unless Client wishes to separately execute the Standard Contractual Clauses with Cinco.

                Where Client and/or its Authorized Affiliate is a Controller and a data exporter of Personal Data and Cinco is a Processor and data importer in respect of that Personal Data, then the Parties shall comply with the EU C-to-P Transfer Clauses.

       Where Client and/or its Authorized Affiliate is a Processor and a data exporter of Personal Data and Cinco is a Processor and data importer in respect of that Personal Data, then the Parties shall comply with the EU P-to-P Transfer Claus

       "EU C-to-P Transfer Clauses" means Standard Contractual Clauses sections I, II, III and IV (as applicable) to the extent they reference Module Two (Controller-to-Processor).

       ”EU P-to-P Transfer Clauses" means Standard Contractual Clauses sections I, II, III and IV (as applicable) to the extent they reference Module Three (Processor-to-Processor).

    2. For any transfer of Client Data not subject to the GDPR or UK GDPR, then the transfer conditions set out by the applicable Data Protection Laws and Regulations shall apply.

12. LIMITATION OF LIABILITY

    1. Limitations. Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, and all DPAs between Authorized Affiliates and Cinco, whether in contract, tort or under any other theory of liability, is subject to the 'Limitation of Liability' section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together.
    2. Aggregate and Several Liability. For the avoidance of doubt, Cinco’ and its Affiliates' total liability for all claims from Client and all of its Authorized Affiliates arising out of or related to the Agreement and all DPAs shall apply in the aggregate for all claims under both the Agreement and all DPAs established under the Agreement, including by Client and all Authorized Affiliates, and, in particular, shall not be understood to apply individually and severally to Client and/or to any Authorized Affiliate that is a contractual party to any such DPA

13. COMPLIANCE WITH CCPA

    1. CCPA. To provide the Services, Client may disclose Personal Information to Cinco. The parties agree that to provide the Services, Cinco is acting as a "Service Provider" pursuant to §1798.140 of the California Consumer Protection Act ("CCPA"). Cinco shall not retain, use, or disclose Personal Information provided by Client pursuant to this Agreement except as necessary for the specific purpose of providing the Services and the Professional Services, as applicable, pursuant to this Agreement or as otherwise set forth in this Agreement or as permitted by the CCPA. Cinco will not sell Personal Information. Client is responsible for responding to Consumer requests using Client's own access to the relevant Personal Information. Upon Client’s written request, and subject to and in accordance with all applicable laws, Cinco will provide assistance, as required under CCPA, to Client for the fulfillment of Client's obligations to respond to requests to exercise Consumer's rights under CCPA with respect to Personal Information provided by Client pursuant to this Agreement, to the extent Client is unable to access the relevant Personal Information itself. To the extent legally permitted, Client shall be responsible for any costs arising from Cinco’ provision of such assistance.

List of Schedules

Schedule 1: Description of Processing/Transfer

SCHEDULE 1
DESCRIPTION OF PROCESSING/TRANSFER

1. LIST OF PARTIES

   Data exporter(s) : Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union

   Name : Client and its Authorized Affiliates.

   Contact person’s name, position, and contact details: available upon request

   Activities relevant to the data transferred under these clauses: Performance of the Services pursuant to the Agreement and as further described in the Documentation.

   Data importer(s): Identity and contact details of the data importer(s), including any contact person with responsibility for data protection

    

   Name: Alex Iancu

   Address: 139 Saint-Paul West, Suite 5, Montreal, Quebec, H2Y 1Z5

   Contact person’s name, position, and contact detail:s CIO

   Activities relevant to the data transferred under these clauses: Performance of the Services pursuant to the Agreement and as further described in the Documentation.

2. CATEGORIES OF DATA SUBJECTS WHOSE PERSONAL DATA IS TRANSFERRED

   Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:

   • Prospects, Clients, and business partners of Client (who are natural persons)
   • Employees or contact persons of Client's prospects, Clients, and business partners
   • Employees, agents, advisors, freelancers of Client (who are natural persons)
   • Client's users authorized by Client to use the Services

3. CATEGORIES OF PERSONAL DATA TRANSFERRED

   Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:

   • First and last name
   • Title
   • Position
   • Employer
   • Contact information (company, email, phone, physical business address)
   • ID data
   • Geolocation data

4. SENSITIVE DATA TRANSFERRED (IF APPLICABLE)

   Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures:

   None.

5. FREQUENCY OF THE TRANSFER

   The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):

   Continuous basis depending on the use of the Services by Client.

6. NATURE OF THE PROCESSING

   The nature of the Processing is the performance of the Services pursuant to the Agreement.

7. PURPOSE OF PROCESSING, THE DATA TRANSFER AND FURTHER PROCESSING

   Cinco will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Documentation, and as further instructed by the Client in its use of the Services.

8. DURATION OF PROCESSING

   The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

   Subject to section 10 of the DPA, Cinco will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.

9. SUB-PROCESSOR TRANSFERS

   As per 7 above, the Sub-processor will Process Personal Data as necessary to perform the Services pursuant to the Agreement.

   Subject to section 8 of this DPA, the Sub-processor will Process Personal Data for the duration of the Agreement, unless otherwise agreed in writing.

   Identities of the Sub-processors used for the provision of the Services and their country of location available upon request.

10. TECHNICAL AND ORGANIZATIONAL MEASURES

    Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, applicable to the specific Services purchased by data exporter. Data Importer will not materially decrease the overall security of the Services during a subscription term. Data Subject Requests shall be handled in accordance with section 3 of the DPA.

11. CONTACT

    For Data Protection-related matters: please send an email to CINCO at [email protected]