LICENSING AGREEMENT
This Licensing Agreement (the "Agreement") is entered into and binding upon all relevant parties from the Agreement start date of the signed Quote. The parties to this Agreement are the following: Client, which is indicated in the Quote and has signed this Agreement (the “Licensee”) and ALBATO Limited (the “Licensor”), Vasilissis Freiderikis, 34 Flat/Office 106, 1035, Nicosia, Cyprus, registration number HE-420916, represented by Leonid Goldfarb acting on the basis of the Special power of attorney dated as of June 1st, 2023 together called the “Parties”.
Subject Matter: The Licensor hereby grants the Licensee a non-exclusive and non-transferable right to use the Software Product[1] (the Product or the Albato Platform) made available to the latter through an iFrame[2] by opening access to the Licensor's database server and/or through the application programming interface. The Licensor will provide the Licensee with the Product implementation and modification services, and the Licensee will pay the respective fees under the terms and conditions set forth in this Agreement and the Quote. The Product may be used by the Licensee only to be integrated with the Licensee's products and services, and cannot be resold or otherwise used for the benefit of third parties on a stand-alone basis. The Licensor will provide the Licensee with the Product implementation, maintenance, and modification services, and the Licensee will pay the respective fees under the terms and conditions set forth in this Agreement and the Quote. The license grant includes the right to provide access to Licensee’s end customers referred to as "End Users," as integral components of paid services.
The Product means the Albato integration platform “Albato Embedded,” developed and owned by the Licensor, designed to be embedded into the Licensee’s product and to automate flows by exchanging data between the Licensee’s product and third-party applications. It includes the Albato application source code, the user interface (the Albato platform), and the library of pre-built integrations (connectors). Among the product core modules are the Automation Builder (to build automation flows), ancillary tools for manipulating and transforming data (the Tools), the Solution Builder (to build integration templates), the App Integrator (to build custom apps, APIs, and webhooks), the Partner Dashboard (to monitor usage insights and manage integrations), and the embeddable iFrame (the customer-facing UI for the integrations).
Pricing Plans: The Licensor shall provide the Product on the following commercial terms (the Pricing Plans):
| Per-connector pricing plans | Pro | Enterprise |
|---|---|---|
| Embedded connectors | Included | Included |
| Embedded workflow builder | Included | Included |
| Implementation via iFrame | Included | Included |
| Implementation via headless API | Included | Included |
| White labeling | Included | Included |
| Level of iFrame customization | Medium | Premium |
| Staging environment | Included | Included |
| Partner dashboard with usage insights | Included | Included |
| AI Copilot and workflow agents | Included | Included |
| AI Copilot monthly tokens included | Unlimited (subject to Fair Use policy) | Custom |
| New product features | - | Included |
| Webhook notifications | Included | Included |
| Max. number of active users | Unlimited | Unlimited |
| Max. number of active automations (workflows) | Unlimited | Unlimited |
| Max. number of integration templates (solutions) | Unlimited | Unlimited |
| Tech support SLA | Second line | Second or First line |
| API maintenance and updates | Included | Included |
| Max. API update time | 1 minute | 1 minute |
| Custom webhooks | Included | Included |
| Bulk data migration | Included | Included |
| Enterprise connectors | Included | Included |
| Teams functionality | Not Included | Included |
| Data residency | Extra fee | Included |
| Managed private cloud | Extra fee | Included |
| Self-hosted | Not Included | Included |
| Uptime SLA | Not Included | Included |
| Free connectors included | 30 | Custom |
| Max. number of active connectors | Unlimited | Unlimited |
| Development of custom connectors per month | 2 | Custom |
| Integration engineer hours per month (inc. custom connectors) | 50 | Custom |
| Project hours per month | 50 | Custom |
| API calls and webhooks included | Unlimited | Unlimited |
| Monthly transactions included | Unlimited (subject to Fair Use policy) | Custom |
| Fixed monthly fee (Fixed Fee) | $5,000 | Custom |
| Per-connector monthly fee (Variable Fee) | from $20 to $50 (tiered) | Custom |
Variable Fee – Tiered Pricing Structure
The per-connector monthly fee (“Variable Fee”) is subject to tiered pricing based on the number of Payable Connectors. The unit price per connector decreases as the number of Payable Connectors increases, as shown in the table below. Payable Connectors are defined as enabled connectors in a given billing period, excluding any free connectors included in the plan. The applicable Variable Fee is calculated by multiplying the number of Payable Connectors by the corresponding per-connector rate within the applicable tier.
| Tier | Payable connectors from | Payable connectors to | Price per connector |
|---|---|---|---|
| 1 | 1 | 15 | $50 |
| 2 | 16 | 30 | $40 |
| 3 | 31 | 50 | $35 |
| 4 | 51 | 70 | $30 |
| 5 | 71 | 100 | $28 |
| 6 | 101 | 130 | $26 |
| 7 | 131 | 160 | $24 |
| 8 | 161 | 200 | $22 |
| 9 | >=201 | — | $20 |
| Per-user pricing plans | Pro | Enterprise |
|---|---|---|
| Embedded connectors | Included | Included |
| Embedded workflow builder | Included | Included |
| Implementation via iFrame | Included | Included |
| Implementation via headless API | Included | Included |
| White labeling | Included | Included |
| Level of iFrame customization | Medium | Premium |
| Partner dashboard with usage insights | Included | Included |
| Staging environment | Included | Included |
| New product features | Not Included | Included |
| AI Copilot and workflow agents | Included | Included |
| AI Copilot monthly tokens included | Unlimited (subject to Fair Use policy) | Custom |
| Webhook notifications | Included | Included |
| Max. number of active users | Unlimited | Unlimited |
| Max. number of active automations (workflows) | Unlimited | Unlimited |
| Max. number of integration templates (solutions) | Unlimited | Unlimited |
| Tech support SLA | Second line | Second line or First line |
| API maintenance and updates | Included | Included |
| Max. API update time | 1 minute | 1 minute |
| Custom webhooks | Included | Included |
| Bulk data migration | Included | Included |
| Enterprise connectors | Included | Included |
| Teams functionality | Not Included | Included |
| Data residency | Extra fee | Included |
| Managed private cloud | Extra fee | Included |
| Self-hosted | Not Included | Included |
| Free users included | 200 | Custom |
| Free connectors included | Unlimited | Custom |
| Max. number of active connectors | Unlimited | Unlimited |
| Development of custom connectors per month | 2 | Custom |
| Engineering hours per month (inc. custom connectors) | 50 | Custom |
| Project hours per month | 50 | Custom |
| API calls and webhooks included | Unlimited | Unlimited |
| Monthly transactions included | Unlimited (subject to Fair Use policy) | Custom |
| Fixed monthly fee (Fixed Fee) | $5,000 | Custom |
| Per-user monthly fee (Variable Fee) | from $2 to $5 (tiered) | Custom |
Variable Fee – Tiered Pricing Structure
The per-user monthly fee (“Variable Fee”) is subject to tiered pricing based on the number of Payable Users. The unit price per user decreases as the number of Payable Users increases, as shown in the table below. Payable Users are defined as active users in a given billing period, excluding any free users included in the plan. The applicable Variable Fee is calculated by multiplying the number of Payable Users by the corresponding per-user rate within the applicable tier.
| Tier | Payable users from | Payable users to | Price per user |
|---|---|---|---|
| 1 | 1 | 100 | $5.00 |
| 2 | 101 | 200 | $4.00 |
| 3 | 201 | 300 | $3.00 |
| 4 | 301 | 500 | $2.80 |
| 5 | 501 | 700 | $2.60 |
| 6 | 701 | 1,000 | $2.40 |
| 7 | 1,001 | 1,500 | $2.20 |
| 8 | 1,501 | 2,000 | $2.10 |
| 9 | >=2,001 | — | $2.00 |
| Proof of Concept | POC |
|---|---|
| Implementation via iFrame | Included |
| White labeling | Not Included |
| Level of iFrame customization | Default iFrame without branding |
| Max. number of active automations (workflows) | Up to 4 |
| Max. number of integration templates (solutions) | Up to 2 |
| Custom webhooks | Included |
| Bulk data migration | Included |
| Number of connectors included | Up to 3, including the Licensee application |
| Max. number of active users | 20 |
| Engineering hours per month | 5 |
| Dedicated Project team hours per month | 5 |
| Monthly transactions included | 100,000 |
| Fixed monthly fee (Fixed Fee) | Custom |
-
The Parties agree to work under the MSA and the terms indicated in the Quote.
-
The Licensor’s monthly remuneration (the Service Fee) shall consist of fixed and variable fees. Under the Service Fee, the Licensor shall provide the following services to the Licensee:
2.1.1. Granting the Licensee the right to use the Product as stated in the Subject matter of this Agreement.
2.1.2. Access to the Licensor’s existing connector library, including all available connectors and their respective functionality as maintained and updated by the Licensor.
2.1.3. Access to the full functionality of the Licensor’s Product, including, without limitation, the automation builder, solution builder, AI Copilot, workflow agents, partner dashboard, app integrator, user-facing iFrame, embedded API, and other features as made available by the Licensor.
2.1.2. Monthly transactions (a transaction is defined as a single successful data transfer between cloud applications via the Product). Transactions are counted in aggregate across all connectors used by the Licensee within a given month.
2.1.3. Development of new connectors upon the Licensee’s request, as specified in the applicable pricing plan.
2.1.4. Allocated hours of the Licensor’s engineers for enhancing Product functionality, including the addition of new triggers, actions, webhooks, data fields, and other connector-related functionality, as specified in the applicable pricing plan.
2.1.5. Provision of project resources, including a dedicated solution engineer and customer success manager.
2.1.6. Provision of dedicated technical support to the Licensee and its customers.
2.1.7. Delivery of new integration templates (solutions), as specified in the applicable pricing plan.
2.3. The Fixed Fee for the first and final month of the term will be prorated based on the actual number of days the Licensee used the Product during that calendar month.
2.4. The Variable Fee shall consist of:
2.4.1. A monthly fee based on either enabled connectors or active users (as selected in the applicable pricing plan).
2.4.2. A connector is deemed “enabled” once it has been made available to the Licensee.
2.4.3. The per-connector fee applies only to third-party connectors and excludes the Licensee’s own connector(s) as well as the Licensor’s ancillary applications, including, without limitation, webhook catcher, data storage, scheduled trigger, and other auxiliary tools (such as router, branching, iterator, table replacement, value parser, and other data transformation, formatting, and logic tools).
2.4.3. The Licensor will charge only for active users who have (i) set up at least one connector and (ii) generated at least one transaction during the applicable calendar month following a 14-day trial period.
The trial period begins when a user is created and registered via the Albato API method “Create user.” No charges apply to users who do not generate any transactions after the trial period, whether in the first month after registration or in any subsequent month.
At the beginning of each calendar month, the Licensor recalculates the number of active (billable) users based on usage in the preceding month.
The Licensee may register users on the Licensor’s platform either as individual users or as organizations (tenants). Users registered under a single organization ID will be treated as one billable entity, regardless of the number of sub-users (e.g., employees). In such cases, all sub-users within the organization will share the same Albato iFrame, set of connectors, activity logs, and transaction limits.
A Transaction means any successfully executed action within an integration in which Albato creates, transforms, or updates data (e.g., creating a contact, updating a deal, routing a ticket, or sending a message). Each such completed action counts as one Transaction.
An “API call” or “webhook” refers to an inbound request or event received from an external application which triggers the execution of an integration workflow.
For clarity, the Licensor does not charge the Licensee for API listening (trigger API calls) or incoming webhooks. All inbound API calls (i.e., triggers) are free of charge and do not count toward the Licensee’s transaction limit.
2.4.3. Fair Use Policy
Transaction Usage:
If the Licensee’s monthly usage of the Licensor’s connectors consistently or repeatedly exceeds 10,000,000 (ten million) transactions per month—whether over two consecutive months or through frequent irregular peaks within a year—the Licensor reserves the right to initiate a pricing review and to discuss any necessary adjustments to the plan.
Token Usage:
If the Licensee’s usage of the Licensor’s AI Copilot consistently or repeatedly exceeds X (X) tokens per month—whether over two consecutive months or through frequent irregular peaks within a year—the Licensor reserves the right to initiate a separate pricing review and discuss any necessary adjustments related to AI usage.
2.5. The Variable Fee hereunder shall be the aggregate of variable fees for all the implemented connectors used by the Licensee or active users. The variable fee shall be calculated based on the number of implemented connectors used by the Licensee, excluding the Licensee application, or the number of active users (the Licensee’s customers).
2.6. The Fixed Fee is a monthly subscription plan. The Licensee is not entitled to request any refund or transfer of the unused service volumes from the current month to any following month.
2.7. The Licensee is only allowed to switch between per-user and per-connector pricing plans once during the first six months after the Launch date (Clause 7.9)
- The Licensor will calculate the variable fees and include them in the monthly invoices to be paid by the Licensee, based on the number of the Licensee's active users on the last day of the payable calendar month or the number of implemented connectors.
3.1. Once every twelve (12) months, the Licensor may unilaterally increase the Fixed Fee and the Variable Fee by up to 10% against those in effect by issuing an invoice for the increased amount. If the Licensor intends to change the fees, it shall give the Licensee 30 days' notice before the effective date of the new fees.
-
In case of the need to change the pricing plan, the Licensee shall notify the Licensor by the agreed means of communication no later than fifteen (15) days before the end of the calendar month. The pricing plan is considered changed when the parties sign a new quote reflecting the changes.
-
If the Licensee reaches the limit on the number of active users under any of the Per-user pricing plans, their current plan will be upgraded to a higher plan according to the table in the Pricing plans section, starting the next calendar month.
-
Additional explanations and definitions of the terms of use of the Product and SLA:
6.1. Implementation via iFrame: The Licensor will deploy integrations to the Licensee's product via an iFrame. The Licensor will use the Licensee's brand’s key visuals (e.g., fonts, colors, etc.) to make it more native and seamless to the Licensee's users. This model is the fastest to implement and the easiest to manage for both sides. It will also require the least effort from the Licensee's team to be implemented.
6.2. Implementation via API: This implementation type is also called "headless" deployment. The Licensor will build the backend and ready-to-use API components for all integrations. The Licensee will then connect them to their product's interface and build out a custom UI for the integrations. Although this approach provides the most native UX for the Licensee's end users, it will require a weighty effort from the Licensee's designers, frontend developers, etc.
6.3. iFrame customization SLA:
6.3.1. Basic customization includes light changes to iFrame colors to match the Licensee's UI palette.
6.3.2. Medium customization includes changes to iFrame fonts, colors, and copy (page headers, button and link names, etc.).
6.3.3. Premium customization includes everything from Medium plus significant changes to the UI elements, as well as the possibility of rearranging the existing ones, based on the Licensee's Figma project. The Licensee can also request that new languages be added to the iFrame.
6.4. Technical support SLA:
6.4.1. Second line of support means that the Licensor's tech support agents will interact with the Licensee's team members (not directly with the Licensee’s customers).
6.4.2. First line of support means that the Licensor's tech support agents will interact with Licensee’s customers directly.
6.5. White-labeling service means that the Licensor shall replace the Albato logo with the Licensee's brand on oAuth pages (where technically feasible), so that the Licensee’s customers won’t see any presence of the Licensor’s brand while using integrations. The process may take a few weeks or months, as the Licensee will first need to create an authentication app for each connector they use. These apps are then reviewed by the respective third-party platforms (for example, a Shopify auth app must be reviewed by Shopify). Once approved, the Licensor will replace the Albato logo with the Licensee's brand at the connector OAuth step and redirect the authentication flow to the Licensee's app. To achieve a faster time-to-market, the Licensee can also use the Licensor's gray-label auth app, Integration Hub.
6.5.1. A non-white-label version of the iFrame will include the "Powered by Albato" credit in its footer and the Albato logo on OAuth pages.
6.6. The Licensor shall deliver custom connectors upon the Licensee’s request in line with the Pricing Plans (Development of custom connectors per month). A custom connector stands for integration with a third-party system not listed in the Albato app library at the time the Licensee requests it. The Licensor will ensure that delivered custom connectors are fully functional, error-free, and work in accordance with the Licensee’s technical requirements and industry quality standards.
6.6.1. The Licensor is technically capable of developing a custom connector for a third-party cloud application as long as it has accessible endpoints (API or webhooks) along with documentation. The API of a third-party application must include all essential endpoints, objects, fields, authentication methods, and other components required for the Licensor to integrate it with the Albato API and develop the specific integration use cases, triggers, and actions requested by the Licensee. The Licensor shall provide the Licensee with the agreed number of custom connectors during setup, as outlined in the SLA (Clause 6.15), and each month following the setup phase, as outlined in the Pricing Plans at the beginning of this Agreement. Nevertheless, for connectors of exceptional complexity with non-standard APIs or intricate logic (e.g., applications from Microsoft, Oracle, SAP, or certain Google tools such as Google Workspace), the delivery time may extend beyond the typical monthly timeframe. Additionally, unforeseen external factors such as prolonged moderation on the third-party side and challenges in obtaining the necessary access to third-party APIs or test accounts may further delay the ETAs. (edited)
6.6.2. By default, a requested custom app should be compatible with the Albato App Integrator service to be built in a no-code way. Otherwise, the Licensor will need to hard-code a custom app for the Licensee, which will require custom backend development and extra man-hours from the Licensor's engineers and software developers. For such requests, the Licensor may be incapable of delivering the number of custom connectors in line with the monthly SLAs.
6.6.3. The Licensor reserves the right to decline any request for a custom connector if, following evaluation, its development is deemed unfeasible or would require disproportionate resources.
6.6.4. The development of each custom connector includes 10 man-hours, free of charge, of the Licensor's team involved in its delivery. The Licensor will charge the Licensee for extra man-hours at a rate of $80/ man-hour. In this scenario, the Licensor will provide the Licensee with a detailed calculation of extra charges.
6.6.5. If the development of a custom connector requires paid access, licensing, or a subscription to the third-party system (e.g., API access, developer account, sandbox, or production environment), the Licensee shall be responsible for covering all such costs directly or reimbursing the Licensor by including these costs in the Licensor’s invoices.
6.6.6. Project hours stand for man-hours of the Licensor’s project managers who utilize Albato tools such as the Solution Builder, Automation Builder, and Embedded Partner Dashboard to build, test, and deliver integration templates (Solutions) for the Licensee, as well as to coordinate project scope, timelines, and delivery between the Licensee and the Licensor’s engineering teams. The Licensor will charge the Licensee for extra project hours at a rate of $80/ man-hour. In this scenario, the Licensor will provide the Licensee with a detailed calculation of extra charges.
6.7. Engineering hours stand for man-hours of the Licensor’s engineers who utilize the Albato App Integrator to add new connectors to the Albato API or enhance the functionality of existing ones, including the Licensee's application (connector), as well as adding new API endpoints and webhooks (triggers and actions) and other custom product features (New Product Features), and iFrame customization. he Licensor will charge the Licensee for extra engineering hours at a rate of $80/ man-hour. In this scenario, the Licensor will provide the Licensee with a detailed calculation of extra charges.
6.8. Enterprise connectors include MySQL, PostgreSQL, Google BigQuery, Google Workspace, PayPal, DocuSign, WhatsApp Business, Greenhouse, Bamboo HR, Workday, QuickBooks, Xero, Facebook, Instagram, Microsoft, SAP, AWS, and Oracle connectors. The list is not limited to these applications and will continue to expand as new enterprise-grade systems are introduced.
6.9. Data residency means that the Licensor will deploy additional cloud servers to keep the data of the Licensee's customers in a specific geographical location.
6.10. Managed private cloud means that the Licensor will deploy additional AWS cloud to host the Licensee's connectors and customer data that will ensure:
Enhanced security and control: Access rights will be managed individually for the Licensee's cloud, independent of platform-wide rules.
Enhanced processing speed: The Licensee's environment will operate separately, ensuring consistent performance without interference from other customers.
Isolated tenancy: The Licensee's customers' data will be stored and processed in a dedicated AWS instance, fully isolated from other Licensor's users.
Flexible regional choice: The Licensor can deploy multiple AWS regions that suit the Licensee's needs, ensuring regional compliance, lower latency, and better global coverage.
6.11. New product features mean enhancements to the Licensor's core product.
Medium: The Licensee may request minor product improvements, like adding a new API method not currently offered by the Licensor. Developing these features should take the Licensor no more than two sprints. Premium: The Licensee can request significant changes to the Licensor's existing product modules, e.g., introducing more detailed error logs or adding new data transformation tools.
The Licensor reserves the right to decline any request for a Product feature if, following evaluation, its development is deemed unfeasible or would require disproportionate resources.
6.12. Webhook notifications mean automated alerts with information about integration errors and transaction limits of the Licensee's end users, which the Licensor can send to the Licensee.
6.13. Teams functionality means built-in team management capabilities, including role-based access control (RBAC), granular permissions, and dedicated workspaces, enabling the Licensee to define user roles and control who can create, edit, launch, or manage integrations, while maintaining governance and visibility.
6.14. The “Partner Dashboard” includes a set of reporting and management tools, including usage insights, real-time health monitoring of the Licensor’s integrations, a notification center, iFrame customization capabilities, and controls for managing user transaction limits and available connectors.
6.15. The detailed SLAs for each pricing plan are outlined in the table below:
| Pro | Enterprise | |
|---|---|---|
| Set-up and onboarding | ||
| API design support | Included | Included |
| Implementation time frame | Up to 4 months | Custom |
| Custom connectors built by Albato | Up to 2 | Custom |
| Solutions built by Albato | Up to 2 | Custom |
| Team hours included | 80 | Custom |
| Cadence calls with your project team | Weekly | Custom |
| Onboarding and learning materials | Included | Included |
| Ongoing project management | ||
| Solutions built by Albato | Up to 3 per month | Custom |
| Custom connectors built by Albato | Up to 2 per month | Custom |
| Proactive monitoring and troubleshooting of integration errors | Included | Included |
| Project hours/ month | 50 | Custom |
| Integration engineer hours/ month | 50 | Custom |
| Ongoing customer success | ||
| Tech support first response time | Up to 8 hours | Custom |
| Submission of technical issues, questions and feature requests | "Via support + Project manager" | "Via support + Project manager" |
| Cadence calls with your CS team | 4 calls per month | Custom |
| Communication via | Email or Slack | Email, Slack or your channel (e.g., MS Teams) |
| Weekly reports with valuable insights and recommendations | Included | Included |
| CS team hours/ month | 40 | Custom |
6.14. A dedicated project manager is available on the Pro and Custom plans during the whole course of the project.
6.15. By default, one solution includes up to two simple integration scenarios, each with up to three automation steps. More complex, multi-scenario solutions may require additional engineering and project hours.
6.16. Tech support response times vary depending on the issue's severity level. Please refer to the Albato Support Agreement below for specific response times within each pricing plan.
6.17. The Licensor has the right, at its sole discretion, to unilaterally make changes to the core software product of Albato, including but not limited to the iFrame of the Licensee. In this case, the Licensor will notify the Licensee no later than two calendar weeks in advance of any upcoming changes that clearly affect the appearance or operation of the Albato integrations on the Licensee's end. Such changes must not result in a reduction in the Product's functionality or the scope of services outlined in this agreement.
6.18. In pursuance of achieving the desired product fit and further full-scale collaboration, the Parties may choose to engage in a Proof of Concept (POC) aimed at determining whether the Product meets the Licensee’s requirements. This POC encompasses a series of collaborative steps to ensure a successful outcome:
POC Success Criteria: The Licensor and the Licensee will collaborate closely to establish clear success criteria, setting the stage for a successful POC.
POC Timeframe: The POC typically lasts 1 or 2 months, but the Parties may agree to extend it at any time if necessary.
POC Price: The ultimate price may vary based on the complexity and scale of integration scenarios the Licensee may request. The Licensor will assess the POC's scope and the amount of work required of the Licensor's team, and then present the Licensee with the final price for the Licensee's approval.
Technical Documentation: The Licensee will provide technical documentation that clearly and exhaustively describes the API endpoints and/or webhooks for the Licensee's SaaS application.
Connector Development: The Licensor will develop a bespoke connector for the Licensee's application with up to 3 triggers and 3 actions of the Licensee’s choice.
Application Selection: The Licensee will select up to 2 existing connectors with the existing triggers and/or actions from the Albato App Library .
Workflow Integration: The Licensor will set up data workflows (integrations) with the Licensee’s application and the chosen third-party systems.
Embeddable iFrame: The Licensor will deliver a ready-to-use, embeddable iFrame that allows the Licensee to effortlessly integrate the created workflows into their staging or production environment. The iFrame will have the Albato default styling without any additional branding or white-labeling.
User Experience Testing: The Licensee will embed the iFrame into either the staging or production environment of their application, and assess the iFrame's UX/UI through internal testing, or by opening it to their customers.
Data Flow Testing: Albato and the Licensee will join forces to rigorously test the integrations, ensuring flawless data synchronization and alignment with the Licensee's requirements and established success criteria.
Outcome Evaluation: The Licensee will relay the POC results to Albato, providing insights into which success criteria were met and which require further attention.
Implementation
The Licensor’s implementation services shall include the following scope of work:
7.1. The Parties shall agree on detailed technical requirements for the Connectors and their functionality, including the list of Connectors, triggers, actions, data flows, integration scenarios (use cases), implementation timelines, and costs. The agreements shall be made via email or other electronic means of communication.
7.2. The Licensor shall develop API methods for the Connectors, including triggers, actions, data points, webhooks, authentication methods, and other functions needed to create and deliver the Connectors with the integration scenarios as per the Licensee’s requirements.
7.3. The Licensor shall implement the Connectors via iFrame or API. The Parties shall agree on the iFrame interface design and mockup via email or other means of communication. The Licensor shall build and customize the iFrame in accordance with the design mockup that the Parties agreed upon.
7.4. The Licensor shall create integration templates (Solutions) for the requested Connectors.
7.5. The Licensor shall set up test users and perform test operations for the developed triggers and actions, including exchanging data between the Licensee’s Software and third-party cloud applications through the Product, to ensure that the Connectors are error-free and work in accordance with the Licensee’s technical requirements and industry quality standards.
7.6. The Licensee shall provide the Licensor with a test environment and access to the Licensee’s test accounts with all necessary access levels and rights to make possible full testing of each Connector and deployment to the Licensee environment.
7.7. The day following the receipt of the upfront payment for the subscription under the Quote shall be considered the starting date for the implementation.
7.8. Upon completion of the implementation services, the Licensor shall send a confirmation of implementation letter to the Licensee via email or other electronic means. The services rendered shall be deemed accepted by the Licensee and the Connectors shall be deemed implemented after (i) receipt of a confirmation letter (email) from the Licensee on the date of receipt of reply from the Licensee, or (ii) in case the Licensee does not reply and at the same time does not send any additional requests or complaints in regard to the implementation within five (5) business days from the day of receipt of the confirmation of implementation letter from the Licensor — i.e., on the 6th business day after confirmation of implementation was sent by the the Licensor.
7.9. The Launch date is the day when the Licensor commences rendering services under the Quote and the MSA and is defined as the next business day after the upfront payment is received.
7.10. The default implementation scope shall include the number of man-hours per month for the services of the Albato integration engineers and project team, according to the SLA table in clause 6.13.
7.11. The Licensor shall implement the Product to the extent limited to the core capabilities and features of the Albato platform (Core Product) available on the date of the signing of the Quote, including the connectors listed in the Albato app library, built-in capabilities of the Albato App Integrator, iFrame, Solution Builder, and other tools that are inherent to the Albato platform. If the Licensee requests to implement extra features or functionality that fall outside of the Core Product and that, in turn, would require the Licensor to execute custom development to make significant changes to the Product front or backend, the Licensor shall charge the Licensee $80 per hour for the custom development. The same hourly rate will be charged if the implementation scope exceeds the inclusive implementation hours outlined in the SLA table in Clause 6.13.
Payments
Monthly remuneration shall be paid to the Licensor as follows:
8.1. The Licensee shall pay the Fixed Fee on or before the 10th day of the current payable month.
8.2. The Licensee shall pay the Variable Fee on or before the 10th day following the end of the payable month. To determine the Variable Fee, the Licensor shall issue an invoice to the Licensee on or before the 5th day of the month following the payable month. The Licensee shall check whether the invoice is accurate within five (5) days of receipt, and then settle the invoice or request additional information to verify the calculations.
The Licensee shall be deemed to have fulfilled its payment obligations as soon as the funds are credited to the Licensor's bank account.
In the event that any payment by the Licensee is overdue for more than fourteen (14) calendar days, the Licensor may charge a late payment fee (constituting liquidated damages and not a penalty) at the rate of ten percent (10%) per annum, calculated daily from the day following the due date until the date of full payment (inclusive). The late payment fee shall not be recoverable unless the Licensor has submitted a written claim.
10.1. If any payment by the Licensee is overdue for more than ten (10) calendar days, the Licensor may terminate the Agreement early and block or limit the Product’s functionality (including, without limitation, the suspension or limitation of any integration) until payment is received in full, provided that the Licensor gives the Licensee at least fourteen (14) days’ prior written notice.
10.2. Any blocking or limitation shall not relieve the Licensee of the obligation to pay the Service Fee for the entire period of such blocking or limitation, nor shall it reduce the Service Fee for the relevant period. For the avoidance of doubt, the Licensee shall remain fully liable for any outstanding Service Fees accrued in prior periods, including any unpaid invoices.
Term, Renewal, and Termination
11.1. The term of this Agreement shall commence on the date of the signing of the Quote (“Effective Date”) and shall continue in full force and effect as described by this Agreement for a period of 12 (twelve) months or for the period specified in the Quote.
11.2. This Agreement shall be automatically renewed on a yearly basis unless either party terminates it with written notice 30 days prior to the end of the twelve (12) month term.
12.1. If the Licensee terminates the Agreement during the first six months of the 12-month term, and the termination is not caused by the Licensor, the Licensee shall pay an early termination fee equal to five monthly setup fees under the selected pricing plan. Payment is due within 30 days of the termination date.
12.2. If the Licensee terminates the Agreement during the second six months of the 12-month term, and the termination is not caused by the Licensor, the Licensee shall pay an early termination fee equal to three monthly platform fees under the selected pricing plan. Payment is due within 30 days of the termination date.
12.3. Early termination fees do not apply to Proof of Concept (POC) engagements.
12.4. Should the Licensee terminate the Agreement for any reason, the Licensee shall not be entitled to any refunds of any amounts paid for the services rendered up to the termination date.
12.5. Any fees accrued or invoiced prior to the termination date shall remain payable in full by the Licensee.
12.6. Termination shall not limit the Licensor’s right to pursue any other remedies available under this Agreement or applicable law.
Termination for convenience. Early termination fees.
- The Licensee shall have the right to terminate the Agreement for convenience (without cause) with 60 days' prior written notice, subject to payment of the termination fee, if applicable.
13.1. If the Licensee terminates the Agreement for convenience (without cause) during the first six months of the first 12-month term, the Licensee shall pay an early termination fee equal to five monthly implementation fees under the selected pricing plan.
13.2. If the Licensee terminates the Agreement for convenience (without cause) during the second six months of the first 12-month term, the Licensee shall pay an early termination fee equal to three monthly Fixed fees under the selected pricing plan.
13.3. Payment of the early termination fee is due within 30 days after the date of the termination notice. In case the early termination fee is not paid by the termination date, then the termination date shall be postponed (all fees under the Agreement being payable for such term) until payment of the early termination fee is received by the Licensor in full.
13.4. Early termination fees shall not apply to Proof of Concept (POC) engagements and termination after expiration of the first 12-month term.
- If the Licensee uses the Product for illegal purposes, the Licensor shall have the right to immediately block or limit the Product.
Warranties
- Each Party represents and warrants to the other the following:
15.1. It has the full corporate right and authority to enter into this Agreement and to perform the acts required of it hereunder.
15.2. The execution of this Agreement by such Party and the performance by such Party of its obligations and duties hereunder do not and shall not violate any other Agreement to which such Party is a Party or by which it is otherwise bound.
15.3. When executed and delivered by such Party, this Agreement shall constitute the legal, valid, and binding obligation of such Party, enforceable against such Party according to its terms.
15.4. Such Party acknowledges that the other Party makes no representations, warranties, or Agreements related to the subject matter hereof that are not expressly specified in this Agreement.
Additional Provisions
- Force Majeure. If performance of this Agreement or any other obligation under this Agreement is prevented, restricted, or interfered with by causes beyond either Party's reasonable control, and if the Party unable to carry out their obligations gives the other Party prompt written notice of the circumstances, then the obligations of the Party invoking this provision shall be suspended until the event necessary by such circumstances.
16.1. The term "Force Majeure" shall include, but is not limited to, acts of God, fire, explosion, vandalism, flood, storm, illness, injury, earthquake, general unavailability of essential materials, orders of military or civil authority, national emergencies, riots, strikes, lock-outs, work stoppages, or other labor disputes or supplier failures.
16.2. The Party excused by such events shall use all reasonable efforts under the circumstances to avoid or remove such causes of non-performance and shall proceed to perform with reasonable dispatch whenever such causes are removed or ceased.
16.3. An act or omission shall be deemed within the reasonable control of a Party if committed, omitted, or caused by such Party, or its employees, officers, agents, subsidiaries, or affiliates.
16.4. Notices. All notices that either Party is required or may desire to serve upon the other Party shall be in e-writing and addressed to the Party to be served at the respective email addresses agreed by the Parties and shall be sent via email.
16.5. Entire Agreement. This Agreement contains the entire Agreement of the parties regarding the subject matter of this Agreement, and there are no other promises or conditions in any other Agreement, whether oral or written.
16.6. Waiver of Contractual Rights. The failure of either Party to enforce any provision of this Agreement shall not be construed as a waiver or limitation of that Party's right to subsequently enforce and compel strict compliance with every provision of this Agreement.
16.7. Headings. The section and paragraph headings appearing in this Agreement are inserted only as a matter of convenience and in no way define, govern, limit, modify, or construe the scope or extent of the provisions of this Agreement to which they may be related. Such headings are not part of this Agreement and shall not be given any legal effect.
16.8. Amendments. The Licensor may revise this Agreement from time to time by posting a modified version of the Agreement, including its effective date. If the Licensor makes material changes to the Agreement, the Licensor will provide the Licensee with reasonable notice prior to the new Agreement taking effect. By continuing to access or use the Product after the posting of any modified Agreement, the Licensee agrees to be bound by such modified Agreement.
16.9. Severability. If any provision of this Agreement shall be held to be invalid or unenforceable for any reason, the remaining provisions shall continue to be valid and enforceable. If a court finds that any provision of this Agreement is invalid or unenforceable, but that by limiting such provision it would become valid and enforceable, then such provision shall be deemed to be written, construed, and enforced as so limited.
16.10. Assignment. Assignment of the Agreement or any right thereunder is prohibited, unless approved by the other Party in writing in advance.
16.11. This Agreement shall be governed by the Cyprus laws[4], and all disputes shall be resolved through negotiations. In the event that disputes and disagreements cannot be resolved through negotiations, the dispute shall be referred to the Cyprus courts[4]. The Licensor's liability hereunder shall be limited to the amount of the fee paid by the Licensee for the first billing period, except that nothing shall limit liability for a breach that caused death or personal injury. This Agreement is legally binding upon the Parties. This Agreement shall supersede all previous negotiations, agreements and correspondence between the Parties in regard to its subject matter.
16.12. If the Licensee finds the Licensor’s Product and services satisfactory and meeting the Licensee’s expectations, the Licensee will agree to collaborate with the Licensor in the creation of a comprehensive case study, outlining the tangible business value derived from the Product on the Licensee’s side, showcasing the Licensee’s specific achievements and benefits. This collaboration includes providing essential feedback from the Licensee’s customers as well as specific data points, such as acceleration of integration delivery time; increase in adoption, retention, LTV, or average ticket; reduction in engineering and development costs related to integration development and maintenance; improvements in the customer acquisition cost and sales cycle length; increase in the number of integrations and active integration users (the Licensee’s customers); and other convincing business metrics and results made possible through the implementation of the Product. The resulting case study will be utilized internally (e.g., published on the Licensor's blog ) by the Licensor and shared with the Licensor’s customers on an individual basis as social proof. The Licensor commits to not publicly announcing or publishing the study on any media other than the Licensor’s own resources without obtaining explicit consent from the Licensee. The case study can be made in the format of an article (e.g., ) or an interview (), depending on which format the Parties find the most suitable.
ALBATO SUPPORT AGREEMENT
The Licensor will provide support for its platform and product features to the Licensee in accordance with the severity of the issue. The table below summarizes the different severity levels.
| Severity Level | Definition | Environment | Issue Example |
|---|---|---|---|
| Severity 1 | Major service disruption to the Licensor’s platform running in the production environment. No workaround exists. Issues significantly impacting the performance and functionality of the Software Product, causing severe disruption to the Licensee’s use of the Software Product. Affects all or the majority of the Licensee’s users (customers). | Production | The iFrame is down. All Licensee’s users are unable to access the integration UI. |
| Severity 2 | Key functionality impaired. A temporary workaround is available. Issues significantly impacting the performance and functionality of one or more of the key modules of the Software Product, causing significant disruption to the Licensee’s use of the Software Product. Affects all or the majority of the Licensee’s users (customers). | Production | One of the key connectors with a high transaction volume stopped transferring data. Several large users (Licensee’s customers) are affected. |
| Severity 3 | Moderate impact. A reasonable workaround is available. Issues impacting the performance and functionality of one of the modules of the Software Product, causing some degradation in the Licensee’s use of the Software Product. | Production, Staging | One of the connectors is failing to sync some additional, non-mandatory fields. Key fields are still being transferred normally. |
| Severity 4 | Minor impact. Issues are minor, cosmetic, or usability-related, or involve general product feature requests. The core functionality of the Software Product and data transfer remain unaffected. | Production, Staging | Some steps in the automation log aren’t displayed correctly. |
(a) Severity Designation:
The Licensor’s support team will assess the severity of the Licensee’s reported issues, and each issue will be assigned a severity level as set forth in the table above. The Licensee must provide full details of the issue, including the steps necessary to enable the Licensor to reproduce the issue.
(b) Response Time:
Upon receipt of a support request, the Licensor will investigate the issue and provide the Licensee with a response to each incident in accordance with the applicable Licensor's Support service plan as set forth in the table below.
| Pricing Plan | Support Hours | Severity 1 | Severity 2 | Severity 3 | Severity 4 |
|---|---|---|---|---|---|
| Pro | 3:00 am to 6:00 pm EST during Business Hours (Mon-Fri) | 2 Business Hours | 4 Business Hours | 8 Business Hours | 1 Business Day |
| Custom (Enterprise) | Support during holidays and weekends is possible. The response hours outlined in the table for the Custom plan are provisional and subject to individual agreement with the Licensee. | 1 Business Hour | 2 Business Hours | 4 Business Hours | 8 Business Hours |
(c) Support Process.
Support will be provided during the Support Hours via the Licensor Support Portal for troubleshooting, issue determination, and resolution (including instructions for a workaround where necessary). To receive Support, the Licensee will (i) cooperate with the Licensor as required; (ii) provide the Licensor with all necessary information and resources for the Licensor to investigate or replicate the Issue; and (iii) promptly implement the corrective procedures, updates, or workarounds provided by the Licensor. The Licensor shall not be responsible for any disruptions to or failures of the Software Product to the extent caused by the Licensee’s failure to timely provide or implement the foregoing.
Text of the Agreement dated May 1, 2026
[1] The Albato cloud-based integration platform, “Albato Embedded,” developed and owned by the Licensor, is designed to be incorporated in the Licensee’s product and exchange data between cloud applications
[2] A dynamic HTML page that is embedded inside the Licensee’s Application, allowing the inclusion of dynamic content from external sources
[3] The relevance and version of the Agreement are determined by the moment of signing the Agreement with an e-signature and payment for the Services.
[4] Unless stated otherwise in another document, which the Parties agree takes precedence over this Agreement.
Appendix 1 to the Albato Licensing Agreement
DATA PROCESSING AGREEMENT (CONTROLLER TO PROCESSOR)
This Data Processing Agreement (“DPA“) forms part of the Licensing Agreement (“License Agreement“) between you ("you", "Customer" or "your") and Albato Limited, Cyprus, HE 420916 ("Provider," “Processor”, "we," or "us"), together the “Parties” and individually a “Party”.
This Agreement governs legal terms for processing by the Provider of the personal data you may need to process by using Albato Services.
On request of a data subject or other person entitled to receive relevant information, a Party shall make a copy of this DPA, including the Schedules as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, a Party may redact part of the text of the DPA (including any Schedule) prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.
WHEREAS
(A) The Customer acts as Controller, who determines the purposes and means of the processing of personal data;
(B) The Provider acts as Processor, which processes personal data on behalf of the Controller (provided that nothing shall limit the Processor’s right to act as processor for other controllers, being Processor’s customers or not, and act as controller in relations with any third parties);
(C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and wish to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and to the maximum extent to other Data Protection Legislation;
(D) The DPA applies to the processing of personal data as specified in Schedule 1 thereto;
(E) Schedules to the DPA form an integral part of this DPA;
(F) The Parties wish to lay down their rights and obligations.
IT IS AGREED AS FOLLOWS:
Definitions and Interpretation
1.1 Unless otherwise defined herein, capitalized terms and expressions used in this DPA shall have the following meaning:
1.1.1. Terms and expressions defined in the Licensee Agreement shall have the meaning assigned to them in the said Agreement;
1.1.2. “DPA” means this Data Processing Agreement and all Schedules; 1.1.3. “Controller Personal Data” means any Personal Data processed by the Processor on behalf of the Controller pursuant to or in connection with the License Agreement; 1.1.4. “EEA” means the European Economic Area; 1.1.5. “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR; 1.1.6. “GDPR” means EU General Data Protection Regulation 2016/679; 1.1.7. “Data Transfer” means: 1.1.7.1. a transfer of the Controller's Personal Data from the Controller to the Processor; or 1.1.7.2. an onward transfer of the Controller's Personal Data from the Processor to a Subcontractor, or between two establishments of the Processor, in each case, where such transfer would not be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws); 1.1.8. “Services” means subscription services provided by the Provider to the Customer under the License agreement, consisting of web-based, application integration and data linking services. 1.1.9. “Subprocessor” means any person appointed by or on behalf of Processor to process Personal Data on behalf of the Customer in connection with the License Agreement.
1.2. The terms “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Sensitive Data”, “Personal Data Breach”, “Processing”, and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
2. INTENTIONALLY OMITTED.
3. PROCESSING OF CONTROLLER PERSONAL DATA. SAFEGUARDS
3.1 Processor shall: 3.1.1. comply with all applicable Data Protection Laws in the Processing of Controller Personal Data; and 3.1.2. not Process Controller Personal Data other than on the relevant Controller’s documented instructions. Without limiting other means of giving instructions, Controller hereby instructs Processor to process, during the term of this DPA, personal data in accordance with automated instructions made by the Controller via Processor’s Service connected to Processor’s Software product in accordance with the License Agreement. Any instructions via the said Services/Software shall be deemed to be provided by the Controller; and the Controller agrees and acknowledges that the Controller, not the Processor, is responsible for choice of any Services/Software functionality and its implementation under the License Agreement, and you shall use Service/Software functionality with due care and using reasonably secure mechanisms and your internal systems and software decisions; and
3.1.3. process Controller Personal Data within the list (but not obligatory each time all the listed data) stated in Schedule 1 hereto. The Controller warrants that the Controller's Personal Data to be processed by the Processor hereunder shall not include any Sensitive Data. In case Controller needs to process any Sensitive Data then the Parties shall expressly agree to do so (providing that the Processor may but shall not be obliged to agree to process such data), including express agreement on the applied restrictions or safeguards, t-hat fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed special training), keeping a record of access to the data, restrictions for onwards transfers or additional security measures.
3.1.4. process personal data for the list of data Subjects indicated in Schedule 1 hereto;
3.1.5. The Processor shall process the Controller's Personal Data only for the specific purpose(s) of the transfer, as set out in Schedule 2 hereto, unless on further instructions from the Controller; and
3.1.5. The Processor shall process/store the Controller's Personal Data only for the period specified in Schedule 3 hereto, and after the lapse of legal grounds to keep the relevant personal data, the Processor shall erase or destroy it.
3.2. Controller guarantees and warrants that it uses the Services/Software and provides to the Processor for processing the personal data only in compliance with applicable Data Protection Legislation, including, without limitation, complying with all Data Subjects' rights, providing all necessary notices and information to them and having all necessary consents and authorizations from the Data Subjects. The personal data to be processed by the Processor is not sold to the Processor or provided for any consideration; it is processed as part of the Services/Software functionally under the License Agreement as part of the Services.
3.3. In case the Processor has any legal or technical obstacles to process the personal data under Controller instructions, then the Processor shall inform the Controller accordingly and shall await updated instructions.
3.4. Data Transfers outside the EAA shall be made in accordance with Data Protection Legislation, list of subcontractors, adequate decisions or other agreement between the Parties.
4. PROCESSOR PERSONNEL
4.1. Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Controller Personal Data, as strictly necessary for the purposes of the License Agreement, and to comply with Data Protection Laws in the context of that individual’s duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
5. SECURITY
5.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. The list of major security measures is laid down in Schedule 4 thereto.
5.2. In assessing the appropriate level of security, Processor shall take into account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
6. SUBPROCESSING
6.1 The Parties agree that the Processor has the Controller’s general authorization to use the services of Subprocessors from the list indicated in Schedule 5 hereto. The processor may change the said list with 30 days' prior written notice to the Controller. In case the Controller reasonably objects to the changes to the Subprocessors list, with provision of reasonable concerns as to the personal data security, then the sole and exclusive remedy for the Controller shall be
7. DATA SUBJECT RIGHTS
7.1 Taking into account the nature of the Processing, Processor shall assist the Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligations, as reasonably understood by the Controller, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
7.2 Processor shall:
7.2.1. promptly notify the Controller if it receives a request from a Data Subject under any Data Protection Law in respect of the Controller's Personal Data, provided that in general availability to answer the Data Subjects is vested in the Controller; and
7.2.2. ensure that it does not respond to that request except on the documented instructions of the Controller or as required by applicable laws to which the Processor is subject, in which case Processor shall to the extent permitted by applicable laws inform the Controller of that legal requirement before the Processor responds to the request.
8. PERSONAL DATA BREACH
8.1 Processor shall notify the Controller without undue delay upon Processor becoming aware of a Personal Data Breach affecting Controller Personal Data, providing Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
8.2 Processor shall cooperate with the Controller and take reasonable commercial steps as are directed by the Controller to assist in the investigation, mitigation, and remediation of each such Personal Data Breach.
9. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION
9.1 Processor shall provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Controller reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Legislation, in each case solely in relation to the personal data processed hereunder, and taking into account the nature of the processing and information available to, the Processor.
10. AUDIT RIGHTS
10.1 Subject to this section 10, Processor shall make available to the Controller on request all information reasonably necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Controller or an auditor mandated by the Controller in relation to the processing of the Controller's Personal Data hereunder. Any audit and provision of the information shall be at the Controller’s own expense.
10.2 Information and audit rights of the Controller only arise under section 10.1 above to the extent that the License Agreement does not otherwise provide for the Controller’s right/possibility to receive information and audit rights meeting the relevant requirements of Data Protection Legislation.
10.3 Processor agrees to correct any security deficiencies affecting Controller’s Personal Data revealed by these audits, at its own expense, within a timeframe reasonably requested by Controller.
11. GENERAL TERMS
13.1 Confidentiality. Each Party must keep information it receives about the other Party and its business in connection with this DPA (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that: (a) disclosure is required by law; (b) the relevant information is already in the public domain.
11.2 Notices. All notices and communications given under this DPA must be in writing and will be delivered personally, sent by post, or sent by email to the address or email address indicated by the Parties while entering into or performing under the License Agreement, including the DPA, or at such other address as notified from time to time by the Parties.
11.3 Each Party shall be liable to the other Party for any damages it causes the other Party by any breach of this DPA.
(a) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching this DPA. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679. (b) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of this DPA, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties. (c) The Parties agree that if one Party is held liable under paragraph (b), it shall be entitled to claim back from the other Party that part of the compensation corresponding to its responsibility for the damage. (d) The Party may not invoke the conduct of another Party to avoid its own liability.
12. GOVERNING LAW. COMPETENT SUPERVISORY AUTHORITY
This Agreement is governed by the laws of the Republic of Cyprus. Competent Supervisory Authority: Commissioner for Personal Data Protection 15, Kypranoros Street, 1061 Nicosia, P.O. Box 23378, 1682 Nicosia Email:
SCHEDULES
Schedule 1
Categories of data subjects whose personal data is processed by the Controller and/or the Controller’s clients
Categories of personal data processed: First name, last name, company name, email, phone number, IP, cookie, other information about the lead form where the request was left and other data as may be additionally agreed by the Parties in writing, including by using Albato interface
Nature of the processing any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, namely recording, storage, adaptation or alteration, structuring, transmission (transfer), erasure or destruction, encryption, data extraction, use
Schedule 2
Purpose(s) for which the personal data is processed on behalf of the controller The personal data will be used to perform the services described in the Agreement.
Schedule 3
Duration of the processing Data processing will be for the period until the termination of the Agreement.
Schedule 4
Major security measures
- Access control policy is implemented
- Employee training on data protection and information security
- Monitoring the composition of hardware software and information security tools
- Rules for using email and spam protection
- Information security risk internal analysis is conducted annually
- Information security policy is implemented
- Differentiation of access rights
- A registry of information assets is maintained
- Inventory of information assets is carried out annually
- Risk management policy
- Areas of responsibility for information security are defined and distributed
- Information security provisions are included in contracts with counterparties
- NDAs with employees are signed
- Employees have access to the training material on information security
- When an employee quits, they need to complete the steps concerning infosecurity set out in the checklist
- Confidentiality policy
- Daily data backup
- Log of Information security incidents
- External web application scanning for vulnerabilities
- An ACL is configured between VLANs
- Rules are set up to filter incoming traffic
- License Agreements are signed with counterparties
- Formalized list of positions allowed to process personal data
- Logins to the admin accounts are logged
- The administrator can differentiate access rules for personnel
- Backups of deleted data are stored for at least 1 months
- Processor authorized the persons in charge of communication with Controller and provided means of communication so as to ensure that all the necessary assistance will be provided to the controller in case of necessity personal data stored on the backups
- personal data is protected during transmission by Processor by using SSL/TLS when possible
- IT security is ensued by way of Code Review, which obligatory comprises code security review
Schedule 5
Name: Amazon Web Services, Inc. and/or its affiliates (“AWS”)
Address: P.O. Box 81226 Seattle, WA 98108-1226 Contact person’s name, position and contact details: Data Protection Officer, email: aws-EU-privacy@amazon.com Description of processing (including a clear delimitation of responsibilities in case several sub-processors are authorised): Data storage