General Terms & Conditions

1. Definitions

IDsure ApS

The Provider of these services, having its registered address at Kranvejen 59, 5000 Odense, Denmark, CVR 42747173.

Access Credentials

Usernames, passwords and other credentials enabling access to the Hosted Services, including credentials for the User Interface and the API.

Agreement

The SaaS and DPA agreement including any Schedules, and any amendments from time to time.

API

The application programming interface for the Hosted Services defined and made available by Provider to Customer.

Business Day / Business Hours

Any weekday other than a public holiday in Denmark; hours of 09:00 to 17:00 GMT on a Business Day.

Charges

Fee per Upload of a certificate; Fee per Change of a certificate; Fee per Revoke of a certificate.

Customer Confidential Information

Any information disclosed by or on behalf of Customer to Provider that was marked as confidential or should reasonably have been understood to be confidential.

Customer Data

All data, works and materials uploaded to or stored on the Platform by Customer, transmitted by the Platform at Customer's instigation, or generated by the Platform as a result of use of the Hosted Services (excluding analytics data and server log files).

Data Protection Laws

EU Regulation 2016/679 (GDPR) and all other applicable laws relating to the processing of Personal Data.

Force Majeure Event

An event outside the reasonable control of the affected party, including internet or telecommunications failures, hacker or denial-of-service attacks, power failures, industrial disputes, changes to the law, disasters, epidemics, pandemics, explosions, fires, floods, riots, terrorist attacks and wars.

Hosted Services

The IDsure App and associated platform, made available by Provider to Customer as a service via the internet.

Hosted Services Defect

A defect, error or bug in the Platform having an adverse effect on the appearance, operation, functionality or performance of the Hosted Services, excluding defects caused by Customer misuse, incompatible systems, or Customer's breach of the Agreement.

Intellectual Property Rights

All intellectual property rights worldwide, whether registrable or unregistrable, including copyright, database rights, trade secrets, trademarks, service marks, patents, utility models and rights in designs.

Mobile App

The mobile application known as IDsure App, available through the Google Play Store and the Apple App Store.

Platform

The platform managed by Provider to provide the Hosted Services, including application, database, system and server software and the hardware on which it runs.

Support Services

Support in relation to the use of, and the identification and resolution of errors in, the Hosted Services (excluding training services).

Supported Web Browser

The current release of Microsoft Edge, Mozilla Firefox, Google Chrome or Apple Safari, or any other browser agreed in writing by Provider.

2. Term

2.1  The Agreement shall come into force upon the Effective Date.

2.2  The Agreement shall continue in force indefinitely or in accordance with Clause 17 or any other provision of the Agreement.

3. Hosted Services

3.1  Provider shall provide Customer with the Access Credentials necessary to access and use the Hosted Services upon the Effective Date.

3.2  Provider grants Customer a worldwide, non-exclusive licence to use the Hosted Services via the User Interface and API for Customer's internal business purposes during the Term.

3.3  This licence is subject to the following limitations:

• The User Interface may only be used through a Supported Web Browser or the Mobile App.
• Access is limited to officers, employees, agents and subcontractors of Customer.
• Customer may change, add or remove designated named users in accordance with the user change procedure.
• The API may only be used by applications approved in writing by Provider and controlled by Customer.

3.4  The following are prohibited unless expressly permitted by the Agreement or required by law:

• Sub-licensing the right to access or use the Hosted Services.
• Permitting unauthorised persons or applications to access the Hosted Services.
• Using the Hosted Services to provide services to third parties.
• Republishing or redistributing content from the Hosted Services.
• Altering the Platform except as permitted by the Documentation.
• Conducting load testing or penetration testing without prior written consent of Provider.

3.5  Customer shall maintain reasonable security measures for the Access Credentials to prevent unauthorised access.

3.6  Provider shall use all reasonable endeavours to maintain the availability of the Hosted Services but does not guarantee 100% availability.

3.7  Downtime caused by Force Majeure Events, internet or telecommunications failures, Customer system failures, Customer breach, or scheduled maintenance shall not constitute a breach of the Agreement.

3.8  Customer must comply with the Acceptable Use Policy and ensure all authorised users do so as well.

3.9–3.11  Customer must not use the Hosted Services in any way that damages the Platform, uses excessive resources, or is unlawful, illegal, fraudulent or harmful.

3.12  Customer has no right to access the source code, object code or intermediate code of the Platform.

3.13  Provider may suspend the Hosted Services if any amount due is overdue by more than 30 days' written notice.

4. Scheduled Maintenance

Provider may suspend the Hosted Services for scheduled maintenance and shall, where practicable, give at least 5 Business Days' prior written notice of any maintenance that will affect availability. All scheduled maintenance shall be carried out outside Business Hours.

5. Support Services

Provider shall provide Support Services during the Term via a helpdesk, with reasonable skill and care. Provider shall respond promptly to all requests. Provider may suspend Support Services if amounts due are overdue by more than 30 days' written notice.

6. Customer Data

6.1  Customer grants Provider a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate Customer Data to the extent required for the performance of Provider's obligations.

6.2  Customer warrants that the Customer Data will not infringe any Intellectual Property Rights or other legal rights, and will not breach any law, statute or regulation.

6.3  Provider shall create a daily back-up of Customer Data, sufficient to enable restoration to the state at the time the back-up was taken, and shall retain each copy for a minimum of 30 days.

6.4  Within 1 Business Day of a written request, Provider shall use all reasonable endeavours to restore Customer Data from a back-up copy. Customer acknowledges this will overwrite data currently on the Platform.

7. Mobile App

Use of the Mobile App is subject to separate terms and conditions. The Agreement does not govern any rights, obligations or liabilities arising from use of the Mobile App.

8. Intellectual Property Rights

Nothing in the Agreement shall operate to assign or transfer any Intellectual Property Rights from Provider to Customer, or from Customer to Provider.

9. Charges

9.1  Customer shall pay the Charges to Provider in accordance with the Agreement.

9.2  All amounts are stated exclusive of applicable value added taxes or other taxes, which will be added and payable by Customer.

9.3  Provider may vary any element of the Charges by giving at least 30 days' written notice, provided no such variation exceeds a 2% increase over the most recent variation or, if none, since the date of execution of the Agreement.

10. Payments

10.1  Provider shall issue invoices for Charges on a monthly basis.

10.2  Customer must pay Charges within 30 days of the invoice date.

10.3  Payment must be made by debit card, credit card, direct debit or bank transfer.

10.4  If Customer fails to pay any amount properly due, Provider may charge interest at 10% per annum, accruing daily and compounded monthly from the due date until the date of actual payment.

11. Confidentiality

Provider must keep Customer Confidential Information strictly confidential, not disclose it without prior written consent, and apply at least the same level of care as it applies to its own confidential information. Provider may disclose such information to its own staff who require it for performance of their work, provided those staff are bound by appropriate confidentiality obligations.

Confidentiality obligations do not apply to information that was already known to Provider, becomes publicly known through no fault of Provider, or is obtained from a third party without breach of confidentiality. They also do not apply where disclosure is required by law or court order.

The provisions of this clause shall continue in force for 2 years following termination of the Agreement.

12. Data Protection

Both parties shall comply with applicable Data Protection Laws in respect of Customer Personal Data. Customer warrants it has the legal right to disclose all Personal Data provided to Provider.

Provider shall only process Customer Personal Data on documented instructions from Customer, only for specified purposes, and only during the Term. Provider shall ensure all persons authorised to process Customer Personal Data are bound by appropriate confidentiality obligations.

Provider must notify Customer without undue delay of any Personal Data breach affecting Customer Personal Data, and shall assist Customer in fulfilling its data subject rights obligations and GDPR compliance requirements. Provider shall, upon termination, delete or return all Customer Personal Data at Customer's choice.

Provider must not engage any third-party sub-processor without prior written authorisation from Customer, and must ensure sub-processors are subject to equivalent obligations.

13. Warranties

Provider warrants that:

• It has the legal right and authority to enter into the Agreement.
• It will comply with all applicable legal and regulatory requirements.
• It has the necessary know-how and experience to perform its obligations.
• The Platform and Hosted Services will conform with the Hosted Services Specification and be free from Hosted Services Defects.
• The Platform will be free from viruses, malware and other malicious software.
• The Platform will incorporate security features reflecting good industry practice.
• The Hosted Services will not breach laws or regulations applicable under Danish law.
• The Hosted Services will not infringe the Intellectual Property Rights of any person.

Customer warrants that it has the legal right and authority to enter into and perform the Agreement.

14. Acknowledgements and Warranty Limitations

Customer acknowledges that complex software is never wholly free from defects, errors, bugs or security vulnerabilities. Subject to the other provisions of the Agreement, Provider gives no warranty that the Hosted Services will be wholly free from defects or entirely secure.

The Hosted Services are designed to be compatible only with software and systems specified in the Hosted Services Specification. Provider does not warrant compatibility with any other software or systems.

Provider will not provide legal, financial, accountancy or taxation advice under the Agreement. Provider does not warrant that the use of the Hosted Services will not give rise to any legal liability on the part of Customer.

15. Limitations and Exclusions of Liability

Nothing in the Agreement limits or excludes liability for death or personal injury resulting from negligence, fraud or fraudulent misrepresentation, or any liability that cannot be excluded under applicable law.

Neither party shall be liable to the other for losses arising from a Force Majeure Event, loss of profits or anticipated savings, loss of revenue or income, loss of use or production, loss of business or contracts, loss or corruption of data, or any special, indirect or consequential loss or damage.

The total liability of each party to the other under the Agreement in respect of any event or series of related events shall not exceed the greater of €10,000 or the total Charges paid and payable by Customer in the 6-month period preceding the relevant event.

16. Force Majeure

If a Force Majeure Event causes a failure or delay in performance of any obligation (other than a payment obligation), that obligation is suspended for the duration of the event. The affected party must promptly notify the other party and take reasonable steps to mitigate the effects.

17. Termination

17.1  Either party may terminate the Agreement by giving at least 30 days' written notice.

17.2  Either party may terminate immediately upon written notice if the other party commits a material breach of the Agreement.

17.3  Either party may terminate immediately if the other party becomes insolvent, ceases to carry on business, has a receiver or administrator appointed, or (if an individual) dies or is made bankrupt.

18. Effects of Termination

Upon termination, all provisions cease to have effect except those expressly stated to survive (Clauses 1, 3.12, 7, 10.2, 10.4, 11, 12, 15, 18, 21 and 22). Within 30 days of termination, Customer must pay any outstanding Charges and Provider must refund any Charges paid for Services not yet delivered.

19. Notices

Notices must be delivered personally, by courier, or by recorded post. Provider's contact address for notices is support@idsure.io.

20. Subcontracting

Provider must not subcontract any obligations without prior written consent from Customer, which Customer must not unreasonably withhold. Provider remains responsible for any subcontracted obligations. Provider may subcontract the hosting of the Platform to any reputable third-party hosting business without prior consent.

21. General

• No breach shall be waived except with express written consent of the non-breaching party.
• If any provision is found unlawful or unenforceable, the remaining provisions continue in effect.
• The Agreement may only be varied by a written document signed by both parties.
• Neither party may assign or transfer any contractual rights or obligations without the prior written consent of the other party.
• The Agreement is for the benefit of the parties only and is not enforceable by any third party.
• The Agreement constitutes the entire agreement between the parties and supersedes all prior agreements on the same subject matter.
• The Agreement is governed by and construed in accordance with Danish law.
• The courts of Denmark have exclusive jurisdiction over any dispute arising under the Agreement.

22. Interpretation

References to a statute include that statute as amended or re-enacted and any subordinate legislation made under it. Clause headings do not affect interpretation. References to "calendar months" mean the 12 named periods of the year. General words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class.

IDsure ApS — Kranvejen 59, 5000 Odense, Denmark — CVR 42747173 — support@idsure.io