TERMS OF SERVICE AGREEMENT

DEPENDING ON THE JURISDICTION OF THE ENTITY INVOICING YOU (HEREINAFTER REFFERED TO AS ‘VERIFORCE’ OR “US”) AND CUSTOMER (HEREINAFTER SOMETIMES REFERRED TO AS “YOU”).THIS AGREEMENT WILL BE DEEMED ACCEPTED BY THE CUSTOMER UPON CUSTOMER EITHER CLICKING THE BOX INDICATING ITS ACCEPTANCE OF THIS AGREEMENT, BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, SIGNING THIS AGREEMENT OR BY UTILIZING ANY SERVICES, INCLUDING SERVICES ON THE www.veriforce.com, www.veriforceone.com WEBSITES.

IF YOU ARE AN INDIVIDUAL ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS OF SERVICE, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES ON WHOSE BEHALF THE INDIVIDUAL AUTHORIZED USERS ACCESS THE SERVICES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS OF SERVICE, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

WE MAY AMEND THIS AGREEMENT AT ANY TIME AND FROM TIME TO TIME BY POSTING THE AMENDED AGREEMENT ON THE VERIFORCE HOMEPAGE. ALL AMENDMENTS SHALL AUTOMATICALLY BE EFFECTIVE UPON POSTING.

To make inquiry about this Agreement contact legalcompliance@veriforce.com.

This Agreement was last updated on June 24, 2024. It is effective between You and Us as of the date of You accepting or being deemed to have accepted this Agreement.

DEFINITIONS

“API” means an application programming interface maintained which We may use to share data provided by you during performance of the Services.

“Authorized Users” means individuals and entities who are jointly authorized by Customer and by Veriforce to use the Services, who have been supplied user identifications and passwords by Customer (or by Veriforce at Customer’s request). Authorized Users may include but are not limited to Customer’s employees, consultants, and Suppliers, with which Customer transacts business. “Authorized Users” may also contract with Veriforce directly and access Services.

“Build UK” means Build UK Group Limited a company registered in England and Wales (company number 09598491) with its registered office at The Building Centre, 26 Store Street, London, WC1E 7BT.

“Certified Customer” means a Customer who has been subject to a CHAS Assessment and whom CHAS has determined to have achieved the required standard of competence suitable for the relevant certification within the CHAS scheme.

“CHAS Assessment” means the assessment conducted by CHAS of the Customer standards and their level of competence and a determination of whether or not the Customer should be certified to CHAS’s scheme (having regard to the relevant standards associated with such certification.

“CHAS Verification” means the verification conducted by CHAS of the Supplier’s standards and their level of competence and a determination of whether or not the Supplier should be verified within CHAS’s scheme (having regard to the relevant standards associated with such verification).

“Client” means a corporation, other legal entity, an unincorporated professional entity, a sole proprietor together with any of its Authorized Affiliates or individual that uses the “Services”, and/or is requesting the Supplier to access the Services, to interact with the Services, and provide information or data to the Services.

“Client Data” means all data or information, regardless of format, submitted by a Client or any employee or other representative or Authorized User of the Client to the Services.

“Common Assessment Standard” means the industry-agreed common assessment standard set by Build UK as amended or updated from time to time.

“Controller”, “Data Subject”, “Personal Data”, “Processing”, “Processor” shall have the meanings given to them by the EU GDPR, unless any other Data Protection Legislation is applicable which gives a different meaning to those terms, in which case that different meaning will apply. “Processes”, “Process” and “Processed” shall be construed accordingly).

“Controller” means the entity which determines the purposes and means of the Processing of Personal Data and can be the Client, or Supplier.

“Customer” means a “Client”, a “Supplier” or individual.

“Customer’s Data” means Client Data and/or Supplier Data.

“Data Protection Laws” means the Data Protection Legislation for the protection of natural persons with regard to the processing of their personal data in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), Canada, South Africa, Australia and the United States of America.

“Data Protection Legislation” means (in the EU and EEA) EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (EU GDPR) and (in the UK) the EU GDPR as transposed into UK national law (under the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (UK GDPR) as supplemented by the Data Protection Act 2018 (DPA) and in Canada the Personal Information Protection and Electronic Documents Act (‘PIPEDA’) and in South Africa the Protection of Personal Information Act 4 of 2013 (POPIA) and in Australia the Privacy Act 1988 and in the United States of America the California Consumer Privacy Acy (CCPA) and all other applicable State Privacy legislation.

“Data Retention Policy” means Veriforce Data Retention Policy that clarifies what data should be stored or archived by Veriforce, where it should be stored and how long.

“Failure Policy” means customer has failed to meet the criteria in relevance of standards, which have been set by external awarding bodies.

“Malicious Code” means viruses, worms, time bombs, Trojan horses, malware, back door, drop dead device, spyware and other harmful or malicious code, files, scripts, agents or programs designed to (i) disrupt, disable or harm the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file, in each case, without authorization and without the applicable user’s consent.

“Membership Fee” means a non-refundable fee determined by CHAS for the Customer to be listed as a Certified Customer on its publicly available website for the period identified at the point of payment, and, where indicated at the point of order, any relevant CHAS Assessment(s)/Verification(s). Any subsequent requests, including CHAS Assessment(s)/Verification(s) are not covered by the Membership Fee and are to be ordered separately.

“Order Form” means the ordering documents, Scope of Work, Statement of Work or mechanism for purchases that are entered into between the Customer and Veriforce. Order Forms shall be deemed incorporated herein by reference.

“Personal Data” means any information contained or included in Customer Data relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity where such information is protected similarly as personal data, personal information or personally identifiable information under applicable Data Protection Laws.

“Recognized Assessment Bodies” means an entity, person, organisation or company approved as such by Build UK as listed on the Build UK website https://builduk.org as updated from time to time.

“Regulatory Authority” means any governmental, regulatory or supervisory authority, including any privacy or data protection commissioner or ombudsman, and any industry self-regulatory body or organization, which is responsible for administering and/or enforcing any applicable Data Protection Laws.

“Security Incident” means the unauthorized modification of hardware, software, or data on Veriforce’s information security infrastructure that leads to inaccurate data recording or reporting, denial of service or access, unauthorized physical or logical access and/or control, surreptitious monitoring and/or infiltration/exfiltration of data, loss of data, the circumvention or diminishment of the security functionality of Veriforce’s ISMS (Information Security Management System) infrastructure, or any other change to the intended and stated functionality  of these.

“Services” means the online, web-based applications and platforms provided by Us to which the Customer is subscribing, including but not limited to pre-qualification, sourcing, on-boarding, control of work, performance management, contractor and worker level qualifications, compliance tracking, training, verification tools, contractor management services, ESG, assessments and audits, consulting services, certifications, and support services that Customer purchases or may purchase.

“Sub-processor” means another Processor engaged by a Processor to help with the Processing it is doing on behalf of a Controller.

“Subscription Term” means the period of service defined in the Order Form.

“Supplier” means a corporation, other legal entity, sole proprietor or individual that release their data to a Client.

“Supplier Data” means all data or information, regardless of format, submitted by the Supplier or any employee or other representative or authorized user of the Supplier to the Services.

“Supplier Data Sharing” means the sharing of the Supplier Data as processed by the Services with a Client as authorized by the Supplier or the Supplier’s account administrators via the online, web-based application or otherwise.

“Third-Party Applications” means online, web-based applications and offline solutions and products that are owned, licensed or provided by third parties and interoperate with the Services but not owned by the Vendor.

“Veriforce” means Veriforce LLC and Veriforce Affiliates.

“Veriforce Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with Veriforce, including but not limited to ComplyWorks Ltd, ComplyWork Africa (PTY) Limited, CHAS 2013 Limited, CHAS (Australia) Pty Ltd. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“We”, “Us” or “Our” means Veriforce Ltd and Affiliates.

1. IDENTITY VERIFICATION

To access the Services a valid email and password are required. Veriforce cannot and does not confirm each User’s purported identity beyond verification of the User’s authentication credentials. Customer is solely responsible for (i) maintaining confidentiality of passwords, (ii) not allowing others to use the email and password to access the Services, (iii) promptly informing Veriforce in writing of the need to deactivate a User due to actual or potential security concerns, and (iv) any losses that may be incurred or suffered as a result of Supplier failure to maintain password confidentiality.

2. SERVICES

2.1 Purpose and scope. We provide Services to Customers related to risk, compliance, performance and management capabilities that span the supplier engagement lifecycle including but not limited to pre-qualification, sourcing, on-boarding, control of work, performance management, contractor and worker level qualifications, compliance tracking, training, verification tools, contractor management services, ESG, assessments and audits, consulting services, certifications, CHAS verification, CHAS assessment, and CHAS listing.

2.2 Provision of Services. The Services are available to the Customer during the Subscription Term. Customer agrees that its purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written statements made by Us regarding future functionality of features. Veriforce grants the Customer a limited, personal, non-transferable, non-sublicensable, revocable license to (a) access and use only Services, its content and services only in the manner presented, and (b) access and use of Veriforce’s Services only in the manner expressly authorized and permitted by Veriforce.

2.3 Use of API. The Customer acknowledges and consents that the Services may include the use of APIs. The Customer also acknowledges that any Customer Data (including, where relevant, any personal data) provided by the Customer via APIs will be accessible to Clients in order to provide and improve the Services.

2.3 User Subscriptions. Supplier is responsible for the administration of its Authorized Users.

3. FEES AND PAYMENT FOR SERVICES

3.1 Fees.  Customer agrees that the prepaid annual subscription fee is non-refundable.  Customer shall promptly pay all fees and other charges (“Fees”) specified in an Order Form. Fees are payable in the currency specified on the invoice or Order Form and are based on Services purchased and not actual usage of the Services. Payment obligations are non-cancelable, and Fees paid are entirely non-refundable. The Customer shall have no right to reduce the level of Services or subscriptions purchased during the relevant Subscription Term. We may change Our Fees for the Services from time to time.

3.2 Invoicing and Payment. Customer will provide Us with valid and updated credit card information. Customer authorizes Us to charge such credit card for all Services listed in the Order Form for the applicable Subscription Term(s) and all renewals. Customer is responsible for ensuring that the billing and contact information it provides to Us in connection with the Services are always accurate and complete. Invoicing and renewals terms are specified in the Order Form or Statement of Work.

3.3 Suspension of Service. If the Customer fails to pay any Fees or other amount owed under its Agreement by the invoice due date, per the agreed payment terms, and in no case later than 30 days after the subscription start date, We have the right to suspend all Services until all such Fees and other amounts are paid in full. Once Services are suspended, Customer must pay a reactivation fee in addition to any other Fees and other charges owed on the outstanding Order Form or agreement to access the Services again.

3.4 Taxes. Unless otherwise stated in the Order Form, Our Fees and other charges do not include any taxes, levies, duties or similar governmental or other assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessments by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If We have the legal obligation to pay or collect Taxes for which Customer is responsible under this Section 3.4, the appropriate amount shall be invoiced to and promptly paid by Customer, unless Customer provides Us with a valid tax exemption certificate authorized by the appropriate taxing authority.

4. USE OF THE SERVICES

4.1 Our Responsibilities.  We shall:

(i) provide to Customer basic support for the Services at no additional charge, and/or upgraded support if purchased separately,

(ii) use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except for: (a) planned downtime, (b) any unavailability caused by circumstances beyond Our reasonable control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, pandemic or global health emergencies, acts of terror, strikes or other labor problems, or Internet service provider failures or delays,

(iii) Customer support and CHAS assessors/verifiers are available during regular business hours,

(iv) provide the Services only in accordance with applicable laws and regulations.

4.2 Customer Responsibilities.  Customer shall (i) be responsible for Authorized Users’ compliance with this Agreement and will take reasonable and appropriate steps to ensure such compliance, (ii) be solely responsible for the accuracy, quality, integrity and legality of Customer’s Data and of the means by which Customer acquired the Data, (iii) ensure that all necessary notices have been provided, and all required consents and/or approvals have been obtained, in order to allow Us to process Customer’s Data in connection with the Services, (iv) use best efforts to prevent unauthorized access to or Use of the Services, and notify Us promptly in writing of any such unauthorized access or use, and (v) use the Services only in accordance with this Agreement, and all applicable laws and regulations. Customer shall not (a) make the Services available to anyone other than Authorized Users, (b) sell, resell, rent, lease, lend, loan, distribute, sublicense or otherwise assign or transfer the Services or any rights thereto in whole or in part, (c) use the Services to store or transmit infringing, libelous, or otherwise unlawful or taurus material, or to store or transmit material in violation of third-party rights (including privacy rights), (d) use the Services to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of the Services or third-party data contained therein, (f) attempt to gain unauthorized access to the Services or related systems and/or networks or (g) use of the Services in any manner that would cause Us to be in violation of any laws, rulings or regulations.

4.3 Usage Limitations.  Services may be subject to other limitations, such as limits on disk storage space, the number of calls Customer is permitted or make against Our application programming interface, and, for Services that enable Customer to provide public websites, the number of page views by visitors to those websites.

5. CHAS ASSESSMENT/VERIFICATION

5.1 Subject to clause 5.2 and Membership Fee following successful completion and passing of any relevant CHAS Assessment/Verification, the Customer shall be a Certified/Verified Customer for a period of either twelve (12) months or for a period to be determined by CHAS and made known to the Customer prior to applying for such CHAS Assessment (“Certification Period”)/CHAS Verification (“Verification Period”). If at any time during the Certification Period the Customer has not paid the fee then the Customer shall cease to be a Certified/Verified Customer until such time, within the Certification Period, as the Customer has paid the applicable fee.

5.2 CHAS further reserves the right to remove the Customer from the CHAS list of Certified Customers in the event that the Customer, at any time, ceases to meet the required standard for certification or fails to pay any applicable fees.

5.3 Customer acknowledges that Customer Data it provides (including, where relevant, any personal data) shall be made available to Recognized Assessment Bodies for the facilitation, administration of the Common Assessment Standard, including the Customer being added to the list of Certified Customers published on the website (Customer will be identifiable on the website as a Certified Customer). The Customer shall ensure it has notified any affected data subjects of such onward sharing of personal data and provide them with a link to Our Privacy Policy.

6. INFORMATION CONTROL

6.1 Responsibility for Information.  Veriforce does not control, or assume any responsibility for, and shall not be liable in any way related to, any information provided by Authorized Users that may be made available through or by Our Services. Customer may find some Authorized Users’ information to be offensive, inaccurate, harmful, or deceptive but acknowledges and agrees that We shall have no responsibility or liability for such Authorized Users’ information or content. Customer shall ensure that all its Authorized Users shall exercise caution, safe practices, and common sense when accessing the Services.

6.2 Verification Process.  Depending on the type of subscription purchased, Veriforce may perform a review and comparison of submitted data and documentation to determine validity and correctness. During this process Veriforce may assist on Customer’s behalf to adjust Customer provided information to achieve a higher level of completion or help the information display correctly. Veriforce will not adjust information that is not included or supported by provided documentation. Ongoing maintenance of the subscription remains Customer sole responsibility and any assistance provided by Veriforce should not be construed as an ongoing expectation.

7. THIRD-PARTY PROVIDERS, SUBCONTRACTORS AND SUBPROCESSORS.

7.1 Acquisition of Third-Party Products and Services. We may offer Third-Party Applications for sale through our website or Services. You acknowledge and agree that any acquisition of third-party products or services through our website or Services, including but not limited to Third-Party Applications and any implementation, customization or other consulting services, and any exchange of data between Customer and any third-party provider, is solely between the Customer and the applicable third-party provider. We do not warrant or support third-party products or services, including without limitation Third Party Applications, whether or not they are designated as “certified” or otherwise and you acknowledge and agree that: (i) We are not and will not be liable in any way for any issues, liabilities, damages or expenses Customers may suffer or incur as a result of accessing, acquiring or using such third party products or services, including without limitation such Third Party Applications, and (ii) Customer shall at all times be liable for any and all issues, liabilities, damages or expenses it or its Authorized Users incur as a result of using such third party products or services, including without limitation such Third Party Applications. Customer is not required to purchase third-party products or services, including Third Party Applications, in order to use the Services.

7.2 Third-Party Applications and Customer Data. If Customer installs or enables Third-Party Applications for use with the Services or otherwise, Customer acknowledges and agrees that We may allow providers of those Third-Party Applications to access its Customer Data as required for the interoperation of such Third-Party Applications with the Services. By installing or enabling such Third Party Applications, Customer consents to the fact that We may allow providers of those Third Party Applications to access Customer Data (including personal data, regarding Authorized Users and other individuals that may be contained in such data), and Customer confirms that it has provided any required notices and obtained any consents required to allow such access to the personal data, if any, contained in the Customer Data. We shall not be responsible for any disclosure, modification or deletion of Customer’ Data resulting from any such access by Third-Party Application providers. Customer shall have the ability, through its use of the Services, to restrict such access by restricting Authorized Users from installing or enabling such Third-Party Applications for use with the Services.

7.3 Subcontractors processing personal data. Vendor may enter into any subcontracts for any of the Services contemplated under this Agreement without the consent of the Customer; provided, however, that Vendor shall remain responsible to Customer as fully as if no such subcontract had been entered into by Vendor. All subcontractor relationships will be Data Privacy compliant. A list of subcontractors may be found on the Veriforce Website.

8. DATA SHARING

8.1 Right to Share Data. Supplier may, at its sole and exclusive discretion, share, or authorize any third party or related party to the Supplier to share any data (including Supplier’s Data) in its account with Us or Client. The Supplier acknowledges and agrees that if it shares or authorizes the sharing of Supplier’s Data with a Client, the Client shall also have the authority to provide lawful Processing instructions to Us with respect to such Supplier’s Data, including (without limitation) instructions to amend or delete all or part of the Supplier’s Data. Supplier agrees that Client’s lawful Processing instructions shall prevail.

8.2 Liability for Sharing Data. Customer acknowledges and agrees that it remains at all times solely and exclusively liable and responsible for any and all access, use, disclosure or other Processing of such Customer’s Data, including without limitation with respect to any disclosure of such Personal Data included or contained within the Customer’s Data, with Client, and Customer represents and warrants that it has, and will ensure that all of its Authorized Users have, provided any required notices and obtained any and all consents required under all applicable privacy legislation from any and all individuals with respect to collection, use, disclosure and other Processing of their Personal Data which may be contained within the Customer’s Data. Furthermore, the parties agree that We shall bear no liability or responsibility for any actions or omissions with respect to the Customer’s Data, which are taken by Us pursuant to lawful instructions from any Client(s).

8.3 Recognized Assessment Bodies. The Customer permits Us to share information and data in relation to the Customer with the Recognized Assessment Bodies for the purpose of facilitating and operating the Common Assessment Standard.

9. PROPRIETARY RIGHTS

9.1 Reservation of Rights. Subject to the limited rights expressly granted hereunder, We reserve, retain and own all rights, title and interest in, to and associated with the Services and all improvements and developments, including without limitation all intellectual property rights, whether registered or unregistered.  Customer acknowledges and agrees that neither Customer nor any User has or shall obtain any rights or license hereunder except as expressly set forth or granted herein. All reports, compilations, databases, systems, processes, programs, derivative works and any data manipulation works authored, created, utilized or developed by Us are and shall remain the sole property of Us. For the purposes of this Agreement, “intellectual property rights” shall include patents, trademarks, copyrights, trade secrets, design rights, and any other proprietary rights, whether registered or unregistered, and any application for registration of any of there foregoing, and any right to file any such application, which may subsist anywhere in the world.

All content included in or made available by Us including through any Service – such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, page headers, button icons, scrips, service names and solutions, reports, compilations, databases, systems, processes, programs, Aggregated Data or other data manipulation and storage systems or intellectual property utilized or developed by Us are and shall remain Our sole property. Further, said reports, compilations, databases and other data manipulation and storage systems, as it relates to information stored for or developed for Customer, shall only be accessible to Customer, its employees or a pre-authorized third party during the term of this Agreement.

9.2 Restrictions. You shall not, directly or indirectly, (i) permit any third party to access the Services except as specifically permitted herein, (ii) create derivative works based on the Services, (iii) copy, frame, translate or mirror any part or content of the Services, (iv) reverse engineer, decompile or disassemble the Services or any part thereof, or (v) access the Services in order to (a) build a competitive product or service, or (b) copy any features, functions, code or graphics of the Services.

9.3 Property Rights of Designated Third Parties.  All non-customer owned source documents and data provided to Us by designated third parties at the request of or for the benefit of Customer shall be and remain the property of said third parties (unless the property or data is either in the public domain or otherwise not owned by the third party) and to the extent any agreement is applicable, maintained and used in accordance with any agreement between Us and such third party. Except as provided herein, Customer shall not have the right to access or procure third party data from Us after the termination of this Agreement.

9.4 Customer Access/No Obligation to Produce. It is expressly understood that the Services provided are for Customer’s access to information, documents and data contained in Our electronic tools, accessible through Our user interface on the website, which information may include Customer, Designated third parties, and Our documents and data.  We have no obligation either during or after the Term of this Agreement to print, compile, gather, or otherwise produce documents and data to Customer other than the data and reports available in Our electronic tools and Website or agreed on in an Order Form.

9.5 Data Production Upon Termination of this Agreement. Customer’s access to Our website and the documents and data contained in Our electronic tools and which are accessible through Our website shall cease upon the termination of this Agreement; subject only to the right of Customer to access and secure any documents and data provided by it to Us for a period not to exceed thirty (30) days from the termination of this Agreement.  It is the Customer’s duty and obligation to access and secure copies of the Customer documents and data prior to the termination of this Agreement. We shall retain and archive documents and data provided by Customer, the terms for which shall be set forth in a separate data retention agreement executed between Us and Customer, if required by applicable law or regulation and/or requested by Customer.

9.6 Recording of Phone Calls. Specifically for training and quality assurance purposes, We and/or our telephone provider may record incoming and outgoing calls.  Customer, on behalf of itself and its designated Authorized Users, hereby grants its consent to such recordings without further notice.

9.7 Customer acknowledges and agrees that We may store and/or process some or all information, documents and data obtained, generated and/or provided by Customer or by Customer’s Designated Third Parties or Affiliates otherwise collected in connection with performance of the Services pursuant to this Agreement in third party commercial cloud service providers.

9.8 Unless otherwise specified in the Order Form, Customer acknowledges and agrees that to ensure a comprehensive view of a designated third party compliance and to mitigate risk, the Customer will submit a quarterly designated third party spend report, no later than the 10th business day of each new quarter. A spend list template will be provided to the Customer and spend list reports should be submitted with required fields so that We can conduct a quarterly designated third-party audit and prioritize those designated third parties most critical to client operations. Designated Third Parties identified through this process who have been engaged by the Customer and who are not in the Contractor Management Platform will be promptly engaged to register and complete requirements for the Customer. Results from this audit will be shared with the Customer by the end of the second month in each new calendar quarter.

9.9. Customer agrees and consents to Our use and reference of Customer’s name and logo for the purposes of press releases and inclusion in Our client list (which may be published on Our website, in hard copy materials and/or displayed in Our facilities). Notwithstanding the foregoing, nothing in this provision shall conflict with the confidentiality provisions set forth herein.

9.10 Restrictions. Customer shall not, directly or indirectly, (i) permit any third party to access the Services except as specifically permitted herein or in an Order Form, (ii) create derivative works based on the Services, (iii) copy, frame, translate or mirror any part or content of the Services, (iv) reverse engineer, decompile or disassemble the Services or any part thereof, or (v) access the Services in order to (a) build a competitive product or service, or (b) copy any features, functions, code or graphics of the Services.

9.11 Ownership of Customer’s Data.  As between Veriforce and Customer, except as otherwise provided herein or an Order Form, Customer exclusively owns all rights, title and interest in and to all of Customer’s Data.

9.12 Suggestions. We shall have and Customer hereby grants to Us a permission to use or incorporate into the Services any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including Authorized Users, relating to the operation of the Services.

10. CONFIDENTIALITY

10.1 Definition of Confidential Information. As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Customer Confidential Information shall include Customer Data; Our Confidential Information shall include the Services; and Confidential Information of each party shall include all Order Forms as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known (as evidenced by its written records) to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed (as evidenced by its written records) by the Receiving Party.

10.2 Protection of Confidential Information. Except as otherwise permitted in writing by the Disclosing Party, (i) the Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) the Receiving Party shall limit access to Confidential Information of the Disclosing Party to those of its employees, contractors or agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.

10.3 Authorized Use of Aggregate Data. Notwithstanding anything to the contrary in this Agreement or the End User License Agreement or Acceptable Use Policy, Customer hereby grants Us an irrevocable worldwide right to collect, store, share, use, develop, analyze, commercialize for value and extract anonymized information and data, in a form and manner which does not identify Customer (the “Aggregate Data”). We will not report Aggregate Data so that such information can be identified with the Customer. We agree to employ at least the same degree of care in protecting the Customer’s Confidential Information as it employs in protecting its own confidential information.

10.4 Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior written notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.

11. WARRANTIES, DISCLAIMER AND LIMITATION OF LIABILITY

11.1 Our Warranties. We warrant that the Services shall perform materially in accordance with this Agreement. For any breach of such warranty, Customer’s exclusive remedy shall be to terminate this Agreement and receive the return of Customer’s Data in accordance with Section 13.5. We warrant to maintain adequate insurance coverage throughout the entire term of the Agreement.

11.2 Customer Warranties. Customer represents and warrants to Us that (i) Customer has the legal power to enter into this Agreement and perform all of its obligations contemplated hereunder, (ii) Customer has all necessary rights, consents and/or waivers to share, use, store, disclose, process or otherwise handle any and all Data including without limitation any Personal Data contained within such Data; and (iii) Customer will not transmit to Us any Malicious Code.

11.3 NO ADDITIONAL WARRANTIES BY US. EXCEPT AS OTHERWISE SPECIFICALLY PROVIDED HEREIN THE SERVICES AND ALL INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOLUTIONS) AND OTHER SERVICES INCLUDED WITH THE SERVICES OR OTHERWISE MADE AVAILABLE TO CUSTOMER BY US ARE PROVIDED BY US ON AN “AS IS” AND “AS AVAILABLE” BASIS. CUSTOMER EXPRESSLY AGREES THAT CUSTOMER AND CUSTOMER AUTHORIZED USERS USE OF THE SERVICES IS AT ITS SOLE RISK.

11.4 DISCLAIMER AND LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM ANY AND ALL WARRANTIES AND CONDITIONS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABLE QUALITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTIES ARISING BY STATUTE, OPERATION OF LAW, COURSE OF DEALING, PERFORMANCE OR USAGE OF TRADE. WE DO NOT GUARANTEE THAT THE SERVICES WILL MEET YOUR REQUIREMENTS, THAT THEY WILL PERFORM ERROR-FREE OR UNINTERRUPTED, OR THAT THEY WILL BE AVAILABLE WHEN REQUESTED BY SUPPLIER OR ANY USER. FURTHER, EXCEPT FOR THE EXCLUSIVE REMEDY SPECIFIED IN SECTION 11.1, WE WILL NOT BE LIABLE FOR ANY DAMAGES OR LIABILITY OF ANY KIND ARISING OUT OF OR IN ANYWAY RELATED TO THIS AGREEMENT OR THE USE OF THE SERVICES OR FROM ANY INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOLUTIONS) OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO SUPPLIER THROUGH OR IN CONNECTION WITH THE SERVICES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL AND CONSEQUENTIAL DAMAGES AND OUR TOTAL AGGREGATE LIABILITY FOR ANY SUCH DAMAGES SHALL BE CAPPED AT AN AMOUNT EQUAL TO THE TOTAL AMOUNT OF FEES PAID BY THE CUSTOMER TO US DURING THE 12 MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE LIABILITY CLAIM.

12. INDEMNIFICATION

12.1 Indemnification. Customer agrees to be fully responsible for and to indemnify and hold harmless Us and Our Affiliates and our respective directors, officers, employees, agents and consultants and their respective insurers of and from all liabilities, claims, demands, actions, causes of action, damages, losses, costs and expenses whatsoever (including legal fees on a solicitor and his own client basis) suffered or incurred by any of them, directly or indirectly, arising out of, under or pursuant to:

12.1.1 A breach of any agreement, term or covenant on Customer’s part made or to be observed or performed pursuant to this Agreement, including (without limitation) any breach of Customer’s obligations under applicable privacy legislation;

12.1.2 Any acts or omissions of Customer and/or Authorized Users in carrying out Customer obligations under this Agreement;

12.1.3 Any claim made or brought against Us alleging that Customer Data, or Customer or Authorized Users’ use of the Services in violation of this Agreement, infringes or misappropriate the intellectual property rights of a third party or violates applicable law including (without limitation) and Data Protection Laws; and

12.1.4 Any claim of unauthorized use or infringement of any Authorized Users’ or third party’s privacy or intellectual property rights arising from any use of Data supplied by the Customer.

12.1.5 Mutual waiver of certain specified damages. The Parties, their respective employees, agents, insurers or representatives shall not be liable for any consequential, indirect, incidental, special damages, lost profits, goodwill, or for punitive damages. This paragraph shall survive the termination of this Agreement.

13. TERM AND TERMINATION

13.1 Term of Agreement. This Agreement commences on the date Customer accepts it or is deemed to accept it and shall continue until terminated or not renewed by either Party in accordance with this Agreement. Unless otherwise agreed to by the Parties, in the event We are performing an Order Form at the time such notice of termination, the termination date shall be extended until Vendor completes such Order Form. Notwithstanding anything herein to the contrary, either Party may terminate this Agreement by providing at least sixty (60) days prior written notice to the other Party.

13.2 Term of Purchased User Subscriptions. Customer acknowledges and agrees that each User subscription purchased by Customer commences on the start date specified in the applicable Order Form and continues for the Subscription Term specified therein. Except as otherwise specified, all User subscriptions shall trigger automatic renewal for additional periods equal to the expiring Subscription Term or one year (whichever is shorter), unless either party gives the other written notice of non-renewal at least 30 days before the end of the relevant Subscription Term.

13.3 Termination of Agreement. We reserve the right to immediately terminate this Agreement upon delivering to the Customer written notice in the event that any of the following events occur:

13.3.1 Customer fails to pay to Us and Fees or other amount due under this Agreement, and such default continues for a period of 30 days after written notice thereof has been given to Supplier by Us;

13.3.2 Except as specified in Section 13.3.1, Customer breaches any of the provisions of this Agreement.

13.3.3 Customer makes a general assignment for the benefit of creditors;

13.3.4 Customer institutes any proceedings under any statute or otherwise relating to insolvency or bankruptcy, or should any proceeding under any such statute or otherwise be instituted against Supplier and not be dismissed or vacated within 30 days of the date of commencement of such proceeding;

13.3.5 A custodian, receiver, manager or any other person with like powers is appointed to take charge of all or any part of Customer undertaking, business, property or assets and such person is not discharged within 30 days of the date of such appointment; or

13.3.6 An order is made by a court of competent jurisdiction or articles of dissolution or the like are filled for Customer winding up or liquidation.

13.3.7. Customer fails to pass the CHAS Assessment/Verification in accordance with the Failure Policy at any time during the term of this Agreement.

13.4 Payment upon Termination. Upon any termination of this Agreement, all Fees which are outstanding as at the date of such termination, and all Fees remaining to be paid for the duration of the Subscription Term, shall become immediately due and payable and the Customer shall immediately pay all such unpaid Fees from all Order Forms. In no event shall any termination for cause by Us relieve Customer of the obligation to pay any Fees and/or other amounts payable to Us up to and including the last day of the Subscription Term of all Order Forms.

13.5 Return of Customer Data. Upon request by Customer made within 30 days after the effective date of termination of a Services subscription, We will make available to the Customer for download a file of Supplier Data in comma separated values (.csv) format along with attachment in their native format. After such a 30-day period, We shall have no obligation to maintain or provide any of Customer Data and may thereafter, unless legally or contractually prohibited by obligations signed with Client(s) with access to Supplier Data, delete all of Customer Data in Our systems or otherwise in Our possession or under Our control.

13.6 Consequences of Termination. Immediately upon the effective date of termination of this Agreement, Customer shall (i) stop using the Services and ensure that any and all Authorized Users’ access to the Services is blocked, and (ii) return or destroy, at Our option, any and all intellectual property, assets, Confidential Information, or other documentation which belongs to Us.

14. NOTICES, GOVERNING LAW AND JURISDICTION

14.1 Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after mailing, (iii) the first business day after sending by email. Notices to the Customer shall be addressed to the administrator designated by the Customer for its relevant Services subscription, and in the case of billing-related notices, to the relevant billing contact designated by the Customer.

14.2 Agreement to Governing Law and Jurisdiction.

IF YOU WERE INVOICED BY VERIFORCE LLC

This Agreement shall be governed by and interpreted according to the laws of Texas (without giving effect to the choice of laws provisions thereof),  except to the extent that issues and disputes involving rights to patents, trademarks and copyrights will be governed by applicable federal laws of the United States Each party agrees to submit and consent to the non-exclusive personal jurisdiction and venue of the federal and state courts of Texas located in the County of Dallas. The Parties waive, to the fullest extent permitted by law, any claim, defense or objection such Party may now have or hereafter may have that personal jurisdiction or venue is not proper or is inconvenient to the Party or the witnesses with respect to any such legal action or proceeding.

IF YOU WERE INVOICED BY COMPLYWORKS LTD

This Agreement shall be governed by and interpreted according to the laws of Alberta (without giving effect to the choice of laws provisions thereof) and each party agrees to attorn to the non-exclusive jurisdiction of the courts of Alberta.

IF YOU WERE INVOICED BY COMPLYWORKS AFRICA (PTY) LTD

This Agreement shall be governed by and interpreted according to the laws of South Africa (without giving effect to the choice of laws provisions thereof) and each party agrees to attorn to the non-exclusive jurisdiction of the courts of South Africa

IF YOU WERE INVOICED BY CHAS 2013 LIMITED

This Agreement shall be governed by and interpreted according to the laws of England (without giving effect to the choice of laws provisions thereof) and each party agrees to attorn to the non-exclusive jurisdiction of the English law.

IF YOU WERE INVOICED BY CHAS (AUSTRALIA) PTY LTD

This Agreement shall be governed by and interpreted according to the laws of New South Wales, Australia (without giving effect to the choice of laws provisions thereof) and each party agrees to attorn to the non-exclusive jurisdiction of the courts of New South Wales, Australia.

14.3 Waiver of Jury Trial. Each party to this Agreement hereby waives any rights to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.

14.4 In the event of any dispute, claim, question, or disagreement arising from or relating to this Agreement or the breach thereof, the Parties hereto shall use their best efforts to settle the dispute, claim, question, or disagreement which shall include, at a minimum, a face-to-face meeting between a senior officer of each Party with the authority to resolve or settle any such dispute or claim.  The Parties shall negotiate in good faith and, recognizing their mutual interests, try to reach a just and equitable resolution satisfactory to both Parties to avoid the time and expense of litigation.

14.5 If the Parties do not reach an amicable resolution within a period of sixty (60) days of a Party’s written notice of a dispute or claim, then, upon notice by a Party to the other Party, it is agreed that Parties will opt for arbitration proceeding under a commercially recognized arbitration organization in the relevant jurisdiction with each party to bear their own costs, expenses and attorneys’ fees unless and until otherwise ordered by the arbitrator in its final judgment as the prevailing  party.

15. DATA PROTECTION

15.1 The Parties agree to comply with all applicable Data Protection Laws.

15.2 The Parties agree to comply with all applicable Data Protection Laws.

15.3 Privacy Policy. Customer has reviewed and understands our Privacy Policy, available at https://veriforce.com/privacy-policy, and Customer acknowledges, agrees that Veriforce may Process Personal Data in accordance with such policy and such policy may be amended from time to time.

15.4 Data Retention. The Parties agree that
  15.4.1 upon termination of this Agreement Supplier Data will be retained by Veriforce in accordance with its Retention Policy.
  15.4.2 Customer may request the deletion of all data retained by Veriforce at any time, on written request.

15.5 Without prejudice to clause 15.2, for the purposes of the Data Protection Legislation, when Customer is a Data Controller and Veriforce is a Data Processor Schedule A (available at legalcompliance@veriforce.com) applies and Schedule B (available at legalcompliance@veriforce.com) does not apply. This clause will apply when the Data Protection Laws of the (EU), European Economic Area (EEA), United Kingdom (UK), Canada, Australia or the CCPA apply to this Agreement.

16. SECURITY

16.1  Data Security. We will maintain the following minimum security measures: (a) appropriate technical, physical, administrative and organizational controls designed to maintain the confidentiality, security and integrity of Customer’s confidential information, including Customer Data, (b) systems and procedures for detecting, preventing and responding to attacks, intrusions, and system failures, and regular testing and monitoring of the effectiveness of such systems and procedures, including, without limitation, through vulnerability scans and penetration testing, (c) a team of employees dedicated to implementation and maintenance of security controls (security@veriforce.com), and (d) annual assessment of risks that could result in unauthorized disclosure, misuse, alteration, destruction or other compromise of Customer’s Confidential Information, including Customer Data, and of the sufficiency of systems and procedures in place to mitigate those risks.

16.2 Suspension and Termination. We may, in its sole discretion and without provision of notice to You, at any time and from time to time, disable, suspend, or terminate Your account or access to the Services, for any reason, including any contravention of these Terms of Service or End User License Agreement.

16.3 Protection and Security. During the term of the Contractual Agreement, We shall maintain a formal security program, which may be updated by Us from time to time. You understand that You have an independent duty to comply with any and all Laws applicable to You, including, without limitation, in respect of the Customer Data.

16.4 Unauthorized Disclosure. If either party believes that there has been an unauthorized disclosure of Customer Data to any third party, then, where required by applicable Law, such party must promptly notify the other party.

16.5 Incident Reporting. In the event of a security incident, We will promptly take whatever corrective actions are reasonably necessary to correct and/or mitigate such incident and notify the Customer in writing within reasonable time.

17. GENERAL PROVISIONS

17.1 Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, or fiduciary or employment relationship between the parties.

17.2 No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

17.3 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

17.4 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

17.5 Collection Fees. Customer shall pay on demand all of Our reasonable fees and other costs incurred by Us to collect any fees or charges due Us under this Agreement.

17.6 Assignment. Customer may not assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without Our prior written consent (which consent may be arbitrarily withheld). Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective heirs, personal representatives, successors and permitted assigns.

17.7 Excuses for Nonperformance.  Our obligation to perform Services hereunder shall be excused without liability when prevented by strike, act of God, governmental action, accident or any other condition beyond Our reasonable control.  We agree to resume performance of Services as soon as practicable following cessation of such condition.

17.8 Disputes; Attorney’s Fees and Costs.  Should an attorney be engaged by either Party, or legal proceedings be instituted, to enforce performance of any of the terms, agreements, or conditions contained in this Agreement, the prevailing Party shall be entitled to recover the reasonable attorney’s fees, expert fees and costs it incurred in such arbitration proceeding.

17.9 Entire Agreement. This Agreement, including the Data Processing Addendum (if applicable, available via legalcompliance@veriforce.com) and all schedules and appendices hereto and all Order Forms, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Except as otherwise specified in this Agreement, no modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and either signed or accepted electronically by the party against whom the modification, amendment or waiver is to be asserted. However, to the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum hereto or any Order Form, the terms of such exhibit, addendum or Order Form shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in Customer purchase order or other order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.