END USER TERMS AND CONDITIONS Unless otherwise stated, these end user terms and conditions (“Terms”) apply if they are referred to in the agreement between Dawiso s.r.o., a company incorporated under the laws of the Czech Republic, with registered office at Varšavská 715/36, Vinohrady, 120 00 Prague 2, Czech Republic, ID number: 08075972, registered in commercial register kept by Municipal court in Prague under file No. C 312599 (“Dawiso”) and another company or public entity (“Customer”). Customer acknowledges and agrees that when the Customer purchases Dawiso products from an entity different from Dawiso, which resells Dawiso products to the Customer with the permission of Dawiso (“Reseller”), they buy the right to access the product from the Reseller, but by agreeing to these Terms, they also enter into a binding agreement between Dawiso as the product manufacturer and the Customer (“Agreement”) which is governed by these Terms. By entering into the Agreement, the Customer confirms that it read and agrees with the Terms. 1. DEFINITIONS, LIST OF DOCUMENTS AND CONTACTS 1.1. "Services" means the Dawiso SaaS solution, including any modules and functionality packages selected in the Agreement, provided as software-as-a-service, whereby Customer is granted access to use the software's functionalities via the internet, with the software hosted on third party infrastructure provider. 1.2. “Customer Data” means any data, instructions, materials, and other content that is provided by the Customer to Dawiso, or that Dawiso receives through Customer's use of the Services, excluding any Dawiso's intellectual property and Third-Party Materials. 1.3. “Third-Party Materials” are materials, documents, data, products, services, or software that are not created by Dawiso, including open-source software. Third-party materials include for example ChatGPT and API calls from Open AI. 1.4. Customer hereby confirms that it received access to following documents available at the https://help.dawiso.com, read and agrees with their content: • Technical Documentation (Technical Documentation) o public link: https://help.dawiso.com/dashboard/cust_help_home_help_home • User documentation, including technical parameters for use list of components and their license terms with public links: o summary: https://help.dawiso.com/license/license_summary.txt o detail: https://help.dawiso.com/license/license_full.txt • Help Desk: https://www.dawiso.com/support • e-mail address for reporting of technical issues: helpdesk@dawiso.com 1.5. Dawiso can update the aforesaid documents or their URL address time to time, in such case it will inform the Customer by e-mail of such update. The parties do not consider change of the contents or URL address as a change of the Agreement. 2. TECHNICAL REQUIREMENTS 2.1. Customer shall ensure that the devices from which the Services will be accessed, and the Customer's Internet connection meet the current system requirements specified in the technical documentation available under the link in section 1.4 and in Annex 2 hereto. Customer is aware that system requirements may change as a result of the Services updates. Dawiso does not bear any responsibility for defects or errors that arise from non-compliance with current system requirements. 2.2. Dawiso will perform backups of Customer Data according to the schedule specified in the Technical Documentation. Dawiso's sole liability for any loss or damage to Customer Data shall be limited to using commercially reasonable efforts to restore the lost or damaged Customer Data from the most recent backup. Dawiso shall not be liable for any loss or damage to Customer Data that occurs between backups. 3. USE OF THE SERVICES 3.1. Subject and conditioned on Customer‘s compliance with the Agreement, the Customer obtains a non-exclusive, non-transferable right to use the agreed Services modules and functionality packages, solely for use in accordance with the Agreement. Customer and its affiliated companies may use the Services only for their internal business operations through authorized employees and members of the company's bodies. Customer shall not use the Services to compete with Dawiso, develop similar or competing products or services, or otherwise actny in a manner that could harm Dawiso's business interests. 3.2. The right to use is provided for the agreed period. The right to use is quantitatively limited by the number of each type of user accounts which is specified in the Agreement. Each user account can be used by only one person; the actual number of users may not exceed the quantitative limit. 3.3. If the Customer wishes to reduce the number of user accounts or limit the number of selected modules or functionality packages, it must submit a written request no later than 1 month before automatic renewal of the Agreement. Any such reduction will take effect only upon renewal and may result in price adjustments based on Dawiso's then-current pricing for the reduced quantity of user accounts and scope of services. Outside of this period, reductions require Dawiso's written consent. 3.4. Customer may not disclose access data or allow access to the Services to third parties, with the exception of its affiliated companies, provided that it notifies the Dawiso of the identification data of the affiliate, and only within the agreed quantitative limits. Customer shall ensure that all its users (employees, members of the company’s bodies) and affiliates are familiar with the Terms and other obligations of the Agreement that could be breached by users before they start using the Services. 3.5. Customer is responsible for any breach of the Agreement caused by a person to whom it has made the Services available. Customer shall not in particular, but not exclusively: a) make the Services available to anyone other than an authorized user, b) rent, sublicense, re-sell, assign, distribute, time share, or similarly exploit the Services, c) reverse engineer, copy, modify, adapt, or hack the Services, d) upload, transmit, or otherwise provide to or through the Services, any information or materials that are unlawful or contain or activate any harmful code (software, hardware, or other technology, including malware, the purpose or effect of which is to permit unauthorized access to, disrupt or otherwise harm any computer, software, hardware, or network; or prevent any other Customer or Authorized User from accessing or using the Services 3.6. No source codes to the software will be made available to the Customer. Nothing in the Agreement grants any license or other right to any intellectual property rights in or relating to the Services, or third-party materials. All rights to the Services and the third-party materials are and will remain with Dawiso and the respective rights holders. Customer does not acquire any rights except as expressly set forth in Section 3 herein or in the applicable third-party license terms. 3.7. Dawiso is entitled to monitor and control the number of users who log in to the Services. 3.8. Services are offered to users who: (i) are not a target of any sanction’s regime, do not reside in, nor will access the Services from, a country or territory that is subject to comprehensive sanctions, and iii) are not owned or controlled by, or acting on behalf of, any person subject to such sanctions or prohibitions from which such access is prohibited under any applicable sanction’s regime or export control laws. By using the Services, the Customer represents that it meets all of the foregoing requirements. If the Customer does not meet these requirements, it must not access or use the Services. Dawiso reserves the right to limit the availability of the Services to any person, entity, geographic area, or jurisdiction at any time. 4. OTHER RIGHTS AND DUTIES OF THE PARTIES 4.1. The parties shall assist each other with the maximum co-operation necessary for the performance of the Agreement, according to the Dawiso's instructions. 4.2. Customer is responsible for ensuring that its users of the Services: a) keep access data to user accounts to the Services confidential and protect them from disclosure, publication and / or misuse by third parties, b) report without delay the loss of access data or the suspicion of theft or misuse. In such a case, the Customer is obliged, at its own risk, to immediately inform the Dawiso and take appropriate action (e.g. ask the Dawiso to block the login data). Customer is responsible for any damage caused by a breach of this obligation. 4.3. Customer is solely responsible for legality of processing of Customer data. In particular, the Customer is responsible for ensuring that the Customer is entitled to provide Dawiso with all Customer data and that Dawiso’s use and processing of Customer data in accordance with the Agreement does not infringe any third-party rights, in particular intellectual property rights or privacy rights or obligations under any law or regulation. 5. WARRANTY AND DEFECTS 5.1. Dawiso represents and warrants that the use of the Services by the Customer in accordance with the Agreement will not breach third party intellectual property rights. Dawiso shall indemnify the Customer from and against third-party claims which arise out of breach of the foregoing warranty. The foregoing obligation does not apply if the alleged infringement arises from: (a) third-party materials or Customer data, (b) access to or use of the Services in combination with any hardware, system, software, network, or other materials or service not provided by the Dawiso or permitted in the documentation, or (c) modification of the Services other than by or on behalf of the Dawiso. 5.2. Except for the express warranty set forth in section 5.1, all Services are provided “as are” and “as available”. Dawiso disclaims all implied warranties of merchantability and fitness for a particular purpose. Dawiso makes no warranty of any kind that the services, or any products or results of the use thereof, will meet user’s or any other person’s requirements, achieve any intended result, be compatible or work with any software. Dawiso makes no warranty that the Services will be available or operate without interruption. All third-party materials are provided “as is” and any representation or warranty of or concerning any third-party materials is strictly between the user and the third-party owner or distributor of the third-party materials. Customer acknowledges that given the nature of SaaS services, Customer hereby expressly waives all rights and remedies related to defective performance under the Civil Code or any other applicable law, except as explicitly set forth in this Agreement. 5.3. Dawiso is not liable for any indirect damage, especially lost profits, special or incidental damage that the Customer incurred in connection with the use of the Services, even if the Customer notifies the Dawiso in advance that the damage could occur. Dawiso is not liable for non-material damage incurred by the Customer. Should Dawiso still be obliged to pay any compensation to the Customer, this obligation is limited to the lesser of: (i) the total amount paid by Customer to Dawiso for the Services in the 12 months preceding the incident giving rise to the claim, or (ii) USD 1000. 5.4. Customer shall indemnify the Dawiso from and against any and all loss, damage, penalty, or expenses, including reasonable attorneys’ fees resulting from any action by a third party that arise out of or result from, or are alleged to arise out of or result from Customer data, including any processing of it by or on behalf of Dawiso in accordance with the Agreement. 6. DUTY OF CONFIDENTIALITY, PERSONAL DATA 6.1. Confidential information is non-public information of a commercial or technical nature, including trade secrets, and other non-public information that the average person would consider to be confidential in view of its content or the manner in which it was disclosed. Confidential information is in particular: access details to user accounts, software outputs, technical documentation, information on price lists, clients, business partners, employees, business plans, etc. 6.2. For the purposes of this article, a party that has received confidential information shall be referred to as the "receiving party" and the party providing its confidential information shall be referred to as the "disclosing party". 6.3. The receiving party shall preserve the confidentiality of any confidential information. The receiving party is entitled to use the confidential information only in accordance with the Agreement and these terms and solely for the purpose of the parties' cooperation in providing the Services and other deliverables. 6.4. Restrictions on the use and disclosure of confidential information shall not apply to information which, without breach of confidentiality: (a) is already known to the receiving party, (b) is or becomes public knowledge, (c) is received or subsequently received by the receiving party from a third party; or (d) the receiving party has identified itself without the use of confidential information. The receiving party shall bear the burden of proof regarding any exceptions to the definition of confidential information. 6.5. The receiving party shall take reasonable care to protect confidential information from any loss or unauthorized disclosure. 6.6. The receiving party is entitled to disclose confidential information to a third party if this obligation is imposed on it by law or by the competent public authority and provided that it notifies the disclosing party immediately in writing to the maximum allowed extent. 6.7. The receiving party shall be entitled to disclose confidential information: (a) if the disclosing party has agreed in writing to its disclosure and only to an appropriate extent; or (b) executives, members of the statutory body, employees, related parties, agents or contractors, who: (i) need to know the information in order to perform the Agreement, (ii) have been informed of the obligation of confidentiality under this article and (iii) undertake to observe confidentiality to the same extent. 6.8. The terms of personal data processing are described in Annex 1 hereto. 7. TERMINATION 7.1. Dawiso may, in its sole discretion and without liability to Customer, suspend, terminate, or otherwise deny Customer‘s, or any other person’s access to or use of all or any part of the Services, effective immediately, if: a) Dawiso receives a judicial or governmental request or order that requires Dawiso to do so, or if Dawiso becomes aware that a governmental authority or other authority with legal authority has enacted a new, or modified an existing, law, rule, regulation, interpretation, or decision that would make its performance of any part of the Agreement unlawful or otherwise illegal, or b) the Customer has failed to comply with the Agreement or used the Services beyond the scope of rights granted or for a purpose not authorized under the Agreement; or that the Customer has been or is likely to be involved in fraudulent or unlawful activities. c) the Customer breaches the limits imposed by technical parameters set in technical documentation available under the link in section 1.4. or Annex 2, although the Dawiso has previously notified the Customer thereof and granted 5 day period to rectify the excessive use of the Services. 7.2. Termination of the Agreement for any reason does not affect the rights and obligations arising from the following articles: 5.3 (limitation of liability), 5.4 (indemnity), 7 (termination). 8. COMMUNICATION OF THE PARTIES 8.1. The parties communicate in English or Czech through its contact persons. Communication in another language is not taken into account. 8.2. The requirement of written form is deemed to be met if the electronic text with a simple electronic signature is delivered to the e-mail address of the contact person of the other party, or by other electronic means agreed by the parties during the term of the Agreement. 8.3. The electronic message is considered delivered on the day following the day on which the electronic message was sent. 9. FINAL PROVISIONS 9.1. The Agreement and all legal relations arising from it or related to it are governed by the law of the Czech Republic with the exclusion of rules on conflict of law. 9.2. Any dispute between them shall be settled amicably. If the parties fail to reach an amicable resolution to the dispute, any such dispute arising from the terms and Agreement and/or in connection with it shall be finally decided with the Arbitration Court attached to the Czech Chamber of Commerce and the Agricultural Chamber of the Czech Republic by one arbitrator appointed by the President of the Arbitration Court. The language of the proceedings shall be English. In case the dispute would not fall within the competence of the aforesaid arbitration court, it shall be decided by courts of the Czech Republic. All matter related with the proceedings will be considered as confidential. The costs of proceedings, including remuneration for the arbitrators, shall be borne by the unsuccessful party. 9.3. The parties exclude use of common business practices (“business usage”). The Agreement replaces all previous written or oral Agreements of the parties made before its conclusion. 9.4. The parties assume the risk of a change of circumstances, which means that even if there is a material change of circumstances that would disadvantage one of the parties, the parties will still be bound by their obligations without a change, as originally concluded. 9.5. Dawiso may place the Customer's business name, logo, trademark, or any other trade name on its website in the references section and use it as a reference in its offers, and on social media, as well as use it in project case studies created by the Dawiso for individual projects. Such use will be in accordance with the Customer's provided logo / trademark usage requirements. 9.6. The parties consider unpredictable circumstances that cannot be adequately controlled as a case of force majeure, e.g. disasters, embargoes, strikes (including planned strikes), war and epidemics. In the event of force majeure preventing one of the parties from fulfilling its obligations under the Agreement, such party shall notify the other party without undue delay, stating the period during which their obligations cannot be fulfilled. Failure to perform the obligation due to force majeure does not constitute a material breach of Agreement. 9.7. If any provision of the Agreement is or becomes invalid, null, void, or unenforceable, the other parts of the Agreement are not affected. The parties agree to replace these provisions with valid, effective, and enforceable provisions, which are not null and void, of the same commercial and legal significance within 14 (fourteen) days from the delivery of the written request of the other party. 9.8. An integral part of these Terms is Annex 1: Data processing terms, and Annex 2: Technical documentation.  Annex 1: DATA PROCESSING TERMS 1. INTRODUCTORY PROVISIONS 1.1 Based on the Agreement, Dawiso may process Customer’s personal data. Dawiso acts as a processor of personal data and the Customer acts as personal data controller in the processing of personal data. 1.2 Dawiso may also process personal data as personal data controller. Privacy policy in which the Dawiso describes how it processes personal data as personal data controller are available here: https://www.dawiso.com/privacy-policy. 1.3 The processing of personal data is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”). 2. NATURE AND PURPOSE OF PERSONAL DATA PROCESSING 2.1 Dawiso will only process personal data in accordance with the GDPR and other applicable law and for the following purposes: a) provision of the services to the Customer; b) provision of the access to or use of the services to the Customer's employees and other users that gain access by the Customer; c) fulfilment of legal obligations towards the Customer; 2.2 Dawiso may use the processed contact data of the data subjects for its own purposes, but only for the purpose of sending commercial communications and only under consent of data subject according to the privacy policy stipulated in the Article 1.2. of this Annex 1. 2.3 For the purposes mentioned above, Dawiso will process personal data in electronic form, whereby the subject of the processing will be the storage of personal data for the purpose of the provision of the Services to the Customer and other purposes that are in accordance with concluded Agreement. 3. DURATION OF PROCESSING OF PERSONAL DATA 3.1 Dawiso will process the personal data for the duration of the Agreement or for the time necessary for the provision of the services. Upon termination of the provision of the services, Dawiso will either delete or return all the personal data within the period agreed between the Customer and Dawiso upon termination of the provision of the services. If the parties do not agree even within 30 (thirty) days after the termination of the provision of services, Dawiso will delete all personal data processed, except where retention is required by applicable law or for legitimate business purposes in accordance with data protection regulations. 4. TYPES OF PERSONAL DATA 4.1 The subject of processing under this Annex 1 will be the following personal data: a) identification data (name and surname); b) contact data (e-mail address); c) information about activity of the data subject within the Services; d) other information uploaded by the data subject or the Customer to the services during usage of the services. 5. CATEGORIES OF DATA SUBJECTS 5.1 Personal data will relate to the following categories of data subjects: a) the Customer's employees; b) other persons to which the Customer will set up a user account; 6. RIGHTS AND OBLIGATIONS OF THE PARTIES 6.1 Dawiso declares and undertakes that: a) Dawiso will process personal data only on the basis of the Customer's instructions and only in accordance with this Annex 1, Agreement, the services provided or on the basis of other written instructions from the Customer; b) if Dawiso becomes aware of a breach or threatened breach of security of personal data, accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access to processed personal data, Dawiso shall immediately, but no later than within 72 (seventy two) hours, inform the Customer in writing and describe the resulting or threatened security risk, while informing the customer of appropriate measures to prevent or minimize the breach of security of the services and takes all necessary measures to minimize the damage; c) personal data will be secured in accordance with Article 7 of these Terms of personal data processing for processing personal data; d) Dawiso will assist the customer in implementing and maintaining appropriate technical and organizational measures to secure personal data, in reporting personal data breaches to the supervisory authority or data subject, in conducting data protection impact assessments and in prior consultations with the supervisory authority; e) Dawiso will provide the Customer, through appropriate technical and organizational measures, with assistance, no later than within 14 (fourteen) days of the customer's request, to comply with the Customer's obligation to respond to requests for the exercise of data subjects' rights; f) Dawiso will provide the Customer, at the Customer's request, without delay, but no later than within 14 (fourteen) days, with all the cooperation necessary to prove that the personal data are organizationally and technically secured and will provide all the cooperation in cases where an inspection by a supervisory authority is initiated. 6.2 If Dawiso receives any request from the data subject in relation to the personal data during the processing of personal data, Dawiso will inform the data subject to contact the Customer directly with the request. Customer is responsible for dealing with such request. Dawiso undertakes to provide the Customer with all the assistance necessary for the processing of the data subjects' rights. 6.3 Customer agrees that Dawiso may involve other processors in the processing of personal data. If Dawiso engages another processor, Dawiso will use commercially reasonable efforts to ensure that such processor complies with data protection obligations substantially similar to those set out in these Terms of personal data processing. 6.4 Customer agrees that Dawiso will involve the following additional processors in the processing of personal data: a) Dawiso’s employees who cooperate with Dawiso on the basis of a cooperation contract or other agreement; b) the company Microsoft Corporation, which provides the Azure cloud storage to Dawiso; c) the company HubSpot, Inc., which provides the ticketing system for the Services; d) the company Open AI, LLC, which is involved in the processing of personal data as an additional processor only if the customer uses a tool or a function provided by this company within the Services. Therefore, there is no automatic transfer of personal data to this company and the involvement of this additional processor is only at the customer's will. The customer or data subject will be informed in advance that they are going to use a tool or a function that is provided by this company. 6.5 If Dawiso should involve other processors not listed in this Annex 1, Dawiso will inform the customer in advance and gives the customer the opportunity to object to such involvement. If the customer does not object even within 14 (fourteen) days of the notification of the involvement of the other processor, the Dawiso will involve the additional processor in the processing of the personal data. In the event that the customer objects, Dawiso will evaluate the objection and, if Dawiso finds it to be reasonable, Dawiso will not involve the other processor, in which case Dawiso may terminate the services. 6.6 Dawiso is obliged to enable the Customer, or a person authorized by the customer to check (including audit or inspection) compliance with this Annex 1, in particular the obligations for processing personal data arising therefrom and shall contribute to such checks as reasonably instructed by the Customer or the person checking. Customer is obliged to send any request for an audit exclusively to Dawiso's e-mail address stipulated in section 1.4. of the Terms. Upon receipt of a request for an audit, Dawiso shall agree in advance on: (a) the possible date of the audit, security measures and how to ensure compliance with confidentiality obligations during the audit; and (b) the expected start and duration of the audit. In the event that no agreement is reached even within 30 days from the date of dispatch of the request, Dawiso shall have the right to determine reasonable terms for the audit, including timing, scope, and security requirements, taking into account its operational needs and confidentiality obligations. 6.7 Dawiso may object in writing to any auditor appointed by the customer if, in Dawiso's opinion, the auditor is not sufficiently qualified, is not independent, is in a competitive position with Dawiso or is otherwise manifestly unsuitable. Upon objection, the Customer is obliged to appoint another auditor or to carry out the audit itself. 6.8 Customer is responsible for the fulfilment of all obligations in relation to the processing of personal data, in particular for properly informing data subjects about the processing of personal data, obtaining consent to the processing of personal data, if necessary, handling requests from data subjects concerning the exercise of their rights (such as the right to information, access, rectification, erasure, restriction of processing, objection, etc.). 7. SECURITY OF PERSONAL DATA 7.1 Dawiso has adopted the measures listed below and undertakes to maintain them to ensure the security of the processing of personal data throughout the processing: a) pseudonymization and encryption of personal data; b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services – the measures in place and their correct functioning will be regularly reviewed; c) the ability to restore the availability of and access to personal data in a timely manner and in the event of physical or technical incidents; d) a process for regularly testing, assessing, and evaluating the effectiveness of the technical and organizational measures in place to ensure processing security. 8. OTHER ARRANGEMENTS 8.1 Dawiso is entitled to charge the Customer for all costs and expenses (including reasonable administrative fees) incurred in connection with the processing of any request and the performance of any obligation under this Annex 1, with such charges to be paid within 30 days of invoice. Dawiso is not liable for any damage, including lost profits, indirect, special, consequential or incidental damages caused to the customer in connection with the performance of obligations under this Annex 1, in particular such damage that is independent of Dawiso's will or that is caused by the customer's actions as a controller or processor of personal data. This limitation applies regardless of whether such damages were foreseeable and whether Dawiso has been advised of the possibility of such damages. The liability limitation agreed in section 5.3 of the Terms shall apply to Dawiso’s obligation to pay damages under this Annex 1.  Annex 2: Technical Documentation to DAWISO Services This annex identifies minimal technical documentation of Dawiso platform as SaaS. Minimum technical requirements, and technical parameters are specified in the following subsections. Detailed and actual Dawiso documentation is available on the documentation portal (see links in the Terms chapter 1.4). 1. Minimal Technical Specification For Use Of Dawiso Supported browsers for Dawiso cloud products are the following Desktop browsers: Internet browser Version Microsoft Edge (Windows and Mac) Latest stable version supported Google Chrome (Windows and Mac) Latest stable version supported A minimum screen resolution of 1024x768 is needed to render all web elements correctly. For Dawiso scanners (Dawiso Integration Runtime / DIR) deployed in the Customer's infrastructure, the supported deployment is described in the Dawiso Documentation Portal. 2. Technical Parameters For Use Of Dawiso SaaS Customer shall use the Services in line with technical parameters related laid down herein. The technical parameters indicate that the Services is used in the course of normal expectable operations that correspond to the price set on the use of Services, and that no kind of undue or extreme use occurs. The infrastructure used for running the Services is scaled according to the number of the contributor user accounts that were paid on the basis of the Agreement and Terms. The following technical parameters and rules shall not be exceeded by the Customer: a) the number of users that can use the Services simultaneously at the same time shall not exceed the number of paid contributor user accounts, b) total number of metadata objects (given that 1 object has in average 15 attributes) does not exceed 5 million objects or does not exceed the number of paid contributor user accounts multiplied by 10 000, c) the total volume of data taken by historical versions of all objects will not exceed 10 % of the volume of data taken by current versions, d) Total volume of the stored data (which involves all administered objects in all current and historical versions including related data such as attachments, operational metadata of the Customer’s instance of the software, logs) in bytes will not exceed number of paid contributor user accounts multiplied by 100 000. If any of the limits within parameters is exceeded, the Dawiso can request specific arrangements of the parameters that result in an increase in the price of the provision of Services or can notify the Customer that it should refrain from such behavior within 5 days. If the Customer does not agree to the increase of price and/or does not rectify the violation within 5 days, the Dawiso may, in its sole discretion, (i) suspend or throttle the Services, (ii) impose additional usage charges at its then-current rates, and/or (iii) withdraw from the Agreement as such behavior establishes a material breach of the Terms.