WHOZ - MASTER SERVICES AGREEMENT

revision of 10-Jan-2025

1. CONTRACT STRUCTURE AND ORDER-OF-PRECEDENCE 2
2. DEFINITIONS 2
3. ACCESS TO AND USE OF THE SERVICES 4
4. CLIENT RESPONSABILITIES 4
5. OWNERSHIP OF SERVICES AND CLIENT DATA 5
6. DATA PROTECTION, DATA PROCESSING AND STORAGE 6
7. SECURITY 7
8. PROFESSIONAL SERVICES 7
9. TERM & TERMINATION 8
10. PRICE, PAYMENT, INVOICING AND TAXES 8
11. WARRANTIES AND DISCLAIMERS 10
12. REVERSIBILITY AND FATE OF THE CLIENT DATA 10
13. INTELLECTUAL PROPERTY RIGHTS 11
14. LIMITATION OF LIABILITY 12
15. INSURANCE 12
16. AUDIT AND INVESTIGATION 12
17. CONFIDENTIALITY 13
18. CORPORATE RESPONSABILITY 13
19. EXPORT CONTROL AND SANCTION LAWS 14
20. GOVERNING LAW AND JURISDICTION 14
21. GENERAL 15
APPENDIX 1. SERVICE-LEVEL AGREEMENT 17
APPENDIX 2. DATA PROTECTION AGREEMENT 21
WHEREAS
Whoz develops and markets application services accessible online in the area of resume management, human
resources management, business management, project portfolio management and business reporting. These
services, available in a Software-as-a-Service mode, are designed to satisfy exclusively the needs of businesses.
Client wishes to acquire new information technology solutions and to use such services offered by Whoz in
connection with its business operations.
THE FOLLOWING IS THEREFORE NOW PROVIDED AND AGREED:
1. CONTRACT STRUCTURE AND ORDER-OF-PRECEDENCE
1.1. Capitalized terms used in this Article 1 shall have the meanings set forth in Section 2.1 below.
1.2. This MSA is entered by and between (i) Whoz acting in its name and on its own behalf and (ii) Client acting for its
own benefit and the benefit of its Affiliates pursuant to the signature of any Order Form that references this MSA,
with which it constitutes the Agreement, as of the Effective Date set forth in said Order Form. The Agreement
governs Client’s access to and use of Whoz’s Services in consideration of the payment of Fees.
1.3. In the event of any conflicts between the terms of this Agreement, the following order-of-precedence for conflict
resolution shall apply: (1) this MSA, (2) the Appendices of this MSA in their order of appearance, (3) the Order
Form(s) unless this(ese) Order Form(s) expressly override(s) a provision of higher ranked documents in section
“5. additional contractual conditions”, (4) the Appendices of the Order Form(s), and (5) the Documentation. In the
event of an update of contractual documents, the latest version validated by the Parties will prevail over its
previous version. If Client uses the SaaS Services in connection with its own systems, networks and software,
such use may be subject to Client’s agreement with third-parties and third-party terms and conditions, which costs
are incurred by Client.
2. DEFINITIONS
2.1. Capitalized terms. Capitalized terms used herein and not otherwise defined herein shall have the meanings set
forth below:
1) “Affiliate” shall mean any entity, whether incorporated or not, that is, at the Effective Date, controlled by or is
controlling a Party within the meaning of article L. 233-3 of the French Commercial Code.
2) “Acceptable Use Policy” shall mean Whoz’s standard acceptable use policy, currently available at
https://www.whoz.com/l/acceptable-use.
3) “Agreement” shall mean the agreement relating to the Services and including this MSA, any applicable
Order Form and their respective Appendices, and the Documentation, to the exclusion of any other
documents.
4) “Agreement Term” shall mean the time period(s) during which the MSA is valid and applicable to any Order
Form.
5) “Appendices” shall mean the attachments to the MSA and/or Order Form. The Appendices may contain
additional provisions applicable to the Services subject to the provisions of Section 1.3 of this MSA.
6) “Applicable Data Protection Legislation” shall mean any data protection regulation that may apply in the
European union in the context of the Agreement and in particular (i) the European Regulation n° 2016/679 of
27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the
free movement of such data, and repealing Directive 95/46/EC (“GDPR”) as of its date of application, and (ii)
any laws and regulations implementing it.
7) “Base Quantity” shall mean the usage allotments and limitations for each Module identified on the Order
Form(s) after which Excess Fees may apply.
8) “Billing Contact” shall mean the Client single point of contact, identified as such in section 4 of the Order
Forms, for matters related to invoicing, billing, and payment.
9) “Business Day” shall mean any day from Monday through Friday other than a bank or public holiday in
France.
10) “Business Hours” shall mean between 09:00 and 17:00 CET on a Business Day.
11) “Client” shall mean the legal entity identified on the Order Form(s) executed with Whoz, referencing this
MSA, and which places orders for itself and its Affiliates under said Order Form(s).
12) “Client Data” shall mean any data, information, or material not proprietary of Whoz including Client Personal
Data and provided or submitted by Client as part of its use of the Services.
13) “Client Personal Data” shall mean any Personal Data (including those related to the Client’s employees
and/or customers and/or suppliers) provided or made available to Whoz by Client or on its behalf, or
gathered by Whoz from Client, its agents, employees, service providers, suppliers or customers, and all data
generated, created, or compiled on the basis of such data or by using them.
14) “Confidential Information” shall mean any information disclosed (whether before or after the Effective Date
and whether in writing, verbally or by any other means and whether directly or indirectly) by a Party or its
Affiliates or by any person acting on their behalf (the “Disclosing Party”) to the other Party or its Affiliates or
to any person acting their behalf (the “Receiving Party”), including any information relating to the existence
or the terms of this Agreement or the Disclosing Party's services, technologies, operations, processes, plans
or intentions, services information, technologies information, financial information, know-how, design rights,
trade secrets, market opportunities and business affairs, and any data, materials or information that is
uploaded on or submitted to Whoz’s SaaS Services. Client Data shall be considered Confidential Information
under this Agreement regardless of whether or not it is designated as confidential.
15) “Consultant” shall mean any person with a high level of specific skills, provided by Whoz, its Affiliates, or its
or their respective permitted subcontractors to carry out Professional Services.
16) “Contract Manager” shall mean the Client personnel identified as such in section 4 of the Order Forms, fully
empowered by Client to administer the SaaS Services under Client’s exclusive responsibility.
17) “Data Controller” shall mean the natural or legal person, public authority, agency, or other body which
determines the purposes and means of the processing of Personal Data.
18) “Data Processor” shall mean the entity acting on behalf of the Data Controller.
19) “Data Subject” shall mean an identified or identifiable natural person. An identifiable natural person is one
who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural person.
20) “Documentation” shall mean the technical, functional, and commercial description of the Services available
at the following location: https://www.whoz.com/l/legal-documentation. The Documentation can be amended
by Whoz from time to time.
21) “Effective Date” shall mean the date indicated on the Order Form which determinates the beginning of the
provision of Services ordered pursuant to the Agreement.
22) “Fees” shall mean all fees and charges pursuant to this MSA and to each mutually executed Order Form.
The Fees include the “Recurring Fees” for the SaaS Services, the “Professional Fees” for the Professional
Services and the “Excess Fees” for any over usage of the SaaS Services beyond the cover of the Recurring
Fees (the Recurring Fees and the Excess Fees being, together, the “SaaS Fees”). The Recurring Fees and
the Professional Fees are indicated in each Order Form.
23) “Force Majeure Event” shall mean any unforeseeable, external, and irresistible event as defined in
article 1218 of the French Civil Code and interpreted by French courts which makes it impossible for a Party
to perform its obligations under this Agreement.
24) “Module” shall mean any subdivisions of the SaaS Services covering a cohesive functional scope by
providing one or more related features and ordered by Client in an Order Form. The Modules may include
standard editions of the SaaS Services, optional add-ons, additional metrics such as the maximum number
of API calls, or environments such as Sandboxes, standard interfaces with third-party content, software,
network, or systems, etc. The complete description of the Modules is detailed in the Documentation.
25) “MSA” shall mean this Master Services Agreement.
26) “Order Form” shall mean the purchase order prepared by Whoz detailing the Services ordered subject to
this MSA, along with any Appendices if necessary to further describe the Services.
27) “Parties” shall mean Whoz and Client together, each one individually a “Party”.
28) “Personal Data” shall mean any information relating to Data Subject.
29) “Personal Data Breach” shall mean any breach of security leading to the accidental or unlawful destruction,
loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise
processed.
30) “Professional Services” shall mean consulting, expertise, training, and support services provided by
Consultant(s) to assist Client in the setup, operation, and/or use of the SaaS Services.
31) “Sandbox” shall mean a non-production environment, i.e. an operational environment within Whoz’s SaaS
environment the use of which is restricted to processing non-production data solely for evaluation testing.
The Sandbox is a Module identified as a “Sandbox” (or its equivalent, if renamed) in the Documentation and
ordered by Client on an Order Form.
32) “SaaS Services” shall mean, but not limited to, access to and use of the Technologies embedded in Modules
delivered by Whoz in Software-as-a-Service mode to Client pursuant to section 1 of an Order Form. Client
can order any Module of the SaaS Services and the associated Success Plans, which are further described
in the Documentation.
33) “SaaS Term” shall mean the time period during which SaaS Services are provided under any Order Form as
defined under Sections 9.2 of the MSA. When a SaaS Term is longer than twelve (12) months, it is divided
into several annual “Billing Periods” of twelve (12) months for the purpose of the invoicing and payment of
SaaS Fees.
34) “Services” shall mean the SaaS Services and the Professional Services provided by Whoz.
35) “Service-Level Agreement” or “SLA” shall mean the service-levels applicable to the SaaS Services,
including the availability of the SaaS Services and the provision of Upgrades, for the SaaS Term ordered by
Client. A base SLA is included in the SaaS Services, but additional SLAs may be added based on the
Success Plan subscribed by Client, as further detailed in Appendix 1 of this MSA. Service-Level Agreement
does not apply if Client is in breach of this Agreement.
36) “Success Plan” shall mean a subscription-based support offering that assists Client by providing access to
expertise, resources, and tools. Client may order different Success Plans, which are described in
Documentation, and through which Client may access specific SLAs.
37) “Technologies” shall mean all of Whoz’s and its licensors’ proprietary technologies that Whoz makes
available to Client as part of or in connection with Client’s subscription to the Modules of the SaaS Services
(including any and all software, software packages, hardware, products, processes, APIs, algorithms, user
interfaces, trade secrets, know-how, techniques, designs and other tangible or intangible technical material
or information). The Technologies include the technical infrastructure used by Whoz via its hosting
subcontractor to host and provide the SaaS Services.
38) “Upgrades” shall mean new versions of, and updates to, the SaaS Services, whether for the purpose of
fixing an error, bug or other issue in the SaaS Services or enhancing the functionalities of the SaaS Services.
39) “Unit Of Measure” or “UOM” shall mean the invoicing metrics of Services ordered by Client. The UOMs
applicable to each Service are described in the Documentation.
40) “User” shall mean any person including Client or its Affiliates, as well as any natural person appointed by
Client or its Affiliates (employee, consultant, sub-contractor, freelancer, service provider, agent, etc.)
authorized to use the Service by Client, as per the terms of the licenses set forth in the Agreement. A User
policy describing the different profiles of Client Users (such as Contract Manager, administrators, advanced
users, or end users) and their different rights and privileges associated with their online accounts is included
in the Documentation. Third-party Users must comply with Section 4.5 of this MSA.
41) “Whoz” shall mean the French SAS Biznet.io registered within the Trade and Companies Registry of Paris
under number 820 832 996 with a capital of 1 049 039,07 € and located at 36 rue de Saint-Pétersbourg,
75008 Paris, France.

2.2. When the term “including” (and its variants) is used, it means including without limitation.
2.3. The terms defined in the singular have a comparable meaning when used in the plural, and vice versa.
3. ACCESS TO AND USE OF THE SERVICES
3.1. Grant of Access. Subject to the terms and conditions of this Agreement, Whoz grants Client the worldwide,
non-exclusive, non-transferable (except as specified in Section 21.9), non-assignable, limited right to access and
use the SaaS Services and its Technologies, during the SaaS Term in accordance with the limitations and other
usage allotments in this MSA and under the terms of all applicable Order Form(s) (e.g. limitations to particular
Modules, Base Quantities etc.), in consideration and subject to the payment of the Fees identified in the Order
Form(s).
3.2. Third-Party Content. In connection with Client’s use of the SaaS Services, Client may access or use (i) third-party
data, content, software, or applications as well as (ii) its own IT systems or networks and licensed software
(“Third-Party Content”), including by setting up its own integration or interface under its own responsibility. Any
Third-Party Content will be provided under Client’s responsibility and used “as is” without any representations,
warranties, or indemnity and Whoz declines any liability or warranty in the event of failure or non-compliance of
Third-Party Content, or should Third-Party Content cause the failure or non-compliance of the Modules and/or
SaaS Services. Client is responsible for complying with any third-party requirements with respect to Client’s
access and use of the Third-Party Content.
3.3. Production Use. Client undertakes to use the SaaS Services in accordance with their purpose and Documentation
and in compliance with this Agreement, the Acceptable Use Policy and the laws and regulations applicable to
Client’s line of business. Use of the SaaS Service means its operation by Users expressly designated by Client,
limited to the Modules and within the Base Quantity stipulated in the Order Form(s). Any Upgrade of the SaaS
Services is subject to the same license of this Article 3. Any use of the SaaS Services by Users beyond the Base
Quantity or the use of additional Modules by Users is also deemed a use by Client under Client’s sole and
exclusive responsibility. Client warrants Whoz that all Client Users will comply with the terms and conditions of
this Agreement, pursuant to Section 4.3.
3.4. Non-Production Use. From time to time, to the extent applicable, Client may use the SaaS Services for
evaluation, internal demonstration, testing, training, development, or other purposes (e.g., by ordering and using a
Sandbox or another Module). By using the Sandbox and/or any non-production environments, Client accepts the
SaaS Services on an “as-is” “as available” basis and acknowledges Whoz provides no express or implied
warranties such as SLA, indemnities, or security commitments, and shall have no liability, in connection with such
use, notwithstanding anything to the contrary in this Agreement. For the avoidance of doubt, no Personal Data or
Client Data may be used in a Sandbox or any other non-production environment.
3.5. Beta SaaS Services. Additionally, the terms of this Agreement do not apply to any “beta” products, services,
features, or functionality made available by Whoz, which are provided on the same “as is” “as available” basis,
and any use thereof by Client shall be subject to a separate agreement by and between the Parties.
4. CLIENT RESPONSABILITIES
4.1. Appropriate Use of the Services. The Services shall be used by Client under its sole control, direction, and
responsibility in accordance with the Acceptable Use Policy and the instructions, guidelines and policies for use,
safety and proper operation contained in the Documentation.
4.2. Internet Access and Required Configuration. Client shall secure a reliable Internet connection to access the SaaS
Services and shall ensure that its workstations shall have the minimum configuration required as outlined in the
Documentation. Client accesses and uses the SaaS Services only through its own devices thanks to the Internet
connection. In case of non-compliance with these prerequisites, this may lead to malfunctioning and a
non-optimal use of the SaaS Services, under Client’s sole and exclusive responsibility.
4.3. Client Responsible for User accounts. Client defines the Users accounts and profiles at its discretion, including
setting up a Contract Manager who will be responsible on behalf of Client to create accounts and accesses for
other Users, to set up their authorizations and to control their proper use of the SaaS Services in compliance with
the Agreement. Client is responsible for authorizing and controlling access of the Users to the SaaS Services.
Users access accounts defined by the Contract Manager by setting up and using accounts credentials (identifier
and password). These credentials are strictly personal and confidential to each User. Client is responsible for all
activity occurring under Client’s User accounts (including User accounts created by Client for third-parties under
Client’s responsibility pursuant to Section 4.5) at all times and under any circumstances, and for complying with
the Acceptable Use Policy and with all laws and regulations applicable to Client’s use of the SaaS Services and
its Technologies. In particular, Client shall be solely responsible for the content uploaded, broadcasted and/or
downloaded via the SaaS Services and shall assume full responsibility for the accuracy, integrity, and legality of
the Client Data. Client shall refrain from sending or storing data of a non-professional nature and, more generally,
data of an illicit, obscene, defamatory, or illegal nature or data that violates the rights of a third-party, the
protection of minors or privacy. Whoz declines any liability in the event of (un)intentional disclosure of credentials
and of any of their subsequent use by an un-authorized third-party.
4.4. Unauthorized access. Client shall (i) notify Whoz promptly upon becoming aware of, and (ii) make a reasonable
effort to stop, any unauthorized access, copying, distribution, or other misuse of any aspect of the SaaS Services
or its Technologies.
4.5. Third-Party Access. Under the access granted to Client in Section 3.1, Client may permit third-party agents to
access, use and/or operate the SaaS Services on the Client’s behalf for the sole purpose of delivering services to
Client, provided that such third-party agents shall (i) not be an entity providing directly or indirectly products or
services similar or equivalent to the Services, (ii) execute a nondisclosure agreement to keep use of the SaaS
Services and their Technologies strictly confidential and (iii) not share such information with any unauthorized
person. Further, Client shall be fully responsible for the Client’s third-party agents’ compliance with terms and
conditions of this Agreement and any breach of this Agreement by a third-party agent shall be deemed to be a
breach by Client.
4.6. Use Restrictions. Any use of the SaaS Services which is not listed in Articles 3 and 4 of this MSA is prohibited.
Client shall not, without Whoz’s prior written consent, cause or permit the:
a. use, copying, modification, rental, lease, sublease, sublicense, operation of a service bureau, transfer or other
commercial exploitation of, or other third-party access to, any element of the SaaS Services or its
Technologies, except to the extent expressly permitted by the Agreement;
b. gaining of unauthorized access or attempted access to the SaaS Services, its Technologies or its related
systems or networks;
c. interference with or disruption of the integrity or performance of the SaaS Services, its Technologies or the
data contained therein (for example, via unauthorized benchmark testing or penetration testing);
d. sending, storing or use of any Client Data in connection with the SaaS Services or its Technologies for which
Client lacks sufficient ownership or other rights; or
e. sending, storing or use of any infringing, obscene, threatening, racist, xenophobic, sectarian, dogmatic,
defamatory, abusive, obscene, pornographic, or violent, libelous, or otherwise unlawful or tortious material in
connection with the SaaS Services or their Technologies.
Client shall also use reasonable security measures to access the SaaS Services and its Technologies. Client shall
not knowingly send, store, or use any material containing any viruses, worms, Trojan horses or other malicious or
harmful computer code, files, scripts, agents, or programs in connection with the Services or its Technologies.
Whoz also reserves the right to take all steps reasonably necessary to protect the security, integrity or availability
of the SaaS Services or its Technologies (e.g., by temporarily suspending access by anyone who introduces
malicious code or attempts to do so), notwithstanding anything to the contrary in the Agreement.
5. OWNERSHIP OF SERVICES AND CLIENT DATA
5.1. Ownership of the Services. The SaaS Services and its Technologies are property of Whoz and its licensors, and
are protected by copyright, patent, trade secret and other intellectual property law. Whoz and its licensors retains
any and all rights, title and interest in and to the SaaS Services and its Upgrades, including all copies,
modifications, extensions and derivative works thereof. This Agreement grants no ownership rights to Client. No
license is granted to Client except as to use of the SaaS Services as expressly stated herein and Client is
expressly prohibited from any adaptation, modification or update of the SaaS Services whatsoever. The name, the
logo, and the product names associated with each Party are trademarks of the relevant Party, and they may not
be used without the other Party’s prior written consent or as otherwise expressly indicated hereunder.
5.2. Reverse Engineering. Client shall not reverse engineer the SaaS Services, the underlying components, or other
Technologies. Client shall not use or access the SaaS Services to: (i) build a competitive product or service, (ii)
make or have made a product using similar ideas, features, functions, or graphics of the SaaS Services, (iii) make
derivative works based upon the SaaS Services, unless otherwise provided for by this Agreement, or (iv) copy
any features, functions, or graphics of the SaaS Services. Client shall not frame or mirror the SaaS Services in
any other way than through the purchase of the available Modules. Use, resale, or exploitation of the SaaS
Services except as expressly permitted in this Agreement is prohibited. Similarly, extraction or re-use of a
qualitatively or quantitatively substantial part of the libraries and databases linked to the SaaS Services is
prohibited.
5.3. Services Feedbacks. Client grants Whoz a worldwide, perpetual, irrevocable, royalty-free, transferable,
sublicensable, license to use and incorporate into its Services any suggestion, enhancement request,
recommendation, correction, or other feedback provided by Client relating to the operation of Whoz’s Services
and its Technologies whether such use or incorporation has been made available free of charge or is pursuant to
Professional Services.
5.4. Ownership and use of Client Data. The Parties agree that (i) all Client Data is the property of Client, and (ii) Client
retains all rights, title, and interest in and to the Client Data, including all copies, modifications, extensions, and
derivative works thereof as part of its use of the SaaS Services. Whoz may store, access, process, and use Client
Data as necessary to provide the Services, meet its obligations under the Agreement, and verify Client’s
compliance with terms of Services, including to monitor and analyze the use of the SaaS Services, and to
develop, improve, or enhance the SaaS Services and other Whoz offerings. In consideration, Client expressly
grants Whoz and its subcontractors a personal, non-assignable and non-transferable worldwide right to reproduce
the Client Data on the Technologies for the purpose of providing the SaaS Services and the Professional
Services, to the exclusion of any other use or transfer, for the duration of the Agreement. Whoz makes no use or
reproduction of the Client Data that is not strictly necessary for the performance of the Services. The SaaS
Services do not include any follow-up, monitoring or cleaning of Client Data, the integrity, legality, and use of
which remains under the sole responsibility of Client. In this respect, Client will hold Whoz harmless against any
recourse, claim, action, or litigation arising as a result of the hosting of Client Data on the SaaS Services,
including any and all damages, compensation, court costs and legal fees (including reasonable attorney’s fees).
5.5. Use of Aggregated Data. Subject to all other protections set forth in this Agreement under the Articles 4, 5 and 14,
Whoz may compile aggregated and anonymized statistical information derived from Client’s use of the Services,
provided that such data does not identify Client Data and does not include any directly or indirectly Client
Personal Data (“Aggregated Data”). Whoz shall retain all intellectual property rights to the Aggregated Data. For
the avoidance of doubt, any non-aggregated nor anonymized data remain solely Client property.
6. DATA PROTECTION, DATA PROCESSING AND STORAGE
The Parties undertake to comply with the regulations in force applicable to the processing of Personal Data and,
in particular, the obligations regarding protection, confidentiality and security in the processing of Personal Data
imposed on them by the GDPR.
6.1. Processing operations relating to the management of the Agreement and relations and contacts between the
Parties.
Both Parties hereto are informed that the other Party may collect and process Personal Data of their
representatives, employees and contractors. Such processing of data is necessary for the purposes of the
management, organization and monitoring of the contractual relationship defined under this Agreement or it is a
legal obligation to which the Parties are subject. Such processing is not per se in relation to the performance of
the Services.
The Parties therefore expressly agree that each of them acts as independent Data Controller for the processing of
the Personal Data collected and processed for the management of the contractual relationship as defined above.
In this regard, the Parties commit to comply with Applicable Data Protection Legislation.
The personnel of the Parties concerned by this processing have a right of access, rectification and erasure of
data, a right to restriction of processing and a right to object to processing. These rights may be exercised directly
with each of the Parties by contacting the data protection officer of the relevant Party.
The details of the processing operations, in particular the categories of personal data and the purposes of
processing for which the personal data is processed on behalf of the controller, are as described hereinafter:
- Purpose of the data processing operation: Establishment of the contractual relationship, performance,
execution, or follow-up of the Agreement.
- Nature of the operations carried out on the data: Collection, recording, storage, modification, reading, use
and deletion.
- Categories of personal data processed: name, position, professional email address, professional telephone
number of various employees of the Client for the management of their commercial relationship and for the
implementation of the Agreement.
- Categories of persons concerned: Client representatives, employees, and contractors
- Duration of data retention: These data are not kept beyond the period strictly necessary for the
management of the commercial relationship initiated under the Agreement, with the exception of data
enabling proof of a right or a contract to be established, which may be subject to an intermediate archiving
policy for a period not exceeding the period necessary for the purposes for which they are kept, in
accordance with the provisions in force, or data whose retention is made necessary by accounting, social
and tax obligations.
6.2. Processing operations performed as part of the performance of the Services.
To the extent of the performance of the Services, Whoz is required to process Client Personal Data. The
processing operations carried out by Whoz, as Data Processor, on behalf of the Client, acting as Data Controller
are laid down in Appendix 2.
7. SECURITY
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes
of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons,
Whoz shall maintain appropriate technical and organizational measures for protection of the security (including
protection against unauthorized or unlawful data processing and against accidental or unlawful destruction, loss
or alteration or damage, unauthorized disclosure of, or access to, Client Data), confidentiality and integrity of
Client Personal Data, as set forth at the following location: https://www.whoz.com/l/security-measures. Whoz
regularly monitors compliance with these measures. Whoz will not materially decrease the overall security of the
SaaS Services during the Agreement Term.
However, Client acknowledges that, notwithstanding such security precautions, use of or connection to the
Internet provides the opportunity for unauthorized third-parties to circumvent such precautions and illegally gain
access to the SaaS Services. In addition, Client is aware of the technical hazards inherent to the Internet and of
resulting slowdowns or downtimes, and Client is solely responsible for the effectiveness of its own Internet
connection.
Client is solely responsible for the security of its own IT system and its Internet access, particularly the
implementation of firewalls and antivirus devices to protect its system and Client Data.
8. PROFESSIONAL SERVICES
8.1. Scope of Professional Services. Whoz shall provide to Client, in a workmanlike manner, the Professional Services
in accordance with this MSA, subject to Client’s payment of all applicable Professional Fees. The Parties will
adjust estimated timelines and deliverables based on available team capacity, as part of an obligation of
commercially reasonable efforts.
8.2. Relationship to SaaS Services. Client acknowledges that Professional Services do not convey any right to use
SaaS Services and are not contingent on the delivery of any future SaaS Service functionality or features or
Upgrade except as otherwise specified in the applicable Order Form or its Appendices.
8.3. Training. Whoz provides training courses to enable Users to master the functionalities and Modules of the SaaS
Services. Client may order one or more training courses for a given number of Users in any Order Form. Access
to training courses, whether remotely or on premises, is entirely subject to the terms and conditions of this
Agreement, particularly regarding the availability of online training courses. Training courses give access to
content (training materials, courses, etc.) which are the exclusive property of Whoz. Consultation and use of the
training contents is strictly limited to courses and Client internal use related to the SaaS Services, any
reproduction, reuse, or re-diffusion of the contents for other purposes being strictly prohibited. Users may retain
for their own use only the contents of the training course delivered. Any re-diffusion or reproduction of the
contents of the training courses constitutes a copyright infringement and will be processed as a material breach of
this Agreement.
8.4. Client Cooperation. Client shall cooperate reasonably and in good faith with Whoz in its performance of
Professional Services by, without limitation:
a. allocating sufficient resources and timely performing any tasks reasonably necessary to enable Whoz to
perform its obligations;
b. timely delivering any Client deliverables and other obligations required;
c. timely responding to Whoz’s inquiries related to the Professional Services;
d. assigning an internal project manager to serve as a primary point of contact for Whoz;
e. actively participating in scheduled project meetings; and
f. complete, accurate and timely information, data, and feedback all as reasonably required.
Client acknowledges that any delays in the performance of Professional Services caused by Client may result in
additional applicable charges for resource time.
8.5. Change requests. Should Client or Whoz identify new requirements or new Professional Services to be provided,
Whoz shall provide an impact analysis to Client identifying the impact of the request on the volume of
Professional Services ordered in the applicable Order Form(s). If both Parties agree in respect of the changes
required and its impact on the volume of Professional Services, then they parties will execute a change order
under new Order Form(s) referencing the initial Order Form(s).
8.6. Ownership. Whoz retains all ownership and intellectual property rights in and to all copyrightable works,
deliverables, designs, inventions, know-how, software, techniques, trade secrets, work product and other
materials created by or for Whoz (either alone or jointly with Client or others) and provided to Client, and any
derivative works thereof, excluding any Confidential Information of Client, as arising during the performance of the
Professional Services (the “Professional Works”). Whoz grants Client a non-exclusive, non-transferable,
royalty-free right to access and use such Professional Works in connection with the SaaS Services during the
SaaS Term. Client may not create derivative works of any Professional Work Whoz provides with the Professional
Services.
8.7. Non-solicitation. The Parties undertake, for the duration of this Agreement and for twenty-four (24) months after
termination or expiration thereof, not to directly or indirectly participate, for its benefits or the benefit of any
third-party, in the hiring of the other Party’s staff directly involved in the performance of the Services. In the event
of a failure to comply with this provision, the offending Party undertakes to pay to the other Party a penalty equal
to one (1) year of the last gross salary of the relevant employee(s).
8.8. No exclusiveness. Nothing in this Agreement shall prohibit, restrict or limit (i) Whoz from performing the same or
similar Professional Services for or providing the same or similar work product to any third-party, or (ii) Client from
hiring a third-party to perform professional services related to the Services.
9. TERM & TERMINATION
9.1. Term of MSA and its Appendices. The MSA and its Appendices shall enter into force on the earliest Effective Date
of any Order Forms and shall continue in effect until all Order Forms (if any) expire or are terminated in
accordance with this MSA (the “Effective Termination Date”).
9.2. Terms of Order Forms. The SaaS Term of each Order Form shall start on the Effective Date and shall continue for
the term length specified in the applicable Order Form.
9.3.
9.4. Termination of the MSA. Either Party shall be entitled to terminate the MSA for convenience with a ninety (90)
days prior notice. Without any prejudice to any rights hereunder, should any Party fail to cure any material breach
of the MSA, then within thirty (30) days after receiving reasonably detailed written notice from the other Party
alleging the breach, requesting the other Party to cure the alleged breach and expressly activating this Section
9.4, the other Party shall be entitled to terminate the MSA ipso jure. Subject to the terms of Section 9.6, existing
Order Forms (if any) in force at the time of such termination shall remain valid and governed by the terms and
conditions of the MSA.
9.5. Termination of Order Form. Without prejudice to any rights hereunder, each Party shall be entitled to terminate an
Order Form ipso jure by notice in writing:
a. in the event the other Party fails to cure any material breach thereof, or any material breach of these MSA,
within ninety (90) days after receiving reasonably detailed written notice from the other Party alleging the
breach, requesting the other Party to cure the alleged breach, and expressly activating this Section 9.5;
b. in case of a Force Majeure Event as stated in Section 21.5; or
c. to the extent permitted by law, if a Party has been put into bankruptcy or insolvency proceedings, has entered
into negotiations for composition with its creditors or is unable to pay its debts as they fall due.
9.6. Effect of Termination of MSA or Order Form. In the event of termination of this MSA for convenience, Whoz will
collect and retain any owed Fees until the Effective Termination Date, and the Client acknowledges this.
Subject to the exclusive remedy provisions in these MSA:
a. if Client terminates an Order Form or this MSA for uncured material breach in accordance with Section 9.5(a),
Client shall be entitled to a refund, on a pro rata basis, of any prepaid Fees that are unused as of the Effective
Termination Date; and
b. if Whoz terminates an Order Form or this MSA for uncured material breach in accordance with Section 9.5(a),
all amounts owed by Client thereunder shall become due and payable on agreed payment milestones or at the
latest at the Effective Termination Date.
Notwithstanding the foregoing, Parties agree that termination of the MSA or an Order Form shall not affect other
existing Order Forms (if any), which shall continue in full force in accordance with their terms, unless the other
existing Order Forms are terminated in accordance with the terms of this Agreement. The rights, obligations, and
effects of the MSA shall survive for the purpose of the ongoing Order Forms until such Order Forms expire or are
terminated; no new Order Forms may then be issued unless the Parties decide to enter into a new agreement.
9.7. Provision survival. In addition to the provisions of this Section, the provisions of the Sections of these MSA which
are intended by their nature to survive and in particular Sections 1, 4.6, 5, 8, 9, 10, 11.4, 11.5, 13, 14, 15, 17, 20
and 21 shall survive the termination or expiration of this Agreement. An Order Form may identify additional terms
that shall survive any expiration or termination of the applicable Order Form.
10. PRICE, PAYMENT, INVOICING AND TAXES
10.1. Fees. Client undertakes to pay (i) the SaaS Fees for the use of the SaaS Services and (ii) the Professional Fees
for the Professional Services ordered by Client in any Order Form. Unless otherwise indicated on an Order Form
or on the invoice, the Recurring Fees and Professional Fees are payable in advance.
10.1.1. Recurring Fees. The Recurring Fees are paid in advance for each Billing Period of the SaaS Term unless
otherwise specified in the applicable Order Form. The Recurring Fees may vary according to the Modules of the
SaaS Services and Success Plans, as selected by Client, and identified by their Base Quantity and Unit of
Measure on the applicable Order Form(s), as well as depending on one-time or recurring discounts and/or
rebates. These Recurring Fees include the right to use the relevant Modules of the SaaS Services within the
usage allotments and limitations stated by the Base Quantities, together with the right to access the support
associated with the Success Plan.
10.1.2. Professional Fees. The Professional Fees are good faith estimates and invoiced in advance at the flat rates
identified in the applicable Order Forms. The Parties agree that Whoz shall invoice any Professional Services
provided outside of Business Hours on Business Days as overtime Professional Fees, at 200% of their normal
rates. There will be no overtime Professional Services without the prior agreement of Client, which may be
provided by any written means. Whoz does not warrant that any Professional Services can be completed within
the time & material estimates or by any specific date. Whoz shall give prior notice to Client before the prepaid
Professional Fees are entirely spent and the Parties shall discuss in good faith the continuation of the
Professional Services, if and when needed. Provided the Parties did not reach an agreement on the next steps,
Whoz shall be entitled to stop work and shall not be required to provide additional Professional Services in excess
of the prepaid Professional Fees unless and until the Parties have agreed to a new Order Form.
10.2. Usage upgrade. Client undertakes to request an additional quote from Whoz if it plans to exceed the usage limits
stated by the Base Quantities of the applicable Order Form(s). If, for any month during a Billing Period, Client’s
use of the SaaS Services exceeds the Base Quantities, Client will immediately owe Whoz and Whoz will
immediately invoice an additional Excess Fee for any additional usage over the Base Quantities, at their unit price
in the latest ongoing Order Form and prorated to the remainder of the ongoing Billing Period, starting from the
month of first excess, whether or not Client will use the additional usage onward. If the additional usage occurs on
the last month of the ongoing Billing Period, Whoz may elicit to add the additional usage to the invoice of the
Recurring Fees for the next Billing Period, at Whoz’s discretion. The following Recurring Fees on the remainder of
the SaaS Term shall be updated to include the additional usage owed by Client. In the event of a dispute between
the Parties on the overuse, the automated logs and registers of the SaaS Services shall constitute
unquestionable evidence of the usage used by Client and Client acknowledges this.
10.3. Price revision. Whoz will update the unit price of the Modules and the time & materials rates applicable to the
Professional Services at the end of each Billing Period, reflecting the increase of the revised Syntec Index
(available at https://www.syntec.fr/indicateurs/indice-syntec/) (the “Price Revision Index”) over that Billing Period
and with a minimum of two (2) percentage points according to the following formula P1 = P0 x (S1/S0) where P1
means the price revised to be applied for the next Billing Period, P0 means the price applied for the current Billing
Period, S0 means the Price Revision Index in force at the start of the current Billing Period, S1 the Price Revision
Index in force one (1) month before the end of the current Billing Period.
10.4. Taxes and commissions. Whoz’s Fees are exclusive of all sales, use, value added and similar taxes, levies,
withholdings, deductions, bank commissions or any other admin fee of any kind, or duties imposed by taxing
authorities in connection with any Order Forms. Client is responsible for paying all such taxes, levies,
withholdings, deductions, or duties except any taxes based solely on Whoz’s income or which do not arise from
any Order Form. If Whoz has the legal obligation to pay or collect taxes for which Client is responsible, that
additional amount shall be invoiced to, and paid by Client, unless Client provides Whoz a valid tax exemption
certificate authorized by the appropriate taxing authority. If Client has the legal obligation to withhold or deduct
any amount from the Fees, the sum payable by Client (in respect of which such deduction or withholding is
required to be made) shall be increased to the extent necessary to ensure that Whoz receives a sum net of any
withholding or deduction equal to the sum which it would have received had no such deduction or withholding
been made or required to be made. Unless prohibited by the applicable taxing jurisdiction, the tax situs of Client
shall be Client’s office address as set forth in the applicable Order Form. Client may update such address by
providing written notice to Whoz and taxes shall be updated on a prospective basis.
10.5. Travel and living expenses. Client shall be responsible for all travel, living and out-of-pocket expenses fees,
including but not limited to airfare, ground transportation, hotel accommodations, and meals costs incurred by
Whoz in connection with the performance of the Services. Such fees shall be prior approved by Client. Whoz shall
provide Client with receipts and documentation of all expenses incurred. These expenses are billed monthly, end
of the month when they occur.
10.6. Payment terms. Fees are non-cancelable and non-refundable; they are expressed in Euros, all taxes excluded.
Unless otherwise indicated in an Order Form, all payments must be made in Euros within thirty (30) days of the
date of the invoice.
10.7. Late payment penalties. If Client fails to make any payments required under any Order Forms within the agreed
payment terms, then in addition to any other rights Whoz may have under these MSA or applicable laws and
regulations, Client shall pay Whoz from the day following the agreed date of payment shown on the invoice:
a. a late payment penalty calculated on any outstanding balance on a daily basis at a rate per annum equal to
three (3) times the interest rate applied by the European Central Bank to its most recent refinancing operation;
b. a fixed charge for recovery costs of forty (40) euros mandatory under article L. 441-10 of the French
Commercial Code; and
c. any and all additional recovery costs that Whoz may have to incur to collect the payments owed.
Should Whoz use the services of a debt collection third-party, Client will be liable, in addition to the
abovementioned amounts, for the reimbursement of the costs and fees paid and evidenced by Whoz to such
third-party.
10.8. Services suspension. If Client’s account remains delinquent with respect to payment of a valid invoice for thirty
(30) days after receipt of a late payment notice from Whoz, Whoz may temporarily suspend Client’s access to the
SaaS Services for up to ninety (90) days to pursue good faith negotiations before pursuing termination in
accordance with Section 9.5, without compensation. Client shall continue to incur and owe all applicable Fees
irrespective of any such suspension based on such Client delinquency.
10.9. Client’s purchase order. If Client requires that a purchase order be issued under an Order Form, Client shall
provide to Whoz such valid purchase order no later than five (5) days after Order Form signature date, conforming
to the applicable Order Form in time for Client to meet its payment obligations. Client shall not withhold or offset
fees dues under any Order Form for a failure to provide on time such purchase order.
11. WARRANTIES AND DISCLAIMERS
11.1. Mutual Warranties. Each Party represents and warrants to the other that it has the legal power and authority to
enter into this Agreement, and that: (i) this Agreement has been duly authorized, executed and delivered and
constitutes a valid and binding agreement enforceable against such Party in accordance with its terms; (ii) to the
best of its knowledge, no authorization or approval from any third-party is required in connection with such Party’s
execution, delivery or performance of this Agreement; and (iii) to the best of its knowledge, the execution, delivery
and performance of this Agreement does not violate the terms or conditions of any other legally binding
agreement.
11.2. Client Warranties. Client represents and warrants that:
a. it has received from Whoz a commercial proposal and/or Documentation of the Services and understanding its
functional scope;
b. it has ensured that the Services are suitable for its own needs, in particular on the basis of the Documentation;
c. it has had the opportunity to ask Whoz for any additional information and/or to attend any additional
demonstration of the Services prior to entering into this Agreement;
d. it will perform or will have its contractors perform any interface or integration of Third-Party Content (as defined
in Section 3.2) under its sole and exclusive responsibility; and
e. it has the necessary competences to access and use the Services.
11.3. Whoz Commitments. Whoz represents and warrants that:
a. the Services shall be executed with reasonable care, skill and diligence by properly qualified and experienced
persons in accordance with prevalent IT industry standards;
b. it shall use reasonable technical means to screen for and detect disabling devices, viruses, trojan horses, trap
doors, back doors, time bombs, cancelbots and other computer programming routines designed to damage or
detrimentally interfere with software or data (but it is not responsible for harmful materials submitted by Clients
or its Users);
c. the Services shall perform substantially in accordance with the relevant description found in the
Documentation, or such other location(s) as Whoz shall, from time to time, advise Client, under normal use
and circumstances; and
d. it shall make reasonable efforts to notify Client, at least thirty (30) days in advance, through the Contract
Manager’s email address, of any scheduled changes Whoz believes are likely to have a material, adverse
impact on Client’s use of the Services.
11.4. Third-Party Interaction. In connection with using the Services, Client may choose to purchase or license certain
other third-party products, packages, or services identified by Whoz, in particular to use the SaaS Services in
connection with Third-Party Content. Any third-party products, packages and services and any terms associated
therewith are between Client and the relevant third-parties. Whoz does not license, support, control, endorse or
otherwise make any representations or warranties regarding any third-party products or services, and in no event
shall Whoz have any liability whatsoever in connection therewith, even if Client has directed Whoz to implement
or configure the third-party products, packages, or services. Client is responsible for the conduct of any third party
which obtains access to the SaaS Services from Client.
11.5. Warranty Disclaimers. Except to the extent expressly stated in this Agreement:
a. Whoz makes no representations or warranties of any kind, whether express, statutory, or implied (in fact or by
operation of law), regarding the Services, or any matter whatsoever; and
b. Whoz does not warrant that the Services are or will be error-free, meet Client’s requirements, achieve any
particular results, interface or integrate with Third-Party Content or third-party products and services or be
timely or secure. Whoz expressly disclaim all implied warranties of merchantability, fitness for a particular
purpose and non-infringement with respect to the Services, and Client has no right to make or pass on to any
third-party any representation or warranty by Whoz.
12. REVERSIBILITY AND FATE OF THE CLIENT DATA
12.1. Fate of Data. In the event of the expiration or termination for any reason of this Agreement, Client may export a
copy of all Client Data by its own means through the APIs of the SaaS Services before the Effective Termination
Date. Should Client order the appropriate Professional Services, Whoz may return a separate copy of all Client
Data to Client pursuant to Section 12.2.
12.2. Data return. In case of Professional Services ordered by Client for data return, Whoz shall ensure the transfer of
the full Client Data including electronic documents and associated items in a structured, commonly used, and
readable format requested by Client. Client Data shall be made available within a maximum of twenty (20)
Business Days, unless otherwise agreed between the Parties.
12.3. Additional Assistance. Upon Client's request, Whoz may provide additional technical assistance to Client and/or
the third-party designated by Client, as part of the reversibility.
12.4. Applicable Fees. Client shall pay, at the then-prevailing Professional Services time & material rates, for any
Professional Services requested for data return or technical assistance.
12.5. Data deletion. Whoz shall ensure deletion of all Client Data, including all active, inactive, backup data and log
data, within a maximum of three (3) months after the Effective Termination Date. Whoz will provide a certificate of
data destruction on request.
13. INTELLECTUAL PROPERTY RIGHTS
13.1. With Respect of Whoz. Whoz guarantees that the SaaS Services made available to Client are original. Whoz also
warrants that it owns all intellectual property rights to the SaaS Services, except for any modules that may be
licensed as "Open Source", or that it has the right to grant a license to Client for any additional Modules integrated
into the SaaS Services, for which the intellectual property rights are held by a third-party that has granted Whoz
the use thereof.
Whoz shall defend Client, its Affiliates, officers, directors, and employees from and against any claims brought
against Client alleging that the use of the SaaS Services in accordance with this Agreement infringe on an
intellectual property right of a third-party (the “Claim”). Whoz shall also indemnify Client and its Affiliates, officers,
directors, and employees by paying all direct damages, costs, and expenses (including reasonable legal fees and
costs) finally awarded by a court of competent jurisdiction or agreed in a written settlement agreement signed by
Whoz, arising out of such Claims.
In the event that any aspect of the SaaS Services is found by a court or, in Whoz’s reasonable opinion is likely to
be found by a court, to infringe upon a third-party intellectual property right, Whoz shall promptly, at its own
expense, (i) obtain for Client the right to continue using the allegedly infringing SaaS Services in accordance with
this Agreement, (ii) replace them with a non-infringing functional equivalent, or (iii) modify them so they become
non-infringing with equivalent functionalities. If, after reasonable efforts, Whoz determines in good faith that
options (i), (ii) and (iii) are not feasible, Whoz shall remove the infringing item(s) from the SaaS Services and
refund to Client on a pro rata basis any SaaS Fees paid by Client for such infringing element(s) that are unused
as of the removal date.
Whoz shall have no obligation to indemnify nor liability for any Claim under this Section to the extent arising from:
a. the combination, operation or use of the SaaS Services with any product, device, software or service not
supplied or authorized in writing by Whoz, including in particular any Client interface or integration with
Third-Party Content or third-party products and services, to the extent the combination creates the
infringement;
b. the unauthorized alteration or modification by Client of the SaaS Services;
c. a breach of Article 3 (conditions of use of the SaaS Services) or a maintenance exclusion as stated in the
applicable SLA; or
d. Whoz’s compliance with Client’s designs, specifications, requests, or instructions in providing Professional
Services to the extent the Claim is based on such compliance.
13.2. With Respect of Client. Client shall defend Whoz, its Affiliates, officers, directors, and employees from and against
any claims asserted by a third-party based on a breach by Client of Articles 3 and 4 of this MSA, especially those
arising from Client Data. Client shall also indemnify Whoz and its Affiliates, officers, directors, and employees by
paying all damages, costs, and expenses (including reasonable legal fees and costs) finally awarded by a court of
competent jurisdiction or agreed in a written settlement agreement signed by Client, arising out of the third-party
claims described in this Section.
13.3. Requirements for Indemnification. Each Party’s respective defense and indemnity obligations under Sections 13.1
and 13.2 are contingent upon the indemnified Party:
a. promptly giving written notice of the third-party claim to the defending or indemnifying Party once the claim is
known;
b. giving the defending or indemnifying Party sole control of the defense and settlement of the claim and not
compromising or settling the claim without the defending or indemnifying Party’s approval (though the
defending or indemnifying Party shall not settle such claim unless the settlement unconditionally releases the
other Party of all liability and does not adversely affect the other Party’s business or service in a material
manner); and
c. providing appropriate information and reasonable cooperation and assistance to the defending or indemnifying
Party in connection with the claim.
THE FOREGOING ARE THE DEFENDING OR INDEMNIFYING PARTY’S SOLE OBLIGATIONS, AND THE
INDEMNIFIED PARTY’S EXCLUSIVE REMEDIES WITH RESPECT TO INDEMNIFICATION AND THE
MATTERS ADDRESSED IN THIS ARTICLE 13.
14. LIMITATION OF LIABILITY
NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS MSA, BUT ONLY TO THE MAXIMUM EXTENT
PERMITTED BY APPLICABLE LAW:
14.1. NEITHER PARTY OR ITS AFFILIATES TO THIS AGREEMENT, NOR ANY OF ITS OWNERS, OFFICERS,
DIRECTORS, EMPLOYEES, SHAREHOLDERS, OTHER REPRESENTATIVES OR AGENTS OR ANY PARTY
TO ANY ORDER FORM, SHALL BE LIABLE FOR ANY INDIRECT DAMAGES (AS DEFINED BY THE
JURISPRUDENCE OF THE FRENCH COURTS) SUFFERED BY THE OTHER PARTY AS A RESULT OF
PERFORMANCE OR NON-PERFORMANCE UNDER THIS AGREEMENT (INCLUDING ANY AND ALL ORDER
FORMS), WHETHER OR NOT THE POSSIBILITY OF SUCH DAMAGES COULD HAVE BEEN REASONABLY
FORESEEN ARISING OUT OF OR IN RELATION TO THIS AGREEMENT, AND EVEN IF A REMAINING
AVAILABLE REMEDY FAILS ITS ESSENTIAL PURPOSE. WHOZ DECLINES ANY LIABILITY FOR THE
WARRANTY DISCLAIMERS OF SECTION 11.5, THE INDEMNIFICATION EXCLUSIONS OF SECTION 13.1
AND THE MAINTENANCE EXCEPTIONS INDICATED IN APPENDIX 1 OF THIS MSA.
14.2. EXCEPT FOR (A) CLAIMS FOR WHICH PARTIES ARE TO INDEMNIFY UNDER ARTICLE 13 AND SECTION
14.3, AND (B) CLIENT’S LIABILITY FOR PAYMENT OF REGULATORY FINES AS A RESULT OF ANY ACT OR
OMISSION OF CLIENT, OR ITS EMPLOYEES OR AGENTS IN THE PERFORMANCE OR PURPORTED
PERFORMANCE OF THIS AGREEMENT, EACH PARTY’S LIABILITY TO THE OTHER PARTY FOR DAMAGES
ARISING FROM OR RELATING TO THIS AGREEMENT (INCLUDING ORDER FORMS) SHALL BE LIMITED TO
DIRECT DAMAGES, AND SHALL NOT EXCEED THE AMOUNT WHICH IS PAID OR DUE FROM CLIENT IN
THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY FOR
THE PORTION OF THE SERVICES THAT CAUSED THE DAMAGES.
14.3. EACH PARTY’S LIABILITY TO THE OTHER PARTY FOR DAMAGES ARISING FROM OR RELATING TO LOSS
OF DATA, BREACH OF DATA PROTECTION, AND SECURITY PROVISIONS SHALL NOT EXCEED THE
AMOUNT WHICH IS PAID OR DUE FROM CLIENT IN THE 12-MONTH PERIOD IMMEDIATELY PRECEDING
THE EVENT GIVING RISE TO SUCH LIABILITY FOR THE PORTION OF THE SERVICES THAT CAUSED THE
DAMAGES.
14.4. THE PROVISIONS OF THIS ARTICLE 14 ALLOCATE RISKS UNDER THIS AGREEMENT BETWEEN CLIENT
AND WHOZ, AS WELL AS THE ECONOMIC EQUILIBRIUM INTENTED BY THE PARTIES AND THE FEES
CHARGED FOR THE SERVICES ARE BASED ON THIS ALLOCATION OF RISKS AND THESE LIMITATIONS
OF LIABILITY. THIS ALLOCATION IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN
THE PARTIES. THE PARTIES AGREE THAT THESE LIMITATIONS OF LIABILITY SHALL CONTINUE TO
APPLY EVEN IN THE EVENT OF TERMINATION OR EXPIRATION OF THIS AGREEMENT FOR ANY
REASON.
15. INSURANCE
15.1. Insurance cover. Parties shall, for the Agreement Term and a period of twelve months after the end of the
Agreement Term, at their own cost take out and maintain insurance cover of a sufficient value to cover all of
activities carried out pursuant to or in relation to this Agreement.
15.2. Insurance Company. Such insurances shall be maintained with reputable and solvent insurance company(ies)
authorized to do business and to evidence insurance of risk exposures in the jurisdiction(s) where the Services
will be performed.
15.3. Evidence. Whoz shall produce evidence to Client on reasonable request by way of an insurance certificate or a
broker’s letter confirming such insurances are in place.
16. AUDIT AND INVESTIGATION
16.1. Right to audit. Client shall have the right, at the sole expense of Client, to conduct an audit of the delivery of the
SaaS Services by the Whoz’s policies and procedures governing the security of the Client Data, provided the
following conditions are satisfied:
a. Client shall provide Whoz with at least thirty (30) days’ prior written notice;
b. such audit shall not exceed a duration of one (1) Business Day;
c. such audit shall not occur more than once annually and not unreasonably interfere with Whoz’s operations and
shall be subject to availability of the Whoz’s resources;
d. such audit is Confidential Information of Whoz;
e. any third-party performing such audit shall execute a nondisclosure agreement with Whoz (and if applicable,
with the Whoz’s hosting provider if required by such provider) with respect to the confidential treatment and
restricted use of the confidential information of Whoz and its applicable hosting provider;

12/24

f. the third-party performing the audit shall not be an entity providing directly or indirectly products or services
similar or equivalent to the Services; and
g. Whoz shall provide reasonable assistance to Client and shall use commercially reasonable efforts to resolve
any material and relevant deficiencies identified by such audits.
17. CONFIDENTIALITY
17.1. Non-disclosure. During the term of this Agreement and for a period of two (2) years following its termination or
expiration for any reason, and with a minimum of three (3) years after initial disclosure of the Confidential
Information, the Receiving Party:
a. may not use Confidential Information for a purpose other than that described in Section 17.2 or the
performance of its obligations under this Agreement;
b. may not disclose Confidential Information to another person without the prior written consent of the Disclosing
Party, except that the Receiving Party may disclose Confidential Information: (i) to the Receiving Party’s
employees and professional advisors (each, a “Recipient”) to the extent that disclosure is necessary for the
purposes of this Agreement and provided that, prior to the disclosure of Confidential Information to a
Recipient, the Receiving Party shall ensure that a Recipient is made aware of the Receiving Party’s obligations
of confidentiality under this Agreement; or (ii) if disclosure is required by law, by a court of competent
jurisdiction or by another appropriate regulatory body, provided that the Receiving Party gives the Disclosing
Party not less than five (5) Business Days’ written notice before that disclosure or, unless prohibited by
applicable laws and regulations, after that disclosure; and
c. shall keep Confidential Information confidential and, in particular, take such measures to prevent the
unauthorized use or disclosure of Confidential Information as it uses to protect its own confidential information,
but not less than a reasonable degree of care.
For the avoidance of doubt, use of Confidential Information in an aggregated and anonymized manner that does
not identify Client Data is permitted in accordance with Section 5.5.
17.2. Exclusions. Section 17.1 does not apply to any Confidential Information:
a. to the extent that it is or becomes publicly known other than by breach of this Agreement by the Receiving
Party;
b. which the Receiving Party can show by its written records was in the Receiving Party’s possession prior to the
Receiving Party receiving it from the Disclosing Party and which the Receiving Party had not previously
obtained from the Disclosing Party or from another person on behalf of the Disclosing Party under a
confidentiality obligation;
c. which the Receiving Party obtains or has available from a source other than the Disclosing Party without
breaching any confidentiality obligation; and
d. which the Receiving Party develops independently, without use of Confidential Information of the Disclosing
Party.
17.3. Ownership. Confidential Information is proprietary to the Disclosing Party and is, and shall remain, the Disclosing
Party’s property, and no license, title, or other rights are granted or implied hereby. Without prejudice to the
commitments made under this Article 17, each Party is free to use the know-how acquired as a result of this
Agreement and the performance of the Services.
18. CORPORATE RESPONSABILITY
18.1. Modern Day Slavery. Each Party represents and warrants that:
a. it has not been and is not engaged in any practices involving the use of child labor, forced labor, the
exploitation of vulnerable people, or human trafficking as described by the UN Global Compact;
b. its employees and agency workers are paid in compliance with all applicable employment laws and minimum
wage requirements; and
c. it shall take reasonable steps to prevent slavery and human trafficking in connection with its business.
18.2. Responsible trading. Parties are committed to trading in a responsible manner and complies with local, national,
and international environmental legislation relating to its services.
18.3. Anti-Corruption and Anti-Bribery. Parties hereby undertake that, at the date of the entering into force of the
Agreement, themselves, their directors, officers or employees have not offered, promised, given, authorized,
solicited or accepted any undue pecuniary or other advantage of any kind for itself/herself/himself or for others (or
implied that they will or might do any such thing at any time in the future) in any way connected with this
Agreement and that it has taken reasonable measures to prevent subcontractors, agents or any other
third-parties, subject to its control or determining influence, from doing so. Each Party shall use reasonable efforts
to promptly notify the other Party if it becomes aware of any circumstances that are contrary to this
acknowledgment.
18.4. Corrupt Practices. Parties shall prohibit and shall adopt appropriate procedures to prohibit the practices of bribery,
extortion or solicitation, trading in influence and laundering the proceeds of these practices at all times and in any
form, in relation with a public official at the international, national or local level, a political party, party official or
13/24

candidate to political office, and a director, officer or employee of the Parties, whether these practices are
engaged in directly or indirectly, including through third-parties.
18.5. Third-party instruction. With respect to third-parties, subject to the control or determining influence of the Parties,
including but not limited to agents, business development consultants, sales representatives, customs agents,
general consultants, resellers, subcontractors, franchisees, lawyers, accountants or similar intermediaries, acting
on the Parties’ behalf in connection with marketing or sales, the negotiation of contracts, the obtaining of licenses,
permits or other authorizations, or any actions that benefit the Parties or as subcontractors in the supply chain,
the Parties should instruct them neither to engage nor to tolerate that they engage in any act of corruption; not
use them as a conduit for any corrupt practice; hire them only to the extent appropriate for the regular conduct of
the Parties’ business; and not pay them more than an appropriate remuneration for their legitimate services.
18.6. Ethics. Each Party agrees, declares, and undertakes to comply with and to carry out its activities in accordance
with United Nations Convention against Corruption adopted by the UN General Assembly on the 31
st October
2003, by resolution 58/4. Each Party agrees, declares, and undertakes to comply with and to carry out its
activities in accordance with the rules set out in the Universal Declaration of Human Rights, all conventions of the
International Labour Organization and the conventions to which both Parties’ countries are located and in
particular the fundamental conventions of the International Labour Organization, number 29, 87, 98, 100, 105,
111, 138 and 182. Each Party declares to make reasonable efforts to behave as a responsible and social
enterprise, following practices and guidelines aiming to support sustainable development within its environment.
19. EXPORT CONTROL AND SANCTION LAWS
19.1. Applicable sanction laws. Each Party agrees that, in connection with this Agreement and the performance thereof,
it shall comply with all present and future applicable laws, regulations, rules and requirements relating to trade
sanctions, foreign trade controls, export and re-export controls, non-proliferation, anti-terrorism and similar laws,
including the ones of the European Union and the Republic of France, as well as, when applicable, the U.S.
Export Administration Regulations, the U.S. International Traffic in Arms Regulations, the U.S. Office of Foreign
Assets Control regulations (together, “Export and Sanctions Law”).
19.2. Restricted Parties. Each Party represents and warrants that:
a. neither it nor any of its Affiliates involved in the Agreement, is currently the target of any economic or financial
sanctions or trade embargoes administered or enforced by the United Nations Security Council (UN), the
European Union (EU), His Majesty’s Treasury (HMT) or the United States Government (including the Office of
Foreign Assets Control of the U.S. Department of the Treasury (OFAC), the U.S. Department of State (DOS)
or the Bureau of Industry and Security of the US department of Commerce (BIS));
b. neither it nor any of its Affiliates involved in the Agreement is more than 50% owned, or is controlled, directly
or indirectly, by an entity or a person which is subject to these sanctions.
c. neither it nor any of its Affiliates involved in the Agreement is located, organized or resident in a country or
territory that is the subject or the target of territory-wide Sanctions, which for the purposes of this Agreement
includes but is not limited to Cuba, Iran, North Korea, Syria, and Crimea, Donetsk, and Luhansk Regions of
Ukraine.
If a Party or any of its affiliates is or becomes subject to these Sanctions, and as a result it is unlawful for the other
Party to perform any of its obligations hereunder, then the other Party shall have the right to terminate this
Agreement forthwith, without thereby incurring any liability.
19.3. Restricted availability. Client shall not make the SaaS Services available to any individual, entity or government
authority located, organized or resident in a country or territory that is the subject or the target of territory-wide
Sanctions. Client shall not or otherwise transfer, export, reexport or release the SaaS Services, Technologies or
any related technology or information, directly or indirectly to any jurisdiction, country or territory that is subject or
the target of territory-wide Sanctions.
20. GOVERNING LAW AND JURISDICTION
20.1. Dispute Resolution. In the event of dispute, either Party wishing to resolve a dispute shall give written notice to
the other Party. Within ten (10) days following the date of receipt of such notice, the Parties’ representatives shall
meet to discuss and negotiate with each other and, recognizing their mutual interests, attempt to reach a solution
satisfactory to both parties. If they are unable to do so within fifteen (15) days following the date of delivery of
such notice, each Party shall designate one of its senior executives for resolution of the dispute. Such executives
shall meet to discuss and attempt to resolve such dispute within ten (10) days following the expiration of the
fifteen-day period mentioned previously. If they are unable to agree on an appropriate resolution within twenty
(20) days after the end of such a fifteen-day period, then the provisions of Section 20.2 shall apply. The failure or
refusal of either Party to participate in the informal dispute resolution as provided in this Section 20.1 shall entitle
the other Party to immediately commence litigation. All negotiations pursuant to this Section 20.1 shall be
confidential and treated as compromise and settlement negotiations for purposes of all rules and codes of
evidence of applicable legislation and jurisdictions.
20.2. Governing Law. This Agreement and all matters arising from or connected with it shall be governed by and
construed in accordance with French laws and regulations. The competent courts of Paris shall have exclusive
jurisdiction to settle any dispute, controversy or claim arising out of or in connection with this Agreement that the
parties were not able to solve amicably in accordance with the provisions of Section 20.1.
20.3. Exclusion of the UN Convention. The United Nations Convention on Contracts for the International Sale of Goods
does not apply to this Agreement.
20.4. Injunctive Relief. Notwithstanding the provisions of Section 20.1 and 20.2, nothing in these Agreement shall
prevent Whoz from seeking injunctive relief with respect to a violation of intellectual property rights, confidentiality
obligations or enforcement or recognition of any award or order in any appropriate jurisdiction.
21. GENERAL
21.1. Client Contact Information. Client agrees to provide Whoz accurate and updated contact information such as the
Contract Manager or Billing Contact, including the name of Client’s applicable legal entity. Client shall update this
information within thirty (30) days after any changes, via email to notices@whoz.com.
21.2. Waivers. A failure to exercise or delay in exercising a right or remedy provided by this Agreement or by law does
not constitute a waiver of the right or remedy or a waiver of other rights or remedies. No single or partial exercise
of a right or remedy under this Agreement shall prevent any further exercise of the right or remedy or the exercise
of any other right or remedy.
21.3. Interpretation. If any provision in this Agreement shall, for any reason whatsoever, be held invalid or
unenforceable in any respect, such invalidity or unenforceability shall not affect any other provision of this
Agreement. Each term and provision of the Agreement is valid and enforceable to the fullest extent permitted by
law, and any invalid or unenforceable term or provision shall be deemed replaced by a term or provision that is
valid and enforceable and that most effectively accomplishes the Parties’ shared goals and intent. If the Parties
fail to agree on such an amendment, such invalid term, condition, or provision shall be severed from the
remaining terms, conditions, and provisions, which will continue to be valid and enforceable to the fullest extent
permitted by law.
21.4. Marketing. Whoz is authorized to: (i) identity Client as a Whoz client, notably on its website, social medias and
marketing materials; (ii) use the Client's name, trademark, and logo for this purpose; (iii) issue a mutually agreed
press release regarding the relationship under this Agreement from the Effective Date. Client will make available,
during the SaaS Term, a senior member of its marketing department to discuss other potential marketing and
communication opportunities regarding Client’s use of the Services.
21.5. Force Majeure. Neither Party shall be liable to the other Party for any default or delay in the performance of its
obligations (except for a failure to pay Fees) if and to the extent the default or delay is caused by a Force Majeure
Event. In such event, the non-performing Party shall be excused from further performance for as long as the
Force Majeure Event continues. The non-performing Party shall promptly notify the other Party in writing of the
Force Majeure Event. Such notice shall include the particular details of the Force Majeure Event such as the
reasonably anticipated effect on performance, the approximate duration of non-performance (if known) and all
steps being taken by the non-performing Party to avoid any further adverse effect on performance. The
non-performing Party shall use commercially reasonable efforts to mitigate such adverse effects.
21.6. Independent Contractors. The Parties are independent contracting parties. Neither Party has, or shall hold itself
out as having, any right or authority to incur any obligation on behalf of the other Party. The Parties’ relationship in
connection with the Agreement shall not be construed as a joint venture, partnership, franchise, employment, or
agency relationship, or as imposing any liability upon either Party that otherwise might result from such a
relationship. Client may enter into a partnership agreement with Whoz under separate terms and conditions which
shall remain separate and distinct from this Agreement.
21.7. Subcontractors. Whoz may subcontract all or part of the SaaS Services to third-party contractors, especially to its
hosting service provider, but remains fully and directly liable for any subcontracted Services. Whoz may
subcontract all or part of the Professional Services to third-party contractors, provided that it obtains prior
approval from Client.
21.8. Notices. Any notice under this Agreement shall be in English or French and shall be given in writing. Whoz may
provide notice to Client through the Contract Manager email address. Client may provide notice to Whoz via email
to notices@whoz.com. Parties agree that any electronic communication shall satisfy any applicable legal
communication requirements, including that such communications be in writing. Any notice shall be deemed given
upon the first business day after it is sent.
21.9. Assignment & Other Transfers. Neither Party may assign, sublicense or otherwise transfer (by operation of law or
otherwise) the Agreement, or any of a Party’s rights or obligations under the Agreement, to any third-party without
the other Party’s prior written consent, which consent shall not be unreasonably withheld, delayed or conditioned;
provided, however, that either Party may assign or otherwise transfer these MSA, along with all associated Order
Forms (and all its rights and obligations thereunder), (i) to a successor-in-interest in connection with a merger,
acquisition, reorganization, a sale of most or all of its assets, or other change of control, or (ii) to its Affiliates.
Notwithstanding anything to the contrary in this Section, however: (i) in the event of any permitted transfer by
Client under this Section to a direct competitor of Whoz, Whoz shall have the right to terminate this Agreement,
including all associated Order Forms, for cause under Sections 9.4 and 9.5 (in the event of such a termination,
Whoz shall promptly refund to Client, on a pro rata basis, all Fees prepaid by Client under all Order Forms then in
effect that are unused as of the Effective Termination Date); and (ii) Client is not allowed to transfer to a
successor-in-interest or Affiliate a subscription to a particular version of the SaaS Services if in Whoz’s sole
determination such successor-in-interest or Affiliate would not otherwise be eligible to subscribe to that version.
15/24

In the event of a transfer by Client that is permitted under this Section, the rights granted under the MSA shall
continue to be subject to the same usage limitations (including UOMs) that applied under applicable Order Forms
prior to the transfer. Any purported assignment or other transfer in violation of this Section is void. Subject to the
terms of this Section, this MSA and any Order Forms hereunder shall binding upon and inure to the benefit of the
Parties and their respective permitted successors and transferees.
21.10. Entire Agreement. This Agreement and any document referred to in this Agreement constitute the entire
agreement between the parties relating to the subject matter of this Agreement, and supersedes all prior or
contemporaneous negotiations, discussions or agreements (including any non-disclosure or other agreement
governing the sharing of confidential information by and between Whoz and Client), whether written or oral,
between the Parties regarding such subject matter, and may only be modified by a document signed by
authorized representatives of both Parties. Whoz shall provide the Services only on the terms and conditions set
out in this Agreement and any other terms and conditions presented or referenced by Client (whether on any
purchase order or otherwise) are hereby inapplicable and expressly rejected in favor of this Agreement.
21.11. Counterparts and Electronic Signatures. This Agreement shall be executed electronically via electronic signatures
where such electronically executed Agreement shall be deemed to be an original and binding on the Parties,
provided that such electronic signature is delivered by a certified third-party service fulfilling requirements defined
in the EU eIDAS Regulation. In the event such electronic signature facility is not available or feasible or there is a
need for a wet signature, this Agreement may then be executed in any number of counterparts, each of which so
executed shall be deemed to be an original, and such counterparts shall together constitute but one and the same
Agreement.
21.12. Headings. Article or Section headings are inserted for convenience of reference only and shall have no effect in
interpreting this Agreement.



APPENDIX 1. SERVICE-LEVEL AGREEMENT
1 DEFINITIONS
1.1 Definitions. The following definitions shall apply only to this Appendix 1 and shall have the meanings set forth
below. Capitalized terms, not otherwise defined herein, shall have the meanings set forth in the MSA.
1) “Agreed Downtime” shall mean any downtime requested by Whoz and mutually agreed by Parties.
2) “Designated Contact” shall mean a User Client identifies as primary liaison between Client and Whoz for
technical support.
3) “Downtime” shall mean the Total Minutes in the Month during which the Production Environment of the
SaaS Services does not respond to any request from Point of Demarcation, except for Excluded Downtimes.
4) “Emergency Downtime” shall mean downtime during emergency patch deployment and emergency
operating system upgrades as described in the Section 2.2.
5) “Excluded Downtime” shall mean the Total Minutes in the Month attributable to a Maintenance Window; any
Major Upgrade Window for which Client has been notified at least five (5) business days in advance; an
Emergency Downtime, an Agreed Downtime; or unavailability caused by Force Majeure Events.
6) “Incident” shall mean unplanned interruptions or material reduction in service quality reported by Designated
Contacts.
7) “Incident Initial Response Time” shall mean the amount of time (e.g., in days, hours or minutes) between
when Whoz support organization is notified of Client-reported Incident and an acknowledgment that the
Incident has been duly taken into account by a Whoz support person.
8) “Incident Resolution Time” shall mean the amount of time (e.g., in days, hours or minutes) between when
Whoz support organization acknowledges a Client-reported Incident and the provision of a permanent or
temporary resolution of the Incident allowing Client to carry out its regular activity.
9) “Maintenance Windows” shall mean the weekly maintenance windows for the SaaS Services defined at the
following location: https://www.whoz.com/l/maintenance-windows.
10) “Major Upgrade Windows” shall mean extended upgrade maintenance windows. Whoz may update the
Major Upgrade Window from time to time in accordance with the Agreement.
11) “Month” shall mean a calendar month.
12) “Monthly Service Fees” shall mean the monthly or the 1/12 annual Fees paid for the SaaS Services.
13) “Point of Demarcation” shall mean the outbound firewall of Whoz’s hosting provider environment used to
provide the SaaS Services.
14) “Production Environment” shall mean the operational and live environment within Whoz’s SaaS
environment designed to process real, production data. Production Environment is subject to the provisions
outlined in this Appendix 1.
15) “SaaS Services Availability Percentage” is calculated and defined as follows: (1 - ((Total Minutes in the
Month Downtime) ÷ Total Minutes in the Month)) × 100.
16) “Total Minutes in the Month” are measured 24 hours a day, 7 days a week during a Month.
1.2 The terms defined in the singular have a comparable meaning when used in the plural, and vice versa.
2 MAINTENANCE
2.1 Regular Maintenance. Whoz performs regular, scheduled maintenance activities to apply Upgrades, maintain
security patch levels, database and application patches, infrastructure maintenance and other scheduled
proactive activities during Maintenance Windows and Major Upgrade Windows.
2.2 Emergency Maintenance. Notwithstanding the foregoing, Whoz reserves the right to perform Emergency
Maintenance activities at any time. Whoz will use reasonable efforts to provide Client with twenty-four (24) hours
advance notice regarding performance of Emergency Maintenance. In case of downtime during such Emergency
Maintenance, the parties agree that such downtime will be considered to be Emergency Downtime. “Emergency
Maintenance” are maintenance activities required to address an unforeseeable circumstance aiming to prevent
significant impact to the SaaS Services. Such situations may include application of emergency application
patches and operating system security patches and/or performing emergency critical operating system activities.
3 DESIGNATED CONTACTS
Client’s Designated Contacts shall be responsible for managing Client’s support case activity, implementing, and
deploying troubleshooting processes within Client’s organization.
Client shall ensure that Designated Contacts (i) have the necessary knowledge of the SaaS Services to assist in
resolving Incidents, (ii) are able to provide Whoz with information to analyze and resolve those Incidents, and (iii)
have a basic understanding of any Incidents being reported and the ability to reproduce them in order to assist
Whoz in diagnosing and triaging it.

17/24

Client shall appoint and maintain at least one (1) Designated Contact and up to the amount specified in the
Success Plan ordered by Client. Client shall notify promptly Whoz whenever Designated Contact responsibilities
are transferred to another User.
All Client requests, including troubleshooting issues giving rise to an Incident under this Appendix 1, must be
processed and notified by a Designated Contact. Requests, questions or tickets raised with Whoz by Users other
than a Designated Contact shall not qualify under the SLA and Whoz shall have no obligation to receive, answer
or process them.
4 SERVICE AVAILABILITY
Whoz will take commercially reasonable measures to achieve, each Month of the SaaS Term, a SaaS Service
Availability Percentage of the Production Environment of at least the following, depending on the level of Success
Plan ordered by Client (the “SaaS Service Availability SLA”):

Essential Success Plan Premier Success Plan Signature Success Plan

SaaS Service
Availability
Percentage

Business Hours: 99,5%
Rest of the time: 98%

24/7: 99,8% 24/7: 99,9%

5 SERVICE RESPONSE TIME
Whoz will take commercially reasonable measures to offer a fluid navigation on the SaaS Service and,
simultaneously, to provide a 90th percentile API transaction response (excluding bulk operation transactions) time
under 1 000 milliseconds.
The transaction response time is the difference between the time the API request is received by the Point of
Demarcation and when the response to the request begins to be returned to the User web client. The percentile
transaction response time is measured over a Month.
6 INCIDENT MANAGEMENT
6.1 Contacting support. Before reporting any Incidents or requesting support related to the SaaS Service, Client shall
conduct a thorough self-assessment to identify and diagnose the root cause of the Incident. The self-assessment
should include, but is not limited to, the following:
a. Reviewing available Documentation and knowledge base articles provided by Whoz;
b. Verifying that Client's systems, hardware, software, and network configurations meet the minimum
requirements specified by Whoz in the Documentation;
c. Ensuring that Client's staff is adequately trained and competent in the use and administration of the SaaS
Services.
If Client's self-assessment is unable to resolve or workaround the Incident, Client must contact Whoz support
team using the channel indicated in the Documentation.. Client should provide a detailed description of the issue,
steps taken to diagnose and troubleshoot the problem, and any relevant logs, screenshots, or other supporting
documentation.
6.2 Severity levels. The following severity levels apply to all Incidents (such priority to be assigned by Client, and
which may be re-assigned by Whoz based on the criteria below and acting reasonably):
- Critical severity: No End User is able, or a large number of End Users (for example, a geography) are unable
to use the SaaS Services, which has an imminent threat on Client's activity, and no acceptable workaround
allows Client to perform the functions essential to its activity.
- Major severity: No End User is able, or a large number of End Users (for example, a geography) are unable to
use some key features of the SaaS Services, which has a significant impact on Client's activity. No acceptable
workaround is available.
- Medium severity: Minor features are not available. Client's activity remains possible in a degraded mode with
or without a workaround.
- Low severity: Any type of Incident that does not prevent the normal functioning of Client’s activity.
6.3 Response levels. Whoz will take commercially reasonable measures to insure, in the event of a Client-reported
Incident occurring in the Production Environment, the following Initial Incident Response Time and Incident
Resolution Time depending on the level of Success Plan ordered by Client:
Severity Level Essential Success Plan Premier Success Plan Signature Success Plan
Critical severity Initial Response Time:
8 Business Hours
Resolution Time:
4 Business Days

Initial Response Time:
2 Business Hours
Resolution Time:
2 Business Days

Initial Response Time:
1 Business Hour
Resolution Time:
8 Business Hours

Major severity Initial Response Time:
2 Business Days

Initial Response Time:
8 Business Hours

Initial Response Time:
4 Business Hours

18/24

Resolution Time:
7 Business Days

Resolution Time:
4 Business Days

Resolution Time:
2 Business Days

Medium severity Initial Response Time:
4 Business Days
Resolution Time:
Reasonable effort

Initial Response Time:
2 Business Days
Resolution Time:
14 Business Days

Initial Response Time:
8 Business Hours
Resolution Time:
7 Business Days

Low severity Initial Response Time:
Reasonable effort
Resolution Time:
Reasonable effort

Initial Response Time:
4 Business Days
Resolution Time:
Reasonable effort

Initial Response Time:
2 Business Days
Resolution Time:
Reasonable effort

6.4 Exclusions. In any event, Whoz may not be held liable for and will not be responsible to answer or process any
Incident connected with:
- a different environment from the Production Environment;
- use of the SaaS Service which is non-compliant with its use, its Documentation, the Acceptable Use Policy, or
Whoz’s recommendations;
- a hardware or software failure or bug of one or more elements of Client’s IT systems or network;
- failure of the electronic communications network, slowing down or congestion of Client’s network or any other
Force Majeure Event affecting Whoz or its subcontractors;
- configuration of Client’s IT environment or its devices;
- refusal of Client to cooperate with Whoz in the resolution of Incidents;
- an incompatibility between the SaaS Service and new third-party hardware or software implemented by Client
without the prior authorization of Whoz;
- contamination of Client’s IT system by a computer virus;
- an act of hacking or fraudulent intrusion into Client’s IT system;
- an intervention by a third-party on the SaaS Service not authorized by Whoz; and, more generally,
- any voluntary act of degradation, malice, sabotage of Client or a third-party or deterioration due to any Force
Majeure Event.

6.5 Support request abuse. Client is expected to use the Whoz’s support services responsibly and in a manner
consistent with the intended purpose of the SaaS Service. Examples of support request abuse may include, but
are not limited to:
a. Excessive or repeated requests for support that do not pertain to the SaaS Service or its use;
b. Repeatedly raising support requests after having been provided with adequate guidance, documentation, or
solutions to resolve the issue;
c. Repeatedly raising support requests with a severity level that is manifestly higher than the one resulting from
the reasonable application of the severity level defined in Section 6.2.
Whoz reserves the right to investigate any suspected abuse of support services and may invoice Client for a fixed
charge for the unreasonable disturbance in the organization of its support services.
7 DISASTER RECOVERY
Whoz shall maintain business continuity and disaster recovery plans for the Production Environment based on the
Business Continuity Institute (“BCI”) good practice guidelines.
In the case of a Force Majeure Event or an Incident that results in a loss of access to the SaaS Services not
caused by a Force Majeure Event, Whoz shall trigger the disaster recovery plan in order to recover the SaaS
Services. Whoz shall make its best efforts to recover the SaaS Service within twelve (12) hours after the Incident
(“RTO”), and to recover the Client Data to a point in time within four (4) hours before the Incident (“RPO”).
Whoz shall perform disaster recovery tests at least once every twelve months including testing the recoverability
of backups.
8 SERVICE-LEVEL FAILURES
8.1 SLA Credits. If (i) Client ordered Premier or Signature Success Plan; and (ii) Whoz fails to meet the SaaS
Services Availability SLA, Whoz shall provide a credit (“SLA Credit”) in accordance with the table below. Each
SLA Credit will be calculated by multiplying (i) the Monthly Service Fees charged for the affected month by (ii) the
applicable SLA Credit percentage set forth in the table below and (iii) prorated based on the percentage of
affected Users of Client.
SaaS Services
Availability Percentage

SLA Credit percentage
Premier Success Plan

SLA Credit percentage
Signature Success Plan

< 99.9% – 99.8% 0% 5%
< 99.8% – 99.5% 5% 5%

19/24

< 99.5% – 98% 10% 10%
<98% 20% 20%
For the avoidance of doubt, if Client ordered Essential Success Plan, it will not be entitled to claim any SLA
Credits.
8.2 SLA Credits request and application. Claims under this Appendix 1 must be made in good faith and by filing a
request evidencing date and proof of occurrence via email at notices@whoz.com within ten (10) Business days
after the last calendar day of the relevant Month in which Whoz did not meet the SaaS Services Availability SLA.
Whoz will review the request and if Whoz confirms it, the SLA Credit shall be applied within twenty (20) Business
Days of Whoz’s receipt of Client’s SLA Credit request. SLA Credits are exclusive of any applicable taxes. Any
SLA Credits issued pursuant to this SLA will be applied towards the next invoice issued following the application
of the SLA Credits.
SLA Credits will only be applied toward the Services Fees and cannot be used to offset any fees incurred by
Client for Professional Services. SLA Credits are non-refundable.
8.3 SLA Credits limitation. Client shall not be eligible for any SLA Credits if: (i) Client is delinquent in its payment
obligations; or (ii) the Downtime is attributable to Client’s acts or omissions (or by the acts or omissions of Client’s
representatives or Users) or use of the SaaS Service in breach of this Agreement.
Client acknowledges that the SLA Credits are the sole and exclusive remedy for Whoz’s failure to meet the
specified Service-Level Agreement, except to the extent prohibited by applicable law.

20/24

APPENDIX 2. DATA PROTECTION AGREEMENT
1 PURPOSE AND SCOPE.
1.1 Purpose. The purpose of this Appendix 2 is to ensure compliance with Article 28(3) and (4) of Regulation (EU)
2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of Personal Data and on the free movement of such data and the Parties have agreed to
this.
This Appendix applies to the processing of Client Personal Data as specified in Article 2.
This Appendix is without prejudice to obligations to which the controller is subject by virtue of Regulation (EU)
2016/679 and/or Regulation (EU) 2018/1725. This Appendix does not by itself ensure compliance with obligations
related to international transfers in accordance with Chapter V of Regulation (EU) 2016/679 and/or Regulation
(EU) 2018/1725.
1.2 Interpretation. Where this Appendix uses the terms defined in Regulation (EU) 2016/679, those terms shall have
the same meaning as in that Regulation. Capitalized terms, not otherwise defined herein, shall have the meanings
set forth in the MSA.
This Appendix shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
This Agreement shall not be interpreted in a way that runs counter to the rights and obligations provided for in
Regulation (EU) 2016/679 or in a way that prejudices the fundamental rights or freedoms of the data subjects.
1.3 Identification of parties. For the extent of this Appendix, Client acts as Data Controller of Client Personal Data and
Whoz acts as Data Processor only on behalf of and according to the documented and lawful instructions of Client.
1.4 Contact details of data protection officers. Client’s data protection officer is identified as such in section 4 of the
Order Forms. Whoz’s data protection officer can be reached by email at the following address: dpo@whoz.com.
2 DESCRIPTION OF PROCESSINGS
The details of the processing operations, in particular the categories of Personal Data and the purposes of
processing for which the Personal Data is processed on behalf of the Data Controller, are described hereinafter:
2.1 Categories of data subjects whose personal data is processed. The Personal Data concern the following
categories of Data Subjects:
- applicants and (former) employees, interns
- (former) staff of (potential)/(former) subcontractors, freelancers
- representatives of (potential)/(former) subcontractors
- representatives of (potential)/(former) customers and business partners
2.2 Categories of personal data processed. The Personal Data concern the following categories of data:
- Communication data (e.g. name, address, title, position, phone, e-mail address, etc.)
- Connection data (e.g. IP address, logs, usernames, passwords, etc.)
- Official ID data (e.g. copy of passport or national ID), data related to civil status, nationality, citizenship
- Data pertaining to the professional profiles of Data Subjects (e.g. skills, CV, trainings, certifications, etc.)
- Data pertaining to the professional activities of Data Subjects (e.g. missions, timesheets, performance, etc.)
2.3 Nature of the processing.
Operations performed: collection, organization, structuring, storage, adaptation, retrieval, consultation, use,
disclosure strictly limited to Whoz’s sub-processors and to public authorities if it is expressly required by the law,
destruction, recording of processing activities.
2.4 Purpose(s) for which the personal data is processed on behalf of the controller.
Implementation of the Services for the purpose of managing a professional service activity, including:
- Management of employee, candidate, and subcontractors’ staff profiles
- Identification of the consultants who best correspond to a client's request (competence, availability)
- Follow-up of the workload of the collaborators
- Management of recruitment
- Export and share skills records, in particular CVs
- Referencing of skills to demonstrate ability to meet client needs in requested areas
- Management of clients, prospects, and business partners
- Career management support
- Operational management of activities: allocation and task monitoring
- Analytics in business operations trends
2.5 Duration of the processing: Agreement Term
3 OBLIGATIONS OF THE PARTIES

21/24

3.1 Instructions.
a. The Data Processor shall process Client Personal Data only on documented instructions from the Data
Controller, unless required to do so by Union or Member State law to which the Data Processor is subject. In
this case, the Data Processor shall inform the Data Controller of that legal requirement before processing,
unless the law prohibits this on important grounds of public interest. The Data Controller may also provide
subsequent instructions throughout the duration of the processing of Client Personal Data. These instructions
shall always be documented.
b. The Data Processor shall immediately inform the controller if, in the Data Processor’s opinion, instructions
given by the Data Controller infringe Regulation (EU) 2016/679 or the applicable Union or Member State data
protection provisions.

3.2 Purpose limitation. The Data Processor shall process the Client Personal Data only for the specific purposes of
the processing, as set out in Article 2, unless it receives further writing instructions from the Data Controller.
3.3 Duration of the processing of Client Personal Data. Processing by the Data Processor shall only take place for the
duration specified in Article 2.
3.4 Security of processing. The Data Processor shall implement the technical and organizational measures specified
in Article 7 of the MSA to ensure the security of the Client Personal Data. This includes protecting the data
against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure,
or access to the data (personal data breach). In assessing the appropriate level of security, the Parties shall take
due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of
processing and the risks involved for the Data Subjects.
The Data Processor shall grant access to the Client Personal Data undergoing processing to members of its
personnel only to the extent strictly necessary for implementing, managing, and monitoring of the Agreement. The
Data Processor shall ensure that persons authorized to process the Client Personal Data have committed
themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.5 Sensitive Data. The processing does not, per se, involve sensitive data. However, the Data Controller may need
to process sensitive data at its own conditions notably when dealing with diversity, equity and inclusion
requirements or specifying a health condition or care requirement of an employee. In such cases where the
processing involves the processing of sensitive Client Personal Data or special categories of Client Personal
Data, the Data Processor shall work with the Data Controller on specific restrictions and/or additional safeguards.
3.6 Documentation and compliance. The Parties shall be able to demonstrate compliance with this Appendix.
The Data Processor shall deal promptly and adequately with inquiries from the Data Controller about the
processing of data in accordance with this Appendix.
The Data Processor shall make available to the Data Controller all information necessary to demonstrate
compliance with the obligations that are set out in this Appendix and stem directly from Regulation (EU) 2016/679.
At the Data Controller’s request, the Data Processor shall also permit and contribute to audits of the processing
activities covered by this Appendix, at annual intervals or if there are indications of non-compliance. In deciding
on a review or an audit, the Data Controller may take into account relevant certifications held by the Data
Processor. The conditions for conducting an audit are set out in Article 16 of the MSA.
The Data Controller may choose to conduct the audit by itself or mandate an independent auditor. Audits may
also include inspections at the premises or physical facilities of the Data Processor and shall, where appropriate,
be carried out with reasonable notice.
The Parties shall make the information referred to in this Section, including the results of any audits, available to
the competent supervisory authority/ies on request.
3.7 Use of sub-processors. GENERAL WRITTEN AUTHORISATION: The Data Processor has the Data Controller’s
general authorization for the engagement of sub-processors from an agreed list shared with the Data Controller at
the following location: https://www.whoz.com/l/application-sub-processors. The Data Processor shall specifically
inform in writing the Data Controller of any intended changes of that list through the addition or replacement of
sub-processors at least thirty (30) days in advance, thereby giving the Data Controller sufficient time to be able to
object to such changes prior to the engagement of the concerned sub-processor(s). The Data Processor shall
provide the Data Controller with the information necessary to enable the Data Controller to exercise the right to
object. If the Data Controller refuses to consent to Whoz's appointment of a sub-processor and/or replacement of
an authorized sub-processor, for legitimate reasons, on grounds relating to the protection of the Client Personal
Data, then the Data Controller may elect to suspend or terminate this Agreement under the conditions defined
under the Article 9.4 of the MSA.
Where the Data Processor engages a sub-processor for carrying out specific processing activities (on behalf of
the Data Controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the
same data protection obligations as the ones imposed on the Data Processor in accordance with this Appendix.
The Data Processor shall ensure that the sub-processor complies with the obligations to which the Data
Processor is subject pursuant to this Appendix and to Regulation (EU) 2016/679.

22/24

At the Data Controller’s request, the Data Processor shall provide a copy of such a sub-processor agreement and
any subsequent amendments to the Data Controller. To the extent necessary to protect business secrets or other
confidential information, including Personal Data, the Data Processor may redact the text of the agreement prior
to sharing the copy.
The Data Processor shall remain fully responsible to the Data Controller for the performance of the
sub-processor’s obligations in accordance with its contract with the Data Processor. The Data Processor shall
notify the Data Controller of any failure by the sub-processor to fulfil its contractual obligations.
3.8 International transfers. Any transfer of data to a third country or an international organization by the Data
Processor shall be done only on the basis of documented instructions from the Data Controller or in order to fulfil
a specific requirement under Union or Member State law to which the processor is subject and shall take place in
compliance with Chapter V of Regulation (EU) 2016/679.
The Data Controller agrees that where the Data Processor engages a sub-processor in accordance with
Section 3.7 for carrying out specific processing activities (on behalf of the Data Controller) and those processing
activities involve a transfer of Client Personal Data within the meaning of Chapter V of Regulation (EU) 2016/679,
the Data Processor and the sub-processor can ensure compliance with Chapter V of Regulation (EU) 2016/679
by using standard contractual clauses adopted by the Commission in accordance with of Article 46(2) of
Regulation (EU) 2016/679, provided the conditions for the use of those standard contractual clauses are met.
4 ASSISTANCE TO THE CONTROLLER
4.1 The Data Processor shall promptly notify the Data Controller of any request it has received from the Data Subject.
It shall not respond to the request itself, unless authorized to do so by the Data Controller.
4.2 The Data Processor shall assist the Data Controller in fulfilling its obligations to respond to Data Subjects’
requests to exercise their rights, taking into account the nature of the processing. In fulfilling its obligations in
accordance with Sections 4.1 and 4.2, the Data Processor shall comply with the Data Controller’s instructions
4.3 In addition to the Data Processor’s obligation to assist the Data Controller pursuant to Section 4.2, the Data
Processor shall furthermore assist the Data Controller in ensuring compliance with the following obligations,
taking into account the nature of the data processing and the information available to the Data Processor:
a. the obligation to carry out an assessment of the impact of the envisaged processing operations on the
protection of Client Personal Data (a “data protection impact assessment”) where a type of processing is likely
to result in a high risk to the rights and freedoms of natural persons;
b. the obligation to consult the competent supervisory authority/ies prior to processing where a data protection
impact assessment indicates that the processing would result in a high risk in the absence of measures taken
by the controller to mitigate the risk;
c. the obligation to ensure that Client Personal Data is accurate and up to date, by informing the Data Controller
without delay if the Data Processor becomes aware that the Client Personal Data it is processing is inaccurate
or has become outdated;
d. the obligations in Article 32 Regulation (EU) 2016/679.
4.4 The Parties shall set out in Article 7 of the MSA the appropriate technical and organizational measures by which
the Data Processor is required to assist the Data Controller in the application of this Article as well as the scope
and the extent of the assistance required.
5 NOTIFICATION OF PERSONAL DATA BREACH
In the event of a Client Personal Data breach, the Data Processor shall cooperate with and assist the Data
Controller for the Data Controller to comply with its obligations under Articles 33 and 34 Regulation (EU) 2016/679,
where applicable, taking into account the nature of processing and the information available to the Data Processor.
In the event of a Client Personal Data breach concerning data processed by the Data Processor, the Data
Processor shall notify the Data Controller without undue delay and within a maximum of seventy two (72) hours
after the Data Processor having become aware of the breach. Such notification shall contain, at least:
a. a description of the nature of the breach (including, where possible, the categories and approximate number of
data subjects and data records concerned);
b. the details of a contact point where more information concerning the personal data breach can be obtained; and
c. its likely consequences and the measures taken or proposed to be taken to address the breach, including to
mitigate its possible adverse effects.
Where, and insofar as, it is impossible to provide all this information at the same time, the initial notification shall
contain the information then available and further information shall, as it becomes available, subsequently be
provided without undue delay.
6 NON-COMPLIANCE AND TERMINATION

23/24

6.1 Without prejudice to any provisions of Regulation (EU) 2016/679, in the event that the Data Processor is in breach
of its obligations under this Appendix, the Data Controller may instruct the Data Processor to suspend the
processing of Client Personal Data until the latter complies with this Appendix or the Agreement is terminated.
The Data Processor shall promptly inform the Data Controller in case it is unable to comply with this Appendix, for
whatever reason.
6.2 The Data Controller shall be entitled to terminate the Agreement insofar as it concerns processing of Client
Personal Data in accordance with this Appendix if:
a. the processing of Client Personal Data by the Data Processor has been suspended by the Data Controller
pursuant to Section 6.1 and if compliance with this Appendix is not restored within a reasonable time and in
any event within one month following suspension;
b. the Data Processor is in substantial or persistent breach of this Appendix or its obligations under Regulation
(EU) 2016/679; or
c. the Data Processor fails to comply with a binding decision of a competent court or the competent supervisory
authority/ies regarding its obligations pursuant to this Appendix or to Regulation (EU) 2016/679.

6.3 The Data Processor shall be entitled to terminate the Agreement insofar as it concerns processing of Client
Personal Data under this Appendix where, after having informed the Data Controller that its instructions infringe
applicable legal requirements in accordance with Section 3.1(b), the Data Controller insists on compliance with
the instructions.
6.4 Following termination of the Agreement, the Data Processor shall, solely under the conditions laid down in
Article 12 of the MSA, at the choice of the Data Controller, delete all Client Personal Data processed on behalf of
the Data Controller and certify to the Data Controller that it has done so, or, return or make available all Client
Personal Data to the Data Controller and delete existing copies unless Union or Member State law requires
storage of the Client Personal Data. Until the data is deleted or returned, the Data Processor shall continue to
ensure compliance with this Appendix.