Online Ordering Web & Apps Standard Terms and Conditions

This document sets out the terms and conditions upon which we, Smart EPOS Solutions Limited, will (i) create and set up for your use our app and web ordering tool and (ii) provide related services to you.

These terms form a legal agreement (the “Agreement”) between you (“you” or “Customer”) and Smart EPOS Solutions Limited, a company registered in England and Wales with company number 09904489 (“Smart EPOS Solutions”, “we” or “us”) (each, a “Party”, collectively, the “Parties”). Please print a copy of these terms for your record and future reference.

1. DEFINITIONS AND INTERPRETATION

1.1 The following words have the following meanings in this Agreement:

“App” means your shared and/or branded application, which facilitates your customers’ order and payment for goods and services from your Venue;

“App and Web Ordering Tool” means Smart EPOS Solutions’s mobile application and web ordering tool, which facilitates the ordering of and payment for goods and services from a venue, restaurant or other provider, in conformance with its published specifications;

“Commencement Date” shall have the meaning set out in clause 7;

“Confidential Information” means all information belonging to a party which is identified by the party disclosing it as confidential or which, by reason of its characteristics or the circumstances or manner of its disclosure a reasonable person should understand it as confidential including (without prejudice to the generality of the foregoing) any information about a party’s new planned but unreleased new products or services, non public data about a party’s business, customer lists, sales statistics and forecasts, and marketing strategies;

“Data Protection Legislation” means the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and Regulation (EU) 2016/679 known as the General Data Protection Regulation (“GDPR”), as each of the foregoing may be amended, replaced or re-enacted from time to time and all applicable laws and regulations relating to the processing of personal data and privacy including where applicable the guidance and codes of practice issued by the ICO or other relevant supervisory authority and the equivalent of any of the foregoing in any relevant jurisdiction (whether mandatory or not);

“Defects” means an error in the App and/or the Web Ordering Tool that materially affects its or their functionality or usability;

“EULA” means the Smart EPOS Solutions standard end user licence agreement,

“Intellectual Property Rights” means patents, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;

“Legislation” means any statute, statutory provision or subordinate legislation or any mandatory rules or guidance issued by any regulatory body having jurisdiction over the applicable party;

“Normal Working Hours” means 09:00 to 17:00 on any Working Day;

“Order Form” means the Smart EPOS Solutions Customer Order Form and Agreement signed by the Parties or Quotation agreed and which lists the Services you have ordered from us.

“Personal Data” has the meaning given to it in the GDPR;

“Services” means the services provided by Smart EPOS Solutions to you pursuant to this Agreement including the provision of access to and use of a shared and or branded version of Smart EPOS Solutions’s App and Web Ordering Tool;

“Venue” means the specific venue or restaurant for which you have requested the App and the Web Ordering Tool to be set up and created to process orders for;

“Working Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.

2. SERVICES.

2.1 In return for the fees set out in the Order Form and subject to your compliance with the terms of this Agreement, we agree to provide the following services to you:

2.1.1 create and set up your own shared and or branded App for downloading by your customers from the App Store or Google Play (including setting up your menu, pricing, payments and artwork);

2.1.2 set up the Web Ordering Tool for inclusion on your website;

2.1.3 provide you with access to online tools to manage your App and the Web Ordering Tool;

2.1.4 provide such additional services that are requested and detailed in the Order Form and accompanying Statement of Work; and

2.1.5 provide you with email support services during Normal Working Hours

2.2 We acknowledge and agree that the Services shall be provided on a non-exclusive basis and you are free to obtain the same or similar services during the term of this Agreement.

3. DATA PRIVACY

3.1 If GDPR is applicable to the Services we provide you and your customers, Addendum 1, Data Processing Addendum (the “DPA”), shall apply, and you agree that its terms and conditions shall be effective as of the date of you execute the Order Form and you and us enter into this Agreement.

3.2 You and we agree to comply fully with all other privacy Legislation applicable to the Services we perform for you and your customers.

3.3 Each of us shall indemnify the other, its officers, employees and agents, against all liabilities, costs, expenses (including reasonable legal fees and expenses), damages and losses suffered or incurred by us as a result of any breach by the other of its obligations under clause 3.

4. YOUR OBLIGATIONS

4.1 In order for us to provide the Services to you, you must:

4.1.1 co-operate with us in all matters relating to the Services, including but not limited to, providing to us, when requested, content, data and other information which we may reasonably require and ensuring that it is accurate in all material respects; and

4.1.2 obtain and maintain all necessary licences and consents and comply with all relevant Legislation in relation to the Services and the use of any content, data or other information provided, in all cases prior to the Commencement Date.

4.2 You agree that you:

4.2.1 have provided, and will continue to provide, accurate and complete information in your Account, and will update such information as appropriate; and

4.2.2 are responsible for the accuracy of any data or content provided as part of the Services.

4.3 We each agree that we will not upload or transmit to any systems (including third party service providers) used in the provision of the Services any unlawful content (including any content which is defamatory, obscene or abusive, or in breach or an infringement of intellectual property or privacy rights, or any data protection or confidentiality obligations).

4.4 You should not rely on our Services for storage or maintenance of information or your content. We may, at any time at our absolute discretion review and remove any content from the Services or request that you re-register or set up a new account for your continued use of the Services.

4.5 Each Party (as an “Indemnifying Party”) agrees to indemnify the other Party (as an “Indemnified Party”), its officers, employees, agents and service providers against all liabilities, costs, expenses (including reasonable legal fees and expenses), damages and losses suffered or incurred by the Indemnified Party as a result of any breach by the Indemnifying Party of clause 4.3.

5. SETUP OF THE APP AND WEB ORDERING TOOL

5.1 Upon execution of an Order Form, we will commence the provision of Services you have ordered including setup of the App and Web Ordering Tool.

5.2 We shall submit the App for placing on the Apple and Google Play App Stores. If the App is not approved for placing by an App Store, you may by notice in writing to us terminate this Agreement with immediate effect, and we shall refund any fees received by us for the Services.

5.3 You acknowledge and agree that any delays or rejections caused by an App Store are outside of our control, and as such we shall not be liable to you in the event of any delay caused by such actions except as set out in clause 5.2.

6. YOUR Smart EPOS Solutions ACCOUNT.

You are responsible for maintaining the confidentiality of your Account and password and for restricting access to your computer and devices, and to the extent permitted by applicable law you agree to accept responsibility for all activities that occur under your Account or password. You should take all necessary steps to ensure that the password is kept confidential and secure and should inform us immediately if you have any reason to believe that your password has become known to anyone else, or if the password is being, or is likely to be used in an unauthorised manner.

7. DURATION.

This Agreement commences from the date the parties executed the Order Form (the “Commencement Date”) and, unless terminated earlier in accordance with either clause

12.1 or 12.3, will continue in force for a minimum period of twelve (12) months (the “Initial Term”) after which it shall automatically renew for further twelve (12) calendar months or six (6) calendar months periods (each a “Renewal Period”). You may terminate this Agreement with effect from the last day of a Renewal Period by giving to us not less than 30 (thirty) days’ prior notice.

8. FEES.

8.1 The fees for the Services are as set out in the Order Form or quotation.

8.2 All fees relating to the Services are exclusive of any applicable tax such as VAT, which will be added to the fees at the appropriate rate and payable by you. We reserve the right to charge interest on any overdue amounts at the rate of 2% above the base lending rate of HSBC Bank plc from time to time, such interest accruing daily

8.4 Without prejudice to any other rights we may have, if you fail to pay us in accordance with this clause 7, we may suspend the Services (including the removal of your shared and or branded App from application stores) until payment has been made in full.

8.5 Following the Initial Term, we may increase or change how we charge for the Services provided, however, that we must provide you at least thirty (30) days prior notice of any such change.

9. PAYMENT FROM YOUR CUSTOMERS.

9.1 In order for you to receive your customers’ payments for the goods and/or services they order using the App or Web Ordering Tool, you will need to register with one of our payment service providers.

9.2 Payment processing services are provided by third parties with whom you contract for such services. These services are subject to separate terms of use and privacy policies of the service providers you select for payment processing. If you have any questions relating to these services, please contact the relevant payment services provider.

10. YOUR USE OF THE SERVICES.

10.1 You acknowledge that, except for the content provided by you, the App, the Web Ordering Tool and the content of the Services are protected by copyright, database rights, trade marks and other intellectual property rights of us and our licensors, as applicable, and all rights not expressly granted to you are reserved to us and our licensors.

10.2 You must not:

10.2.1 sub-license, assign or transfer your rights or obligations under this Agreement; except with the prior consent of Smart EPOS Solutions which shall not be unreasonably withheld; or 10.2.2 access or use the Services using any interface other than in accordance with this Agreement; or

10.2.3 access or use the Services for any venue other than the Venue.

10.3 You must not use the Services in any way incompatible with their intended purpose or in any unlawful or unauthorised manner and, in particular, you must not: 10.3.1 make any copies of the Services;

10.3.2 modify, adapt, reverse engineer, decompile or disassemble, create derivative works of, publish, distribute exploit the App, the Web Ordering Tool or any content or software element of the Services;

10.3.3 remove any copyright or proprietary notices on the App, the Web Ordering Tool or the content of the Services (including without limitation the information and data provided by us relating to your customers as set out in clause 2.1.2);

10.3.4 use, distribute or disclose Confidential, personal or sensitive data or information within the App, the Web Ordering Tool or the Services without appropriate authority;

10.3.5 export the App or the Web Ordering Tool in breach of applicable export control or other laws relating to the export of technology and software; or

10.3.6 make any unlawful or unauthorised use of our (or our service providers’) equipment, networks, systems or software (including attempting to gain unauthorised access, introducing any computer virus or malware, or inhibiting their operation).

11. WARRANTIES.

11.1 We warrant and represent that we will perform the Services in a reliable and professional manner, in all material respects in conformity with any specifications for the Services and in compliance with all applicable law and regulations.

11.2 In the event of a breach of the warranty in 11.1, your sole remedy is for Smart EPOS Solutions to rectify the defect that constitutes such breach within a reasonable time from notification by you of the defect. In the event that Smart EPOS Solutions is unable to remedy the defect, then you may terminate this Agreement pursuant clause 13.3.3 and receive a refund of fees for the unexpired term.

11.3 The warranties set out in this clause 11 are in lieu of all other express or implied warranties or conditions, including implied warranties or conditions of satisfactory quality and fitness for a particular purpose, in relation to this Agreement. Without limitation, and except as may be expressly set out in this Agreement, we specifically deny any implied or express representation that the App and the Web Ordering Tool will be:

11.3.1 fit to operate uninterrupted or error-free; and

11.3.2 free from any defects or errors.

11.4 Any unauthorised modifications, use or improper installation of the App and/or the Web Ordering Tool by or on your behalf shall render all Smart EPOS Solutions’s warranties and obligations under this Agreement null and void.

11.5 Each party:

11.5.1 warrants to the other party that it will at all times comply with all applicable laws and regulations with respect to its obligations and activities under this Agreement; and

11.5.2 shall indemnify the other (as an “Indemnified Party”), its officers, employees, agents and service providers against all liabilities, costs, expenses (including reasonable legal fees and expenses), damages and losses suffered or incurred by the Indemnified Party arising out of any noncompliance of clause 11.5.1.

12. LIMITATIONS ON LIABILITY

12.1 Nothing in this Agreement shall exclude or limit either party’s liability for fraud or fraudulent misrepresentation, death or personal injury caused by that party’s negligence or any other liability which cannot be lawfully excluded or limited.

12.2 Subject to clause 12.1, neither party shall in any circumstances be liable whether in contract, tort (including for negligence and breach of statutory duty howsoever arising), misrepresentation (whether innocent or negligent), restitution or otherwise, for:

12.2.1 the accuracy, completeness or legality of any data, content or other information provided by the other party; nor

12.2.2 any breach of any obligations due to a cause beyond the other party’s reasonable control.

12.3 Subject to clause 12.1, neither party shall in any circumstances be liable whether in contract, tort (including for negligence and breach of statutory duty howsoever arising), misrepresentation (whether innocent or negligent), restitution or otherwise, for any:

12.3.1 Loss, damage or distress arising from reliance on information or reliance on availability of the Services; or

12.3.2 Loss of business, customers or profits; or 12.3.3 indirect, consequential or economic loss, damage or distress which a party suffers as a result of this Agreement.

12.4 Subject to clause 12.1, but without prejudice to other limitations on its liability (including clauses 12.2 and 12.3), each party’s total liability to the other in any twelve (12) month period for any other losses or claims relating to this Agreement and arising during that period is limited to £500 or the fees paid or payable by you to us in such a period, whichever is greater.

13. TERMINATION

13.1 We may withdraw the Services and associated content, suspend your access to the Services and/or terminate this Agreement immediately and without notice:

13.1.1 if you breach, or we reasonably suspect that you are in breach, of any term of this Agreement; or

13.1.2 if we cease to offer (or change the way in which we offer) the Services.

13.2 If we terminate this Agreement because we no longer provide the Services, we will refund any sums received by us from you for any unexpired term.

13.3 You may, by notice in writing to us, terminate this Agreement with immediate effect:

13.3.1 pursuant to clause 5.2; or

13.3.2 in accordance with clause 7; or

13.3.3 if we commit a material breach of any term of this Agreement and (if such breach is remediable) we fail to remedy that breach within a period of thirty (30) days after being notified in writing to do so.

13.4 Following termination of this Agreement for any reason, your licence to access the information and data relating to your customers as set out in clause 2.1.3 will terminate. You agree that, as soon as reasonably practicable, you will delete any such information and data you do not have a legal basis to retain and any copies of any such information and data you obtained by using the Services during the term of the Agreement.

13.5 Following termination of this Agreement or suspension of your access to the Services for any reason, we may retain your account details and other records relating to you for our record keeping. Additionally, your customers will no longer be able to access or use the App or the Web Ordering Tool.

13.6 Except where expressly stated, you agree that neither we, nor our officers or employees shall be liable to you or any third-party for any termination of this Agreement or any suspension or restriction of your access to the Services.

14. EULA AND APP CHANGES.

14.1 Customers use of the App is subject to Smart EPOS Solutions’s End User License Agreement (“EULA”). We may make changes to the EULA from time to time at our discretion.

14.2 We may (by means of a notice on our website, within the relevant application store or otherwise) require your customers to install and use an upgraded version of the App in place of the current version, or to uninstall the App if we cease to offer it or the Services. All upgrades to the App fall under the definition of the “App” under this Agreement.

15. PRIVACY NOTICE.

You agree to our use of your personal data as set out in our privacy policy, which can be found at www.ForPOS.co.uk.

16. CONFIDENTIALITY

During the Term of the Agreement and for two (2) years after, each Party shall keep secret and retain in strictest confidence, and shall not, without the prior consent of the other Party, furnish, make available or disclose to any third Party or use for the benefit of itself (except as necessary to fulfil the purposes of or as otherwise authorised by this Agreement) or any third Party, any Confidential Information of the other Party. This restriction shall not prevent disclosure by the Receiving Party of any information which is required by law, or by legitimate action of any law enforcement or regulatory body to the extent strictly necessary to satisfy that requirement, and after having given the Disclosing Party as much prior notice of the requirement as possible and taking all available steps to avoid or minimise the extent of the disclosure.

17. ANONYMIZED CUSTOMER DATA

You understand and agree that Smart EPOS Solutions may use and retain, without restriction, anonymized data obtained in performance of Services to you, (the “Anonymized Data”), both during the Term of this Agreement, and thereafter. All rights in the Anonymized Data shall be owned fully by Smart EPOS Solutions.

18. OUR COMPLIANCE WITH LAWS AND POLICIES

18.1 In performing our obligations under the Agreement, we represent and warrant that at the date of this Agreement:

18.1.1 we shall comply with all applicable laws, statutes, regulations from time to time in force including but not limited to: those relating to anti-bribery and anticorruption in the UK, the Modern Slavery Act 2015, and the Anti-Slavery policy;

18.1.2 we and our officers and employees (“Associated Persons”) will not engage in any activity, practice or conduct which could contravene the Bribery Act 2010, or which could cause you to contravene the Bribery Act 2010;

18.1.3 we have in place comprehensive procedures to prevent any act of bribery being committed by us and our Associated Persons (as defined in clause 18.1.2) and such procedures will be maintained throughout the term of this Agreement;

18.1.4 neither us nor any of our officers, employees or other Associated Persons (as defined in clause 18.1.2) is a foreign public official (as defined by the Bribery Act 2010), that no foreign public official owns a direct or indirect interest in us or any Associated Person, and that no foreign public official has any legal or beneficial interest in any payments made by us;

18.1.5 we shall promptly notify you, if at any time during the term of this Agreement, our circumstances, knowledge or awareness has changed such that we would not be able to repeat the warranties in this clause 18; and

18.1.6 neither us nor any of our officers, employees: (a) have been convicted of any offence involving slavery and human trafficking; and (b) has been or is the subject of any investigation, inquiry or enforcement proceedings by any governmental, administrative or regulatory body regarding any offence or alleged offence of or in connection with slavery and human trafficking.

19. GENERAL.

19.1 All provisions of this Agreement which by their nature are intended to continue shall survive termination, including terms relating to exclusions and limitations of liability, intellectual property restrictions and on-going use of your data.

19.2 You agree that we may disclose the existence and general nature of this Agreement and to identify you as a Customer of Smart EPOS Solutions in any marketing materials, press release, blog posts, case studies, white papers, on websites and the like, provided however that any use of your Trademark shall be subject to your stated guidelines of use.

19.3 Termination of this Agreement or the Services shall not affect accrued rights and liabilities of you or us up to the date of termination.

19.4 No provision of this Agreement is intended to be enforceable by any person other than you and us.

19.5 No variation of this Agreement shall be effective unless it is in writing and signed by both you and Smart EPOS Solutions (or their authorised representatives).

19.6 A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement, but this does not affect any right or remedy of a third party which exists, or is available, apart from that Act.

19.7 Subject to section 5.1(f) of the DPA, we may, without your consent, sub-contract provision of the Services or sublicense our rights under this Agreement to our third party service providers.

19.8 We may, without your consent, assign or transfer any or all of our rights and obligations under this Agreement to any successor in title of all or part of the App, the Web Ordering Tool, the Services, or intellectual property or other rights or obligations subsisting in relation to the same.

18.9 You may not assign, transfer, mortgage, charge, subcontract, declare a trust of or deal in any other manner with any or all of your rights and obligations under this Agreement without our prior written consent.

19.9 Failure or delay by us to exercise any right or remedy under this Agreement does not constitute a waiver of that right or remedy.

19.10 Any notice or other communication required to be given by you under this Agreement shall be given by email to sales@ForPOS.co.uk. Any notice or other communication required to be given by us under this Agreement shall be given to the email address you specify in your Account. Any notice shall be deemed to have been duly received at 9.00am on the next Working Day after transmission.

19.11 The terms of this Agreement constitute the entire agreement between you and us with respect to the subject matter and supersede any and all prior agreements, negotiations and discussions relating to the same.

19.12 If any provision of this Agreement is found by any court or legal authority to be invalid, unenforceable or illegal, the other provisions shall remain in force and, to the extent possible, the provision shall be modified to ensure it is valid, enforceable and legal, whilst maintaining or giving effect to its commercial intention.

19.13 This Agreement is governed by the laws of England and Wales, and the courts of England and Wales shall have jurisdiction to hear any disputes arising in connection with it.

ADDENDUM 1

Data Processing Addendum

This Data Processing Agreement (the “DPA”), entered into by the Smart EPOS Solutions customer identified on the applicable Smart EPOS Solutions ordering document for Smart EPOS Solutions services (“Customer”) and Smart EPOS Solutions Limited (“Smart EPOS Solutions”), governs the Processing of Personal Data that Customer uploads directly or through its end users or otherwise provides Smart EPOS Solutions in connection with the Services and the Processing of any Personal Data that Smart EPOS Solutions uploads or otherwise provides to Customer in connection with the Services.

This DPA is incorporated into the relevant Smart EPOS Solutions services agreement attached to or incorporated by reference into the ordering document previously executed by Customer, referred to generically in this DPA as the “Smart EPOS Solutions Contract”. Collectively, the DPA, the Smart EPOS Solutions Contract, and the applicable ordering documents are referred to in this DPA as the “Agreement”. In the event of any conflict or inconsistency between any of the terms of the Agreement, the provisions of the following documents (in order of precedence) shall prevail: (a) this DPA; (b) the Smart EPOS Solutions Contract; and (c) the applicable ordering document to the Smart EPOS Solutions Contract. Except as specifically amended in this DPA, the Smart EPOS Solutions Contract and applicable ordering document remain unchanged and in full force and effect.

1. DEFINITIONS

“Customer Personal Data” means Personal Data that Customer uploads directly or through its end users or otherwise provides Smart EPOS Solutions in connection with its use of Smart EPOS Solutions’s Services or (ii) for which Customer is otherwise a data controller. “Data Controller” means Customer.

“Data Processor” means Smart EPOS Solutions.

“Data Protection Requirements” means the Directive, the General Data Protection Regulation, Local Data Protection Laws, any subordinate legislation and regulation implementing the General Data Protection Regulation, and all Privacy Laws.

“Directive” means the EU Data Protection Directive 95/46/EC (as amended).

“General Data Protection Regulation” means Regulation (EU) 2016/679, the European Union Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

“Local Data Protection Laws” means any subordinate legislation and regulation implementing the Directive or the General Data Protection Regulation which may apply to the Agreement, including, but not limited to, the Data Protection Act 2018.

“Personal Data” means any information about an individual that (a) can be used to identify, contact or locate a specific individual, including data that Customer chooses to provide to Smart EPOS Solutions from Services; (b) can be combined with other information that can be used to identify, contact or locate a specific individual; or (c) is defined as “personal data” or “personal information” by applicable laws or regulations relating to the collection, use, storage or disclosure of information about an identifiable individual.

“Personal Data Breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data.

“Privacy Laws” means all applicable laws, regulations, and other legal requirements relating to (a) privacy, data security, consumer protection, marketing, promotion, and text messaging, email, and other communications; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other Processing of any Personal Data.

“Process” and its cognates mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Subprocessor” means any entity which provides processing services to Smart EPOS Solutions in furtherance of Smart EPOS Solutions’s processing on behalf of Customer, which is authorised by Customer.

“Supervisory Authority” means an independent public authority which is established by a European Union member state pursuant to Article 51 of the General Data Protection Regulation, such as the Information Commissioner’s Office (“ICO”) in the UK.

2. NATURE OF DATA PROCESSING

Each party agrees to Process Customer Personal Data received under the Agreement only for the purposes set forth in the Agreement. For the avoidance of doubt, the categories of Personal Data processed and the categories of data subjects subject to this DPA are described in Schedule A to this DPA.

3. COMPLIANCE WITH LAWS

The parties shall each comply with their respective obligations under all applicable Data Protection Requirements and neither party shall perform their obligations under the Agreement in such a way as to cause the other party to breach any of its obligations under the Data Protection Requirements.

4. CUSTOMER OBLIGATIONS

Customer agrees to provide instructions to Smart EPOS Solutions and determine the purposes and general means of Smart EPOS Solutions’s processing of Customer Personal Data in accordance with the Agreement.

5. Smart EPOS Solutions OBLIGATIONS

5.1 Processing Requirements. Smart EPOS Solutions will:

a. Process Customer Personal Data (i) only for the purpose of providing the Services using appropriate technical and organizational security measures; and (ii) in compliance with the instructions received from Customer. Smart EPOS Solutions will not use or Process the Customer Personal Data for any other purpose. Smart EPOS Solutions will promptly inform Customer in writing if it cannot comply with the requirements under Sections 5 to 8 (inclusive) of this DPA, in which case Customer may terminate the Agreement or take any other reasonable action, including suspending data processing operations;

b. Inform Customer immediately if, in Smart EPOS Solutions’s opinion, an instruction from Customer violates applicable Data Protection

Requirements;

c. If Smart EPOS Solutions is collecting Customer Personal Data from individuals on behalf of Customer, follow Customer’s instructions regarding such Customer Personal Data collection (including with regard to the provision of notice and exercise of choice); d. Take commercially reasonable steps to ensure that (i) persons employed by it and (ii) other persons engaged to perform on Smart EPOS Solutions’s behalf comply with the terms of the Agreement;

e. Ensure that its employees, authorized agents and any Subprocessors are required to comply with and acknowledge and

respect the confidentiality of the Customer Personal Data, including after the end of their respective employment, contract or assignment;

f. If it intends to engage Subprocessors to help it satisfy its obligations in accordance with this DPA or to delegate all or part of the processing activities to such Subprocessors, (i) obtain the prior written consent of Customer to such subcontracting; (ii) remain liable to Customer for the Subprocessors’ acts and omissions with regard to its compliance with Data Protection Requirements in respect of the Customer Personal Data; and (iii) enter into contractual arrangements with such Subprocessors binding them to provide the same level of data protection and information security to that provided for herein and in particular a requirement that the Subprocessor will implement appropriate technical and organizational measures to ensure that the requirements of the Data Protection Requirements are met;

g. Upon request, provide Customer with a summary of Smart EPOS Solutions’s privacy and security policies; and

h. Inform Customer if Smart EPOS Solutions undertakes an independent security review.

5.2 Notice to Customer. Smart EPOS Solutions will without undue delay inform Customer if Smart EPOS Solutions becomes aware of:

a. Any non-compliance by Smart EPOS Solutions or its employees with any section of this DPA or the Data Protection Requirements relating to the protection of Customer Personal Data processed under this DPA;

b. Any legally binding request for disclosure of Customer Personal Data by a law enforcement authority, unless Smart EPOS Solutions is otherwise forbidden by law to inform Customer, for example to preserve the confidentiality of an investigation by law enforcement authorities;

c. Any notice, inquiry or investigation by a Supervisory Authority with respect to Customer Personal Data; or

d. Any complaint or request to exercise any right under the General Data Protection Regulation received directly from a data subject of Customer. Smart EPOS Solutions will not respond to any such request without Customer’s prior written authorization.

5.3 Assistance to Customer. Smart EPOS Solutions will without undue delay provide reasonable assistance to Customer regarding:

a. Any requests from Customer data subjects in respect of exercising any of their rights under the General Data Protection Regulation for Customer Personal Data that Smart EPOS Solutions processes for Customer. In the event that a data subject sends such a request directly to Smart EPOS Solutions, Smart EPOS Solutions will promptly send such request to Customer;

b. The investigation of Personal Data Breaches and the notification to the Supervisory Authority and Customer’s data subjects regarding such Personal Data Breaches; and

c. Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.

5.4 Required Processing. If Smart EPOS Solutions is required by Data Protection Requirements to process any Customer Personal Data for a reason other than providing the services described in the Agreement, Smart EPOS Solutions will inform Customer of this requirement in advance of any processing, unless Smart EPOS Solutions is legally prohibited from informing Customer of such processing (e.g., as a result of secrecy requirements that may exist under applicable EU member state laws).

5.5 Security. Smart EPOS Solutions will:

a. Maintain appropriate organizational and technical security measures (including with respect to personnel, facilities, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, encryption of Customer Personal Data while in transit and at rest) to protect against a Personal Data Breach;

b. Be responsible for the sufficiency of the security, privacy, and confidentiality safeguards of all Smart EPOS Solutions personnel with respect to Customer Personal Data and liable for any failure by such Smart EPOS Solutions personnel to meet the terms of this DPA;

c. Take reasonable steps to confirm that all Smart EPOS Solutions personnel are protecting the security, privacy and confidentiality of Customer Personal Data consistent with the requirements of this DPA; and

d. Notify Customer of any Personal Data Breach by Smart EPOS Solutions or its Subprocessors without undue delay and in any event within 48 hours of becoming aware of a Personal Data Breach.

6. AUDIT, CERTIFICATION

6.1 Supervisory Authority Audit. If a Supervisory Authority requires an audit of the data Processing facilities from which Smart EPOS Solutions Processes Customer Personal Data in order to ascertain or monitor Customer’s compliance with Data Protection Requirements, Smart EPOS Solutions will cooperate with such audit. Customer is responsible for all costs and fees related directly to such audit, including all reasonable costs and fees for any and all time Smart EPOS Solutions reasonably expends for any such audit, in addition to the rates for Services performed by Smart EPOS Solutions.

6.2 Audits. Smart EPOS Solutions must, upon Customer’s request by email to sales@ForPOS.co.uk, certify compliance with this DPA in writing. If a Report does not provide, in Customer’s reasonable judgment, sufficient information to confirm Smart EPOS Solutions’s compliance with the terms of this DPA, then Customer or an accredited third-party audit firm agreed to by both Customer and Smart EPOS Solutions may audit Smart EPOS Solutions’s compliance with the terms of this DPA during regular business hours, with reasonable advance notice to Smart EPOS Solutions and subject to reasonable confidentiality procedures. Customer is responsible for all costs and fees related directly to such audit, including all pre-agreed reasonable costs and fees for any and all time Smart EPOS Solutions reasonably expends for any such audit, in addition to the rates for Services performed by Smart EPOS Solutions. Before the commencement of any such audit, Customer and Smart EPOS Solutions shall mutually agree upon the scope, timing, and duration of the audit. Customer shall promptly notify Smart EPOS Solutions with information regarding any non-compliance discovered during the course of an audit. Customer may not audit Smart EPOS Solutions more than once annually unless Customer has reasonable grounds to suspect there has been a breach by Smart EPOS Solutions of this DPA or if there is a change in the business which may have an effect on Smart EPOS Solutions’s compliance with Data Protection Requirements.

7. DATA TRANSFERS

7.1 Smart EPOS Solutions will not transfer or otherwise process any EU Personal Data outside of the EEA without the prior written consent of the Customer, unless required to do so by relevant Legislation and in such a case Smart EPOS Solutions shall inform Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.

7.2 The parties acknowledge and agree that where Customer gives instructions to transfer Customer Personal Data outside of the EEA, such transfer will not be affected unless and until Customer is satisfied that adequate safeguards and an adequate level of protection are in place in respect of the Customer Personal Data to be transferred in accordance with Data Protection Requirements.

7.3 In the event that Smart EPOS Solutions intends to carry out Processing of Customer Personal Data in a jurisdiction outside of the EEA, the parties will be required to put in place adequate safeguards and an adequate level of protection in respect of the Customer Personal Data to be transferred in accordance with Data Protection Requirements.

8. DATA RETURN AND DELETION

The parties agree that on the termination of the Services or upon Customer’s reasonable request, Smart EPOS Solutions shall, and shall cause any Sub processors to, at the choice of Customer, return all the Customer Personal Data and copies of such data to Customer or securely destroy them and demonstrate to the satisfaction of Customer that it has taken such measures, unless Data Protection Requirements prevent Smart EPOS Solutions from returning or destroying all or part of the Customer Personal Data disclosed. In such case, Smart EPOS Solutions agrees to preserve the confidentiality of the Customer Personal Data retained by it and that it will only actively process such Customer Personal Data after such date in order to comply with applicable Legislation.

9. INDEMNITY

Smart EPOS Solutions shall indemnify and hold harmless the Customer and its employees from and against any reasonable damages, costs, expenses (including reasonable court costs and legal fees), fines and other liabilities arising out of or resulting from any third-party claims or actions resulting from a breach of this DPA or Data Protection Requirements by Smart EPOS Solutions.

10. TERM

This DPA shall remain in effect as long as Smart EPOS Solutions carries out Customer Personal Data Processing operations on behalf of Customer or until the termination of the Smart EPOS Solutions Contract (and all Customer Personal Data has been returned or deleted in accordance with Section 8 above).

11. GOVERNING LAW, JURISDICTION, AND VENUE

Notwithstanding anything in the Agreement to the contrary, this DPA shall be governed by the laws of England, and any action or proceeding related to this DPA (including those arising from non-contractual disputes or claims) will be brought in England.

SCHEDULE A

ANNEX B – DESCRIPTION OF THE PROCESSING

1. Data Subjects. The Customer Personal Data Processed concerns the following categories of data subjects: Individuals who are -end users of the Smart EPOS Solutions App and Web Ordering Tool

2. Purposes of the Processing:

Smart EPOS Solutions will Process the Customer Personal Data for the purpose of providing the agreed Services and shall include, but shall not be limited to, the following types of Processing:

● collecting

● recording

● organising;

● structuring; and

● using

the Customer Personal Data. The Customer Personal Data may also be disclosed, restricted, deleted or destroyed in accordance with the Customer’s instructions.

3. Categories of Data. The personal data transferred concern the following categories of data:

The data transferred is the personal data provided by the data exporter to the data importer in connection with its use of Smart EPOS Solutions App and Web Ordering Tool, referred to as Customer Personal Data in the Smart EPOS Solutions Agreement. Such Customer Personal Data may include first name, last name, address, email address, mobile number, mobile device ID and IP address.

4. Recipients. The personal data transferred may be disclosed only to the following recipients or categories of recipients:

Employees and other representatives of the data importer who have a legitimate business purpose for the processing of such personal data.

5. Sensitive Data (if appropriate). The personal data transferred concern the following categories of sensitive data: None.

6. Data Protection Registration Information of Data Exporter (where applicable).

None.

7. Additional Useful Information (storage limits and other relevant information).

The personal data transferred between the parties may only be retained for the period of time permitted under the Agreement.

8. Contact Information. Contact points for data protection enquiries:

Smart EPOS Solutions Limited as Data Importer

By post: Smart EPOS Solutions Ltd, 85 High Street, Tunbridge Wells, Kent TN1 1XP; or

By email: sales@smartepossolutions.co.uk