This Naltilia Subscription Agreement ("Agreement") is effective as of the effective date of an applicable signed order form ( "Order Form" and such date the "Effective Date") and is by and between Naltilia S.A.S. with a place of business at 3 avenue Fénelon, Maisons Laffitte, France, registered in Paris Trade and Companies Register under number RCS 932 432 099 ("Naltilia"), and the customer set forth on the Order Form ("Customer") (each a "Party" and together the "Parties"). Acceptance of the Order Form implies acceptance of the Agreement in their version in force at the date of the Order Form.

In the event of any inconsistency or conflict between the terms of the Agreement and the terms of any Order Form, the terms of the Order Form prevail, in case of contradiction, the most recent Order Form shall prevail over the oldest one(s).

The "Services" mean the products and services that are ordered by Customer from Naltilia in an Order Form referencing this Agreement.

Subject to the terms and conditions of this Agreement, Naltilia will make the Services available to Customer during the Term. In particular, the Customer may access to the following Services: an access to the Naltilia solution which automates compliance tasks, helping companies assess risks and implement their compliance framework using artificial intelligence (the "Solution").

If the Customer wishes to benefit from a personalized setup by Naltilia, this option must be subscribed to in the Order Form and will be subject to specific invoicing.

To access the Services the Customer has to be:

- a legal entity acting through a natural person with the power or authority required to enter into a contract in the Customer's name and on their behalf.

- a professional, understood as any natural person or legal entity acting for purposes within the scope of their commercial, industrial, artisanal, liberal or agricultural activity, including when acting in the name of or on behalf of another professional.

2.1. Fees. Customer will pay the fees specified in the Order Form (the "Fees").

2.2. Payment; Taxes. Naltilia shall invoice Customer for Fees within thirty (30) days of the Effective Date, the start of the Renewal Term (as defined below), or otherwise as specified in the Order Form. Customer shall pay all invoiced Fees upon receipt of such invoice. In the event of non-payment of Fees by Customer for thirty (30) days after the due date of an invoice, Customer's access to the Services may be immediately suspended and Customer must pay the entire remaining balance of Fees to regain access to the Services. Fees do not include taxes or duties of any kind and any such taxes will be assumed and paid by Customer.

2.3. Price Changes. Naltilia may change prices for the Services from time to time, in its sole discretion. Any price changes will be effective upon the commencement of Customer's next Renewal Term; provided, that Naltilia shall provide Customer with a minimum of 45 days prior notice of any such fee increase prior to the expiration of the Term or any Renewal Term.

2.4. Discounts and Promotional Pricing. Prices specified in the Order Form may include discounts or promotional pricing. These discounts or promotional pricing amounts may be temporary and may expire upon the commencement of a Renewal Term, without additional notice. Naltilia reserves the right to discontinue or modify any promotion, sale or special offer at its sole and reasonable discretion.

2.5 Free Trial Services. If Customer is granted access to Trial Services, Naltilia will make the applicable Trial Services available to Customer pursuant to this Agreement starting from the time that Customer registers and is approved for such Trial Services until the earlier of: (a) the end of the Trial Services period communicated to Customer; (b) the start date of any Order Form executed by Customer for Service(s) in exchange for payment; or (c) termination by Naltilia in its sole discretion.

2.6 In the event of default or delay in payment, Naltilia reserves the right, from the day after the due date shown on the invoice, to:

- Immediately suspend the Services in progress until full payment of the amounts due,

- Charge interest on arrears equal to 3 times the legal interest rate, based on the amount of sums not paid by the due date, and a flat-rate indemnity of 40 euros for collection costs, without prejudice to additional compensation if the collection costs actually incurred exceed this amount,

3.1. Term and Renewal. This Agreement commences on the Effective Date and will remain in effect through the term specified in the Order Form, and will renew as specified in the Order Form unless otherwise terminated in accordance with this Section (collectively the "Term"). If the Order Form does not specify, the Term will be one year and will automatically renew for successive one-year periods unless Customer provides Naltilia with notice of termination at least thirty (30) days prior to the end of the Term (a "Renewal Term").

3.2. Termination for Cause. A Party may terminate this Agreement for cause (a) upon notice to the other Party of a material breach if such breach remains unresolved after ten (10) days from the date of the breaching Party's receipt of such notice; (b) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors; or (c) immediately by Naltilia if Customer makes one of the Prohibited Uses below. Non-payment of Fees by Customer for sixty (60) days after issuance of an invoice, and any violation of the Prohibited Uses clause below will be considered material breaches of this Agreement.

3.3. Effect of Termination and Survival. Upon termination of an Order Form or this Agreement (a) with respect to termination of the entire Agreement, all Order Forms will concurrently terminate, (b) Customer will have no further right to use the Services under the terminated or cancelled Order Forms and Naltilia will remove Customer's access to same, and (c) unless otherwise specified in writing, Customer will not be entitled to any refund of fees paid. The following Sections will survive termination: Section 2 (Fees and Payment), Section 4 (Ownership), Section 5 (Confidentiality), Section 7.3 (Disclaimers), Section 8 (Indemnification), Section 9 (Limitation of Liability), and Section 10 (Miscellaneous). Termination of this Agreement will not limit a Party's liability for obligations accrued as of or prior to such termination or for any breach of this Agreement.

3.4 Naltilia shall not be liable for any failure or delay in the performance of its contractual obligations due to force majeure occurring during the term of its relationship with the Customer as defined in article 1218 of the French Civil Code. If Naltilia is prevented from fulfilling its obligations due to force majeure, it must inform the Customer by registered letter with acknowledgement of receipt. Obligations will be suspended on receipt of the letter and must be resumed within a reasonable time once the force majeure has ceased.

Naltilia nevertheless remains bound by the performance of obligations not affected by force majeure.

4.1. Ownership. Each Party will retain all rights, title and interest in any of its patents, inventions, copyrights, trademarks, domain names, trade secrets, know-how and any other intellectual property and/or proprietary rights ("Intellectual Property Rights"). Naltilia will retain Intellectual Property Rights in the Services and all components of, or used to, provide the Services or created by the Services or by Naltilia in the course of providing the Services (the "Services Information"). Customer will retain Intellectual Property Rights in all information it provides to Naltilia as part of this Agreement (other than Feedback as described below), including but not limited to in the course of its use of the Services (the "Customer Information").

4.2. Feedback. Customer may, under this Agreement, provide suggestions, enhancement requests, recommendations about the Services, or other feedback to Naltilia (the "Feedback"). Customer provides Naltilia a fully paid-up, royalty-free, worldwide, transferable, sub-licensable (through multiple layers), assignable, irrevocable and perpetual license to implement, use, modify, commercially exploit, incorporate into the Services, or otherwise use any Feedback. Naltilia also reserves the right to seek intellectual property protection for any features, functionality or components that may be based on or that were initiated by such Feedback.

4.3. Licenses. Naltilia hereby grants Customer a non-exclusive, non-transferable, non-sublicensable right to and license to access and use the Services as set forth in the Order Form subject to the terms and conditions of this Agreement and the Order Form (if applicable). Customer hereby grants Naltilia a non-exclusive, non-transferable, non-sublicensable right and license to use the Customer Information solely to provide the Services to Customer for the duration set in the Order Form.

4.4. Authorized Users. Customer may designate and provide access to the Services to employees, agents, or authorized contractors in the limitation set in the Order Form (each an "Authorized User"). Customer is responsible for all use and misuse of the Services by Authorized Users and for adherence to all terms of this Agreement by any Authorized Users, and references to Customer herein will be deemed to apply to Authorized Users as necessary and applicable. Customer agrees to promptly notify Naltilia of any unauthorized access or use of which Customer becomes aware. Authorized Users are strictly prohibited from sharing their accounts or account passwords and their doing so is a material breach of this Agreement by Customer.

4.5. Prohibited Uses. Customer and Authorized Users will not:

(a) "frame," distribute, resell, or permit access to the Services by any third party other than as allowed by the features and functionality of the Services;

(b) use the Services in violation of applicable laws;

(c) interfere with, disrupt, or gain unauthorized access to the Services;

(d) successfully or otherwise, attempt to: decompile, disassemble, reverse engineer, discover the underlying source code or structure of, or copy the Services;

(e) provide Naltilia any Customer Information or Feedback that is unlawful, defamatory, harassing, discriminatory, or infringing of third party intellectual property rights;

(f) transfer to the Services or otherwise use on the Services any code, exploit, or undisclosed feature that is designed to delete, disable, deactivate, interfere with or otherwise harm or provide unauthorized access to the Services;

(g) use any robot, spider, data scraping, or extraction tool or similar mechanism with respect to the Services;

(h) provide access to the Services to an individual associated with a Naltilia Competitor (defined below);

(i) extract information from the Services in furtherance of competing with Naltilia;

(j) encumber, sublicense, transfer, rent, lease, time-share or use the Services in any service bureau arrangement or otherwise for the benefit of any third party;

(k) copy, distribute, manufacture, adapt, create derivative works of, translate, localize, port or otherwise modify any aspect of the Services;

(l) introduce into the Services any software containing a virus, worm, "back door," Trojan horse or similarly harmful code; or

(m) permit any third party to engage in any of the foregoing proscribed acts. A "Naltilia Competitor" is any entity that provides the same or similar goods and services to those provided by Naltilia, as would be determined by a commercially reasonable individual. Customer will promptly notify Naltilia of any violations of the above prohibited uses by an Authorized User or a third party and require such Authorized User or third party to immediately cease any such use. Naltilia reserves the right to suspend Customer and/or Authorized User's access to the Services in the event Naltilia suspects Customer or an Authorized User is in breach of this Agreement.

4.5 Maintenance. For the duration of the Services, the Customer benefits from maintenance, in particular corrective and ongoing maintenance. In this context, access to the Solution may be limited or suspended. Naltilia makes every effort to provide the Customer with corrective maintenance to correct any malfunction or bug found on the Solution. Customer also benefits from ongoing maintenance, which Naltilia may carry out automatically and without prior notice, and which includes improvements to the Solution's functionalities, the addition of new functionalities and/or technical installations used within the framework of the Solution (aiming to introduce minor or major extensions).

4.6 Hosting. Naltilia hosts the Solution, as well as the data produced and/or entered by/on the Solution via a professional hosting service provider located in France.

If the parties have a separate mutual nondisclosure Agreement, that Agreement will control (the "Separate MNDA"). Otherwise, as used herein, the "Confidential Information" of a Party (the "Disclosing Party") means all financial, technical, or business information of the Disclosing Party that the Disclosing Party designates as confidential at the time of disclosure to the other Party (the "Receiving Party") or that the Receiving Party reasonably should understand to be confidential based on the nature of the information or the circumstances surrounding its disclosure. Services Information and Customer Information are Confidential Information under this Agreement, or confidential under the Separate MNDA, as applicable. Except as expressly permitted in this Agreement, the Receiving Party will not disclose, duplicate, publish, transfer or otherwise make available Confidential Information of the Disclosing Party in any form to any person or entity without the Disclosing Party's prior written consent. The Receiving Party will not use the Disclosing Party's Confidential Information except to perform its obligations under this Agreement, such obligations including, in the case of Naltilia, to provide the Services. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to the extent required by law, provided that the Receiving Party: (a) gives the Disclosing Party prior written notice of such disclosure so as to afford the Disclosing Party a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure (if such notice is not prohibited by applicable law); (b) uses diligent efforts to limit disclosure and to obtain confidential treatment or a protective order; and (c) allows the Disclosing Party to participate in the proceeding. Further, Confidential Information does not include any information that: (i) is or becomes generally known to the public without the Receiving Party's breach of any obligation owed to the Disclosing Party; (ii) was independently developed by the Receiving Party without the Receiving Party's breach of any obligation owed to the Disclosing Party; or (iii) is received from a third party who obtained such Confidential Information without any third party's breach of any obligation owed to the Disclosing Party.

6.1. General dispositions

As part of their contractual relations, each Party shall undertake to comply with the applicable regulations on personal data processing and, in particular, the General Data Protection Regulation (regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016) and to the French Data Protection Act of 6 January 1978 (hereinafter referred together as the "Applicable Regulation").

Each Party processes personal data of contact person of the other Party involved in the performance of the Contract, as controller within the meaning of the Applicable Regulation for the purpose of managing the contractual relations between the Parties and for the duration of the Contract. These processing are carried out for the execution of the Contract and only identification data (in particular surname, first name, email address, telephone number) are processed by the Parties.

Personal data are retained during the duration strictly necessary for the purposes of managing the business relationship between Parties. The staff of the Party controller of the processing, its control services (notably auditor) and its processors could have access to personal data.

The processing may result in the exercise by each Party's contact person of their rights under the Applicable Regulation.

6. 2. Processing of personal data by Naltilia as a data processor

As part of the Services, Naltilia processes personal data in the name and on behalf of Customer as a data processor, while Customer acts as a data controller within the meaning of the Applicable Regulation. The characteristics of the processing are described in Appendix of this Agreement.

7.1. Authority. Each Party represents that it has validly entered into this Agreement and has the legal power to do so.

7.2. Naltilia Warranties. Naltilia warrants that during an applicable Term (a) the Security Statement accurately describes the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Customer Information; and (b) the Services will perform materially in accordance with any applicable documentation provided to Customer. For any breach of a warranty in this section, Customer's exclusive remedies are those described in Section 3 (Term and Termination) herein.

Naltilia is committed to complying with the provisions of Regulation 2024/1689 on AI.

7.3 Customer Warranties: The Customer undertakes to provide Naltilia with all the information required to subscribe to and use the Services. The Customer is responsible for their use of the Services and any information they share in this context. They are also responsible for the use of the Services and any information shared by Authorized User. The Customer undertakes to ensure that the Services are used exclusively by them and/or Authorized User, who are subject to the same obligations as the Customer in their use of the Services.

The Customer is responsible for all Input Files of any kind that they upload to in the Solution.

More specifically, the Customer is solely responsible for:

- The accuracy and completeness of the data sources uploaded into the Solution (the "Input Files"), and Naltilia cannot be held liable in any way for any errors, typos, omissions or information that may mislead the artificial intelligence tool.

- The use made of the results generated by the artificial intelligence tool (the "Results"), Naltilia cannot be held liable in this respect under any circumstances. Furthermore, Naltilia cannot be held liable for any use or any decision made by the Customer on the basis of the Results extracted from the Solution, it is reminded that the Solution is only a decision-making support tool.

It is the responsibility of the Customer and Authorized Users to exercise discretion in interpreting and using this information generated by the artificial intelligence system.

Naltilia does not wish its artificial intelligence system to be used for high-risk purposes and does not wish to be a provider of high-risk artificial intelligence. Consequently:

- the Customer shall refrain from modifying the Solution and/or using it for high-risk purposes

- the Customer shall refrain from using the Solution for any purpose indicated as high-risk by the regulations on artificial intelligence.

The Customer acknowledges that artificial intelligence systems may be subject to bias and that this may potentially affect the results, recommendations, or decisions generated by the artificial intelligence system.

7.4. Disclaimers. Except as specifically set forth in this section, the Services, including all server and network components, are provided on an "as is" and "as available" basis, without any warranties of any kind to the fullest extent permitted by law, and naltilia expressly disclaims any and all warranties, whether express or implied, including, but not limited to, any implied warranties of merchantability, title, fitness for a particular purpose, and non-infringement. Customer acknowledges that Naltilia does not warrant that the Services will be uninterrupted, timely, secure, error-free, or free from viruses or other malicious software, and no information or advice obtained by Customer from Naltilia or through the Services shall create any warranty not expressly stated in this Agreement. the parties additionally agree that Naltilia will have no liability or responsibility for Customer's various compliance programs, and that the Services, to the extent applicable, are only tools for assisting client in meeting the various compliance obligations for which it solely is responsible.

8.1. Indemnification by Naltilia. Naltilia will indemnify and hold Customer harmless from any third party claim against Customer arising out of Customer's use or purchase of the Services as permitted hereunder alleging that such Services infringe or misappropriate a third party's valid patent, copyright, trademark, or trade secret. Naltilia will, at its expense, defend such claim and pay damages finally awarded against Customer in connection therewith, including the reasonable fees and expenses of the attorneys engaged by Naltilia for such defense, provided that

(a) Customer promptly notifies Naltilia of the threat or notice of such claim;

(b) Naltilia will have the sole and exclusive control and authority to select defense attorneys, and defend and/or settle any such claim (however, Naltilia will not settle or compromise any claim that results in liability or admission of any liability by Customer without prior written consent); and

(c) Customer fully cooperates with Naltilia in connection therewith.

Naltilia will have no liability or obligation under this Section with respect to any claim if such claim is caused in whole or in part by (x) compliance with designs, data, instructions or specifications provided by Customer; (y) modification of the Services by anyone other than Naltilia; or (z) the combination, operation or use of the Services with other hardware or software where the Services would not otherwise be infringing. The provisions of this Section state the sole, exclusive, and entire liability of Naltilia to Customer and constitute Customer's sole remedy with respect to an infringement claim brought by reason of access to or use of a Service by Customer or Authorized Users.

8.2. Indemnification by Customer. Customer will indemnify and hold Naltilia harmless against any third party claim arising out of (a) Prohibited Uses in breach of this Agreement as set forth above; or (b) alleging that Customer Information infringes or misappropriates a third party's valid patent, copyright, trademark, or trade secret; provided (i) Naltilia promptly notifies Customer of the threat or notice of such claim; (ii) Customer will have the sole and exclusive control and authority to select defense attorneys, and defend and/or settle any such claim (however, Customer will not settle or compromise any claim that results in liability or admission of any liability by Naltilia without prior written consent); and (iii) Naltilia fully cooperates in connection therewith.

To the maximum extent permitted by applicable law, under no circumstances and under no legal theory (whether in contract, tort, negligence or otherwise) will either party to this Agreement, or their affiliates, officers, directors, employees, agents, service providers, suppliers or licensors be liable to the other party or any affiliate for any lost profits, lost sales or business, lost data (being data lost in the course of transmission via Customer's systems or over the internet through no fault of Naltilia), business interruption, loss of goodwill, costs of cover or replacement, or for any type of indirect, incidental, special, exemplary, consequential or punitive loss or damages, or any other indirect loss or damages incurred by the other party or any affiliate in connection with this Agreement or the Services regardless of whether such party has been advised of the possibility of or could have foreseen such damages.

Notwithstanding anything to the contrary in this Agreement, either party's aggregate liability to the other party or any third party arising out of this Agreement or the Services will in no event exceed the fees paid by Customer during the twelve (12) months prior to the first event or occurrence giving rise to such liability. For clarity, nothing in this Agreement will limit or exclude either party's liability for gross negligence or intentional misconduct of a party, the disclaimers, exclusions, and limitations of liability under this Agreement will not apply to the extent prohibited by applicable law.

10.1. Entire Agreement. This Agreement, any active Order Forms, and the Separate MNDA, if applicable, constitute the entire Agreement, and supersedes all prior Agreements, between Naltilia and Customer regarding the subject matter hereof.

10.2. Assignment. Either Party may, without the consent of the other Party, assign this Agreement to any affiliate or in connection with any merger, change of control, or the sale of all or substantially all of such Party's assets provided that (1) the other Party is provided prior notice of such assignment and (2) any such successor agrees to fulfill its obligations pursuant to this Agreement. Subject to the foregoing restrictions, this Agreement will be fully binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns.

10.3. Severability. If any provision in this Agreement is held by a court of competent jurisdiction to be unenforceable, such provision will be modified by the court and interpreted so as to best accomplish the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in effect.

10.4. Relationship of the Parties. The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties.

10.5. Notices. All notices provided by Naltilia to Customer under this Agreement may be delivered in writing by electronic mail to the electronic mail address provided for Customer's account owner. Customer must give notice to Naltilia in writing by email to [email protected]. All notices shall be deemed to have been given immediately upon delivery by electronic mail.

10.6. Governing Law, Jurisdiction, Venue. This Agreement will be governed by the French law. Any disputes under this Agreement shall be resolved in the competentent French courts. Customer hereby expressly agrees to submit to the exclusive personal jurisdiction and venue of such courts for the purpose of resolving any dispute relating to this Agreement or access to or use of the Services by Customer, its agents, or Authorized Users.

10.8. Anti-Corruption. Customer represents and agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Naltilia's employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly give notice to Naltilia.

10.9. Publicity and Marketing. Naltilia may use Customer's name, logo, and trademarks solely to identify Customer as a client of Naltilia on Naltilia's website and other marketing materials and in accordance with Customer's trademark usage guidelines. Naltilia may share aggregated and/or anonymized information regarding use of the Services with third parties for marketing purposes to develop and promote Services. Naltilia will never disclose aggregated and/or anonymized information to a third party in a manner that would identify Customer or any identifiable individual as the source of the information.

10.10. Amendments. Naltilia may amend this Agreement from time to time, in which case the new Agreement will supersede prior versions and will be effective upon the commencement of Customer's next Renewal Term; provided, that Naltilia shall provide Customer with a 45 days' notice of any modification prior to the expiration of the Term or any Renewal Term. If the Customer continue to use the Services following the effective date of any such amendment he will be considered as consent to any such amendment.

10.11. Waiver. Naltilia's failure to enforce at any time any provision of this Agreement does not constitute a waiver of that provision or of any other provision of this Agreement.

The purpose of this Appendix is to define the conditions under which Naltilia undertakes to carry out, on Customer's behalf, the personal data processing operations defined below.

Naltilia undertakes to process the personal data only for the purposes listed in Article 2 of this Appendix and in accordance with Customer's documented instructions, including with regard to transfers of data outside the European Union. Where Naltilia considers that an instruction infringes the Applicable Regulation, Naltilia shall immediately inform Customer thereof. Naltilia reserves the right to suspend processing until Customer modifies the instruction in question so that it no longer violates the Applicable Regulation, without incurring any contractual liability as a result of such suspension. This suspension shall not give rise to any refund of the price of the Services for the period of suspension. If Customer does not modify but maintains the instruction in question, Naltilia reserves the right to terminate the Agreement immediately and without charge. Moreover, if Naltilia shall process personal data and transfer them to a third country or an international organization, according to the applicable legislation of this Agreement, he shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

3.2. Security and confidentiality

Naltilia undertakes to implement the appropriate technical and organisational measures to ensure the security and integrity of personal data, their backup and the restoration of their availability in the event of a physical or technical incident. Naltilia ensures that the persons authorized to process the personal data hereunder have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Naltilia is authorized to recruit the entities (hereinafter "the Sub-Processor(s)") listed hereunder to carry out processing activities:

Naltilia shall inform Customer, in writing beforehand, of any intended changes concerning the addition or replacement of Sub-Processors as listed. This information must clearly indicate which processing activities are concerned, the name and contact details of the Sub-Processor. Customer has a period of fifteen (15) calendar days from the date of receipt of this information to submit its legitimate and justifiable objections. In the absence of notification of objections after this period, Customer shall be deemed to have authorized the use of the relevant Sub-Processor. In the event of Customer's continuing objections, the Parties shall meet in good faith and use their best efforts to discuss a resolution. Naltilia may choose to (i) not hire the Sub-Processor or (ii) take the corrective action requested by Customer in connection with the objections before hiring the Sub-Processor. If neither option is reasonably possible, and if Naltilia cannot for legitimate reasons hire another processor for the intended processing, either Party may terminate this Agreement upon a thirty (30) days' notice.

The Sub-Processor shall comply with the obligations hereunder on behalf of and in accordance with Customer's instructions. Naltilia shall ensure that the Sub-Processor provides the same sufficient warranties regarding the implementation of appropriate technical and organisational measures so that the processing meets the requirements of the Applicable Regulation. If the Sub-Processor fails to fulfil its data protection obligations, Naltilia remains fully liable to Customer for the Sub-Processor's performance of its obligations.

Naltilia is authorized to transfer personal data processed as part of this Agreement to countries located outside the European Economic Area, if appropriate safeguards have been implemented as defined under Chapter V of GDPR.

Naltilia undertakes to assist Customer and to respond without undue delay to any request for information sent by Customer, whether in the context of a request for the exercise of their rights by data subjects, a privacy impact assessment, or a request made by a supervisory authority or Customer's data protection officer.

Insofar as this is possible, Naltilia shall assist Customer in fulfilling its obligation to respond to requests made to Naltilia by data subjects to exercise their rights under the Applicable Regulation. Where requests are made directly to Naltilia, Naltilia shall (i) promptly send such requests to Customer by e-mail to the address provided by Customer, and (ii) acknowledge receipt of requests, informing the data subjects that their requests have been transferred to Customer, as the data controller.

Naltilia shall notify Customer of any personal data breach relating to the processing operations covered by this Agreement, without undue delay after becoming aware of it and to provide Customer with all relevant information and documentation relating to such personal data breach.

Naltilia undertakes, at Customer's election, to delete the personal data at the end of the Agreement or to return it to Customer and not to keep a copy of it, unless required by the Applicable Regulation. Customer has one (1) month from the end of the Agreement to exercise this choice. After this period, Naltilia shall delete all personal data.

Customer hereby authorizes Naltilia to process the personal data collected within the framework of the services (in particular the session and navigation data) for the purpose of improving the Services, and in particular for the realization of statistics on the way Naltilia's solution is used by the users. Naltilia will act as a data controller within the meaning of the Applicable Regulation and will respect the legal provisions of the aforesaid regulation.

Naltilia shall make available to Customer, at Customer's request, all information and documents necessary to demonstrate compliance with its obligations and allow for audits. Customer may carry out audits once a year, at its own expense to verify Naltilia's compliance with the obligations set forth in this article. Customer will inform Naltilia of the audit at least two (2) weeks before. Naltilia may refuse the identity of the auditor if it belongs to a competing company. The audit shall be conducted during work hours and with the least possible disturbance for Naltilia's activity. The audit shall not threaten (i) technical and organizational security measures implemented by Naltilia, (ii) security and confidentiality of data of Naltilia's other customers, (iii) the proper functioning and organization of Naltilia. When possible, Parties will agree beforehand on the scope of the audit. The audit report will be sent to Naltilia as so to submit comments, which will be attached to the final version of the audit report. Each audit report will be considered as a confidential information.

The Parties acknowledge and agree that the liability caps set forth in any contract between the Parties in connection with processing carried out by Naltilia shall apply to Naltilia's compliance with the terms of this Appendix and Applicable Regulation.

Customer undertakes to:

- provide Naltilia with the personal data mentioned in Article 2 of this Appendix, except any improper, disproportionate or unnecessary personal data, and except any "particular" personal data within the meaning of the Applicable Regulation, except if the processing activities justify it. In this case, Customer will have to document these justifications and to take all measures, notably of prior information, to collect appropriate consent and appropriate security measures, appropriate for such particular data;

- collect under its liability, lawfully, fairly and in a transparent manner the personal data provided to Naltilia, for the performance of its services, and in particular, to ensure the lawfulness of processing and the information due to data subjects;

- maintain a record of processing activities carried out and more generally, comply with the principles of the Applicable Regulation;

- ensure, before and throughout the processing, compliance with the obligations set out in the Applicable Regulation.