I. GENERAL PROVISIONS. DEFINITIONS

1. Acting pursuant to Article 8.1.1 of the Act of July 18, 2002 on Electronic Provision of Services (consolidated text: Dz. U. [Journal of Laws] of 2020, Item 344, as amended), Qalcwise.com sp. z o.o. with registered office in Warsaw hereby adopts these rules of electronic provision of services through its online service at qalcwise.com, hereinafter referred to as the “Rules,” setting out, in particular, the types, scope and terms and conditions of electronic provision of services by Qalcwise.com sp. z o.o. through the online service qalcwise.com, as well as the terms and conditions of execution and termination of service provision contracts and the complaint handling procedure.
2. These Rules are available at https://marketplace.qalcwise.com/market/terms and their provisions can be accessed, viewed and recorded any time.
3. The qalcwise.com platform is intended for Customers who are Entrepreneurs.
4. The following terms used in these Rules shall have the following meanings:
   1. Service Provider shall mean Qalcwise.com sp. z o.o. with registered office in Warsaw (address: 02-674 Warszawa, ul. Marynarska 15), entered in the register of entrepreneurs of the Polish Court Register maintained by the District Court for the City of Warsaw in Warsaw, 13th Economic Division of the Polish Court Register, under number KRS 0000302926, NIP [Taxpayer’s Identification Number]: 7010115493, with a share capital of PLN 50,000, email address: qalcwise@qalcwise.com, website (online service) address: https://qalcwise.com.
   2. Customer shall mean a natural person having full capacity to enter into legal transactions or at least a limited capacity to do so, a legal person or an organizational unit without a legal personality, who registered an Account and started using the Services on their own or through a User. Thus, when making a registration, the person acting on behalf of the Customer represents that they are authorized to act on the Customer’s behalf.
   3. User shall mean a Customer and any person authorized by a Customer to use the Services, who was assigned a unique ID (login) when setting up a User profile. A User shall have the right to use the Services pursuant to the Rules and within the scope of authorization granted by the Customer, where the scope of a User’s authorization to use the Services may not be broader than the scope of authorization granted to the Customer. A User shall not be a party to the Contract. The Customer shall be responsible for ensuring that a User uses the Services in compliance with the provisions of law.
   4. Services shall mean the services provided electronically by the Service Provider to the Customer through the Platform. The Services shall be provided on a free-of-charge basis exclusively in the instances and to the extent explicitly indicated by the Service Provider.
   5. Platform shall mean the qalcwise.com platform through which the Service Provider provides the Services.
   6. Subscription Period shall mean the period for which the Customer is granted access to the Services. Unless the Customer and the Service Provider agree otherwise, the Subscription Period shall automatically renew (extend) for a subsequent period of a duration corresponding to that of the preceding Subscription Period, unless the Customer notifies the Service Provider, no later than one month prior to the Subscription Period expiration, of their wish not to have the same renewed (extended). During a Subscription Period, its duration or the scope of the Services being provided may not be reduced, e.g. it shall not be possible to reduce the number of Users using the Services.
   7. Account shall mean the panel allocated to the Customer by the Service Provider, accessible by means of the ID (login), being the Customer’s email address specified in the course of registration in the Service Provider’s online service and the password set by the Customer, through which, having logged in, the Customer may use and manage the Services, including grant permissions to Users. In the course of their Account registration, the Customer shall provide the necessary identification details.
   8. Contract shall mean a contract on electronic provision of services, within the meaning of the Act of July 18, 2002 on Electronic Provision of Services (consolidated text: Dz. U. [Journal of Laws] of 2020, Item 344, as amended), the object of which is provision of the Services, executed between the Service Provider and the Customer the moment the Customer starts using the Services. In order to start using the Services the Customer shall be required to accept the Rules by checking the relevant field. The Contract shall be executed on the terms and conditions set out in these Rules, and any matters not provided for herein shall be governed by the provisions of Polish law.
   9. Price List shall mean a document setting out the amounts and the terms and conditions of payments due in consideration of use by the Customer of the Platform and of the Software, as per the plan selected by the Customer, available on the website at https://qalcwise.com/cennik/.
   10. Entrepreneur shall mean a natural person who uses the Platform for a purpose directly related to their business activity, for whom contracts executed through the Platform have a professional nature, resulting in particular from the objects of their business, as made publicly available on the basis of the provisions of law on the Central Registry and Records of Business Activities, as well as a legal person or an organizational unit which does not have a legal personality but has legal capacity under a separate act, conducting business activity.
   11. Software shall mean the applications available on the Platform, designed to support specific business processes.

II. ACCOUNT REGISTRATION. CONTRACT.

1. A Customer wishing to use the Services available through the Platform must accept these Rules and the Privacy Policy. By accepting these Rules and the Privacy Policy, the Customer agrees to comply with the provisions hereof and thereof.
2. The conditions for a Customer to start using the Services shall be:
   1. accepting these Rules and the Service Provider’s Privacy Policy;
   2. expressing consent to the processing of their personal data by the Service Provider for the purpose of providing the Services; and
   3. registering by creating an Account on the Platform in line with the instructions specified by the Service Provider.
3. A Customer shall provide their true (consistent with the facts) details when registering and creating an Account.
4. In the course of registration on the Service Provider’s Platform, the Customer shall specify their login and set their password. The login, which is the address of the Customer’s electronic mail (email), shall be a unique name identifying the Customer on the Service Provider’s Platform. The Customer’s password shall be assigned to their login and shall serve as an additional measure protecting the data entered by the Customer through the Account and while using the Services. In addition to identifying the Customer in the Service Provider’s online service, the email address specified as the login shall also be used by the Service Provider for purposes of electronic communication with the Customer.
5. The Customer may change their password any time. The password shall be changed through the Account.
6. The Customer should not make their password available to any third parties, and should in particular protect their password from being disclosed to unauthorized persons. In its database, the Service Provider shall not store Customers’ passwords but only the outcomes of their processing with the use of cryptographic techniques, hence it is not able to recover the same.
7. A Contract shall be entered into between the Service Provider and a Customer the moment the Customer starts using a Service, i.e. the moment the Customer logs into their Account for the first time, using the Customer’s login and password. The Contract shall be executed on the terms and conditions set out in these Rules, and any matters not provided for herein shall be governed by the provisions of Polish law. The Contract shall be entered into for an indefinite term, with the reservation that the Service availability to the Customer, including the period during which the Customer may use the Service, shall depend on the package purchased by the Customer as per the Price List.
8. The Customer shall be prohibited from entering content (data) of illegal nature, i.e. which is prohibited by the applicable provisions of law. Furthermore, the Customer shall refrain from using the Service Provider’s online service, as well as the Platform and the Software in a manner disrupting their functioning, and shall also refrain from undertaking activities such as: (a) using other Customers’ Accounts, unless another Customer has made available their Account data to the Customer to a permitted extent; and (b) illegally coming into possession of other Customers’ passwords and logins.
9. A Contract entered into between the Service Provider and a Customer shall be terminated upon the occurrence of one of the following events:
   1. the Service Provider or the Customer makes a statement on termination of the Contract and the notice period elapses, unless the Contract is terminated without notice;
   2. the Customer fails to pay the fee due in consideration of their use of a Service within 14 (fourteen) days after the expiration of such fee payment date, and the Service Provider deletes the Customer’s Account after it requested the Customer to pay the fee and after the additional payment deadline set, no shorter than 14 days after the date of sending such request, elapsed to no effect; and
   3. the License Agreement referred to in Appendix No. 1 to these Rules is terminated.
10. The Service Provider may:
    1. restrict access to the Platform in the event payment of the fee for using a Service is at least seven (7) days overdue, while retaining the right to receive a fee for that period; or
    2. delete the Customer’s Account in the event the Customer is in breach of: the provisions of these Rules or the applicable provisions of law or any rights of third parties – on condition that it previously called upon the Customer to no effect to cease such breach or to restore their compliance with the law by sending a request to that effect to their email address; or
    3. delete the Customer’s Account following termination of the Contract.
11. In the event the Contract is terminated in any manner and by either Party or expires prior to the expiration of the Subscription Period, the amounts paid by the Customer to cover the fee for using a Service shall not be refundable.
12. The Service Provider shall not disclose or use the data made available within a Service for purposes other than supporting, maintaining and providing the Service or in order to ensure compliance with the law. The Service shall be supported exclusively on systems warranting compliance with the security procedures and practices referred to below. The Service Provider warrants that it meets any and all requirements concerning protection of its systems from unauthorized access. Furthermore, the Service Provider agrees to inform the Customer about any instances of data having been accessed by an unauthorized person or persons or about any instances of unauthorized data disclosure.
13. The Service Provider may conduct scheduled maintenance activities or downtimes on dates set by the Service Provider. In such a case, a Service shall not be available, with the reservation that maintenance activities or other scheduled downtimes shall be conducted and take place outside the regular office hours, i.e. not between 9 am and 5 pm on business days. A Service may also be unavailable in whole or in part in the case of emergencies requiring that maintenance work not previously scheduled be carried out.
14. Prior to making any personal data available through a Service, the Customer shall obtain any and all consents and permits required under law and shall take care to maintain such consents and permits valid throughout the term of the Contract. The Customer shall not use a Service along with any personal data in breach of any applicable personal data protection regulations. Upon the Contract termination or expiration, the Service Provider shall delete all personal data, and a recovery thereof shall not be possible. Therefore, the Service Provider recommends that prior to the Contract termination or expiration, the Customer migrate such data to their environment or otherwise secure access thereto.
15. Unless these Rules of Service provision expressly stipulate otherwise, a Service shall not be intended for storing or receiving any sensitive personal data (special category data). The Customer shall be liable for any costs that the Service Provider may incur as a result of the Customer having made such data available through a Service, and in particular for the costs resulting from claims raised by third parties. The Service Provider shall not be liable for:
    1. any damage inflicted upon third parties as a result of the Customer or a User having used the Platform in breach of these Rules or the common provisions of law, and in particular as a result of the Customer or a User having published prohibited or false content;
    2. any damage resulting from disclosure of a unique password to a third party; and
    3. any damage resulting from the Customer having specified any false or incomplete data while registering or from any information specified in connection with the Contract execution and performance.
16. In the event the Customer stores any sensitive data, they shall be responsible for obtaining the required consents from natural persons or for having another ground authorizing sensitive data processing on the Platform.
17. Any matters not provided for in these Rules, and in particular matters related to making declarations of intent in electronic form, shall be governed by the provisions of the Act of July 18, 2002 on Electronic Provision of Services (consolidated text: Dz. U. [Journal of Laws] of 2020, Item 344, as amended), of the Civil Code, of the Act of May 10, 2018 on Personal Data Protection (consolidated text: Dz. U. [Journal of Laws] of 2019, Item 1781), and of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and of other applicable legislative acts.

III. SCOPE OF A SERVICE PROVIDED ELECTRONICALLY

Under the Contract executed with the Customer, the Service Provider shall enable the Customer, and thus the Users using the Services, to:

1. use the Platform and the Software within the scope of the ordered Service functionalities, in particular on the terms and conditions set out in Appendix No. 1 to these Rules;
2. store the Customer’s data in the Service Provider’s server storage space; and
3. use free assistance provided electronically or any instructions and guides available at https://qalcwise.zendesk.com, concerning use of the Platform by the Customer.

IV. TECHNICAL REQUIREMENTS FOR USING A SERVICE

The detailed technical requirements to be satisfied by the Customer in order to be able to use a Service are specified by the Service Provider at https://qalcwise.zendesk.com/hc/pl/articles/115000962394-Obs%C5%82ugiwane-przegl%C4%85darki.

V. USERS

1. The Customer shall have the right to allow their Users to use the Platform and the Services under a separate legal relation between the Customer and a User. In such a case, the Service Provider shall not be a party to the legal relation holding between the Customer and the User. Unless these Rules or a separate contract between the Service Provider and the Customer explicitly provide otherwise, in the case referred to above, the Service Provider shall not warrant to any extent that the Services will be provided in compliance with the terms and conditions specified by the Customer to their Users.
2. In no event shall the Service Provider be liable in connection with any representations or warranties concerning the Service Provider, the Platform or the Services, which were made by the Customer to their Users but were not expressly accepted and acknowledged by the Service Provider.
3. The Customer shall ensure compliance by their Users with all terms and conditions of using the Platform, including those set out in these Rules and in the Privacy Policy, and shall be liable for any breach of the same by their Users.
4. The Customer shall:
   1. provide their Users with any and all information required under the common provisions of law. The Customer shall be responsible for maintaining the rights vested in Users under the common provisions of law; and
   2. ensure that the Service Provider is able to exercise the rights reserved to the Service Provider under these Rules.
5. Whenever the Service Provider suffers damage as a result of a breach by the Customer of the obligations imposed on them under these Rules and concerning the Customer making the Platform functionalities or the Services available to their Users, the Customer shall compensate such damage in full, including pay any legitimate costs incurred by the Service Provider to protect its rights.

VI. FEE DUE TO THE SERVICE PROVIDER

1. The fee due to the Service Provider, payable by the Customer in consideration of using a Service, shall be as per the Price List selected by the Customer. In particular, the Customer shall pay the License Fee. Detailed provisions concerning the License Fee are contained in Appendix No. 1 to these Rules.
2. The Service Provider shall have the right to make changes to the Price List, while following the procedure prescribed for amendment to these Rules.

VII. COMPLAINTS

1. The Customer shall have the right to send their complaint via electronic mail (email) to the following Service Provider’s address: support@qalcwise.com. When making a complaint, the Customer shall: (a) specify accurate Customer’s details; (b) provide a description, as precise as possible, of the irregularity in the Service provision; (c) specify the date on which the irregularity occurred and its duration; and (d) possibly describe how the Customer wishes their complaint to be resolved.
2. If necessary, the Service Provider shall request the Customer to provide further information concerning the complaint made. The Service Provider warrants that the purpose of such further questions or requests, if any, will be exclusively to serve the Customer’s best interest and to handle the Customer’s complaint as best and as fast as possible.
3. Complaints shall be considered within 14 days. The Service Provider shall notify the Customer via electronic mail (email) about the decision made as a result of the complaint consideration.
4. The Service Provider grants no warranty in connection with the provision of the Services covered by these Rules, and the Customer waives any implied warranties, including any implied warranties of fitness for a specific purpose, with respect to the Services covered by these Rules, unless these Rules provide otherwise with respect to specific Services.
5. The Parties hereby exclude and waive any liability each of them might bear towards the other Party as a result of any (temporary or partial) failure, non-scheduled downtime, service interruption or unavailability of the Platform. The Services offered by the Service Provider as part of the Platform shall be offered on an “as is basis” and subject to their availability, which the Customer hereby acknowledges and to which they fully consent.
6. The Service Provider’s liability towards the Customer, for both a single complaint and all of the complaints made, shall be limited in every Subscription Period, regardless of its legal ground, to an amount representing 10% of the fee due in consideration of the Services paid by the Customer to the Service Provider in the relevant Subscription Period. The Service Provider shall only be liable towards the Customer for typical damage foreseeable upon the Contract execution, and shall not be liable for any lost profits.
7. In the event the Customer uses the Services provided by the Service Provider on a free of charge basis, the Service Provider’s liability, if any, shall be limited to the amount of PLN 100.

VIII. AMENDMENT TO THE RULES. ACCOUNT DELETION

1. The Service Provider reserves the right to amend these Rules. Any amendments to these Rules shall be sent to Customers via electronic mail, to the respective email addresses each of them has specified, at least 14 days prior to a specific amendment effective date.
2. In the event the Customer does not accept an amendment to these Rules, they may terminate the Contract within 14 days after the date of receipt of a notice concerning the same, effective as at the end of the Subscription Period, by sending a statement to that effect via electronic mail to the following address: info@qalcwise.com or by post to: qalcwise.com sp. z o.o. w Warszawie [in Warsaw] (address: 02-674 Warszawa, ul. Marynarska 15). During the notice period, the Customer shall be bound by the provisions of these Rules as in force prior to the amendment, except that amendments resulting from the mandatory provisions of law shall apply.

IX. PERSONAL DATA PROCESSING AGREEMENT. CONFIDENTIALITY

1. Upon the inputting of any personal data into the Platform (within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), the Customer entrusts such data to the Service Provider for processing on the terms and conditions set out in the personal data processing agreement in the form attached as Appendix No. 3 to these Rules.
2. The provisions of Section 1 above shall not apply to Customers who entered into separate personal data processing agreements with the Service Provider.
3. The Service Provider and the Customer shall maintain confidential any information which is a business secret or confidential information of the other Party and which was disclosed to them in connection with the Contract. Such information may be used exclusively for the purpose of the Contract performance. The Service Provider and the Customer shall protect such information from unauthorized access or loss, and shall not furnish or disclose the same to any unauthorized person without a prior written consent of the other Party. The Service Provider and the Customer shall be liable for the actions or omissions of the persons through whom they act or whom they entrust with performance of the obligations under the Contract as for their own actions or omissions.

X. MAINTENANCE TERMS AND CONDITIONS. LIMITED DISK SPACE

1. During the term of the Contract, the Service Provider shall provide the Customer with assistance in:
   1. solving typical practical problems encountered when using the Platform casually; and
   2. designing and building the Customer’s own business applications on the Platform.
2. The procedure to be followed by the Customer when reporting errors and issues encountered when using the Platform casually:
   1. an authorized person on the part of the Customer reports an issue to the Service Provider, providing: a problem description, a description of the expected proper running or status and, if possible, the function attempted to be launched when the problem occurred, and in particular the sequence of activities leading to its repeated occurrences, along with all displayed messages; and
   2. errors and issues shall be reported via electronic mail, by sending an email to support@qalcwise.com.
3. Qalcwise sets the following disk space limits:
   1. Basic – 5 GB;
   2. Business – 10 GB; and
   3. Enterprise – 50 GB.
   The Business and Enterprise plans offer the option of purchasing extra disk space.

XI. DETAILED PROVISIONS CONCERNING USE OF ACCOUNT DURING TRIAL PERIOD

1. The Customer may test the Platform on a free of charge basis for 30 days (the “Trial Period”).
2. The Customer may enjoy the Trial Period on condition that they provide the details specified in the contact form and accept these Rules, as required to create an Account.
3. During the Trial Period, the Customer may build their own solutions using the dedicated Designer tool or use the ready-made Software available from marketplace.qalcwise.com.
4. After the expiration of the Trial Period, access to the Account shall be blocked, unless the Customer decides to continue using the Services against payment.
5. The Service Provider reserves the right to delete the Account in the event of a lack of the Customer’s activity for the period of one month after the Trial Period expiration.

XII. FINAL PROVISIONS

1. The Service Provider shall make any and all endeavors to make the Platform and all the Services available thereon run continuously, without any disruptions, but shall not be liable for any disruptions caused by force majeure or by unauthorized interference by Customers, Users or third parties, unless these Rules or individual arrangements made with the Customer expressly stipulate otherwise.
2. The Service Provider notes that the use of services provided electronically may entail a risk for a Customer or a User using the Internet, in particular in the form of malware being uploaded to the Customer’s or the User’s ICT system or the Customer’s or the User’s data being accessed by unauthorized persons. In order to mitigate or eliminate the risk referred to in the preceding sentence, an Internet user should have in place adequate technical means and security measures minimizing the risk of an adverse event occurrence, and in particular Internet software, firewalls.
3. The Service Provider reserves the right to implement any security measures aimed at protecting proper Platform running, including ones providing protection against Platform Users’ actions that constitute a breach of these Rules or of the terms and conditions relating to the Platform functioning.
4. To protect Customers’ and Users’ interests and to ensure supreme quality of the Platform, any use of the Platform, any of its functionalities and the services provided, which is inconsistent with the nature, purpose and object of the Platform, and in particular any actions which are in breach of the common provisions of law or the provisions of these Rules and contrary to good morals, shall be prohibited.
5. The Customer shall have the right to access their personal data in the Service Provider’s online service, as well as to rectify the same and request erasure of the same from the Service Provider’s database, without prejudice to the Service Provider’s rights under the applicable provisions of law.
6. Any matters not provided for in these Rules shall be governed by the applicable provisions of Polish law.
7. The Service Provider reserves the right to publish the anonymized questions asked by the Customer of the Platform service team and concerning issues relating to the Platform running (FAQs), the advice provided, and other questions the replies to which are deemed by the Service Provider worth making generally available.
8. Any disputes that might arise between the Parties under or in connection with the Contract executed by the Parties pursuant to these Rules, and also in connection with interpretation of the provisions hereof, shall be settled by the Parties amicably. In the event of a failure to reach an agreement, disputes between the Parties shall be resolved exclusively by a common court in Warsaw, competent for the subject matter of the dispute.
9. Any commercial designations, logotypes used on the Platform are registered trademarks or non-registered commercial designations of the Service Provider and are protected, inter alia, pursuant to the Act of June 30, 2000 – Industrial Property Law (consolidated text: Dz. U. [Journal of Laws] of 2023, Item 1170, as amended), the Act of February 4, 1994 on Copyright and Neighboring Rights (consolidated text: Dz. U. [Journal of Laws] of 2022, Item 2509, as amended), the relevant international conventions, the Code of Commercial Companies, and the Civil Code.
10. The Appendices to these Rules shall form an integral part hereof.

Appendix No. 1

GENERAL LICENSE TERMS AND CONDITIONS OF THE QALCWISE PLATFORM

§1. DEFINITIONS

1. Capitalized terms shall have the meanings ascribed to them below:

   Software Update shall mean Software modification which aim is to align such Software with Qalcwise Platform Update.

   Qalcwise Platform Update shall mean the modification of main version of Qalcwise Platform which aim is to correct identified mistakes, improve functionality, usability or performance thereof.

   Price List shall mean a document setting out the amount and the terms and conditions of payments due in consideration of use by the Customer of the Qalcwise Platform and of the Software, as per the plan selected by the Customer, available on the website at https://qalcwise.com/cennik/.

   Documentations shall mean the documentation of the Qalcwise Platform or of the Software, as delivered by Qalcwise, both in electronic form and in hardcopy.

   Competitive Business shall mean a business in the field of business process management software development, distribution and dissemination.

   Customer shall mean the entity with whom Qalcwise executed a License Agreement.

   License – shall mean the right to use the Qalcwise Platform, the Software and the Documentation.

   Subscription Period shall mean the period for which the Customer is granted access to the Software and the Qalcwise Platform. Unless the Parties agree otherwise, the Subscription Period shall be automatically renewed (extended) for a subsequent period of a duration corresponding to that of the preceding Subscription Period, unless the Customer notifies Qalcwise, not later than one month prior to the Subscription Period expiration, of its wish not to have the same renewed (extended). If the Customer uses more than one Software product, the Subscription Period shall be set separately for each such product.

   License Fee shall mean a fee due to Qalcwise from the Customer in consideration of use of the Qalcwise Platform and of the Software, as set out in the Price List or as agreed upon individually with the Customer.

   Software shall mean the applications designed to run on the Qalcwise Platform, supporting specific business processes.

   GLTC shall mean these General License Terms and Conditions of the Qalcwise Platform.

   Qalcwise Platform shall mean the platform at qalcwise.com, made available by Qalcwise to its Customers on a Software as a Service basis (SaaS), intended for building the Software and permitting use thereof.

   Qalcwise shall mean Qalcwise.com sp. z o.o. with registered office in Warsaw at ul. Marynarska 15, 02-674 Warszawa, entered in the Register of Entrepreneurs of the Polish Court Register maintained by the District Court for the City of Warsaw in Warsaw, XIII Economic Division of the Polish Court Register, under number KRS 0000302926, NIP [Taxpayer’s Identification Number]: 7010115493, REGON [Statistical Business Number]: 141368883, with a share capital of PLN 50,000.00.

   Regulations shall mean regulations referred to in Article 8 section (1) point (1) of the Law on Providing Services by Electronic Means adopted by Qalcwise.

   License Agreement shall mean an agreement on use of the Qalcwise Platform, the Software and the Documentation.

   User shall mean any person authorized by the Customer to use the Qalcwise Platform and the Software, who was assigned a unique ID (login) and a User profile. A User shall have the right to use the Qalcwise Platform and the Software within the scope of authorization granted by the Customer, where the scope of a User’s authorization to use the Qalcwise Platform and the Software may not be broader than the scope of authorization granted to the Customer. A User shall not be a party to the License Agreement. The Customer shall be responsible for ensuring that a User uses the Qalcwise Platform and the Software in compliance with the provisions of law.

   Adjustment shall mean an increase in the License Fee made by Qalcwise based on the consumer price index announced by the President of Statistics Poland, where:
   a. an Adjustment shall be effective as of the first of January of each year;
   b. an Adjustment shall be made based on the overall average annual consumer price index for the preceding year;
   c. an adjusted remuneration amount shall be binding upon the Parties as of the Subscription Period following the Adjustment date;
   d. an Adjustment made as described above shall not require an annex to the License Agreement; and
   e. Qalcwise shall notify the Customer of an Adjustment through its website, by electronic mail or in another method agreed upon.
   

   Purchase Order shall mean a document in the form of a License purchase order, signed by Qalcwise and the Customer.

§2. GENERAL PROVISIONS

1. The License Agreement shall be entered into on the basis of GLTC. GLTC shall set out the respective rights and obligations of Qalcwise and of the Customer.
2. The License Agreement between Qalcwise and the Customer shall be entered into the moment the Customer starts using the Qalcwise Platform.
3. The License Agreement shall be entered into for a definite term, each time corresponding to the Subscription Period.
4. The purpose of the License Agreement is to set out the terms and conditions of the Customer’s use of the Qalcwise Platform and of the Software.
5. The License Agreement shall authorize the Customer to use the Qalcwise Platform and the Software in the fields of exploitation referred to in Articles 74 and 75 of the Act of February 4, 1994 on Copyright and Neighboring Rights.
6. In particular, the Customer is authorised to use the Qalcwise Platform and the Software as follows:

   a. run, display, access the Qalcwise Platform and the Software on any number of computer workstations;

   b. make the Qalcwise Platform and the Software available in such a manner that everyone can access the same at a time and in any place they select;

   c. incorporate and integrate the Qalcwise Platform and the Software or the elements thereof into and with other computer programs as per the Price List exclusively through the API provided by Qalcwise;

   d. use any results of exploitation of the Qalcwise Platform or of the Software, and record the same on any data carriers;

   e. make Software backup copies for its own needs;

   f. reproduce the Qalcwise Platform and the Software in whole or in part permanently or temporarily with the use of any means and in any form; and

   g. translate and adapt the Software, change its layout or make any other modifications thereof.

7. The License Agreement shall authorize the Customer to use the Documentation and other items which are not computer programs, even if the same are contained within the Software or the Qalcwise Platform (e.g. graphics, multimedia), as follows:

   a. in the field of work recording and reproducing: to produce work copies by any method, including by printing, with the use of the reprographic technique, magnetic recording technique and digital technique; and

   b. to make the work available in such a manner that everyone can access the same at a time and in any place they select.

8. The License shall be non-exclusive and non-transferrable.
9. The Customer shall have the right to sublicense the Qalcwise Platform, the Software and the Documentation exclusively to Users and on condition that such Users comply with the License terms resulting from GLTC.
10. The Customer shall be authorized to exercise derivative rights to the Software and the Documentation, including in particular to exercise and dispose of the same in the fields of exploitation specified in § 2. 5, 6-7. Qalcwise hereby agrees that the Customer permit exercise of the derivative rights in the fields of exploitation referred to in this § 2.5, 6-7.

§3. TERMS AND CONDITIONS OF USE OF THE QALCWISE PLATFORM AND OF THE SOFTWARE

1. The Customer shall have the right to use the Qalcwise Platform, the Software and the Documentation on the terms and conditions set out in GLTC during the Subscription Period, with no territorial restrictions.
2. The Customer shall be authorized to make the Qalcwise Platform, the Software and the Documentation available to Users. The Customer shall be liable for Users’ actions and omissions as for its own actions and omissions.
3. The right to use the Qalcwise Platform and the Software shall be granted for the agreed number of Users only. The Customer may increase the number of Users in any given Subscription Period.
4. The Customer shall use the Qalcwise Platform and the Software in compliance with their intended purpose.
5. The Customer shall not have the right to decompile, disassembly or otherwise obtain information about the internal structure or the principles of the Qalcwise Platform and of the Software operation.
6. The Customer shall not be allowed to use the Qalcwise Platform, the Software or the Documentation in order to carry out, support, organize a Competitive Business, or make the Qalcwise Platform, the Software and the Documentation available to entities carrying out a Competitive Business.

§4. UPDATES

1. Qalcwise Platform Update will be done at least once in a calendar year.
2. Qalcwise informs the Customer about the date of Qalcwise Platform Update.
3. The Customer is obliged to enable the performance of Qalcwise Platform Update and perform the Software Update.
4. Qalcwise Platform Update shall be covered by the License Fee.
5. Failure to enable performance of the Qalcwise Platform Update or failure to perform Software Update in a given Suscription Period means that:

   a. Qalcwise will not be held liable in any way for any Qalcwise Platform and Software malfunctions;

   b. Qalcwise may terminate the License Agreement without notice, such termination being effective at the end of the Subscription Period.

§5. LICENSE FEE

1. The License Fee shall be payable for the entire Subscription Period in advance.
2. In the event the Customer files a request for increasing the number of Users, an extra License Fee shall be charged as per the Price List or as agreed with the Customer, in proportion to the number of days until the end of the Subscription Period.
3. Qalcwise shall have the right to issue an invoice for the first Subscription Period and for an increase in the number of Users as of the day of receipt of the Customer’s Purchase Order. Qalcwise shall have the right to issue an invoice for each subsequent Subscription Period not earlier than after the expiration of the deadline for the Customer to opt out of a renewal (extension) of the Subscription Period.
4. The License Fee shall be increased by VAT at the applicable rate.
5. The License Fee payment date shall fall 30 days after the invoice date. The day of payment shall be the day on which the Qalcwise’s bank account is credited with the License Fee amount.
6. The License Fee shall constitute the entire remuneration due to Qalcwise in consideration of granting the License in all the fields of exploitation referred to in § 2 GLTC and permitting the exercise of the derivative rights in all the fields of exploitation referred to in § 2 GLTC.
7. The License Fee shall be subject to Adjustment.

§6. LIABILITY

1. The Qalcwise Platform and the Software shall be made available on an “as is” basis, which means that Qalcwise does not guarantee that the Qalcwise Platform and the Software are free and clear of any errors and will run in a faultless and uninterrupted manner.
2. Qalcwise’s liability under implied warranty for defects and quality warranty shall be excluded.
3. Qalcwise shall not be liable for fitness of the Qalcwise Platform and of the Software for the purposes of the Customer’s business, or for any benefits derived therefrom.
4. Qalcwise shall not be liable for any damage inflicted as a result of improper or inconsistent with the License use of the Qalcwise Platform or of the Software, use of the Qalcwise Platform or of the Software by persons lacking the required skills or knowledge concerning the use of the Qalcwise Platform or of the Software, and also as a result of any Customer’s interference with, modifications to or alterations of the Software.
5. Qalcwise shall not be liable for any damage or for the Qalcwise Platform or the Software being unusable as a result of Force Majeure operation, i.e. as a result of an external event beyond Qalcwise’s control, such as in particular a fire, flooding, war, strike, roadblocks, acts of state authorities, actual or alleged terrorist attack preventing the Customer from using the Qalcwise Platform or the Software.
6. Qalcwise shall not be liable for the Qalcwise Platform or the Software being unusable due to reasons beyond Qalcwise’s control, such as in particular a teletransmission or technical defect or a failure of the Customer’s hardware.
7. The Customer shall be responsible for ensuring security and integrity of the data fed into the Software and the Qalcwise Platform. Qalcwise shall not be liable for any loss of data by the Customer or for such data not being recoverable.
8. Qalcwise shall not be responsible for the correctness of data entered by the Customer or its Users.
9. Qalcwise shall not be liable for any loss of profits or any indirect or consequential damage.
10. Subject to mandatory provisions of law, Qalcwise’s total liability towards the Customer under the License Agreement or in connection therewith, shall be limited in any Subscription Period, regardless of the liability basis, to an amount representing 10% of the License Fee paid by the Customer in that Subscription Period.

§7. TERMINATION OF THE LICENSE AGREEMENT

1. The Customer shall have the right to terminate the License Agreement with a one-month notice effective at the end of the Subscription Period.
2. Qalcwise shall have the right to terminate the License Agreement with a three-month notice effective at the end of the Subscription Period.
3. Declarations of intent to terminate the License Agreement or to serve a notice of termination in respect thereof shall be made in writing, otherwise being null and void.
4. In the event of the License Agreement termination, the Customer shall immediately cease to use the Qalcwise Platform, the Software and the Documentation, and destroy all counterparts and copies thereof in its possession.
5. In the event of the License Agreement termination prior to the end of the Subscription Period, the License Fee shall not be reimbursable.

§8. FINAL PROVISIONS

1. Any disputes relating to these GLTC shall be resolved by the competent common court in Warsaw.
2. Should any one or more provisions of these GLTC prove to be invalid or unenforceable, this shall not affect the validity or enforceability of the remaining provisions hereof.
3. Any matters not provided for in these GLTC shall be governed by the provisions of the Act of February 4, 1994 on Copyright and Neighboring Rights and of the Act of April 23, 1964 – Civil Code.
4. Qalcwise shall have the right to amend these GLTC at any time, with no annex to the License Agreement required. Qalcwise shall inform the Customer of any intended amendment to GLTC at least 14 days in advance. Should the Customer not accept the amendment, it shall notify Qalcwise of its refusal to accept the amended GLTC within 14 days after the date of receipt of a notification about the intended GLTC amendment, which shall be equivalent to termination of the License Agreement pursuant to § 7.1 GLTC. During the notice period, the provisions of GLTC not incorporating the amendment shall apply to the License Agreement. The provisions of § 7.3 GLTC shall apply mutatis mutandis.

Appendix No. 2

PRIVACY POLICY

This privacy policy (the “Privacy Policy”) sets out the terms and conditions of personal data processing by Qalcwise for the purpose of proper service provision. The Privacy Policy supplements the provisions of the Rules of electronic provision of services (the “Rules”) through the online service at qalcwise.com (to the extent the same refer to customers’ pages at: https://Customer’s name.qalcwise.com) (the “Platform”) and of the contract on electronic provision of services, as executed between Qalcwise and the Customer (the “Contract”). In the case of any discrepancies, the Privacy Policy shall take precedence over the Rules. Qalcwise shall process personal data pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).

1. The Controller
   The controller of the Customer’s Personal Data (“CPD”) shall be Qalcwise.com sp. z o.o. with registered office in Warsaw (address: 02-674 Warszawa, ul. Marynarska 15), KRS [number of entry in the Polish Court Register]: 0000302926, NIP [Taxpayer’s Identification Number]: 7010115493, with a share capital of PLN 50,000.00 (the “Controller”).
2. Scope of data processed by the Controller and the purpose of processing
   1. Qalcwise shall control and process various scopes of CPD, depending on the purpose for which the processing is required, as well as on the scope of services provided to the Customer and the consents to personal data processing expressed by the Customer.
   2. Whenever CPD are processed for the purpose of executing and performing the Contract and supporting the Customer’s account, the Controller shall process the following personal data: first name, last name, business name, postal address, email address, telephone number, NIP [Taxpayer’s Identification Number], Customer’s details for payment purposes, IP address, data collected by cookies, as well as personal data of the Customer’s personnel members (the “Users”): first and last name, login. Users’ data may be received by the Controller directly from Users or transferred to it by the Customer. CPD processing shall be necessary for the purpose of the Contract performance (Article 6.1(b) GDPR), compliance with the legal obligations to which the Controller is subject (Article 6.1(c) GDPR), as well as protection of the legitimate interests and pursuit of claims (Article 6.1(f) GDPR). The provision of CPD shall be a requirement necessary to enter into and perform the Contract (the provision thereof shall be voluntary, but a refusal to provide the same shall prevent Contract execution and performance).
   3. The Controller shall process CPD to conduct a complaint procedure. The processing is necessary for compliance with the legal obligations to which the Controller is subject (Article 6.1(c) GDPR). The provision of personal data shall be a requirement necessary to receive a reply to a complaint made. A refusal to provide such data shall prevent a response to a complaint made.
   4. The Controller shall process CPD (first and last name, business name, email address, postal address, NIP [Taxpayer’s Identification Number]) in order to establish, pursue or defend claims. The ground for data processing shall be pursuit of the Controller’s legitimate interest in establishing, pursuing or defending claims that might arise in connection with the provision of services or use of the Platform (Article 6.1(f) GDPR). The provision of personal data shall be voluntary, but necessary to establish, pursue or defend claims that might arise in connection with the provision of services or use of the Platform. A refusal to provide such data shall prevent the Controller from taking action.
3. Period of data processing
   1. Qalcwise shall process Customer’s data throughout the period of service provision and also thereafter, whenever required by the provisions or law or the Controller’s legitimate interests.
   2. Whenever the obligation to process CPD results from the common provisions of law (e.g. the accounting act or the tax code), CPD shall be processed for a period required thereunder.
   3. The Customer’s personal data shall be processed throughout the term of the Contract, but for a period not shorter than corresponding to the account validity period, unless the Parties agreed otherwise in the Contract they entered into. However, following the account expiration, the Controller may nevertheless store CPD in connection with the statutory obligations to which it is subject (e.g. the accounting obligation) and in connection with its legitimate interests (e.g. to secure claims).
   4. Subject to Sections 1-2 above, whenever data are processed on the basis of a consent, CPD shall be processed until such consent is withdrawn or restricted, or until the user takes any actions to restrict the scope of the same.
   5. Whenever the ground for CPD processing is a legitimate interest of the Controller, CPD shall be processed until the Customer effectively files their objection. If the Customer objects to the processing of their data on the basis of the Controller’s legitimate interest, the Controller shall be authorized to continue processing CPD exclusively if it demonstrates the existence of compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject.
4. Data recipients
   1. The Controller may transfer CPD to processors processing the same at its request, i.e. subcontractors and service providers, marketing agencies and entities authorized to receive data pursuant to the applicable provisions of law, e.g. courts or law enforcement authorities, exclusively if such entities make a request to that effect based on a relevant legal ground.
   2. CPD may also be transferred by the Controller to entities based outside the European Economic Area.
   3. Whenever data are transferred to recipients based in countries outside the European Economic Area or in countries which were not acknowledged by the European Commission to have in place adequate measures of personal data protection, personal data shall be transferred on the basis of agreements containing EU Standard Contractual Clauses or based on other legal instruments consistent with GDPR.
   4. When transferring CPD to the entities referred to in Section 2 above, Qalcwise shall oblige such entities to have in place security measures consistent with GDPR.
   5. The Customer may obtain copies of their data transferred by sending a request to that effect to support@qalcwise.com.
5. Data subjects’ rights
   1. A data subject shall have the right to request access their personal data, have them rectified or erased, or have their processing restricted, as well as the right to withdraw their consent to their personal data processing, object to such processing and exercise other rights, including the right to:

      a. obtain full information as to whether the data file containing their personal data exists, and be informed of the data controller name, the address of its registered office and full business name;

      b. obtain information as to the purpose, scope and method of processing of the data contained in such file;

      c. obtain information on the date as of which the data contained in the file have been processed, as well as be informed in a generally intelligible form of the content of such data;

      d. obtain information as to the source of their data, unless the controller is under the obligation to keep such information secret as confidential information or information which constitutes its professional secret;

      e. obtain information as to how the data are made available, and in particular information concerning the recipients or categories of recipients to whom the data are made available;

      f. request that their personal data be made complete, updated or rectified, or that the processing thereof be permanently or temporarily discontinued, or that the same be erased;

      g. file a request for discontinuation of their data processing; and

      h. exercise the right to data portability.

   2. A data subject shall have the right to lodge a complaint concerning the processing of their personal data with the President of the Personal Data Protection Office.
6. Cookies
   In order to ensure its proper functioning, the Platform may use small text files, so-called cookies, stored on the Customer’s (User’s) computer. The Platform uses solely essential cookies, necessary for it to run properly and originating from the Controller. The Customer can prevent collection of information by cookies by disabling them in the settings of their internet browser. However, it should be borne in mind that the disabling of cookies can make some online service functionalities run improperly or affect their quality. In particular, specific functionalities can stop running, hence we do not recommend disabling cookies. If, nevertheless, the Customer would like to disable cookies, they should change their browser settings so that the browser rejects such files or informs the Customer about their transfer. The browser settings also enable the Customer to delete all or selected cookies on their computer, without the need for disabling them. Cookies will be stored on the Customer’s terminal device as long as they use the Platform.
   Purposes for which cookies are used
   1. The Controller uses cookies for the purposes of:

      a. Platform configuration:

      • adjusting the content of the Platform web pages to the User’s preferences and optimizing the use of the same;
      • recognizing the Platform User’s device and its location, and displaying the website accordingly, customized as needed;
      • facilitating the Platform browsing on subsequent visits; and
      • remembering the settings selected by the User and personalizing the User interface e.g. with respect to the selected language or the region the User comes from;

      b. User authentication on the Platform:

      • ensuring security of the services provided electronically, including maintaining a Platform User’s session after the User logs in and recognizing them during a subsequent session;
      • correctly configuring selected Platform functionalities, especially to permit verification of the browser session authentication; and
      • optimizing the services provided by the Controller and increasing their efficiency;

      c. supporting processes necessary to ensure full Platform functionality.

7. Data profiling
   CPD are not subject to profiling on the Platform.
8. Security
   1. The Controller shall make any and all endeavors to ensure that CPD privacy is respected and protected when the services are used, undertaking any and all necessary steps to this end.
   2. The Controller shall analyze the market on an ongoing basis in order to ensure that it is processing personal data in a secure manner.
   3. The Controller warrants that access to data is granted only to authorized persons with whom the Controller executed relevant agreements concerning data entrusting or making available.
   4. The Controller shall take any necessary steps to ensure that the entities with which it collaborates have adequate security measures in place, whenever they process personal data at the Controller’s request.
   5. The Controller has introduced data encryption to minimize the impact of a data security breach, if any.
   6. A User shall take care to maintain confidential the login and password they created, by refraining from disclosing the same to third parties. The Controller recommends that every User log out after they finish using a service.
9. Other provisions
   1. The Controller shall implement and maintain any reasonable technical, organizational and legal measures in order to ensure a security level adequate for the scope of risk and liability borne by Qalcwise. Qalcwise reserves the right to modify the technical, organizational and legal measures in a manner not limiting the functionalities and security of the Services.
   2. The Controller shall require all persons authorized to process CPD to agree to maintain such data confidential and to process the same exclusively for the purposes for which such data were collected, unless the applicable provisions of law stipulate otherwise.

Appendix No. 3

DATA PROCESSING AGREEMENT

AGREEMENT

on Personal Data Processing

§ 1 Definitions 

1. Agreement shall mean this data processing agreement setting out the terms and conditions on which the Customer entrusts their personal data to Qalcwise.com sp. z o.o. for processing;
2. Master Agreement shall mean the contract on electronic provision of services, entered into between the Customer and the Processor; 
3. Data Controller shall mean an entity which, on its own or in consultation with other entities, establishes the purposes and methods of personal data processing;
4. Customer shall mean an entity using the services offered by the platform available at www.qalcwise.com, who processes personal data in respect of which it acts as a Controller with the use of the platform;
5. Processor shall mean Qalcwise.com sp. z o.o. with registered office in Warsaw (address: 02-674 Warszawa, ul. Marynarska 15), KRS [number of entry in the Polish Court Register]: 0000302926, NIP [Taxpayer’s Identification Number]: 7010115493, REGON [Statistical Business Number]: 141368883, with a share capital of PLN 50,000.00, which is entrusted with personal data processing under this Agreement;
6. Platform shall mean the platform at www.qalcwise.com; 
7. Data File shall mean any structured set of data of personal nature, available based on specific criteria, regardless of whether or not such data set is dispersed or functionally partitioned;
8. Data Processing shall mean any operations performed on personal data, such as data collecting, recording, storing, adapting, altering, disclosing and erasing, and in particular those performed in IT systems; 
9. PDPA shall mean the Act of May 10, 2018 on Personal Data Protection (consolidated text: Dz. U. [Journal of Laws] of 2019, Item 1781);
10. GDPR shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
11. Subprocessor shall mean an entity to which the Processor entrusted, in whole or in part, the processing of personal data, as a result of performance of the data processing agreement executed by the Processor with a Customer; and
12. Supervisory Authority shall mean a state authority exercising supervision over compliance with the provisions of data protection law, authorized to conduct inspections and impose administrative penalties in the event any breach of the common provisions of law on personal data protection is identified. 

§ 2 Purpose of the Agreement 

1. The purpose of the Agreement shall be for the Customer to entrust the Processor with personal data processing in connection with the Master Agreement executed by the Parties.
2. The purpose of the data processing shall be to properly perform the services provided pursuant to the Master Agreement, in particular as regards providing space for data storing on the Platform, administering the Platform system and implementing technical and organizational measures aimed at protecting the data input by the Customer into the Platform.
3. The Processor shall process the personal data input into the Platform by the Customer. The categories of data processing operations shall be specified in the register of categories of data processing operations maintained by the Processor.
4. The Customer is under the obligation to notify the Processor of their intention to entrust it with any sensitive data. The Parties shall agree upon the option for the Customer to store sensitive data on the Platform.

§ 3 Obligations of the Processor 

1. The Processor shall process personal data pursuant to the applicable provisions of law and in compliance with the Customer’s written instructions. The scope of the Customer’s instructions concerning the processing of the personal data input into the Platform by the Customer is set out in this Agreement and in the Rules.
2. Prior to commencing data processing, the Processor agrees to implement any and all legal, technical and organizational measures enabling it to process the entrusted data in a secure manner, in compliance with the requirements set out in GDPR, and in particular in Articles 28 and 32 thereof, as well as to maintain the same throughout the period during which it processes such data.
3. The Processor agrees to supervise compliance with the security measures referred to in Section 2 above and shall be responsible for protecting the data to an extent adequate for the existing risk of a breach.
4. The Processor agrees to entrust data processing exclusively to persons holding a relevant authorization granted by the Processor.
5. The Processor agrees to maintain a register of persons authorized to process data.
6. The Processor shall ensure that persons authorized to process personal data have committed themselves to maintain such data confidential or are bound by an appropriate statutory confidentiality obligation.
7. To the extent permitted under law, the Processor shall inform the Customer about any demands and requests received from data subjects exercising their rights (e.g. to have their data rectified or erased, or to have the processing thereof restricted), which were filed directly with the Processor and refer to personal data entrusted to the Processor for processing by the Customer. Responding to requests received from data subjects shall be the Customer’s responsibility. The Processor shall support the Customer, to a reasonable extent, in performing the latter’s obligations as a Data Controller pursuant to § 11.2 of the Agreement.
8. Following the Agreement expiration or termination, the Processor shall erase the personal data entrusted to it and in its possession, unless the applicable provisions of law require otherwise. The Processor shall have the right to retain a copy of the data, to the extent stipulated under the mandatory provisions of law.

§ 4 Rights and obligations of the Data Controller

1. The Customer hereby represents that:

   a. all data input by it into the Platform have been legally collected with the data subjects’ consent or knowledge, for the purposes for which such data are being processed, and the ground for the data processing shall remain valid throughout the term of the Agreement;

   b. the Customer is the exclusive Data Controller of the personal data entrusted to the Processor for processing;

   c. wherever the Customer is the processor, they obtained instructions or an authorization from the competent Controller or Controllers to grant consent to personal data processing by the Processor, as provided for in this Agreement; and

   d. wherever there are other Controllers, the Customer shall inform the Processor of the same prior to disclosing their personal data.

§ 5 Audit

1. The Processor shall make available to the Customer any and all information necessary to demonstrate performance of the obligations set out in Article 28 GDPR. An audit may be performed on behalf of a Customer who is a Data Controller by a (third-party) independent auditor. The independent auditor may not be an entity engaged in a business competitive towards that of the Processor. The Processor shall have the right to refuse to grant access, especially to rooms, data and information, to an authorized auditor who is an entity engaged in such competitive business. The Customer shall ensure compliance by the independent auditor with the confidentiality obligations, and in particular with the obligation to maintain confidential any confidential information and business secrets of the Processor. The Customer’s liability for the auditor’s actions or omissions shall be strict liability and the Customer may not release themselves from such liability pursuant to Article 429 of the Civil Code. Periodic audits shall be limited to the Processor providing replies to Customers questions (asked no more frequently than once a year) concerning the Processor’s activities, pursuant to the applicable provisions of law on personal data protection and, if necessary, to the Processor enabling the Customer to talk with a Processor’s employee.
2. The Processor may request an independent auditor to perform an audit of the security measures implemented by the Processor. At the Customer’s written request, the Processor shall deliver the latest audit reports. Should the audit identify any irregularities, the Processor shall implement the remedial measures recommended by the auditor.
3. Given the nature of the Processor’s business and its confidentiality obligations towards other business partners, the Customer accepts and acknowledges that the Processor shall not permit the Customer or an auditor authorized by the Customer to access its IT systems and/or infrastructure.

§ 6 Confidentiality

1. The Processor, its Subprocessors and other persons acting based on the Processor’s authorization who have access to personal data are under the confidentiality obligation and shall maintain professional secret when processing personal data in compliance with the applicable provisions of data protection law.
2. The Controller is under the obligation to maintain confidential any and all documentation and information received from the Processor, relating to the technical and organizational security measures implemented by the Processor and its Subprocessors, as well as any other information that the Processor wishes to be maintained confidential.
3. The confidentiality obligation shall survive termination of the Agreement.

§ 7 Subprocessors

1. The Controller hereby consents to the Processor further subcontracting to third-party processors (“Subprocessors”) all or any of the processing operations performed on personal data referred to in § 2 of the Agreement (general consent), and in particular the Customer consents to the Processor subcontracting personal data processing to the following entities: Microsoft Ireland Operations Limited and its subprocessors (with respect to the Microsoft Azure platform) and Twilio Ireland Limited and its subprocessors (with respect to email correspondence within the Platform)  (special consent). Information concerning subprocessors is contained in Appendix No. 1 to the Agreement. The Processor shall notify the Customer of any changes in this respect by amending Appendix No. 1. An amendment to Appendix No. 1 shall not require execution of an annex to the Agreement and shall take effect after the lapse of 14 days after the date of the amendment notice. The provisions of § 7.3 shall apply mutatis mutandis. The Processor shall send an amendment notice to the Controller’s email address or otherwise, as agreed.
2. In the case of the general consent, the Processor shall notify the Customer of any intended replacement of Subprocessors. Within 30 days after the date of receipt by the Customer of a notice of intended replacement, the Customer may object to the intended new Subprocessor if, in the Customer’s opinion, the subcontracting of data processing to such Subprocessor might entail the risk of a breach of the provisions of law on personal data protection. Such objection shall be filed in writing. If the Customer fails to file their objection by the prescribed deadline, the Processor shall have the right to subcontract the processing of the personal data entrusted to it by the Customer to the Subprocessor. Prior to effecting such subcontracting, the Processor shall have the approved Subprocessor assume an obligation to protect the data processed pursuant to this Agreement at least as required by GDPR.
3. Whenever the Processor has justifiable reasons not to grant an objection to the intended new Subprocessor, as properly filed by the Customer, the Processor shall notify the Customer of the same without undue delay. In such a case, both the Customer and the Processor shall have the right to terminate the Master Agreement.

§ 8 Transfer of data to third countries

1. Given the nature of the Processor’s business, the Processor shall have the right to transfer the personal data entrusted to it for processing to entities based outside the European Economic Area or in countries which were not acknowledged by the European Commission to have in place adequate measures of personal data protection, to which the Customer hereby consents. Personal data shall be transferred in exceptional situations only, where such exceptional situations shall be understood to be a need to perform the Master Agreement.
2. Whenever data are transferred to the entities referred to in Section 1 above, the transfer shall be effected on the basis of an agreement executed by the Processor and containing EU Standard Contractual Clauses or on the basis of another legal instrument consistent with GDPR.
3. Whenever data are transferred to countries outside the European Economic Area, the Processor agrees to ensure adequate protection of the Customer’s personal data. Prior to signing the standard contractual clauses, the Processor shall verify the business partner to whom it intends to transfer the Customer’s data and decide whether the state to which such personal data are to be transferred warrants exercise of personal data protection rights.
4. Whenever the European Commission issues a decision acknowledging that a specific third country has in place adequate measures of personal data protection, personal data may also be transferred to such country on the basis of such decision.

§ 9 Liability and penalties

1. As between the Parties, compliance of the process of personal data processing with the law shall be the Customer’s responsibility. The Processor shall not be responsible for determining what regulations apply to the Customer’s business or for ensuring that provision of the Services by the Processor complies with the regulations applicable to the Customer. The Customer shall not use the Services in association with personal data if the rules of data processing pursuant to GDPR, as applied by the Processor, constituted a breach of the data protection regulations applicable to the Customer.
2. If a data subject whose data were entrusted by the Customer to the Processor for processing raises a claim directly against the Processor in connection with a breach of their rights, the Customer shall, without undue delay: join the dispute and indemnify the Processor against any and all costs, fees, damages or other expenditures incurred by the Processor in connection with such claim, provided that the Processor notifies the Customer of the same and enables the Customer to collaborate with the Processor in defending the claim raised by the data subject and during the procedure for its resolution.
3. The Processor acknowledges that, in connection with the Agreement performance, it may be subject to an inspection by a Supervisory Authority competent for exercising supervision over compliance of data processing with the applicable provisions of law.
4. The Customer agrees to notify the Processor without undue delay of any administrative procedure or court proceedings, or any intended inspections, if the same concern the personal data entrusted to the Processor.

§ 10 Term of the Agreement

The Agreement is entered into for a term corresponding to the term of the Master Agreement.

§ 11 Support services

1. As far as feasible, the Processor shall make relevant technical and organizational means available to the Customer in order to assist the Customer in performing their obligations to ensure compliance of data processing with the data subjects’ rights and ensure processing security, report a breach of Personal Data security and provide an assessment of the impact of such breach on data protection, subject to information available to the Processor.
2. In order to receive the support referred to in this Agreement, the Customer shall file a written request. In consideration of the provided support, the Processor shall charge a reasonable fee to the Customer. Detailed information concerning such fee shall be presented in a pricing letter and agreed upon in writing by both Parties.

§ 12 Final provisions

1. In the event that entities who are third parties in relation to the Customer have specific rights with respect to the Processor in connection with performance of the Agreement or the performed data processing operations, such rights shall be exercised exclusively through the Customer. The Customer agrees to exercise any such rights on behalf of the third-party entities referred to above and to obtain from them any necessary permits in this respect. If the Processor provides the Customer with the relevant information or with a relevant notice, it shall be released from the obligation to provide the same to another controller. Likewise, the Processor shall act as a contact person for the Customer in matters relating to the Processor’s obligations.
2. Whenever the Customer is a processor, and the Processor is a subprocessor, the provisions of the Agreement shall apply mutatis mutandis to the data which are entrusted for processing.
3. Any matters not provided for in the Agreement shall be governed by the applicable provisions of law, and in particular of GDPR and of the Civil Code.
4. The Processor designates the following contact persons for matters relating to the Agreement:
   Processor: Personal Data Protection Officer: rodo@qalcwise.com, tel. +48 538 500 119 .

Appendix No. 4

Detailed provisions concerning subprocessors and further subcontracting of data processing

Subprocessor’s business name	Further subcontracted by the subprocessor	Transfer of data outside the European Economic Area if processing is further subcontracted by the subprocessor	Details
Microsoft Ireland Operations Limited	Yes	Yes	https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA
Twilio Ireland Limited	Yes	Yes	https://www.twilio.com/en-us/legal/data-protection-addendum

The current version of the regulations has been effective since 8th February 2024. Manifest errors and discrepancies between Polish and English language versions were rectified on 4th March 2024.