Software License and Services Agreement

Effective: January, 2022

This Software License and Services Agreement is entered between myDigitalOffice.com, LLC (“Service Provider”) and the customer identified on an Order Form referencing this Agreement (“Customer”).  This Software License and Services Agreement and any associated Order Forms (collectively “the Agreement”) set forth the terms and conditions under which Customer may access and use those myDigitalOffice Products and receive professional services and represents the entire Agreement between the Parties.  

WHEREAS, Customer desires to accessthird-party hosted “software as a service” with respect to certain of its back office information technology needs in the hospitality industry;

WHEREAS, Service Provider is in the business of providing the Services;

WHEREAS, Customer has selected Service Provider to provide and manage the Services, and Service Provider has agreed to provide the Services to Customer, all on the terms and conditions set forth herein.

NOW, THEREFORE, in consideration of the mutual covenants and representations set forth in this Agreement, the parties hereby agree as follows:

1. Services

a. Services. This Agreement sets forth the terms and conditions under which Service Provider agrees to provide to Customer access to certain hosted software and provide other professional services in connection with the use of such software,each as more fully set forth on an applicable Order Form hereunder (the “Services”). The method and means of providing the Services shall be under the exclusive control, management, and supervision of Service Provider. 

b. Effective Date. This Agreement and the right to receive the Services provided by Service Provider granted hereunder shall take effect upon the date as outlined on the initial Order Form hereunder.

c. Access and Use of Services. Service Provider grants Customer, pursuant to the terms and conditions of this Agreement, a limited, nonexclusive, worldwide right during the Term (as defined herein)for any Customer employee, contractor, or agent, or any other individual or entity authorized by Customer (each, an “Authorized User”), to access and use the Services solely in support of Customer’s own business for itself and the Affiliate Hotels listed on Attachment A to an Order Form hereunder. 

d. Restrictions on Use. Customer agrees to use the Services only for Customer’s own business for itself and the Affiliate Hotels listed on an Order Form hereunder. Customer shall not (i) permit any parent, subsidiaries, affiliated entities, or third parties not identified on Attachment A to the Order Form, to use or receive the benefit of the Services, (ii) process or permit to be processed the data of any other party not identified on Attachment A to the Order Form, or (iii) use the Services in the operation of a service bureau. Customer shall ensure that any Authorized User that it permits to use the Services will comply with all of the restrictions and requirements set forth herein, and Customer shall be fully responsible for any such use by its Authorized Users.

e. Modifications, Reverse Engineering, Misuse. Customer shall not, and shall not permit anyone else to, copy, create derivative works of, sell, license, sublicense, assign, distribute, publish, transfer, alter, maintain, enhance or otherwise modify or make available,,or (except to the extent required to be permitted under applicable law) disassemble, decompile, or reverse engineer, any of Service Provider’s software, Documentation or the Services. Customer shall not use the Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law. 

f. Material Terms and Conditions. Customer specifically agrees that each of the terms and conditions of this Section 1 are material and that failure of Customer to comply with these terms and conditions shall constitute a material breach of this Agreement. The presence of this Subsection 1.f shall not be relevant in determining the materiality of any other provision or breach of this Agreement by either party.

2. Service Fees

a. In General. In consideration for the rights granted by Service Provider under this Agreement, Customer shall pay Service Provider a fee as set forth in the Order Form (the “Service Fee”).

b. Payment Terms. The Service Fee shall be due and payable as set forth on the Order Form. All amounts not paid within ten (10) calendar days of the due date shall accrue interest at the rate of one percent (1%) per month, or at the highest rate allowed by law, whichever is less, from the date due until all amounts are fully paid. Failure of the Customer to pay any amounts when due shall constitute a material breach of this Agreement. The presence of the foregoing sentence shall not be relevant in determining the materiality of any other provision or breach of this Agreement by either party.

c. Taxes. Unless expressly indicated otherwise, the prices stated on the Quotation do not include sales, use, value added, or other taxes, federal, state, or otherwise (collectively, “Taxes”).Customer shall, in addition to the other amounts payable under this Agreement, pay all Taxes, however designated, which are levied or imposed by reason of the transactions contemplated by this Agreement, excluding Taxes due on Service Provider’s net income.

3. Maintenance

a.Documentation.  The documentation for the Services (the “Documentation”) will describe the functions and features of the Services, including all subsequent revisions thereto.  Customer shall have the right to make any number of additional copies of the Documentation at no additional charge. The Documentation and all copies thereof shall be and remain the Confidential Information of Service Provider.

b. Maintenance. From time to time, Service Provider may provide bug fixes, corrections, modifications, enhancements, upgrades, and new releases to the Services to support and improve the functionality of the Services. The Services Fees shall be inclusive of the fees for maintenance.

c. Required Notice of Maintenance.  Unless as otherwise agreed to by Customer on a case-by-case basis, Service Provider shall provide no less than five (5) calendar days’ prior written notice to Customer of all non-emergency maintenance to be performed on the Services, such written notice including a detailed description of all maintenance to be performed.  For emergency maintenance, Service Provider shall provide as much prior notice as commercially practicable to Customer and shall provide a detailed description of all emergency maintenance performed no greater than five (5) calendar days following the implementation of the emergency maintenance.

4. Customer Data

a. Ownership.  “Customer Data” (which shall also be treated by Service Provider as Confidential Information) shall mean Customer’s data collected, used, processed, stored, or generated as the result of the use of the Services, includingsuch data that comprises personally identifiable information or other personal data (collectively, “PII”).  Customer Data is and shall remain the sole and exclusive property of Customer and all right, title, and interest in the same is reserved by Customer except as expressly set forth herein. This Section shall survive the termination of this Agreement.

b. Service Provider Use of Customer Data.  Unless otherwise indicated herein, Service Provider is provided a limited license to Customer Data for the purpose of providing the Services, including a license to collect, process, store, generate, and display Customer Data to the extent necessary or desirable in the providing of the Services.  Service Provider shall protect the Customer Data in accordance with the confidentiality requirements set forth in Section 7.  This Section shall survive the termination of this Agreement. Notwithstanding anything to the contrary herein, Service Provider may create and use anonymous data sets that are aggregated with other of its own content or third party content in a manner that cannot readily identify Customer, its Authorized Users or its own customers (collectively, “Service Provider Data Sets”), for the purposes of (i) improving the Services;(ii) Service Provider marketing; (iii) analysis of aggregate, de-identified data; and (iv) development of new or modified products, services and offerings. Such Service ProviderData Sets shall not be considered Personal Data, Customer Data or Confidential Information of Customer. 

c. Provision of Customer Data to Service Provider. Customer agrees to submit all applicable Customer Data to Service Provider as necessary in order to enable Service Provider to prepare and maintain the Services for Customer. Service Provider will endeavor to notify Customer if Customer Data has not been provided or is missing.However, the responsibility to submit all Customer Data belongs solely to Customer, and Service Provider shall not be responsible for inability to provide Services to the extent caused by Customer’s failure to provide Customer Data. To the extent that any PII regarding European citizens is included in the Customer Data, the parties will comply with their respective responsibilities as set forth in Exhibit A. 

d. Extraction of Customer Data.  Service Provider shall, within five (5) business days of Customer’s request, provide Customer an extract of the Customer Data in the format of PDF.

e. Backup and Recovery of Customer Data.  Service Provider will use commercially reasonable efforts to maintain a backup of Customer Data and to perform an orderly and timely recovery of such data in the event that the Services may be interrupted. 

f. Loss of Data.  In the event of any gross negligence, willful misconduct, or breach that compromises or is suspected to compromise the security, confidentiality, or integrity of Customer Data or the physical, technical, administrative, or organizational safeguards put in place by Service Provider that relate to the protection of the security, confidentiality, or integrity of Customer Data, the parties shall cooperate in the handling of the potential breach as set forth in Exhibit A.

5.  LIMITED WARRANTY AND DISCLAIMER.

a.  Limited Warranty.  Service Provider warrants that it will provide the Services in a manner consistent with general industry standards reasonably applicable to the provision thereof and that the Service will materially conform to Service Provider’s then-current Documentation for the Service under normal use and circumstances. If Customer notifies Service Provider of a breach of warranty and Service Provider confirms that it is a breach, then Service Provider will either (i) re-perform the nonconforming Service;(ii) prepare a modification to the Service so that it does materially conform to the then-current Documentation; or (iii) terminate the affected Services and refund to Customer a pro rata portion of the applicable Service Fee corresponding to the terminated portion of the Service for the remainder of the Term. The foregoing constitutes Customer’s sole and exclusive remedy and Service Provider’s sole liability for any breach of the foregoing warranty.

b. Compliance with Laws.Each party will comply with all applicable laws, ordinances, and regulations applicable to it in providing or receiving the Services.

c. Content Warranty. Customer represents that it has the right to provide Service Provider with the Customer Data under the terms of this Agreement. Customer shall be responsible for and assumes the risk, responsibility and expense of any problems resulting from, the accuracy, quality, integrity, legality, reliability, and appropriateness of all such Customer Data, and of obtaining all necessary consents to provide Service Provider with the Customer Data, including any necessary consents from Customer’s third-party systems and providers. 

d. Disclaimer. THE LIMITED WARRANTIES SET FORTH IN THIS SECTION 5 IS MADE FOR THE PARTIES’ BENEFIT ONLY. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 5 AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED “AS IS,” AND SERVICE PROVIDER MAKES NO (AND HEREBY DISCLAIMS ALL) WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED OR STATUTORY, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE USE, MISUSE, OR INABILITY TO USE THE SERVICES (IN WHOLE OR IN PART) OR ANY OTHER PRODUCTS OR SERVICES PROVIDED TO CUSTOMER BY SERVICE PROVIDER. SERVICE PROVIDER DOES NOT WARRANT THAT ALL ERRORS CAN BE CORRECTED, OR THAT OPERATION OF THE SERVICE SHALL BE UNINTERRUPTED OR ERROR-FREE. 

e. Internet Delays.  The Services may be subject to limitations, delays, and other problems inherent in the use of the internet and electronic communications. Service Provider is not responsible for any delays, delivery failures or other damages resulting from such problems or any other similar event.

6. Ownership; Assignment

a. Title. As between the parties hereto, Service Provider owns or is the licensee of all proprietary rights, including patent, copyright, trade secret, trademark, and other proprietary rights, in and to the Services and any corrections, bug fixes, enhancements, updates, or other modifications, including custom modifications, to the Services, whether made by Service Provider or any third party.

b. Assignment and Transfer. Customer shall not assign, sell, license, sublicense, or otherwise transfer this Agreement or its rights or obligations hereunder to anyone, including any parent, subsidiaries, affiliated entities or third parties without Service Provider’s prior written consent, unless such assignment or transfer is either (i) part of the sale of its business or (ii) pursuant to merger, consolidation, or reorganization. Any other purported assignment or transfer without Service Provider’s prior written consent shall be void and of no effect.

c. Assignment to Successor. Customer shall provide Service Provider with at least thirty (30) calendar days’ advance written notice from Customer in the event Customer sells its business or Customer’s business is subject to merger, consolidation, or reorganization.

7. Confidential Information

a. Definition. As used herein, “Confidential Information” means technical or commercial know-how, specifications, inventions, processes, equipment, tools, drawings, designs or initiatives which are of a confidential nature and have been disclosed to it by the other Party, but excluding any part of the Confidential Information that (a) has become public knowledge (other than through the fault of the recipient hereunder); or (b) was already known to the recipient without obligation of confidentiality prior to disclosure to it by the other party; or (c) has been received from a third party who neither acquired it in confidence from the other party, nor owed the other party a duty of confidence in respect of it. Without limitation of the foregoing, Confidential Information of Customer includes the Customer Data, and Confidential Information of Service Provider includes the Services, the Documentation and all software and other proprietary information concerning the Services and the Documentation, including any flow charts, logic diagrams, user manual and screens.

b. Obligations. Except to the extent explicitly permitted herein, each party shall not without the written consent of the other party (i) disclose the Confidential Information of the other party to any third party, or (ii) use the Confidential Information of the other party for any purposes other than the exercise of its rights and performance of its obligations hereunder. Each party shall protect the Confidential Information of the other party with at least the same level of care that it protects its own information of a like nature, which shall in no event be less than a reasonable amount of care in light of the nature of the information. Each party shall only permit its respective employees, agents and subcontractors to have access to the Confidential Information of the other party if such employees, agents and subcontractors are bound by confidentiality obligations at least as restrictive as those set forth herein, and shall be responsible for any breach hereof by such employees, agents or subcontractors.

8. Limitation of Liability

Service Provider shall not be liable to Customer for indirect, special, incidental, exemplary or consequential damages (including, without limitation, lost profits, lost business or loss of data) arising out of or in connection with this Agreement, the Services, or Customer’s use or inability to use the Services. Service Provider’s entire liability to Customer for any and all claims arising out of or in connection with this Agreement, the Services, or Customer’s use or inability to use the Services shall not exceed the amounts paid by Customer during the 12 months preceding the events giving rise to the applicable liability. The foregoing limitations shall apply to all damages howsoever caused and arising from any cause of action whatsoever, including breach of contract, warranty, tort, strict liability, negligence, by statute or otherwise, even if such damages are foreseeable or if Service Provider has been notified of the possibility of such damages.

9. Indemnification

a. Indemnification by Service Provider. Subject to the procedures set forth in Section 10(c), Service Provider shall defend, indemnify and hold harmless Customer from and against any claims, including reasonable legal fees and expenses, to the extent based upon infringement of any third party’s United States copyright or United States patent by the Services as provided by Service Provider hereunder. The foregoing shall not apply, and Service Provider shall have no obligations, for any claims that arise in whole or in part from: (a) any combination of the Services with anything not supplied by Service Provider, where such infringement would not have occurred but for such combination; (b) the adaptation or modification of the Services, where such infringement would not have occurred but for such adaptation or modification; or (c) the use of the Services in any manner not contemplated under this Agreement.

b. Indemnification by Customer. Subject to the procedures set forth in Section 10(c), Customer shall defend, indemnify and hold harmless Service Provider from and against any claims, including reasonable legal fees and expenses, to the extent based upon infringement of any third party’s United States copyright or United States patent, or violation of any third party’s privacy rights, by the Customer Data as provided by Customer hereunder or by Customer’s integration of the Services with Customer’s third-party systems or providers.

c. Procedures. If the indemnified party is notified of a claim for which it seeks indemnification, the indemnified party agrees to notify the indemnifying party of any such claim promptly in writing and to allow the indemnifying party to control the proceedings. The indemnified party agrees to cooperate fully with the indemnifying party during such proceedings, and may participate in any such proceedings with counsel of its choosing at its own expense. In the event of actual or alleged infringement by the Services, Service Provider may in its sole discretion (i) update the Services, in whole or in part, with substantially compatible and functionally equivalent services;(ii) modify the Services to avoid the infringement; or (iii) terminate the affected Services and refund to Customer a pro rata portion of the applicable Service Fee corresponding to the terminated portion of the Service for the remainder of the Term.This Section 9 states Service Provider’s entire liability and Customer’s exclusive remedy with respect to any actual or alleged infringement of the intellectual property rights of any third party.

10. Term and Termination

a. Term. The term of this Agreement (the “Term”) shall commence on the date of the first Order Form entered into hereunder between the parties, and shall end upon the expiration of all Order Forms hereunder (subject to renewal as set forth therein) or the earlier termination of this Agreement in accordance with this Section 10.

b. Termination. Each party shall have the right to terminate this Agreement and the rights granted herein either by thirty (30) calendar days’ written notice to the other party upon the occurrence of either of the following events (an “Event of Default”):

  • i. In the event the other party materially breaches this Agreement; or
  • ii. In the event the other party (A) terminates or suspends its business, (B) becomes subject to any bankruptcy or insolvency proceeding under Federal or state statute, (C) becomes insolvent or subject to direct control by a trustee, receiver or similar authority, or (D) has wound up or liquidated, voluntarily or otherwise.

c. Notice and Opportunity to Cure. Upon the occurrence of an Event of Default, a party shall deliver to the defaulting party a Notice of Intent to Terminate that identifies in detail the Event of Default. If the Event of Default remains uncured for thirty (30) calendar days, the party may terminate this Agreement and the rights granted herein by delivering to the defaulting party a Notice of Termination that identifies the effective date of the termination, which date shall not be less than thirty (30) calendar days after the date of delivery of the Notice of Intent to Terminate.

d. Payments upon Termination. Upon the termination of this Agreement, within 10 calendar days Customer shall pay to Service Provider all amounts due and payable hereunder.

e. Return of Customer Data. Upon the termination of this Agreement, and a Customer request received by Service Provider no later than thirty (30) calendar days following the termination date, Service Provider shall, within thirty (30) calendar days following the Customer request, provide Customer with a final extract of the Customer Data. Furthermore, upon Customer request following termination of the Agreement, Service Provider shall certify to Customer the destruction of any Customer Data within the possession or control of Service Provider, but such destruction shall occur only after the Customer Data has been returned to Customer.     

f. Survival. Sections 2, 4 and 6 through 14 shall survive the expiration or termination of this Agreement.

11. Force Majeure

Neither party shall be in default or otherwise liable for any delay in or failure of its performance under this Agreement if such delay or failure arises by any reason beyond its reasonable control, including any act of God, any acts of the common enemy, the elements, earthquake, floods, fires, epidemics, riots, failures, or delay in transportation or communications, or any act or failure to act by the other party or such other party’s employees, agents, or  contractors; provided, however, that lack of funds shall not be deemed to be a reason beyond a party’s reasonable control. The parties will promptly inform and consult with each other as to any of the above causes which in their judgment could be the cause of a delay in the performance of this Agreement.

12. Notices

All notices under this Agreement are to be delivered by (i) depositing the notice in the mail using registered mail, return receipt requested, addressed to the address below or to any other address as the party may designate by providing notice, (ii) emailing the notice by using the email address set forth below, (iii) overnight delivery service addressed to the address below or to any other address as the party may designate by providing notice, or (iv) hand delivery to the individual designated below or to any other individual as the party may designate by providing notice. 

The notice shall be deemed delivered (i) if by registered mail, four (4) business days after the notice’s deposit in the mail, (ii) if by email, on the date the notice is received, (iii) if by overnight delivery service, on the day of delivery, and (iv) if by hand delivery, on the date of hand delivery.

Service Provider: myDigitalOffice.com, LLC
Attention: Ali Moloo

Address:
Bethesda Towers
4350 East West Hwy, Suite 401
Bethesda, MD 20814 US

Email Address:info@mydigitaloffice.com

Customer:   Contact information provided on the Order Form.

13. General Provisions

a. Complete Agreement. The parties agree that this Agreement is the complete and exclusive statement of the agreement between the parties, which supersedes and merges all prior proposals, understandings, and all other agreements, oral or written, between the parties relating to the subject matter of this Agreement.No modification of or addition to this Agreement or any Order Form shall be effected by any failure of Service Provider to reject any form of Customer acknowledgement or other purchase order containing different or additional provisions. Any purchase order or similar form issued by Customer shall be for purposes of Customer’s internal controls only, and any different or additional terms contained thereon are hereby rejected by Service Provider and do not form a part of this Agreement.

b. Cooperation.  Where agreement, approval, acceptance, consent or similar action by either party hereto is required by any provision of this Agreement, such action shall not be unreasonably delayed or withheld.  Each party will cooperate with the other by, among other things, making available, as reasonably requested by the other, management decisions, information, approvals, and acceptances in order that each party may properly accomplish its obligations and responsibilities hereunder. 

c. Amendment. As applicable to a previously-executed Order Form, this Agreement may not be modified, altered or amended except by written instrument duly executed by both parties. Service Provider may from time to time amend the online terms of this Software License and Services Agreement by posting the amended terms to Service Provider’s website, with such terms to take effect for subsequent Order Forms entered into between the Parties after the date of such posting.

d. Waiver. The waiver or failure of either party to exercise in any respect any right provided for in this Agreement shall not be deemed a waiver of any further right under this Agreement.

e. Severability. If any provision of this Agreement is invalid, illegal or unenforceable under any applicable statute or rule of law, it is to that extent to be deemed omitted. The remainder of the Agreement shall be valid and enforceable to the maximum extent possible.

f. Governing Law; Venue. This Agreement and performance hereunder shall be governed by the laws of the State of Maryland, without reference to its principles of conflicts of laws. Any suit or proceeding arising out of or relating to this Agreement will be heard exclusively in the federal or state courts sitting in the State of Maryland.

g. Multiple Copies. The Order Form will be signed in multiple copies, and each copy shall be considered an original for all purposes. This Agreement shall be maintained digitally online.

h. Read and Understood. Each party acknowledges, by signing the Order Form, that it has read and understands this Agreement and agrees to be bound by its terms.

Exhibit A

Data Processing

This Exhibit A applies to the extent Service Provider’s processing of PII within the Customer Data received from Customer in the course of providing the Services is subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”). Such personal data shall hereinafter be referred to as “Personal Data”.

1.         Processing of Personal Data. Service Provider will process the Personal Data only on Customer’s documented instructions. Customer instructs Service Provider (and authorizes Service Provider to instruct any applicable subprocessors) to, as necessary or desirable for the provision of the Services, process the Personal Data to the extent necessary or desirable to perform the Services. Customer will ensure that it has obtained all necessary consents or other lawful bases necessary to provide the Personal Data to Service Provider and to enable Service Provider to process the Personal Data for the purposes set forth herein.

2.         Description of Personal Data. Pursuant to Art. 28(3) of the GDPR: (a) the subject matter and duration of the processing is set forth in the Agreement; (b) the nature and purpose of the processing is to provide the Services; (c) the categories of Personal Data include Personal Data as Customer may in its discretion submit into the Services, which shall not include any special categories of Personal Data and which may include without limitation individual’s date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements listed herein; and (d) the data subjects are guests and attendees at Customer’s hotels.

3.         Confidentiality and security.

3.1       Personnel. Service Provider will take appropriate steps to ensure the reliability of any employee, agent, contractor or any other person who may have access to the Personal Data, ensuring that such individuals are subject to confidentiality obligations or professional or statutory obligations of confidentiality.

3.2       Security controls. Service Provider will implement appropriate technical and organizational measures that comply with Art. 32 of the GDPR and are designed to provide a level of security appropriate to the risks presented by the processing of the Personal Data in connection with the Services. In assessing the appropriate level of security, the Service Provider shall take account in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Data transmitted, stored or otherwise processed.

3.3       Data breach. Without undue delay, Service Provider shall notify Customer if it discovers a data breach involving the Personal Data. Service Provider shall investigate and use all reasonable efforts to remediate the effects of the data breach, and regularly update Customer of the results of its investigation, response and remediation efforts.The parties will provide each other with reasonable assistance and appropriate information to supportCustomerin meetingits obligations to report a data breach pursuant Art. 33 and 34 of the GDPR, and willreasonably co-operate to assist in the investigation, mitigation and remediation of each data breach.

4.         Assistance. Each party shall promptly notify the other party if it receives a request from a data subject regarding the Personal Data which should appropriately be handled by the other party. Upon request of Customer, Service Provider shall provide Customer with reasonable assistance as necessary to Customer’s fulfilment of its obligations under Chapter III of the GDPR to respond to data subject requests relating to the Personal Data. Each party shall provide the other with reasonable assistance in ensuring compliance with the obligations pursuant to Art. 32 (the security of the processing), Art. 35 (conducting data protection impact assessments) and Art. 36 (prior consultations with any Supervisory Authority).

5.         Audit Rights. Upon reasonable request and upon reasonable advance notice, Service Provider will make available to Customerappropriate information necessary to demonstrate Service Provider’s compliance with this Exhibit and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer, at Customer’s expense.

6.         Subprocessing. Customer agrees that Service Provider may continue to use those subprocessors in use as of the date of this Agreement. Service Provider shall inform Customer of any intended changes concerning the addition or replacement of other subprocessors, thereby giving Customer the opportunity to object to such changes. Service Provider shall exercise appropriate care in appointing and overseeing authorized subprocessors and shall enter into contractual terms with authorized subprocessor that are no less protective than as required under applicable law.

7.         Restricted Transfers. Where the processing of the Personal Data by Service Provider or its subprocessors involves a transfer of the Personal Data to a jurisdiction that is not recognized as providing an adequate level of protection by the GDPR, the parties hereby enter into the terms of the Standard Contractual Clauses as set out in Commission Decision C/2021/3972, with selections for Module Two (Transfer Controller to Processor), as updated, amended, replaced or superseded from time to time by the European Commission, or another adequate safeguard as allowed for by the GDPR, as follows:

a.   Clause 7 is omitted.

b.   For Clause 9(a), Option 2 is selected, with 15 calendar days as the specified time period.

c.   For Clause 11(a), the optional subclause is omitted.

d.   For Clause 17, Option 1 is selected, with Ireland as the Member State.

e.   For Clause 18(b), Ireland is selected as the Member State.

f.    For Annex I(A), Customer is the data exporter and controller, Service Provider is the data importer and processor, and the contact details and activities to be performed are as set forth in the Agreement and Order Forms thereunder.

g.   For Annex I(B), the description of the transfer is as set forth in this Exhibit A.

h.   For Annex I(C), the supervisory authorities are those of Ireland.

i.    For Annex II, the technical and organisational measures are as set forth in the Documentation of the Services regarding such matters as provided by Service Provider to Customer from time to time.

j.    Annex III is omitted.

8.         Deletion or Return of Personal Data. Upon the termination or expiration of the Agreement (unless continued processing is subject to a new or amended agreement) and to the extent not prohibited by applicable law, Service Provider will return or delete the Personal Data as further described in the Agreement.