Terms and conditions

Version 7.0, August 01, 2024

Services.

(b) End User Consent. Customer will obtain and maintain all consents required from End Users to enable: (i) Administrators to have the access described in this Agreement; and (ii) Dinova to provide the Services to Administrators and End Users.

3.5 Unauthorized Use. Customer will use commercially reasonable efforts to prevent unauthorized use of the Services and to terminate any unauthorized use. Customer will promptly notify Dinova of any unauthorized use of or access to the Services of which it becomes aware.

3.6 Restrictions. Customer shall not, and shall not permit End Users to, (a) copy, modify, or create a derivative work of the Services; (b) reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code of the Services (except to the extent such restriction is expressly prohibited by applicable law); (c) sell, resell, sublicense, transfer, or distribute any or all of the Services; or (d) access or use the Services (i) for high-risk activities; (ii) in violation of the AUP; or (iii) to make or receive emergency calls.

3.7 Support. Customer will respond, at its own expense, to questions and complaints from End Users or third parties relating to Customer's or End Users' use of the Services. Customer will use commercially reasonable efforts to resolve support issues before submitting them to Dinova.

4.1 Suspension of End User Accounts by Dinova. If Dinova becomes aware of an End User's breach of the Agreement, Dinova may specifically request that Customer suspend the applicable End User Account. If Customer fails to comply with Dinova's request to suspend an End User Account, Dinova may do so. The duration of any Suspension by Dinova shall be until the applicable End User has cured the breach that caused the Suspension.

4.2 Emergency Security Issues. Notwithstanding the foregoing, in the event of an emergency security issue, Dinova may automatically suspend infringing use. Suspension will be to the extent and for the minimum duration necessary to prevent or terminate the emergency security issue. If Dinova suspends an End User Account for any reason without prior notice to Customer, upon Customer's request, Dinova will provide Customer with the reason for the suspension as soon as reasonably practicable.

4.3 Suspension to Comply with Laws. Dinova may, in its sole discretion, suspend the provision of any Service at any time if required to comply with any applicable law.

7.4 Risoluzione a causa di leggi applicabili; violazione di leggi. Dinova può risolvere il presente Contratto e/o qualsiasi Modulo d’Ordine applicabile immediatamente con comunicazione scritta se Dinova ritiene ragionevolmente che la continuazione della fornitura di qualsiasi Servizio utilizzato dal Cliente violerebbe le leggi applicabili.

7.5 Effects of Termination or Non-Renewal. If the Agreement is terminated or not renewed, (a) all rights and access to the Services will cease (including access to User Data), unless otherwise described in this Agreement, and (b) all Fees owed by User to Dinova are immediately due upon User's receipt of the final electronic invoice or as indicated in the final invoice.

7.6 No Refunds. Unless otherwise expressly stated in this Agreement, termination or failure to renew under any section of this Agreement will not obligate Dinova to refund any Fees.

11.1 Notices. Dinova may provide any notice to Customer under this Agreement by: (a) sending an email to the notification email address or (b) posting a notice in the administrative console. Customer may provide notices to Dinova under this Agreement by emailing Dinova's legal department at legal@dinova.one. Customer is responsible for keeping its notification email address current throughout the term of the Agreement.

11.2 Assignment. Neither party may assign or transfer any part of this Agreement without the written consent of the other party, except to an Affiliate, but only if: (a) the assignee agrees in writing to be bound by the terms of this Agreement; and (b) the assigning party remains responsible for the obligations it incurred under the Agreement prior to the assignment. Any other attempted transfer or assignment is void.

11.3 Change of Control. In the event of a change of control (for example, through a purchase or sale of stock, merger or other form of corporate transaction): (a) the party experiencing the change of control will provide written notice to the other party within thirty days of the change of control; and (b) the other party may immediately terminate this Agreement at any time between the change of control and thirty days after receipt of the written notice described in paragraph (a).

11.4 Force Majeure. Neither party will be liable for inadequate performance to the extent caused by a condition (e.g., natural disaster, act of war or terrorism, riot, labor conditions, governmental action, and Internet disruption) beyond the party's reasonable control.

11.5 Severability. If any provision of this Agreement is held unenforceable, the remainder of the Agreement shall remain in full force and effect.

11.6 Applicable Law. This Agreement is governed by Italian law. For any dispute arising out of or relating to this agreement, the parties consent to the personal jurisdiction and exclusive venue of the courts of Bologna, Italy.

11.7 Modifications. Any modification must be in writing and expressly indicate that it is a modification of this Agreement.

11.8 Survival. The following sections will survive the expiration or termination of this Agreement: Section 5 (Intellectual Property Rights), Section 6 (Confidential Information), Section 7.5 (Effect of Termination or Non-Renewal), Section 9 (Disclaimer), Section 10 (Limitation of Liability), and Section 11 (Miscellaneous).11.9 Entire Agreement. This Agreement sets forth the entire terms agreed to by the parties and supersedes and replaces any other agreements between the parties relating to its subject matter, including prior versions of this Agreement. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation or warranty (whether made negligently or innocently), except those expressly set forth in this Agreement. The URL Terms are incorporated by reference into the Agreement. Dinova may provide an updated URL in place of any URL in this Agreement.

11.10 Conflicting Conditions. In the event of a conflict between the documents that make up this Agreement, the documents in the following order (in decreasing precedence) shall prevail: the Order Form or similar document signed by Dinova and the Customer, and the URL Conditions.

• “Admin Account” means the administrative account provided to you by Dinova for the purpose of administering the Services. Use of the administrator account requires a password, which Dinova will provide to you.
• “Admin Console” means the online tool provided by Dinova to the Customer for the use of reports and certain other administration functions.
• “Administrators” means the technical personnel designated by Customer who administer the End User Services on Customer’s behalf.
• “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.
• “Customer Data” means data, including emails, provided, generated, transmitted or displayed through the Services by Customer or End Users.
• “Emergency Security Issue” means: (a) use of the Services by Customer or End Users in violation of the Acceptable Use Policy, in a manner that disrupts: (i) the Services; (ii) use of the Services by other Customers; or (iii) prevents unauthorized third-party access to the Services or data within the Services.
• “End Users” means persons to whom Customer permits use of the Services.
• “End User Account” means an Interacta account created by Customer through the Services for an End User.
• “High Risk Activities” means uses such as the operation of nuclear facilities, air traffic control, or life support systems, where use or failure of the Services could result in death, personal injury, or environmental damage.
• “Services” means the applicable Services provided by Dinova and used by Customer under this Agreement.
• “Significant Impairment” means the discontinuation or making backwards compatible changes to the Services that result in Dinova being unable to provide its customer base with the substantial ability to perform activities and workflows with the Services.
• “Suspend” means the immediate disabling of your access to the Services, or components of the Services, as applicable, to prevent further use of the Services.

Use of the Services is subject to this Acceptable Use Policy (“AUP”).

Unless defined herein, capitalized terms have the meaning set forth in the applicable agreement (“Agreement”) between you or other authorized user (“You”) and Dinova Srl.

You agree not to use the Services, and not to permit any third party or your end users to use the Services:

1. violate, or encourage the violation of, the legal rights of others;
2. for any illegal, unlawful, invasive, abusive, defamatory or fraudulent purpose;
3. intentionally distribute viruses, worms, Trojan horses, corrupted files or other items of a destructive or deceptive nature;
4. use hate speech, content that promotes or condones violence against or has the primary purpose of inciting hatred against an individual or group on the basis of race or ethnic origin, religion, disability, age, nationality, sexual orientation, gender, or any other characteristic associated with systemic discrimination or marginalization;
5. to engage in harassing, bullying or threatening behavior, and not to incite others to engage in these activities
6. distribute personal and confidential information, such as credit card numbers, sensitive national identification numbers, or account passwords, without their explicit consent.
7. upload or share content that exploits or abuses children.
8. distribute sexually explicit or pornographic material, violent content, terrorism that is primarily intended to be shocking, sensational, or gratuitous.
9. spam, including sending unwanted promotional or commercial content, or unsolicited or bulk solicitations.
10. alter, deactivate, interfere with, or circumvent any aspect of the Services;
11. to test or reverse engineer the Services for limitations, vulnerabilities, or to circumvent filtering features;
12. to grant multiple people access to a single End User Account;
13. record audio or video communications without consent if such consent is required by applicable laws and regulations (You are solely responsible for compliance with all applicable laws and regulations in the relevant jurisdiction(s).

Failure to comply with the AUP by you may result in:

The customer who accepts these conditions (“Customer”) and Dinova Srl have entered into an Interacta Agreement (as defined below).

1.1 Capitalized terms defined in the Applicable Agreement apply to this Data Processing Addendum. Additionally, in this Data Processing Addendum:

• “Customer Data” means data submitted, stored, sent or received through the Services by Customer or End Users.
• “Customer Personal Data” means the personal data contained in the Customer Data.
• “Incidente di dati” indica una violazione della sicurezza di Dinova che porti alladistruzione accidentale o illegale, alla perdita, all’alterazione, alla divulgazione non autorizzata o all’accesso ai Dati del Cliente sui sistemi gestiti da Dinova o altrimenti controllati da Dinova.
• “EEA” means the European Economic Area.
• “GDPR UE” indica il Regolamento (UE) 2016/679 del Parlamento Europeo e delConsiglio del 27 aprile 2016 relativo alla protezione delle persone fisiche con riguardo al trattamento dei dati personali, nonché alla libera circolazione di tali dati e che abroga la direttiva 95/46/CE.
• By “European Data Protection Law” we mean the GDPR.
• “European or Italian law” means the law of the European Union or of the Italian State.
• “Interacta Agreement” means an Interacta Agreement under which Dinova agrees to provide Interacta Services to Customer.
• “Notification Email Address” means the email address or addresses designated by Customer in the Admin Console, or in the Order Documents or communicated to Dinova (as applicable), to receive certain notifications from Dinova. You are responsible for ensuring that your notification email address remains current and valid.
• “Subprocessor” means a third party authorized as another processor under this Data Processing Amendment to have logical access to and process Customer Data in order to provide parts of the Services.
• “Supervisory Authority” means a “supervisory authority” as defined in the EU GDPR.
• “Term” means the period between the Effective Date of the Addendum and the end of Dinova’s provision of the Services under the applicable Agreement, including, if applicable, any period during which provision of the Services may be suspended and any period after termination of the Agreement during which Dinova may continue to provide the Services for transitional purposes.

This Data Processing Addendum, notwithstanding the expiration of the Term, will remain in effect until all User Data is deleted by Dinova as described in this Data Processing Addendum, and will automatically expire.

4.1 Roles and regulatory compliance; authorization.

4.1.1. Responsibilities of the processor and controller:

1. The applicable term plus the period between the expiration of such term and the deletion of all Customer Data by Dinova in accordance with the Data Processing Addendum.
2. Nature and purpose of processing: Dinova will process the Customer's Personal Data for the purposes of providing the Services to the Customer in accordance with the Data Processing Addendum.
3. Data categories: Data relating to natural persons provided to Dinova through the Services, by (or at the direction of) Customers or End Users.
4. Data Subjects: Data subjects means the natural persons whose data are provided to Dinova through the Services by (or at the direction of) the Customer or End Users.
5. Dinova is a data controller of the customer's personal data in accordance with European and Italian data protection legislation;
6. The Customer is a controller or processor, as the case may be, of such Customer Personal Data under European and Italian data protection law;
7. Each party will comply with its obligations under European Data Protection Law in relation to the processing of Customer Personal Data.

4.1.2. Authorization by the third party controller. The Customer warrants that its instructions and actions in relation to the Customer's Personal Data, including the appointment of Dinova as another data processor, have been authorized by the relevant data controller.

4.2 Scope of processing.

4.2.1 Customer Instructions. Customer instructs Dinova to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services; (b) as further specified through Customer’s and End Users’ use of the Services (including the Administrative Console and other features of the Services); (c) as documented in the applicable Agreement form, including this Data Processing Addendum; and (d) as further documented in any other written instructions provided by Customer and recognized by Dinova as instructions for purposes of this Data Processing Addendum.

4.2.2 Dinova’s Compliance with Instructions. Dinova will comply with the instructions described in Section 4.2.1 (Customer Instructions) (including with respect to data transfers) unless European or Italian law to which Dinova is subject requires other processing of the Customer’s Personal Data by Dinova, in which case Dinova will communicate this to the Customer (unless such law prohibits Dinova from doing so for important reasons of public interest) prior to such other processing.

5.1 Deletion during the Term. Dinova will allow Customer and End Users to delete Customer Data during the Term in a manner consistent with the functionality of the Services. If Customer or an End User uses the Services to delete any Customer Data during the Term and such Customer Data cannot be recovered by Customer or End User, such use will constitute an instruction to Dinova to delete the relevant Customer Data from Dinova’s systems in accordance with applicable law. Dinova will comply with such instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European or Italian law requires retention.

6.1.1 Dinova Security Measures. Dinova will implement and maintain reasonable technical and organizational measures to protect User Data from accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access (the “Security Measures”). Since Interacta is built and provided via Google Cloud Platform (GCP), GCP Security Measures also apply.

6.1.2 Security Compliance. Dinova undertakes to: (a) take appropriate measures to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, and (b) ensure that all persons authorized to process Customer Personal Data are subject to a duty of confidentiality.

6.1.3 Dinova Security Assistance. Dinova will assist the Customer in ensuring compliance with its obligations under Articles 32 to 34 of the GDPR, by:

• a. implement and maintain Security Measures in accordance with Section 6.1.1 (Dinova Security Measures);
• b. comply with the terms of Section 6.2 (Data Incidents);
• c. if subsections (a)-(b) above are not sufficient to allow the Customer

to fulfill such obligations, upon request of the Customer, by providing reasonable additional assistance.

6.2 Data Incidents.

6.2.1 Incident Notification. Dinova will promptly and without undue delay notify Customer upon becoming aware of a Data Incident and will promptly take reasonable steps to minimize harm and protect Customer Data.

6.2.2 Data Incident Details. Dinova's notification of a Data Incident will describe, to the extent possible, the nature of the Data Incident, the measures taken to mitigate potential risks, and the measures Dinova recommends that Customer take to address the Data Incident.

6.2.3 Delivery of Notification. Notification of any Data Incident will be sent to the notification email address or, at Dinova's discretion, by direct communication (e.g., a telephone call or in-person meeting).

6.2.4 No Evaluation of Customer Data by Dinova. Dinova has no obligation to evaluate Customer Data to identify information subject to specific legal requirements.

6.2.5 No Acknowledgement of Fault by Dinova. Dinova's notification or response to a Data Incident under this Section 6.2 (Data Incidents) will not be construed as an acknowledgment by Dinova of any fault or liability in connection with the Data Incident.

6.3. Customer's Responsibility and Safety Assessment.

6.3.1 Customer Security Responsibilities. Subject to Dinova's obligations under Sections 6.1 (Dinova's Security Measures, Controls and Support) and 6.2 (Data Incidents), and elsewhere in the applicable Agreement, Customer is responsible for use of the Services and storage of any copies of Customer Data outside of Dinova's or Dinova's Subprocessors' systems, including:

6.4 Cloud Infrastructure Compliance Certifications and SOC Reports. Interacta is built and delivered through Google Cloud Platform (GCP) as a cloud technical infrastructure. Dinova warrants that Interacta will be delivered on a cloud platform (such as GCP) that maintains at least the following requirements for the Verified Services, in order to assess the continued effectiveness of the Security Measures:

a. certified for ISO 27001, ISO 27017, and ISO 27018, and

b. SOC 2 and SOC 3 reports (or equivalent) prepared by the cloud provider's third-party auditor and updated annually based on an audit performed at least once every 12 months (the “SOC Reports”).