Effective date: June 2024

Formidium Corp. (“Formidium”) serves the websites mentioned in the Annexure and maintains a global presence with offices located around the world. We understand that your privacy is important for you and that is why we are committed to protecting it. In order to do that, we have set up many protocols and procedures which ensure that your information is always in responsible hands and in accordance with our privacy laws. We are grateful for your trust and can assure you that we would act in a way that is beneficial for you. The below provided privacy policy describes all the points about the information we collect from you and how we use it. From time to time, we also update our privacy policy and post its effective date accordingly.

Application of this privacy policy

This privacy policy applies whenever you use any of our company’s products and browse any of our sites as mentioned in the Annexure below. The company products can lead you to use a third-party app on devices with operating systems like Android, iOS, or Microsoft windows. Whenever there is any use of your personal information or if it is being used by a third party, then this privacy policy applies unless you visit an external site through our website, in which case, refer to ‘General information’ and ‘Links to third party site’. Under this policy, all the electronic devices are covered, example, computer, laptop, tablet, mobile phone, or any other consumer electronic device.

General information

Certain other sites are linked to our site and although we are not responsible for any content mentioned in those linked sites, we encourage you to go through their privacy policies thoroughly. The external sites are not in our control and we are not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. These links are provided for your convenience to provide further information and the inclusion of any link does not imply endorsement by us of such site.

Information you provide us

You can visit our websites as mentioned in the Annexure anytime, but you need to provide certain basic information if you wish to get associated with us and know about our products.

We may collect information when you register with us, apply to use any of our services, become our client, Contact us in person or through the email ids mentioned on the ‘Contact us’ page on our website. We may also collect your information when you contact our support team, or when you or your organization offer to provide services to us.

When you create an account with us or request us to create an account for you, you have to provide certain personal information along with your desired username and password. Once the account is created, to log-in to your account, you would also have to create a desired password while your email address would be used as your username.

Any personal information that you share with us, example your name, address, telephone number, street address, email address along with insurance and bank related information, wallet information, fund name, account name etc. shall be kept private and confidential.

Information automatically collected

This is the information which is collected automatically from every person who visits or browses our site. This information allows us to identify you and statistics related to you. It includes the date and time of your visit, the amount of time you spent on the site, your language preference, IP address etc. Apart from that, we may also be interested in the device related information like the model of your device, its operating system, and the name of the network company.

Information collected from third party sources

In certain circumstances, we collect personal information about you from a third-party source, for example, we may collect personal information from other government agencies, a credit reporting agency, fraud prevention agencies, financial crime agencies, an information or service provider, some of which form part of publicly available records.

Cookies

Cookies enhance the experience of a person when they visit a site which is the reason we also use cookies to gather information about you which in turn would be helpful for us to identify you easily the next time. We transfer a cookie text file to the hard drive of your computer and then a unique number is assigned to your computer. This unique number helps us to recognize your computer and know how you browse our site.

The categories of cookies used are:

  • Strictly necessary cookies - these cookies are needed to run our website, keep it secure, and comply with regulations that apply to us.
  • Performance/analytics cookies – we may use performance/analytics cookies on our website. These cookies collect information about how visitors use our website and services, including which pages visitors go to most often and if they receive any error messages from certain pages. It is used to improve how our website functions and performs.
  • You have the option of blocking or not allowing cookies, which is provided by most of the web browsers alerting you every time a cookie is being delivered to your computer system.

Use of information

It is important for you to know how and where we put your information to use. All the data collected is subject to our privacy policy and terms of use.

When you provide personal information to us, we may use it for any of the purposes described below:

  • To process your application to use our services and provide you with requested services.
  • To onboard you as our new clients.
  • To provide you with information or assistance that you request from us when we receive any queries or complaints.
  • For conducting verifications, monitoring, and reporting following anti-money laundering and counter-terrorist financing laws.
  • To notify you about the changes to our services.
  • To help protect your information and prevent unauthorized access to it.
  • To comply with our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
  • The information may also be used for third-party products and services, limited to only those associated with us.
  • To provide you with information about other services, we offer that are similar to those that you have already engaged us to provide or enquired about.
  • To monitor and improve the quality of our services.
  • To comply with our legal and regulatory requirements.

We usually use the information to analyze what part of our site is visited most frequently and the services most searched for. This helps us design and alter our site in a better way to suit your convenience. Apart from that, your personal information may also be used for our commercial purposes. This includes offering you specified offers, products or services based on your personal information and frequent searches. Moreover, our subsidiaries may also have access to all this. For your interest, we may also need your email address to send you all the information related to our products and services.

Lawful basis for processing

We are only allowed to process personal information collected if we have a lawful basis to do so.

We at Formidium process personal information if we have a legal basis. Out of the six lawful bases allowed under the GDPR; our legal bases are as follows:

  • Legitimate Interest – We process your personal information on the ground of legitimate interest, for example to provide our services, safeguard our services, understand our user preferences etc.
  • Consent – We process your personal information only if you have given your consent freely for the same. We do not believe in bundled consent.
  • Contractual necessity – We process your personal information only when it’s necessary for performance of contract, for example, if the processing is necessary in order to fulfill our commitments under the applicable terms of service.
  • Legal Obligation – We process your personal information only if the use of your information is necessary for compliance with any legal obligation.
Recipients of your information are:

We understand that you trust us and that is why we assure you that we will use your personal information only in good faith. It would only be used for your benefit or if it helps us serve you in a better way.

  • Employees and Subsidiaries: We at Formidium might share your personal information with our employees, subsidiaries that need to know in order to help us provide our services or process the information on our behalf.
  • Legal Requirement: We provide your personal information if we are required to provide such information in response to a court order or other applicable law or any legal process.
  • To prevent fraud and protect rights: When we believe in good faith that disclosure is necessary to prevent or respond to fraud, defend our websites against attacks, or protect the property and safety of Formidium and users, or the public.
  • If we have consent: We may share and disclose information with your consent or at your direction.
  • Third party vendors: Formidium provides your personal information to third parties who are obligated to use the personal information that we share with them for the purpose of provision of their services to us in order to help us run our business, such as Payment Gateways or other service providers, etc.
  • To Comply with Laws: In case we receive a request for information, we may disclose if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process. We may also share your personal information with an acquirer in the event of a sale of substantially all of our assets or other change of control transaction.
Opt out rights

You have the right to stop receiving any notifications from us anytime. Through our ‘opt out’ policy, you can discontinue getting any emails by intimating us at unsubscribe@formidium.com or by unsubscribing from our emails. Although, you cannot opt out from receiving communications for your transactions with us or information related to your account.

Accessing your information

It is important for us to keep your personal information updated at all times and hence, we want you to keep it up to date by making changes to your account from time to time. You can log into your account anytime to modify the information. We suggest you keep it updated so that we may not have any future hindrances related to it.

If you have any doubt related to your personal information, you can ask for a copy and we will send it to you, but to access this you would have to provide us with your valid identity proof and if you fail to do so, we reserve the right to not send it to you.

Security

Although no method on the internet is 100% secure to protect private information, we strive to use the best methods to keep it safe. We have placed security protocols in all our databases, computer systems, other devices, and communication networks. So, the chance of information getting leaked is at a minimum.

We take appropriate security measures (including physical, electronic and procedural) to help protect the confidentiality, integrity and availability of your personal information from unauthorized access and disclosure.

It is also your duty to protect your information by not sharing it with others. You must never tell anyone your username and password and if you notice any unauthorized use of your account, it should be notified to us as soon as possible.

Links to third party site

This privacy policy applies only to our site and not to any other third-party site. While browsing our site, there are chances that you may get redirected to any third-party links which is not in our control and sometimes we may also link external sites to our site. We suggest you go through their privacy policy as well to avoid any confusion. We are not responsible for any personal information they extract from you.

Data retention

We are committed to only keeping your personal information for as long as we need to in order to fulfill the relevant purpose(s) it was collected for, as set out above in this policy and for as long as we are required or permitted to keep it by law.

We retain copies of our customer contracts in order to enable us to deal with any legal issues and the information provided to us for identification and verification checks, financial crime and anti-money laundering checks (as required by law) for at least 7 years after termination or expiry of our contract with you.

International transfers

We may need to transfer your personal information within the Formidium group and to third parties, as noted above in connection with the purposes set out in this policy. For this reason, we may transfer your personal information to other countries that may have different laws and data protection compliance requirements, including data protection laws. If we do so, we will ensure that this is in accordance with the law and take appropriate measures to ensure that the level of protection which applies to your personal information processed in these countries is similar to that which applies.

If you want to receive more information about the safeguards applied to international transfers of personal information, please use the contact details provided below.

Your rights

Subject to GDPR, EU data subjects may have several rights regarding the processing of personal information including:

You being the user have certain rights in respect of your own personal information. The rights given in respect to your personal information, subject to any exemptions provided by law, including right to:

  • The Right to Information – The data subjects have the right to be informed about the collection and use of their personal information.
  • The Right of Access – The data subjects have the right to access their personal information and supplementary information.
  • The Right to Rectification - The data subjects shall have the right to obtain without undue delay the rectification of inaccurate personal information concerning them.
  • The Right to Erasure - The data subjects shall have the right to ask for erasure of personal information concerning them without undue delay.
  • The Right to Restriction of Processing - The data subjects shall have the right to ask restriction of processing of personal information.
  • The Right to Data Portability - The right to data portability gives data subjects the right to receive their personal information they have provided in a structured, commonly used and machine readable format, and have right to transmit the same.
  • The Right to Object - The data subjects have the right to object to the processing of personal information.
  • The Right to Avoid Automated Decision-Making - The data subjects shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this policy, or about our processing of your personal information, you may Contact us at the below mentioned contact information. We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of personal information.

Changes to our privacy policy

Time to time, we may have to change our privacy policy in accordance with new laws and changing technology. We encourage you to visit our site frequently to see if there is any material change. It is very important for us to update our policies to serve you better. Whenever we make a change, it would reflect the new effective date. So, we suggest you to always look for the revised effective date or use ‘Contact us’ to know about any changes.

Contacting us

Whenever you need to enquire from us about this privacy policy, you can write to us at 3025 Highland Pkwy Suite 330, Downers Grove, IL 60515, unless otherwise provided in the Annexure. You can also call us at +1-630-828-3520 unless otherwise provided in the Annexure or email at the email addresses provided in the Annexure. We are always at your service and ready to clarify all your doubts.

Annexure
Effective Date: June 2024

Please review the Terms of Use (‘TOU’) carefully. If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern our relationship with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website. We reserve the right to update and modify the TOU at any time without notice to you. When we make updates to the TOU, we will update the effective date of the TOU. By using the website after a new version of the TOU has been posted, you agree to the terms of such new version.

The term ‘our’ or ‘us’ or ‘we’ refers to the owner of the websites as provided in the Annexure below. The term ‘you’ refers to the user or viewer of our website.

The use of this website is subject to the following terms of use:

  • The content of this website is for your general information and use only. It is subject to change without notice.
  • This website uses cookies to monitor browsing preferences.
  • Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
  • This website contains material which is owned by or licensed to us. This material includes, but is not limited to, text, logos, icons, images, sounds, music, digital downloads, data compilation, software, documents, design, layout, look, appearance and graphics. This material is exclusive property belonging to us or our content suppliers and is protected by the various applicable intellectual property and unfair competition laws in the United States and internationally. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions. All rights not expressly granted to you in this TOU are reserved and retained by us or our licensors, suppliers, publishers, rightsholders, or other content providers.
  • All trademarks reproduced on this website, which are not the property of, or licensed to, the operator is acknowledged on the website.
  • As a condition of your use of the website, you will not use the website for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the website in any manner that could damage, disable, overburden, or impair any of our servers, or the network(s) connected to any of our servers, or interfere with any other party's use and enjoyment of any website. You may not attempt to gain unauthorized access to any website, other accounts, computer systems or networks connected to any of our servers, through hacking, password mining or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the website. You may not attempt to copy or change, alter or otherwise attempt to modify the website or these TOU. Unauthorized use of this website may give rise to a claim for damages and/or be a criminal offense.
  • From time to time this website may also include links to other websites which enable you to leave our site. The external sites are not in our control and we are not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. These links are provided for your convenience to provide further information and the inclusion of any link does not imply endorsement by us of such site.
  • Your use of this website and any dispute arising out of such use of the website is subject to the laws of USA and India.

Whenever you need to enquire from us about this terms of use, you can write to us at 3025 Highland Pkwy Suite 330, Downers Grove, IL 60515, unless otherwise provided in the Annexure. You can also call us at +1-630-828-3520 unless otherwise provided in the Annexure or email at the email addresses provided in the Annexure.

Annexure
Last updated: June 2024

This License agreement (this "agreement"), effective as of the date of signature (as mentioned in the Order Form) of both parties (the “Effective Date”), is made by and between you (the "customer"), and Formidium Corp., a Delaware Corporation ("Formidium" or the “company”) (each sometimes referred to as a “Party” and together, the “parties”).

WHEREAS, Formidium is a professional services and financial technology provider who owns all rights and interest in the software (as defined in Exhibit A);

WHEREAS, Formidium makes the software available through Formidium’s online cloud-based portal;

WHEREAS, the customer is desirous of utilizing the software and Formidium is willing to license the software to the customer; and

WHEREAS, the specific software you order will be set forth in the ordering documents (including any online form) issued by Formidium specifying the Product to be provided under these terms (“Order Forms”). To be eligible to use any Product, you must review and accept the terms set forth in this agreement by executing the applicable Order Form provided by us and/or checking on the “I Agree” button or other mechanism provided. Your authorization to access and use any Formidium Product is conditioned on your acceptance of and compliance with the terms of this agreement.

NOW, THEREFORE, in consideration of the premises and mutual covenants herein contained, it is agreed between the parties hereto as follows:

1. agreement

This agreement shall govern the use of the software by the customer and services subscribed for the customer, including systems, equipment, infrastructure, networks, hosting and other outsourced functions that the company or any subcontractor (whether owned by the company, a subcontractor, or a third party) uses (the "Services"). The software and the Services are together referenced as the “Products”.

2. License To Use The Products

2.1 Formidium hereby grants to the customer a non-exclusive, non-assignable, non-transferable and revocable worldwide right (“License”) to access and use the Products subject to the terms of this agreement, including Exhibit A attached hereto and any other documents which may be provided along with the Order Form, the terms of which are incorporated herein by reference.

2.2 The customer, and each user given access by the customer, is licensed to access the Products.

2.3 The company may update the Products from time to time. If the company changes the Products in a manner that materially reduces their functionality, the company will inform the customer via the email address associated with the customer’s account as provided by the customer. Such a material reduction in functionality shall constitute a material breach and the customer shall have the right to terminate this agreement as per the terms of section 6.1.

2.4 The company may provide the customer with support related to the Products (“Support Services”). Any supplemental software code provided to the customer as part of the Support Services shall be considered a part of the software and subject to the terms and conditions of this agreement. With respect to technical information the customer provides to the company as part of the registration of the customer's license to the software or in connection with the Support Services, the company shall only use such information, which shall constitute customer Data (as defined in section 4.2 of this agreement), for legitimate business purposes, including for product support and development.

3. customer Obligations

3.1. The customer is responsible for use of the Products by its users. The customer will obtain from users any consent necessary to engage in the activities described in this agreement and to allow the company to provide the Products. The customer will comply with laws and regulations applicable to the customer's use of the Products, including but not limited to those laws related to data privacy, international communications, and the transmission of technical or personal data.

3.2. The customer may specify users as “Administrators.” Administrators may have the ability to access, disclose, restrict, or remove customer Data in or from the Products. Administrators may also have the ability to monitor, restrict, or terminate access to the Products. The company’s responsibilities do not extend to the internal management or administration of the Products.

The customer is responsible for:

3.2.1. maintaining the confidentiality of passwords and Administrator accounts;

3.2.2. managing access to user and Administrator accounts; and

3.2.3. ensuring that users and Administrators' use of the Products complies with this agreement.

3.3. The customer will prevent unauthorized use of the Products by its users and terminate any unauthorized use of or access to the Products, or their use for illegal or unlawful purposes, or infringe any legal rights, in any jurisdiction. The customer’s use will not promote any viruses or other harmful software. The customer will promptly notify the company of any unauthorized use of or access to the Products.

3.4. The customer may not rent, lease, copy or lend the software. The customer may not reverse engineer, decompile, or disassemble the software or otherwise attempt to derive the source code of the software. The customer may not remove, modify or obscure any copyright, trademark or other proprietary notices contained in the software. The customer will not use the software in any way that violates the terms of this agreement or for any purpose or in any manner that is unlawful or prohibited by this agreement.

3.5. Subject to any restrictions on termination during the Initial Term provided in the Order Form of the respective software and without prejudice to any other rights, each Party may terminate this agreement as provided in section 6.1 if the other party commits a material breach with respect to the terms and conditions of this agreement and such failure remains uncured for a period of 30 days (or longer by mutual written agreement of the parties) from the Notice Date (as defined in section 6.1). In such event, the customer and the company shall comply with the provisions of section 6 regarding the effects of such termination.

3.6 The customer shall: (a) notify Formidium, in writing, immediately of any unauthorized use of any password or user id or any other known or suspected breach of security, (b) report, in writing, to Formidium immediately and use reasonable efforts to stop any unauthorized use of the software that is known or suspected by the customer, and (c) not provide false identity information to gain access to or use the software.

4. Intellectual property rights & copyright

4.1. No title or rights of ownership, copyright, or any other intellectual property in the Products, including all upgrades, modifications, new versions, and releases of the Products, is or will be transferred to the customer. All title and copyrights in and to the software (including, without limitation, any images, photographs, animations, video, audio, music, text, and applets incorporated into the software), the accompanying media and printed materials, and any copies of the software are owned by the company. The software is protected by copyright laws and international treaty provisions. Therefore, the customer must treat the software like any other copyrighted material, and not allow any act which is likely to prejudice the Intellectual Property, subject to the provisions of this agreement.

4.2. “customer Data” means all customer related information processed or stored through or by way of the Products or on the customer’s behalf. customer data includes, without limitation, information and data provided by the customer’s employees, directors, officers, agents and other users and by other third parties, other information/data generated through use of the Products by or on customer’s behalf and any information/data based on customer’s data, and copies of all such information rendered onto paper or other non-electronic media. The company recognizes and agrees that the customer possesses and retains all rights, title, and interest in and to customer Data, and the company’s use and possession thereof is solely on the customer’s behalf. The customer hereby grants the company a limited license to reproduce and otherwise manage customer Data during the duration of the agreement solely as specifically authorized herein.

5. Fees & Payment

5.1. The customer will pay all applicable fees, as set out in the Order Form. License fees, as set out in the Order Form, are payable in advance and are non-refundable except as required by law. The customer is responsible for providing complete and accurate billing and contact information to the company. The company may suspend or terminate the Services if fees are due past 30 days after the customer’s receipt of the invoice or due past notice from the company, whichever is earlier.

5.2. The customer is responsible for all taxes. The company will charge tax when required to do so. If the customer is required by law to withhold or deduct any taxes, the customer must provide the company with an official tax receipt or other appropriate documentation and will always make an additional payment to the company in order to ensure that the company always receives the amount it would have received had such amount not been withheld or deducted.

5.3. If the customer requires the use of a purchase order or purchase order number, the customer:

5.3.1. must provide the purchase order number at the time of purchase; and

5.3.2. agrees that any terms and conditions on the customer purchase order will not apply to this agreement and are null and void.

5.4. All undisputed invoices are payable 30 days after receipt. Undisputed payments which are not received when due will be considered late and will remain payable by the customer together with interest from the due date at the lesser of the statutory rate applicable or 1% per month. This interest will accrue on a daily basis. customer will pay the undisputed part of any disputed invoice within the timeframe mentioned in aforementioned sentence.

5.5. The customer acknowledges and agrees that any funds or payments submitted by the customer to the company as a deposit or designated as such are deemed non-refundable under any circumstances.

6. Term & Termination

6.1. Subject to any restrictions on termination during the Initial term provided in the respective Order Form, this agreement may be terminated within 30 days by the parties for convenience by providing a notice in writing , with effect from 30 days from the receipt of such notice (“Notice Date”), if the customer fails to pay any sums due under this agreement by the due date and/or becomes unable to pay its debts as they fall due or any material breach by the parties (including any security breach due to the acts or omissions of the company) and such failure to pay or the material breach remains uncured for 30 days (or longer by mutual agreement of the parties each behaving reasonably) from the notice date.

6.2. On termination of this agreement the customer will be obliged to certify in writing to the company within 30 days of termination that it has stopped using the product.

7. Internal Use

7.1. This agreement grants the customer a license for its business purposes only (including those of its affiliates), the customer shall be entitled to use the relevant services granted under the license only in relation to its business (including those of its Affiliates) and such license shall not permit the customer:

a) to use all or any part of such services to provide any service or product to any third party; or

b) to give or allow access to, or to otherwise disseminate, all or any part of such Services in any manner whatsoever to any third party.

c) “Affiliates” shall include (however will not be limited to) subsidiaries, sister organizations or companies, parent companies, partners & special purpose vehicles and the use of the term customer in this agreement or exhibit A includes affiliates, where applicable and relevant. For the avoidance of doubt, the customer may designate any number of users to use the product amongst the directors, officers and employees of the customer or its affiliates.

7.2 In the event that the customer is involved in any merger or acquisition with another company or organization then the company reserves the right to update, and potentially increase (“Fee Hike”), the applicable fees to accommodate any increases in usage and processed volumes, provided that if the customer disagrees with the Fee Hike, the customer shall have the right to terminate this agreement with effect from the date of such Fee Hike.

8. Warranties

8.1. EXCEPT FOR THE LIMITED SERVICE LEVEL COMMITMENTS SET FORTH IN SECTION 8.2, THE CUSTOMER AGREES AND ACKNOWLEDGES THAT, FORMIDIUM DISCLAIMS ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, WITH RESPECT TO THE SOFTWARE, THE SERVICES PROVIDED OR THE AVAILABILITY, FUNCTIONALITY, PERFORMANCE OR RESULTS OF USE OF THE SOFTWARE. WITHOUT LIMITING THE FOREGOING, EXCEPT AS SPECIFICALLY SET FORTH IN THIS SECTION, FORMIDIUM DISCLAIMS ANY WARRANTY THAT THE SOFTWARE, THE SERVICES PROVIDED BY FORMIDUM, OR THE OPERATION OF THE SOFTWARE ARE OR WILL BE ACCURATE, ERROR-FREE, VIRUS-FREE OR UNINTERRUPTED. FORMIDUM MAKES NO, AND HEREBY DISCLAIMS, ANY IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR ANY PARTICULAR PURPOSE OR ARISING BY USAGE OF TRADE, COURSE OF DEALING OR COURSE OF PERFORMANCE.

8.2 Formidium does not guarantee network availability between the customer and the Formidium hosting servers. Formidium will not be liable for any downtime caused in whole or part by a third-party data center provider nor for any downtime that the customer experiences as a result of the customer’s network connectivity issues. If the customer experiences an outage and is unable to access the software, the customer must immediately contact Formidium’s help desk, providing any/all necessary information that may assist Formidium in determining the cause of the outage. Formidium will determine in good faith whether the outage was within Formidium’s reasonable control. THIS SHALL BE CUSTOMER’ SOLE REMEDY, AND FORMIDIUM’S SOLE AND ENTIRE LIABILITY, FOR FORMIDIUM’S FAILURE TO PROVIDE AVAILABILITY TO THE SOFTWARE.

8.3 The customer confirms that it has not, in entering into this agreement, relied on any condition, warranty, or representation by Formidium to any other entity regarding the software.

9. Limitation of Liability

9.1. FORMIDIUM'S TOTAL AGGREGATE LIABILITY TO CUSTOMER FOR ANY REASON INCLUDING WITHOUT LIMITATION, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY, MISREPRESENTATIONS, AND OTHER TORTS, IS LIMITED TO ALL FEES PAID TO FORMIDIUM BY THE CUSTOMER DURING THE TWELVE MONTHS IMMEDIATELY PRECEDING THE EVENTS GIVING RISE TO THE LIABILITY. Formidium shall not be liable for any loss of data or functionality caused directly or indirectly by the users. The customer assumes all risks arising from the use of the Products, including any private or confidential data, or other private information provided to Formidium, including the risk of any inadvertent disclosure or unauthorized access thereto.

Formidium shall use commercially reasonable efforts to correct all software error, to provide a reasonable workaround, and to maintain reasonable availability of the software. The customer shall provide such access, information, and support as Formidium may reasonably require for error support. Formidium has no other liability to the customer for software errors or unavailability of the software. Without limiting the foregoing, Formidium is not obligated to correct any software errors or provide any other support if such software errors or need for support was created in whole or in part by: (i) the customer’s acts, omissions, negligence or willful misconduct, including any breach of applicable law, rule or regulation or this agreement or any changes to the customer’s operating environment; or (ii) any failure or defect of the customer’s or a third-party’s equipment, software, facilities, applications, or internet connectivity.

The provisions of this section allocate the risks under this agreement between the parties, and the parties have relied on these limitations in determining whether to enter into this agreement.

10. Indemnity

10.1 Indemnification by Formidium. Formidium shall defend, indemnify and hold harmless the customer from and against any final judgment, including an award of reasonable attorney’s fees, that may be awarded by a court of competent jurisdiction against the customer, resulting from any third-party claim, suit or proceeding that arises from the customer’s use of the software in accordance with this agreement that infringes or misappropriates any U.S. trade secret, trademark, or copyright (“Claim”).

Notwithstanding the foregoing Formidium will have no indemnity obligation to the customer if the alleged infringement or misappropriation is based on (i) any combination, operation, or use of the software with products, services, information, materials, technologies, business methods or processes not furnished by Formidium to the extent the infringement or misappropriation is based on such combination, operations or use; (ii) any modification (other than by Formidium) to the software to the extent the infringement or misappropriation is based on such modification; (iii) use of the software in violation of or outside the scope of this agreement, (iv) an allegation that the software consists of a function, system or method traditionally utilized in a similar software that is not commercially unique to the software, and the commercially unique aspects of the software are not identified in the allegation giving rise to the Claim, (v) user interface or related user design elements not provided by Formidium, (vi) fraud, wilful misconduct or gross negligence by the customer, (vii) breach or default by the customer under this agreement, or (viii) an ordinary and usual expense of such customer.

The foregoing and following indemnity is subject to the customer: notifying Formidium in writing within thirty (30) days of becoming aware of any such Claim; giving Formidium sole control of the defense or settlement of such a Claim; and providing Formidium with any and all information and assistance reasonably requested by Formidium to handle the defense or settlement of the Claim.

Notwithstanding the foregoing, in the event of such a claim, or if Formidium believes that such a Claim is likely, Formidium may, at its sole option and expense: (a) modify the software or provide the customer with a substitute that is non-infringing; or (b) obtain a license or permission for the customer to continue to use the software, at no additional cost to the customer; or (c) if neither (a) nor (b) is, in Formidium’s judgment, commercially practicable, terminate the customer’s access to the software (or to a portion of the software as necessary to resolve the claimed infringement) and refund any prepaid but unused fees covering use of the software after termination. THIS SECTION 10.1 STATES FORMIDIUM’S ENTIRE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY CLAIM PROVIDED FOR UNDER THIS SECTION 10.1.

10.2 Indemnification by customer. The customer will indemnify, defend and hold Formidium, any and each of its affiliates, and their directors, officers, shareholders, shareholders, subsidiaries, partners, contractors, employees, service providers, licensors, and agents (the “Formidium parties”) harmless, at the customer’s expense, against any third-party claim, suit, action, or proceeding (each, an "Action") brought against the Formidium parties by a third-party to the extent that such Action is based upon or arises out of: (a) unauthorized or illegal use of the software by the customer or its affiliates or any user, (b) the customer or its affiliates' or any users’ noncompliance with or breach of this agreement, (c) the customer or its affiliates' or its users’ use of third-party products, or (d) the unauthorized use of the software by any other person using the customer or user information.

10.3 Conditions for Indemnification. A party seeking indemnification under this section shall (a) promptly notify the other party of the claim, (b) give the other party sole control of the defense and settlement of the claim, and (c) provide, at the other party’s expense for out-of-pocket expenses, the assistance, information and authority reasonably requested by the other party in the defense and settlement of the claim.

11. Information Security

11.1. Definitions

11.1.1. "Security Breach” or “Breach of Security"

11.1.1.1. Any unauthorized access to or use of the Product and/or any confidential and proprietary data contained in the company systems and all other information and data compilations used by the company whether or not in electronic form (the “company Data”) /customer Data;

11.1.1.2. Any loss, corruption, or unauthorized disclosure of any company Data/customer Data; and/or

11.1.1.3. Any poor configuration, incorrect system management, unpatched vulnerabilities and/or other flaws impacting the Products.

11.1.2. "Security Assessments"

11.1.2.1. Pen testing, segmentation testing or vulnerability scanning carried out to identify whether there are any potential security gaps in respect of customer Data and/or company Products/data.

11.2. The company acknowledges the values of confidentiality, integrity, availability, security, and dependability of customer Data and systems, as well as company Products.

11.3. Accordingly, the company will:

11.3.1. perform obligations under this agreement with the highest focus on the security of company Data and systems, as well as on customer Data;

11.3.2. perform security requirements compliance as specified in this agreement;

11.3.3. ensure that the security measures used to protect customer Data, as well as Products, follow industry best practices and are in compliance with applicable laws;

11.3.4. respond to any specific threats to the security of customer Data, as well as Products, proactively and promptly; and

11.3.5. for security related incidents, provide a fair level of access to pertinent assets, personnel and subcontractors if required by customer. Final decision on this request will be made at the company’s IT security team’s discretion.

11.4. Security Breach

11.4.1. The company will inform the customer promptly if there is a security breach (if proven) that affects the Products. The company will take all reasonable steps, including actions / changes reasonably required by the customer, at no additional expense to the customer necessary to:

11.4.1.1. reduce the impact of the security breach;

11.4.1.2. remediate or mitigate the security breach to the extent possible and protect the confidentiality, integrity, and availability of applicable Services;

11.4.1.3. implement stringent security controls to prevent a further security breach in the future exploiting the same root cause; and

11.4.1.4. provide an uncorrupted copy of customer Data affected by the security breach to the firm (upon request) in an encrypted format and within an agreed upon timeframe and without charge; and as soon as reasonably possible and where required by customer provide full investigation details of the Breach of Security, including a root cause analysis.

11.5. Security Testing

11.5.1. The company agrees that it will:

11.5.1.1. where a security remediation is not immediately available, implement interim mitigation steps to known exploitable vulnerabilities;

11.5.1.2. pro-actively and regularly scan the Products for vulnerable components and promptly address discovered vulnerabilities (including after major design or architecture change);

11.5.1.3. rerun any applicable security tests once any necessary corrective/preventive/detective action has been performed within the timeframe agreed with the customer;

11.5.1.4. follow accepted industry standards for vulnerability assessments, prioritization, and remediation.

11.5.2. The company confirms that security testing will be planned and implemented without affecting Services delivery (unless otherwise agreed with customer in writing and in advance).

11.5.3. Upon request, the company will provide customer with a security test sanitized summary (as it reasonably relates to the Services). Final decision on this request will be made at the company’s IT security team’s discretion.

11.6. Mobile Access

11.6.1. When company Data/customer Data is kept on a mobile, detachable, or uncontrollable company device, the company will guarantee that the data is encrypted in accordance with industry standards.

11.6.2. Devices used to access or administer customer Data and/or systems will be securely managed by the company.

11.6.3. Secured configurations will be followed in accordance with industry standards and before being provisioned.

11.7. Vulnerabilities and Patch Management

11.7.1. The company understands that vulnerabilities in the Products may be discovered, and that unless they are addressed, they will pose an unacceptable risk to the Services and/or customer Data.

11.7.2. Threats/vulnerabilities will be categorized by the company in line with the industry's best practices including severity ratings: Critical, High, Medium, Low & Informational.

11.7.3. The company will apply security patches to vulnerabilities in the Products within the timelines below:

11.7.3.1. Security patches categorized as “Critical” or “High’” as soon as possible however within one month after release.

11.7.3.2. Other applicable security patches should be prioritized based on risk and applied within an appropriate timeframe.

11.7.3.3. By exception, the customer may agree a different maximum time after consulting with the company on a case-by-case basis.

11.7.3.4. If the company is unable to address the vulnerability within the timeframes outlined above, the company will notify the customer in writing promptly.

11.7.4. All Products (whether its own proprietary software or 3rd party software) will be kept up to date, including software being no more than one major version level below the latest release during the term of the agreement unless otherwise agreed by customer in writing, and subject to appropriate endpoint and remote access protection.

11.7.5. The company will use industry standard baseline hardening practices such as deleting or disabling interfaces, services, and capabilities that are not required for the supply of the products.

11.7.6. The company will ensure that malware and unauthorized software running on the underlying servers/platform do not compromise the Products.

11.8. Systems & architecture

11.8.1. Where the company processes customer data, the company is committed to:

11.8.1.1. on reasonable request, provide customer data in the industry standard format and in a secured manner;

11.8.1.2. have established protocols in place to ensure that customer data is available if the company ceases to operate;

11.8.1.3. the availability of customer data in the event of the company ceasing to service;

11.8.1.4. secured destruction of all media that has held customer data at the end of life of that media in line with good industry practice;

11.8.1.5. secured erasure of any or all customer data held by the company when requested to do so by the customer;

11.8.1.6. ensure business data is securely communicated (e.g., encrypted) through any public and internal network (including the internet, mobile networks, and workplace networks) in accordance with good industry practice.; and

11.8.1.7. where required by the customer, customer data must be encrypted at rest and in motion in line with the good industry practice;

11.8.1.8. where customer information is encrypted, data security key/secrets management methods, such as secure key/secrets production, distribution, rotation, and storage, must be followed in accordance with industry standards;

11.8.1.9. customer data should be appropriately segregated from other company clients;

11.8.1.10. ensure all locations where customer Data is stored are fully documented; and

11.8.1.11. not use any business data for any reason other than to fulfil the company’s duties under this agreement.

11.8.2. The company will ensure that all physical facilities that process customer data are secure in accordance with industry best practices.

11.8.3. To maintain confidentiality and integrity of data in the communication channel, the company agrees to use only secured and encrypted means of communications channels during the sharing of data.

11.9. Identity access management

11.9.1. The company certifies that an access control policy is in place and that all company users and administrators are uniquely identified and authenticated.

11.9.2. Regular reviews of user access to customer data and the products is in place. Records of the review are stored securely.

11.9.3. Industry best practices for password policies are in place (e.g., password composition, complexity, history, change, revocation, storage).

11.9.4. When company suppliers and subcontractors having access to customer Data or any systems holding customer Data no longer need it or depart the organization, access permissions will be terminated immediately.

11.10. Secured software development lifecycle

11.10.1. Where software development is required for integration with customer systems/applications, secure development practices are to be followed. This includes:

11.10.1.1. threat modelling as per the company’s defined internal Secured software development lifecycle (“SSDLC”) framework;

11.10.1.2. using secure coding frameworks and standards;

11.10.1.3. security testing prior to deployment;

11.10.1.4. applying the concept of least privilege in relation to the products integrating with services and systems leveraged by customer; and

11.10.1.5. engagement of the security team during each stage of SSDLC.

11.11. Security monitoring

11.11.1. The company will ensure sufficient monitoring of the products to facilitate the detection of behaviors that would be indicative of a breach of security. This should include (as applicable):

11.11.1.2. security events generated in the products such as account logon and logoff events, the commencement and termination of remote access sessions, security alerts from desktop and server operating systems, and security alerts from third-party security software;

11.11.1.3. logs from other network devices such as firewalls, proxy servers, web servers, web application firewalls and intrusion detection/prevention devices;

11.11.1.4. any other records relating to monitoring requirements of the products which may be agreed between the parties from time to time; and

11.11.1.5. retention of audit records for a period of at least one (1) year, and upon reasonable request make audit records available to the customer in case of a security or technical incident.

11.12. Personnel Training

11.12.1. The company confirms that all company personnel and subcontractors' personnel with access to customer data or any systems in the products holding customer Data undergo appropriate Information security training.

11.12.2. If the customer assigns email addresses to the company and/or subcontractor staff, the company will guarantee that the emails are exclusively used to carry out the company’s obligations under this agreement.

11.13. company security policies/processes

11.13.1. The company confirms that on entry into this agreement the following internal documents are in place:

11.13.1.1. Information Security policies covering the company’s security governance.

11.13.1.2. Security incident management processes.

11.13.1.3. Security incident response plan.

11.13.1.4. Risk management framework.

11.13.1.5. Third party risk management policy and its annual review to ensure they reflect good industry practice.

11.13.1.6. Vulnerability & patch management policy which includes processes for prioritization, testing, and application of security patches; and reporting and audit provisions related to the patching process to assess its effectiveness.

11.13.1.7. Processes for identification of breaches of Security along with methodology to assess the actual and potential impact on the services of any new breach of Security.

11.13.2. The company confirms compliance with the company’s policies/processes when providing the services, and otherwise in the context of the obligations under this agreement

11.14. Data Privacy

11.14.1. The company ensures the following practices in relation to data privacy:

11.14.1.1. Maintain appropriate physical, technical and administrative measures to ensure that processing of personally identifiable information (the “PII”) data carried out by the company in connection with this agreement meets and ensures protection of the rights of individuals under the EU GDPR 2016 / 679 or UK data protection Act 2018.

11.14.1.2. Process the PII data only to the extent and in the manner required for the permitted purpose and in accordance with the customer's written instructions (including the instructions set out in this agreement), and not for any other reason.

11.14.1.3. Process the PII data in accordance with the UK data protection act 2018 and will not put itself or the customer in violation of it.

11.14.1.4. The company shall promptly provide a copy of all customer data it holds in the format and on the media reasonably requested by the customer upon written request.

11.14.1.5. The company may only authorize a third party or sub-contractor to process the personal data if it enters into a written agreement with sub-contractors who will be processing personal data that reflects the requirements of the UK Data Protection Act 2018 and with similar obligations as are imposed on the company by this agreement and provided that the sub-contractor's right to process customer’s personal data terminates automatically on termination of this agreement for any reason.

11.14.2. The company shall upon request and at its own cost:

11.14.2.1. make available to the customer all information necessary to demonstrate compliance with the obligations set out in this agreement;

11.14.2.2. allow for and contribute to audits, including inspections, conducted by or on behalf of the customer or by any Regulatory Authority pursuant to article 58(1) of the UK data protection act 2018 for the purposes of accessing the company’s compliance with its obligations under this agreement and the UK data protection act 2018.

11.14.3. Any subcontracting or transfer of personal data permitted by the customer shall not relieve the company of any of its liabilities, responsibilities, and obligations under this agreement to the customer and the company shall remain fully liable for the acts and omissions of its permitted Sub-contractors.

11.14.4. Notwithstanding anything to the contrary in these terms, the company may monitor, collect, use and store anonymous and aggregate statistics and/or data regarding use of the Products solely for internal business purposes (including, but not limited to, improving the Products, and creating new features) and such anonymized and aggregate data shall not be considered customer Data.

11.15. Data hosting

11.15.1. customer Data may be processed and/or hosted by the company or its authorized third-party service providers in the United Kingdom, United States, European Union, European Economic Area, Switzerland, or other locations around the world, unless otherwise agreed by the parties.

11.16. customer privacy is extremely important to Formidium. Please read Formidium’s privacy policy which explains how Formidium treats and protects personal data when the customer uses the software.

12. Corruption & Bribery

12.1. Both parties agree that neither it nor any associated person has given or offered any payment or gift to anybody employed by the other party as an inducement or reward for awarding this agreement to the other party.

12.2. Without prejudice to any rights the parties may have arising from a breach of section12.1, all Products shall be revoked unless otherwise mutually agreed by both the parties if at any time there is evidence to show that the other party or any associated person is offered or given a bribe of any kind or any gift as an inducement or reward for doing or refraining from doing any act in relation to this agreement in relation to

12.2.1. anyone employed by the other party; or

12.2.2. anyone employed by the customer.

13. Force Majeure

13.1. Force majeure refers to an act or event affecting the performance by a party of its obligations hereunder:

13.1.1. arising from natural catastrophes such as floods, earthquakes, hurricane tornado etc. (acts of God), war, pandemic, insurgency, sabotage, strikes, lock outs, or other industrial action and any other occurrences beyond the reasonable control of the party thus affected.

13.1.2. if and to the extent that any delay or failure to perform any of its obligations under this agreement is due to Force Majeure, neither party shall be liable to the other, provided that the affected party gives the other party written notice, takes steps in accordance with agreed security and operational controls to resume full services of its obligations, and uses reasonable efforts to mitigate. The liability protection offered by this section is only for the length of the Force Majeure event.

14. Right to audit

14.1. The company agrees to allow, with 30 days advance written notice and no more than once every six months, the customer, or any other authorized representative of the customer or regulatory authority access to the company’s premises, data, or personnel for the purpose of assessing the company's compliance with its obligations under this agreement.

14.2. Regular (no more than twice per year) security meetings can be conducted between the parties to provide compliance adherence assurance. These meetings should not be considered as an audit but an opportunity to provide a security overview.

15. Confidentiality

15.1. The customer acknowledges that the Products constitute and incorporate confidential and proprietary information developed or acquired by or licensed to the company. The customer hereby undertakes to the company to receive and hold the Products in the strictest confidence and further to take all reasonable security precautions in the safekeeping of the Products and in preventing its unauthorized disclosure to third parties, applying no lesser security measures to it than to its own confidential information.

15.2. The company acknowledges that the customer Data constitutes and incorporates confidential and proprietary information of the customer. The company hereby undertakes to the customer to receive and hold the customer Data in the strictest confidence and further to take all reasonable security precautions in the safekeeping of the customer Data and in preventing its unauthorized disclosure to third parties, except its own employees, Affiliates and shareholders or as may be required by law or by the administrative or regulatory requirements of any stock exchange on which shares of the company are listed, applying no lesser security measures to it than to its own confidential information.

16. General

16.1. The failure of either party to exercise or enforce any right or provision of this agreement shall not constitute a waiver of such right or provision. This agreement, along with Exhibit A, constitutes the entire agreement between the parties and governs the customer's use of the Products, superseding any prior agreements between the customer and the company (including, but not limited to, any prior versions of this agreement). A reference to this agreement includes Exhibit A, unless the context suggests otherwise.

17. software Support

17.1. The customer may access personnel employed or otherwise engaged by the company for the purposes of providing Products support (support personnel) during the times published on the Formidium’s website/portal.

18. Conflict

18.1. In the event of any conflict, contradiction, or ambiguity between the terms and conditions of this agreement and Order Form, then the terms and conditions of the Order Form shall prevail over this agreement.

19. Assignment

Formidium may assign, charge, transfer or declare a trust over any of its rights or obligations under this agreement at any time. The customer shall not assign, transfer, charge, declare a trust or novate any of its rights under this agreement, except with the prior written approval of Formidium. The preceding sentence applies to all assignments of rights, except in the event of a voluntary transfer of substantially all assets by the customer to a transferee which executes Formidium’s form of agreement agreeing to be bound to all the terms and conditions of this agreement. In such case the customer will also adhere to section 7.2 of this agreement.

20. Notices

Any notice required or permitted hereunder shall be in writing either by letter, facsimile or email and shall be deemed effective on the date of personal delivery (by private messenger, courier service, or otherwise) in case of a letter or upon confirmed receipt of facsimile by the relevant Party, whichever occurs first, or upon confirmation of receipt by the relevant Party if by electronic mail when transmitted (change in address may only be specified by written notice from one Party to the other). The addresses of the parties are provided at the time of issuing the Order Form.

21. Waiver

No waiver shall be effective unless it is in writing and signed by the waiving party. The waiver by either party of any breach of this agreement shall not constitute a waiver of any other or subsequent breach. Failure or delay by either Party to enforce any provision of this agreement will not be deemed a waiver of future enforcement of that or any other provision.

22. Severability

If any term of this agreement is held to be invalid or unenforceable, that term shall be reformed to achieve as nearly as possible the same effect as the original term, and the remainder of this agreement shall remain in full force.

23. Entire agreement

This agreement may not be modified or amended by customer except by an instrument in writing signed by the parties. Except as stated herein, this agreement may be modified by Formidium upon 30 days written notice to customer. Except as stated below with respect to the User agreement as provided on the Formidium website (the “User agreement”), this agreement, together with Exhibit “A”, signature page and the Order Forms, their riders, amendments, and revisions thereof, shall constitute the entire agreement of the parties and supersedes all prior agreements and understanding between the parties relating to the subject matter hereof.

The User agreement (as amended from time to time), the form of which is linked hereto, shall govern customer’s use of the software and shall be read in conjunction with this agreement. To the extent there is a conflict between this agreement and the User agreement, this agreement shall control, unless the User agreement specifically acknowledges the conflict and expressly states that the conflicting User agreement controls.

24. Survival

All provisions regarding indemnification, warranty, liability, and limits thereon, and confidentiality and/or protections of intellectual rights or proprietary rights shall survive the termination of this agreement.

25. Publicity

Formidium may include customer’s name and logo in its customer lists and on its website. Upon signing, Formidium may issue a high-level press release announcing the relationship and the manner in which customer will use the software. Formidium shall coordinate its efforts with appropriate communications personnel in customer’s organization to secure approval of the press release if necessary.

26. Independent Contractor

The parties have the status of independent contractors, and nothing in this agreement nor the conduct of the parties will be deemed to place the parties in any other relationship. Except as provided in this agreement, neither party shall be responsible for the acts or omissions of the other party or the other party’s personnel.

27. Governing Law, Jurisdiction and Venue

The laws of the State of Illinois shall govern the validity, interpretation, and performance of this agreement without regard to conflict of laws and principles. The state and federal courts in the State of Illinois, Dupage County, shall have exclusive jurisdiction over matters arising under or associated with this agreement. The parties consent to such courts' exclusive jurisdiction and venue and irrevocably waive any objections thereto.

Exhibit A
List of the software