1.		This Data Processing Agreement ("DPA") sets out the terms, requirements, and conditions on which Flowtrace Ltd ("We", "Us", "Our") will process Personal Data when providing our services to you as our customer("You", "Your") pursuant to our Subscription Terms ("Agreement").

2.		Definitions and Interpretation
	2.1	The following definitions and rules of interpretation apply in this DPA.
	2.2	Definitions:
		"Controller, Data Subject, Personal Data, Personal Data Breach, Processor, Processing/Process/Processed and Supervisory Authority" is as defined in the GDPR.
		"Data Protection Legislation" means all applicable data protection and privacy legislation in force from time to time in the EU and UK, including Regulation (EU) 2016/679 ("GDPR"); the GDPR as defined in section 3(10) (as supplemented by section 205(4)) of the DPA 2018 ("UK GDPR"); the Data Protection Act 2018 ("DPA 2018"); the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and any other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data.
		"Services" means the services to be provided by Us to You under the Agreement.
		"Standard Contractual Clauses" means, together, the standard contractual clauses for the transfer of Personal Data to third countries pursuant to the GDPR, adopted by the European Commission under Commission Decision (EU) 2021/914 2021 ("EU SCCs") and the UK International Transfer Addendum to the EU SCCs ("UK Addendum").
	2.3	A reference to writing or written includes email but not fax.
	2.4	In the case of conflict or ambiguity between:
	2.4.1	any provisions contained in the body of this DPA and any provisions contained in the Schedules, the provisions in the body of this DPA will prevail; and
	2.4.2	any of the provisions of this DPA and any provisions in the Agreement, the provisions of this DPA will prevail.
	2.5	Personal Data Types and Processing Purposes
	2.5.1	The parties acknowledge that for the purpose of the Data Protection Legislation, You are the Controller and We are the Processor.
	2.5.2	You retain control of the Personal Data and remain responsible for Your compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions You give to Us.
	2.5.3	You warrant that Our expected use of the Personal Data for the provision of the Services and as specifically instructed by You will comply with the Data Protection Legislation.
	2.5.4	The Schedules describe the subject matter, duration, nature and purpose of processing and the Personal Data categories and Data Subject types in respect of which We may process Personal Data to fulfil the Services.
	2.6	Your Obligations
	2.6.1	You shall:
	2.6.2	have at all times during the term of the Agreement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to protect any Personal Data, and no less than Our measures set out at paragraph 3.12 of Schedule 1;
	2.6.3	provide clear and comprehensible written instructions to Us for the Processing of Personal Data to be carried out under the Agreement;
	2.6.4	ensure that You have all the necessary licences, permissions and consents from Data Subjects;
	2.6.5	ensure that You have an applicable legal basis, for the transfer of Personal Data to Us and to the processing of that Personal Data by Us; and
	2.6.6	indemnify Us against all loss, liability, damages, costs, fees, claims and expenses which We may incur or suffer by reason of any breach of this DPA or the Data Protection Legislation by You.
	2.7	Our Obligations
	2.7.1	We will only process the Personal Data to the extent, and in such a manner, as is necessary for the Services in accordance with Your written instructions. We will not process the Personal Data for any other purpose or in a way that does not comply with this DPA or the Data Protection Legislation. We will immediately notify You if, in Our opinion, Your instruction would not comply with the Data Protection Legislation.
	2.7.2	We will promptly comply with any request or instruction from You requiring Us to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
	2.7.3	We will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless You or this DPA specifically authorises the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires Us to process or disclose Personal Data, We will first use reasonable endeavours to inform You of the legal or regulatory requirement and give You an opportunity to object or challenge the requirement, unless the law prohibits such notice.
	2.7.4	We will reasonably assist You with meeting Your compliance obligations under the Data Protection Legislation, taking into account the nature of Our processing and the information available to Us, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation.
	2.7.5	We will promptly notify You of any changes to Data Protection Legislation that may adversely affect Our performance of the Services.
	2.7.6	You acknowledge that We may use the Personal Data We receive from you for the purpose of improving our Services, provided that We anonymize (as defined by GDPR) the Personal Data prior to any such use.
	2.8	Our Employees
	2.8.1	We will ensure that any and all employees:
	2.8.2	are informed of the confidential nature of the Personal Data and are bound by confidentiality obligations and use restrictions in respect of the Personal Data;
	2.8.3	have undertaken training on the Data Protection Legislation relating to handling Personal Data and how it applies to their particular duties; and
	2.8.4	are aware both of Our duties and their personal duties and obligations under the Data Protection Legislation and this DPA.
	2.9	Security
	2.9.1	We will at all times implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data including, but not limited to, the security measures set out at paragraph 3.12 of Schedule 1.
	2.9.2	We may update the security measures from time to time, provided they do not result in a reduction in the security over the Personal Data to which they apply. We will maintain an up-to-date written record of Our then-current security measures, which We shall provide to You on request, and review at least on an annual basis to ensure they remain current and complete.
	2.9.3	We will implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
	2.9.3.1.	the pseudonymisation and encryption of Personal Data;
	2.9.3.2.	the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
	2.9.3.3.	the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
	2.9.3.4.	a process for regularly testing, assessing and evaluating the effectiveness of security measures.
	2.10	Personal Data Breach
	2.10.1	We will promptly and without undue delay notify You if any of Your Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. We will restore such Personal Data at Our own expense.
	2.10.2	We will without undue delay notify You if We become aware of:
	2.10.2.1.	any accidental, unauthorised or unlawful processing of Your Personal Data; or
	2.10.2.1.	any Personal Data Breach relating to Your Personal Data.
	2.10.3	Where We become aware of an event within the scope of clause 2.10.2, We shall, without undue delay, also provide You with the following information:
	2.10.3.1.	a description of the nature of such event, including the categories and approximate number of both Data Subjects and Personal Data records concerned;
	2.10.3.2.	the likely consequences of the event; and
	2.10.3.3.	a description of the measures taken or proposed to be taken to address such event, including measures to mitigate its possible adverse effects.
	2.10.4	Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. We will reasonably co-operate with You in Your handling of the matter, including:
	2.10.4.1.	assisting with any investigation;
	2.10.4.2.	making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by You; and
	2.10.4.3.	taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing.
	2.10.5	We will not inform any third party of any Personal Data Breach without first obtaining Your prior written consent, except when required to do so by law, to maintain any policy of insurance, or to maintain regulatory or equivalent certifications.
	2.10.6	Subject to clause 2.10.5 You have the sole right to determine:
	2.10.6.1.	whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Your discretion, including the contents and delivery method of the notice; and
	2.10.6.2.	whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
	2.11	Cross-Border Transfers of Personal Data
	2.11.1	If an adequate protection measure for the international transfer of Personal Data is required under Data Protection Legislation (and has not otherwise been arranged by the parties) the Standard Contractual Clauses shall be incorporated into this Agreement in the Schedules as if they had been set out in full.
	2.11.2	The parties shall ensure that whenever Personal Data is transferred outside the European Economic Area and the United Kingdom ("GDPR Territories") they:
	2.11.2.1.	are Processing Personal Data in a territory which is subject to a current finding by the European Commission under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals;
	2.11.2.2.	participate in a valid cross-border transfer mechanism under the Data Protection Legislation, so that the parties can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the GDPR; or
	2.11.2.3.	otherwise ensure that the transfer complies with the Data Protection Legislation.
	2.11.3	In the case of any Processing of Personal Data outside of the GDPR Territories as at the date of this DPA, We have identified in the Schedules the relevant transfer mechanism. We will promptly inform You of any change to such mechanisms.
	2.11.4	You authorise Us to enter into the Standard Contractual Clauses with the sub-Processor on Your behalf, if required to ensure the relevant Processing of Personal Data complies with Data Protection Legislation. We will make the executed Standard Contractual Clauses available to You on written request.
	2.12	Sub-Processors
	2.12.1	We may only authorise a third party (sub-Processor) to process the Personal Data if:
	2.12.2	You are provided with an opportunity to object to (but not prevent) the appointment of each sub-Processor within 10 days of Us providing You with reasonable details of the forthcoming changes to Our sub-Processors, with such details to be provided by Us updating Our dedicated sub-Processor webpage at www.flowtrace.co/sub-processors;
	2.12.3	We enter into a written contract with the sub-Processor that contains terms materially the same to those set out in this DPA, in particular, in relation to requiring appropriate technical and organisational data security measures, and, upon Your written request and at Your expense, provide You with copies of such contracts (subject to redaction of any confidential information); and
	2.12.4	We maintain control over all Personal Data We entrust to the sub-Processor.
	2.12.5	You authorise Us to use sub-Processors set out on Our dedicated sub-Processor webpage at www.flowtrace.co/sub-processors. These sub-Processors include but are not limited to the general categories of data storage, hosting (including data centres and providers of virtual software environments), customer support and analytics.
	2.12.6	Where the sub-Processor fails to fulfil its obligations under such written agreement, We remain fully liable to You for the sub-Processor’s performance of its agreement obligations.
	2.13	Complaints, Data Subject Requests and Third-Party Rights
	2.13.1	We will take such technical and organisational measures as may be appropriate, and promptly provide such information to You as You may reasonably require, to enable You to comply with:
	2.13.1.1.	the rights of Data Subjects under the Data Protection Legislation, including subject access rights, the rights to rectify and erase Personal Data, object to the processing and automated processing of Personal Data, and restrict the processing of Personal Data; and
	2.13.1.2.	information or assessment notices served on You by any supervisory authority under the Data Protection Legislation.
	2.13.2	We will notify You immediately if We receive any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party's compliance with the Data Protection Legislation.
	2.13.3	We will notify You without undue delay if We receive a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.
	2.13.4	We will give You Our full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.
	2.13.5	We will not disclose the Personal Data to any Data Subject or to a third party other than at Your request or instruction, as provided for in this DPA or as required by law.
	2.14	Liability
	2.14.1	Nothing in this DPA shall limit or exclude either party's liability for (i) death or personal injury caused by negligence; (ii) fraud or deceit; or (iii) any other liability that cannot be excluded by applicable law.
	2.14.2	Subject to clause 2.14.1, Our total liability pursuant to this DPA shall not exceed the total fees paid by You to Us during the preceding twenty-four (24) months period. This clause 2.14.2 do not apply to the Parties’ indemnity rights and obligations provided in the Agreement.
	2.15	Term and Termination
	2.15.1	This DPA will remain in full force and effect for so long as We retain any of Your Personal Data related to the Services in Our possession or control.
	2.15.1	Any provision of this DPA that expressly or by implication should come into or continue in force on or after termination of the Services in order to protect Personal Data will remain in full force and effect.
	2.15.1	If a change in any Data Protection Legislation prevents either party from fulfilling all or part of the Services, the parties will discuss in good faith with a view to implementing any changes necessary to ensure the processing of Personal Data complies with the new requirements.
	2.16	Data Return and Destruction
	2.16.1	At Your request, We will give You a copy of or access to all or part of Your Personal Data in Our possession or control in a commonly accessible and electronic format determined by Us.
	2.16.2	On termination of the Services for any reason or expiry of its term, or at Your request, We will promptly securely delete or destroy or, if directed in writing by You, return and not retain, all or any Personal Data related to this DPA in Our possession or control. This requirement shall not apply to Personal Data which We have archived on Our backup systems which are not reasonably accessible, provided that such Personal Data is deleted promptly in the event such backups become reasonably accessible (such as by Us using those backups to restore Our systems).
	2.16.3	Clause 2.16.2 shall not apply to the extent any law, regulation, or government or regulatory body requires Us to retain any documents or materials that We would otherwise be required to return or destroy.
	2.17	Records
	2.17.1	We will keep detailed, accurate and up-to-date written records regarding any processing of Personal Data We carry out for You ("Records") and provide You with copies of the Records upon request.
	2.18	Audit
	2.18.1	Upon Your reasonable prior written notice of no less than thirty (30) days, and no more than once during any consecutive 24-month period, You may conduct a virtual audit of Our systems holding or processing Your Personal Data and of any documentation that relate to Our processing of Your Personal Data to verify that all necessary security measures have been implemented and are functioning properly and that the processing complies with Data Protection Legislation. No more than once during any consecutive 12-month period, on Your request We will provide You with the relevant information from Our most recent audit (which may have been carried out internally or by third-party representatives) to evidence Our compliance with this DPA and provide the summary results to You. You shall be entitled to ask questions of Us related to compliance with Data Protection Legislation in advance of the audit, We shall use Our reasonable endeavours to respond adequately when providing the audit results.
	2.18.2	On Your written request, We will exercise relevant audit rights We have in connection with Our sub-Processors’ compliance with their obligations regarding Your Personal Data, and provide You with a summary of the audit results.
	2.18.3	The audit rights set out at clauses 2.18.1 – 2.18.2 are Your only contractual rights (and Our only contractual obligations) in connection with the auditing of Our Processing of Personal Data. Save that nothing in this DPA shall prevent or is intended to undermine the rights and powers granted to Data Subjects or Supervisory Authorities, and accordingly We shall submit to any audits required by a Supervisory Authority or Data Protection Legislation.

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and Flowtrace Ltd ("Company", “we”, “us”, or “our”), concerning your access to and use of the app.flowtrace.io website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”). We are registered in England and have our registered office at 86-90 Paul Street, London EC2A 4NE. You agree that by accessing the Site, you have read, understood, and agree to be bound by all of these Terms of Use. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF USE, THEN YOU ARE EXPRESSLY PROHIBITED FROM USING THE SITE AND YOU MUST DISCONTINUE USE IMMEDIATELY.

Supplemental terms and conditions or documents that may be posted on the Site from time to time are hereby expressly incorporated herein by reference. We reserve the right, in our sole discretion, to make changes or modifications to these Terms of Use from time to time. We will alert you about any changes by updating the “Last updated” date of these Terms of Use, and you waive any right to receive specific notice of each such change. Please ensure that you check the applicable Terms every time you use our Site so that you understand which Terms apply. You will be subject to, and will be deemed to have been made aware of and to have accepted, the changes in any revised Terms of Use by your continued use of the Site after the date such revised Terms of Use are posted.

The information provided on the Site is not intended for distribution to or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation or which would subject us to any registration requirement within such jurisdiction or country. Accordingly, those persons who choose to access the Site from other locations do so on their own initiative and are solely responsible for compliance with local laws, if and to the extent local laws are applicable.

The Site is intended for users who are at least 18 years old. Persons under the age of 18 are not permitted to use or register for the Site.

Unless otherwise indicated, the Site is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics on the Site (collectively, the “Content”) and the trademarks, service marks, and logos contained therein (the “Marks”) are owned or controlled by us or licensed to us, and are protected by copyright and trademark laws and various other intellectual property rights and unfair competition laws of the United States, international copyright laws, and international conventions. The Content and the Marks are provided on the Site “AS IS” for your information and personal use only. Except as expressly provided in these Terms of Use, no part of the Site and no Content or Marks may be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Site, you are granted a limited license to access and use the Site and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Site, the Content and the Marks.

By using the Site, you represent and warrant that: (1) all registration information you submit will be true, accurate, current, and complete; (2) you will maintain the accuracy of such information and promptly update such registration information as necessary; (3) you have the legal capacity and you agree to comply with these Terms of Use; (4) you are not a minor in the jurisdiction in which you reside; (5) you will not access the Site through automated or non-human means, whether through a bot, script or otherwise; (6) you will not use the Site for any illegal or unauthorized purpose; and (7) your use of the Site will not violate any applicable law or regulation.

If you provide any information that is untrue, inaccurate, not current, or incomplete, we have the right to suspend or terminate your account and refuse any and all current or future use of the Site (or any portion thereof).

We accept the following forms of payment:

- Visa

- Mastercard

- American Express

- Discover

You may be required to purchase or pay a fee to access some of our services. You agree to provide current, complete, and accurate purchase and account information for all purchases made via the Site. You further agree to promptly update account and payment information, including email address, payment method, and payment card expiration date, so that we can complete your transactions and contact you as needed. We bill you through an online billing account for purchases made via the Site. Sales tax will be added to the price of purchases as deemed required by us. We may change prices at any time. All payments shall be in GBP.

You agree to pay all charges or fees at the prices then in effect for your purchases, and you authorize us to charge your chosen payment provider for any such amounts upon making your purchase. If your purchase is subject to recurring charges, then you consent to our charging your payment method on a recurring basis without requiring your prior approval for each recurring charge, until you notify us of your cancellation.

We reserve the right to correct any errors or mistakes in pricing, even if we have already requested or received payment. We also reserve the right to refuse any order placed through the Site.

You may not access or use the Site for any purpose other than that for which we make the Site available. The Site may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved by us.

As a user of the Site, you agree not to:

Systematically retrieve data or other content from the Site to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us.
Make any unauthorized use of the Site, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses.
Use a buying agent or purchasing agent to make purchases on the Site.
Use the Site to advertise or offer to sell goods and services.
Circumvent, disable, or otherwise interfere with security-related features of the Site, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of the Site and/or the Content contained therein.
Engage in unauthorized framing of or linking to the Site.
Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords.
Make improper use of our support services or submit false reports of abuse or misconduct.
Engage in any automated use of the system, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.
Interfere with, disrupt, or create an undue burden on the Site or the networks or services connected to the Site.
Attempt to impersonate another user or person or use the username of another user.
Sell or otherwise transfer your profile.
Use any information obtained from the Site in order to harass, abuse, or harm another person.
Use the Site as part of any effort to compete with us or otherwise use the Site and/or the Content for any revenue-generating endeavor or commercial enterprise.
Decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Site.
Attempt to bypass any measures of the Site designed to prevent or restrict access to the Site, or any portion of the Site.
Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of the Site to you.
Delete the copyright or other proprietary rights notice from any Content.
Copy or adapt the Site’s software, including but not limited to Flash, PHP, HTML, JavaScript, or other code.
Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party’s uninterrupted use and enjoyment of the Site or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of the Site.
Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats (“gifs”), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as “spyware” or “passive collection mechanisms” or “pcms”).
Except as may be the result of standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Site, or using or launching any unauthorized script or other software.
Disparage, tarnish, or otherwise harm, in our opinion, us and/or the Site.
Use the Site in a manner inconsistent with any applicable laws or regulations.
Access employees protected information or trying to gain access to employees private information

As part of the functionality of the Site, you may link your account with online accounts you have with third-party service providers (each such account, a “Third-Party Account”) by either: (1) providing your Third-Party Account login information through the Site; or (2) allowing us to access your Third-Party Account, as is permitted under the applicable terms and conditions that govern your use of each Third-Party Account. You represent and warrant that you are entitled to disclose your Third-Party Account login information to us and/or grant us access to your Third-Party Account, without breach by you of any of the terms and conditions that govern your use of the applicable Third-Party Account, and without obligating us to pay any fees or making us subject to any usage limitations imposed by the third-party service provider of the Third-Party Account. By granting us access to any Third-Party Accounts, you understand that (1) we may access, make available, and store (if applicable) any content that you have provided to and stored in your Third-Party Account (the “Social Network Content”) so that it is available on and through the Site via your account, including without limitation any friend lists and (2) we may submit to and receive from your Third-Party Account additional information to the extent you are notified when you link your account with the Third-Party Account. Depending on the Third-Party Accounts you choose and subject to the privacy settings that you have set in such Third-Party Accounts, personally identifiable information that you post to your Third-Party Accounts may be available on and through your account on the Site. Please note that if a Third-Party Account or associated service becomes unavailable or our access to such Third-Party Account is terminated by the third-party service provider, then Social Network Content may no longer be available on and through the Site. You will have the ability to disable the connection between your account on the Site and your Third-Party Accounts at any time. PLEASE NOTE THAT YOUR RELATIONSHIP WITH THE THIRD-PARTY SERVICE PROVIDERS ASSOCIATED WITH YOUR THIRD-PARTY ACCOUNTS IS GOVERNED SOLELY BY YOUR AGREEMENT(S) WITH SUCH THIRD-PARTY SERVICE PROVIDERS. We make no effort to review any Social Network Content for any purpose, including but not limited to, for accuracy, legality, or non-infringement, and we are not responsible for any Social Network Content. You acknowledge and agree that we may access your email address book associated with a Third-Party Account and your contacts list stored on your mobile device or tablet computer solely for purposes of identifying and informing you of those contacts who have also registered to use the Site. You can deactivate the connection between the Site and your Third-Party Account by contacting us using the contact information below or through your account settings (if applicable). We will attempt to delete any information stored on our servers that was obtained through such Third-Party Account, except the username and profile picture that become associated with your account.

The Site may contain (or you may be sent via the Site) links to other websites ("Third-Party Websites") as well as articles, photographs, text, graphics, pictures, designs, music, sound, video, information, applications, software, and other content or items belonging to or originating from third parties ("Third-Party Content"). Such Third-Party Websites and Third-Party Content are not investigated, monitored, or checked for accuracy, appropriateness, or completeness by us, and we are not responsible for any Third-Party Websites accessed through the Site or any Third-Party Content posted on, available through, or installed from the Site, including the content, accuracy, offensiveness, opinions, reliability, privacy practices, or other policies of or contained in the Third-Party Websites or the Third-Party Content. Inclusion of, linking to, or permitting the use or installation of any Third-Party Websites or any Third-Party Content does not imply approval or endorsement thereof by us. If you decide to leave the Site and access the Third-Party Websites or to use or install any Third-Party Content, you do so at your own risk, and you should be aware these Terms of Use no longer govern. You should review the applicable terms and policies, including privacy and data gathering practices, of any website to which you navigate from the Site or relating to any applications you use or install from the Site. Any purchases you make through Third-Party Websites will be through other websites and from other companies, and we take no responsibility whatsoever in relation to such purchases which are exclusively between you and the applicable third party. You agree and acknowledge that we do not endorse the products or services offered on Third-Party Websites and you shall hold us harmless from any harm caused by your purchase of such products or services. Additionally, you shall hold us harmless from any losses sustained by you or harm caused to you relating to or resulting in any way from any Third-Party Content or any contact with Third-Party Websites.

We reserve the right, but not the obligation, to: (1) monitor the Site for violations of these Terms of Use; (2) take appropriate legal action against anyone who, in our sole discretion, violates the law or these Terms of Use, including without limitation, reporting such user to law enforcement authorities; (3) in our sole discretion and without limitation, refuse, restrict access to, limit the availability of, or disable (to the extent technologically feasible) any of your Contributions or any portion thereof; (4) in our sole discretion and without limitation, notice, or liability, to remove from the Site or otherwise disable all files and content that are excessive in size or are in any way burdensome to our systems; and (5) otherwise manage the Site in a manner designed to protect our rights and property and to facilitate the proper functioning of the Site.

We care about data privacy and security. Please review our Privacy Policy: http://www.flowtrace.co/privacy-policy. By using the Site, you agree to be bound by our Privacy Policy, which is incorporated into these Terms of Use. Please be advised the Site is hosted in Ireland. If you access the Site from any other region of the world with laws or other requirements governing personal data collection, use, or disclosure that differ from applicable laws in Ireland, then through your continued use of the Site, you are transferring your data to Ireland, and you agree to have your data transferred to and processed in Ireland.

We respect the intellectual property rights of others. If you believe that any material available on or through the Site infringes upon any copyright you own or control, please immediately notify us using the contact information provided below (a “Notification”). A copy of your Notification will be sent to the person who posted or stored the material addressed in the Notification. Please be advised that pursuant to applicable law you may be held liable for damages if you make material misrepresentations in a Notification. Thus, if you are not sure that material located on or linked to by the Site infringes your copyright, you should consider first contacting an attorney.

These Terms of Use shall remain in full force and effect while you use the Site. WITHOUT LIMITING ANY OTHER PROVISION OF THESE TERMS OF USE, WE RESERVE THE RIGHT TO, IN OUR SOLE DISCRETION AND WITHOUT NOTICE OR LIABILITY, DENY ACCESS TO AND USE OF THE SITE (INCLUDING BLOCKING CERTAIN IP ADDRESSES), TO ANY PERSON FOR ANY REASON OR FOR NO REASON, INCLUDING WITHOUT LIMITATION FOR BREACH OF ANY REPRESENTATION, WARRANTY, OR COVENANT CONTAINED IN THESE TERMS OF USE OR OF ANY APPLICABLE LAW OR REGULATION. WE MAY TERMINATE YOUR USE OR PARTICIPATION IN THE SITE OR DELETE YOUR ACCOUNT AND ANY CONTENT OR INFORMATION THAT YOU POSTED AT ANY TIME, WITHOUT WARNING, IN OUR SOLE DISCRETION.

If we terminate or suspend your account for any reason, you are prohibited from registering and creating a new account under your name, a fake or borrowed name, or the name of any third party, even if you may be acting on behalf of the third party. In addition to terminating or suspending your account, we reserve the right to take appropriate legal action, including without limitation pursuing civil, criminal, and injunctive redress.

We reserve the right to change, modify, or remove the contents of the Site at any time or for any reason at our sole discretion without notice. However, we have no obligation to update any information on our Site. We also reserve the right to modify or discontinue all or part of the Site without notice at any time. We will not be liable to you or any third party for any modification, price change, suspension, or discontinuance of the Site.

We cannot guarantee the Site will be available at all times. We may experience hardware, software, or other problems or need to perform maintenance related to the Site, resulting in interruptions, delays, or errors. We reserve the right to change, revise, update, suspend, discontinue, or otherwise modify the Site at any time or for any reason without notice to you. You agree that we have no liability whatsoever for any loss, damage, or inconvenience caused by your inability to access or use the Site during any downtime or discontinuance of the Site. Nothing in these Terms of Use will be construed to obligate us to maintain and support the Site or to supply any corrections, updates, or releases in connection therewith.

These conditions are governed by and interpreted following the laws of the United Kingdom, and the use of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. If your habitual residence is in the EU, and you are a consumer, you additionally possess the protection provided to you by obligatory provisions of the law of your country of residence. Flowtrace Ltd and yourself both agree to submit to the non-exclusive jurisdiction of the courts of England, which means that you may make a claim to defend your consumer protection rights in regards to these Conditions of Use in the United Kingdom, or in the EU country in which you reside.

Informal Negotiations

To expedite resolution and control the cost of any dispute, controversy, or claim related to these Terms of Use (each "Dispute" and collectively, the “Disputes”) brought by either you or us (individually, a “Party” and collectively, the “Parties”), the Parties agree to first attempt to negotiate any Dispute (except those Disputes expressly provided below) informally for at least thirty (30) days before initiating arbitration. Such informal negotiations commence upon written notice from one Party to the other Party.

Binding Arbitration

Any dispute arising from the relationships between the Parties to this contract shall be determined by one arbitrator who will be chosen in accordance with the Arbitration and Internal Rules of the European Court of Arbitration being part of the European Centre of Arbitration having its seat in Strasbourg, and which are in force at the time the application for arbitration is filed, and of which adoption of this clause constitutes acceptance. The seat of arbitration shall be London, United Kingdom. The language of the proceedings shall be English. Applicable rules of substantive law shall be the law of the United Kingdom.

Restrictions

The Parties agree that any arbitration shall be limited to the Dispute between the Parties individually. To the full extent permitted by law, (a) no arbitration shall be joined with any other proceeding; (b) there is no right or authority for any Dispute to be arbitrated on a class-action basis or to utilize class action procedures; and (c) there is no right or authority for any Dispute to be brought in a purported representative capacity on behalf of the general public or any other persons.

Exceptions to Informal Negotiations and Arbitration

The Parties agree that the following Disputes are not subject to the above provisions concerning informal negotiations and binding arbitration: (a) any Disputes seeking to enforce or protect, or concerning the validity of, any of the intellectual property rights of a Party; (b) any Dispute related to, or arising from, allegations of theft, piracy, invasion of privacy, or unauthorized use; and (c) any claim for injunctive relief. If this provision is found to be illegal or unenforceable, then neither Party will elect to arbitrate any Dispute falling within that portion of this provision found to be illegal or unenforceable and such Dispute shall be decided by a court of competent jurisdiction within the courts listed for jurisdiction above, and the Parties agree to submit to the personal jurisdiction of that court.

THE SITE IS PROVIDED ON AN AS-IS AND AS-AVAILABLE BASIS. YOU AGREE THAT YOUR USE OF THE SITE AND OUR SERVICES WILL BE AT YOUR SOLE RISK. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, IN CONNECTION WITH THE SITE AND YOUR USE THEREOF, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE MAKE NO WARRANTIES OR REPRESENTATIONS ABOUT THE ACCURACY OR COMPLETENESS OF THE SITE’S CONTENT OR THE CONTENT OF ANY WEBSITES LINKED TO THE SITE AND WE WILL ASSUME NO LIABILITY OR RESPONSIBILITY FOR ANY (1) ERRORS, MISTAKES, OR INACCURACIES OF CONTENT AND MATERIALS, (2) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF THE SITE, (3) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION AND/OR FINANCIAL INFORMATION STORED THEREIN, (4) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SITE, (5) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE WHICH MAY BE TRANSMITTED TO OR THROUGH THE SITE BY ANY THIRD PARTY, AND/OR (6) ANY ERRORS OR OMISSIONS IN ANY CONTENT AND MATERIALS OR FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE VIA THE SITE. WE DO NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SITE, ANY HYPERLINKED WEBSITE, OR ANY WEBSITE OR MOBILE APPLICATION FEATURED IN ANY BANNER OR OTHER ADVERTISING, AND WE WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND ANY THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES. AS WITH THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE CAUTION WHERE APPROPRIATE.

IN NO EVENT WILL WE OR OUR DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT, LOST REVENUE, LOSS OF DATA, OR OTHER DAMAGES ARISING FROM YOUR USE OF THE SITE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO THE AMOUNT PAID, IF ANY, BY YOU TO US DURING THE SIX (6) MONTH PERIOD PRIOR TO ANY CAUSE OF ACTION ARISING. CERTAIN US STATE LAWS AND INTERNATIONAL LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MAY HAVE ADDITIONAL RIGHTS.

Neither party shall disclose to any person any information, whether in written or any other form, disclosed by or on behalf of one party ("Disclosing Party") to the other party ("Receiving Party") in the course of the discussions leading up to or the entering into or during the performance of this Agreement and which is identified as confidential or is clearly by its nature confidential including, but not limited to, the the Party's intellectual property, business information and all personal data, as well as any other information internal to the Disclosing Party, its Affiliates, or any of the Disclosing Party’s customers ("Confidential Information") except insofar as the Confidential Information: (a) is required by a person employed or engaged by the Receiving Party or its Affiliates in connection with the performance of this Agreement (but only to the extent that any person to whom the information is disclosed needs to know the same for the performance of their duties and provided the Receiving Party shall ensure that all such persons are aware of the obligation of confidentiality and comply with such obligation as if they were a party to the Agreement); or (b) is required to be disclosed by law provided that (to the extent legally permitted) the party disclosing the information shall notify the other party of the information to be disclosed and of the circumstances in which the disclosure is alleged to be required as early as reasonably possible before such disclosure shall be made and takes all reasonable action to avoid and limit such disclosure). Each of the parties shall use the Confidential Information solely in connection with the performance of this Agreement and not otherwise for its own benefit or the benefit of any third party.

Except for personal data, Confidential Information shall not include information which: (a) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party hereunder; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party or its Affiliates without breach of any obligation owed to the Disclosing Party; (c) was independently developed by the Receiving Party without breach of any obligation owed to the Disclosing Party as evidenced by written documentation existing at the time of such independent development; or (d) is received from a third party without breach of any obligation owed to the Disclosing Party.

Without prejudice to any other rights or remedies that the Disclosing Party may have, the Receiving Party agrees that if the Confidential Information is used or disclosed other than in accordance with the terms of this Agreement, the Disclosing Party shall, without proof of special damage, be entitled to apply for an injunction, specific performance or other equitable relief for any threatened or actual breach of the provisions of this clause, in addition to any damages or other remedy to which it may be entitled.

We shall not disclose to You, bring onto Your premises or systems, or induce You to use any third-party confidential information.

This clause shall continue in force for a period of five (5) years from the termination or expiry of this Agreement however caused.

You agree to defend, indemnify, and hold us harmless, including our subsidiaries, affiliates, and all of our respective officers, agents, partners, and employees, from and against any loss, damage, liability, claim, or demand, including reasonable attorneys’ fees and expenses, made by any third party due to or arising out of: (1) your Contributions; (2) use of the Site; (3) breach of these Terms of Use; (4) any breach of your representations and warranties set forth in these Terms of Use; (5) your violation of the rights of a third party, including but not limited to intellectual property rights; or (6) any overt harmful act toward any other user of the Site with whom you connected via the Site. We agree to defend, indemnify and hold you harmless, including your subsidiaries, affiliates, and all of your respective officers, agents, partners, and employees, from and against any loss, damage, liability, claim, or demand, including reasonable attorney's fees and expenses, arising out of (1) our breach of confidentiality duties with respect to Your Confidential Information and (2) our violation of the rights of a third party, including but not limited to intellectual property rights and data privacy rights. Upon becoming aware of it, the indemnified party shall give notice of the claim, action or proceeding in writing to the indemnifying Party so that the indemnifying Party can cooperate with the defense of the matter. The indemnified Party shall not settle or make other binding declarations concerning the Third Party claim without the prior written approval of the other party.

Visiting the Site, sending us emails, and completing online forms constitute electronic communications. You consent to receive electronic communications, and you agree that all agreements, notices, disclosures, and other communications we provide to you electronically, via email and on the Site, satisfy any legal requirement that such communication be in writing. YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS, AND OTHER RECORDS, AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES, AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED BY US OR VIA THE SITE. You hereby waive any rights or requirements under any statutes, regulations, rules, ordinances, or other laws in any jurisdiction which require an original signature or delivery or retention of non-electronic records, or to payments or the granting of credits by any means other than electronic means.

These Terms of Use and any policies or operating rules posted by us on the Site or in respect to the Site constitute the entire agreement and understanding between you and us. Our failure to exercise or enforce any right or provision of these Terms of Use shall not operate as a waiver of such right or provision. These Terms of Use operate to the fullest extent permissible by law. We may assign any or all of our rights and obligations to others at any time. We shall not be responsible or liable for any loss, damage, delay, or failure to act caused by any cause beyond our reasonable control. If any provision or part of a provision of these Terms of Use is determined to be unlawful, void, or unenforceable, that provision or part of the provision is deemed severable from these Terms of Use and does not affect the validity and enforceability of any remaining provisions. There is no joint venture, partnership, employment or agency relationship created between you and us as a result of these Terms of Use or use of the Site. You agree that these Terms of Use will not be construed against us by virtue of having drafted them. You hereby waive any and all defenses you may have based on the electronic form of these Terms of Use and the lack of signing by the parties hereto to execute these Terms of Use.

1	Incorporation of the EU SCCs
1.1	To the extent clause 2.11.1 applies and the transfer is made pursuant to the GDPR, this Schedule 1 and the following terms shall apply where the Customer is based outside of the EEA or UK:
1.1.1	Module 4 of the EU SCCs, and no other optional clauses unless explicitly specified, are incorporated into this Schedule 1 as if they had been set out in full in the case where the exporter is a Processor, the importer is a Controller and the transfer requires such additional protection.
2	Clarifications to the EU SCCs
2.2	For the purposes of clauses 17 and 18 of the EU SCCs, the laws and courts of Ireland shall apply.
3	Processing Particulars for the EU SCCs
	The Parties
3.1	Exporter (Processor): Flowtrace
3.2	Importer (Controller): Customer
	Description Of Data Processing
3.3	Categories of data subjects: Employees, consultants, contractors, customers and any other parties of the Customer whose personal data is contained within the customer's internal communication and collaboration tools.
3.4	Categories of personal data transferred: Names, email addresses, roles and any other personal data contained within the communication and collaboration tools.
3.4	Sensitive data transferred: None.
3.6	Frequency of the transfer: Continuous.
3.7	Nature of the processing: Analysis for the purposes of providing the Services.
3.8	Purpose of the processing: For the purposes of performing our obligations under the Agreement, specifically to create metrics and measurements of collaboration, including personnel’s focus time, in order to help our customer create a collaborative and productive working culture.
3.9	Duration of the processing: For the duration of the Agreement.
3.10	Sub-Processor Transfers: As required and set out in the Agreement.
3.11	Competent Supervisory Authority: The Irish Data Protection Commissioner for transfers from the EU or EEA, and the UK Information Commissioner for transfers from the UK.
3.12	Technical and Organisational Measures: We use secure authentication processes such as Auth0, Google SSO, Slack SSO and Amazon Cognito; store all personal data in a separate database from the analytics data; encrypt the data in transit and at rest; and limit our employees' access to production according to industry best practices. We set out minimum technical and organizational measures, which we meet and surpass, in Appendix 1.

‍The following defines the minimum of technical and organizational measures to ensure Personal Data protection and Personal Data security, which must be established and maintained by Us. The aim is to ensure, in particular, the confidentiality, integrity and availability of the information processed by Us on behalf of You.‍

Measures to ensure the integrity and confidentiality of systems and services

Equipment access control: deny unauthorized persons access to processing equipment used for processing
- Only authorized users have access to the could infrastructure and processing resources. We are using AWS access control mechanisms including MFA.
Data media control: prevent the unauthorized reading, copying, modification or erasure of data media
- Only authorized users have access to the could infrastructure and processing resources. We are using AWS access control mechanisms including MFA.
Storage control: prevent the unauthorized input of Personal Data and the unauthorized inspection, modification or deletion of stored Personal Data
- All data is encrypted at rest, and only authorized users can process the data in the database.
User control: prevent the use of automated processing systems by unauthorized persons using data communication equipment
- Any automated processing actions can be taken by authorized users only.
Data access control: ensure that persons authorized to use an automated processing system have access only to the Personal Data covered by their access authorization
- Our access to cloud resources is limited by leveled access of authorized users and only authorized level authority can access the client's Personal Data.
Communication control: ensure that it is possible to verify and establish the bodies to which Personal Data have been or may be transmitted or made available using data communication equipment
- Access and data processing activities are logged
Input control: ensure that it is subsequently possible to verify and establish which Personal Data have been input into automated processing systems and when and by whom the Personal Data were input
- All operations to make Personal Data accessible to us is logged
Transport control: ensure that the confidentiality and integrity of Personal Data are protected during transfers of Personal Data or during transport of data media
- All data is encrypted in transit

Measures to ensure the availability and resilience of systems and services

Reliability: ensure that all system functions perform and that the appearance of faults in the functions is reported
- Our cloud infrastructure reliability is ensured by AWS service SLAs
Integrity: ensure that stored Personal Data cannot be corrupted by means of a malfunctioning of the system
- Our cloud infrastructure reliability is ensured by AWS service SLAs
Availability control: ensure that Personal Data are protected against loss and destruction
- Our cloud infrastructure reliability is ensured by AWS service SLAs

Measures to rapidly restore the availability and access to Personal Data following a physical or technical incident

Recovery: ensure that installed systems may, in the case of interruption, be restored
- We have robust backup strategies in all databases and the reliability is ensured by AWS service SLAs

In many instances our internal process meets and surpasses the minimum requirements set out above. You can read these as a reference from this URL: http://www.flowtrace.co/data-privacy-practices

1.		Parties
	17.13	As set out in Schedule 1.
18.		Selected SCCs, Modules and Clauses
	18.1	Personal data received from the importer is not combined with personal data collected by the exporter.
19.		Appendix Information
	19.1	The processing details required by the UK Addendum are as set out in Schedule 1, paragraph 3.
20.		Termination of the UK Addendum
	20.1	In the event the template UK Addendum issued by the Information Commissioner's Office and laid before Parliament in accordance with s119A of the DPA 2018 on 2 February 2022, as it is revised under Section ‎18 is amended, either party may terminate this Annex 2 on written notice to the other in accordance with Table 4 and paragraph 19 of the UK Addendum and replace it with a mutually acceptable alternative.

DATA PROCESSING AGREEMENT