These Terms and Conditions govern the use of and subscription to the Software (including any Proof of Concept ("POC")) and the provision of related Services provided by gutt. These Terms and Conditions apply to all Orders executed between the Parties (via the online self-service available on the gutt website) (all as defined below). The Client expressly waives the application of its own general and special terms and conditions, even where it is stated therein that only those conditions may apply and even if such terms were not protested by gutt.

Where the Parties agree to a POC, the POC-period has as purpose the evaluation of the functionalities, performance and suitability of the Software for the Client's intended purposes. Unless otherwise expressly agreed in writing, upon expiration of the POC period the POC shall automatically convert into a production license subscription under gutt's then-applicable commercial terms and pricing, unless the Client provides written notice of termination in accordance with section 17.

By executing an (online registration) Order, including any Order for a POC, or other document referring these Terms and Conditions, or by using the Software, the Client acknowledges that it has read, understands and accepts these Terms and Conditions and agrees to be bound by them. If you are an employee (or contractor) of the Client accepting these Terms on behalf of the Client, you represent and warrant that you have full legal authority to bind the Client to the Agreement and have read and understand the Terms and Conditions.

"Agreement" means the entire contractual relation between the Parties, including these Terms and Conditions, the Order(s) and any other document referring to these Terms and Conditions executed between the Parties and any annexes thereto.

"API" means the proprietary application programming interface, developed and owned by gutt allowing the Software to communicate with the Client Systems and other (third party) software or systems as may be further described in an Order.

"Confidential Information" of a Party means the information of such Party, whether in written, oral, electronic or other form, and which (i) is explicitly marked as confidential or proprietary, or (ii) should reasonably be considered confidential given its nature, regardless of whether it is expressly marked as confidential, including information concerning clients, prospects, personnel, suppliers, partners, affiliates or others, training methods and materials, financial information, marketing plans, devices, discoveries, ideas, know-how, techniques, formulas, blueprints, software (in object and source code form), documentation, designs, prototypes, methods, processes, procedures, codes, and any technical or trade secrets, including all copies of any of the foregoing or any analyses, studies or reports that contain, are based on, or reflect any of the foregoing. The Confidential Information of gutt shall in any event include any information related to the Software and Services.

"Client" means the legal entity identified in the relevant Order.

"Client System" means the collection of legacy software, systems, applications, databases, documents, AI agents, and infrastructure that is owned by and/or or licensed by the Client.

"Documentation" means the technical and functional manuals, user instructions and/or operating guidelines that gutt generally makes available to its Clients from time to time.

"gutt" means iBRAIN BV, with commercial name gutt, a limited liability company, with registered office at Lage Kaart 26, 2930 Brasschaat, Belgium and enterprises number 1021.384.957 (RLE Antwerp (division Antwerp)).

"Intellectual Property Rights" means (non-exhaustive list) patents, trademarks, copyrights, rights in software programs (both in object code and source code), design rights, database rights, proprietary rights in know-how, business names, trade names and all rights or forms of protection of a similar nature or having equivalent or similar effect to any of the afore listed which may subsist anywhere in the world, and any other intellectual or industrial property rights in any country and any existing or future applications for or registrations of such rights.

"Order" means the written or electronic document signed by both Parties, regardless its entitlement, detailing the scope and other specifics of the subscription to the Software and related Services ordered by the Client, including the specific conditions under which such order is made.

"Output" means any results, content or other output generated by or resulting from the usage of the Solution.

"Party" or "Parties" means either gutt and the Client individually or together.

"Services" means the professional services (such as setup, onboarding, configuration, integration, training, consultancy, maintenance and support or other services) to be provided by gutt, as described in an Order or as mutually agreed in writing from time to time.

"Software" means the proprietary SaaS-solution and APIs, developed and owned by gutt, providing a queryable knowledge base and contextual memory layer based on knowledge captured via Client Systems aiming to allow Users to inject organizational context in queries via AI prompts executed via Client Systems, as may be further described in the Order.

"Solution" means the Software as provided to the Client in accordance with the relevant Order(s), together with the Client Systems connected by the Client via the available APIs.

"User(s)" means any individual user or (autonomous) AI agent that accesses, interacts with or makes use of the Software, including but not limited to: (i) Client staff interacting with the Software via AI agents or Client Systems; and (ii) bots or automated AI systems performing searches, executing tasks, or acting on instructions.

Subject to timely payment of the applicable fees, gutt grants the Client during the term of the Agreement, a personal, limited, revocable, non-exclusive, non-transferable, non-assignable and non-sublicensable license to:

1. (a) access and use the Software for the Client's internal business purposes, in accordance with the Documentation; and
2. (b) connect the Client Systems with the Software via the APIs made available, in accordance with the applicable Documentation.

The scope of the license granted pursuant to clause 3.1, is limited to the scope, functionalities and volumes as may be specified in the Order. There are no implied licenses under the Agreement and gutt reserves any right not expressly granted to the Client hereunder.

The Client remains responsible for the actions and/or omissions of any authorized affiliates, using the Software. When an affiliate ceases to be an affiliate of the Client, said affiliate shall have to conclude a new agreement with gutt for any continued use.

The Client acknowledges, that the license granted is User and volume based (i.a. driven by document and data volume and complexity), both as further specified in the relevant Order. For the avoidance of doubt, any User interaction with the Software via Client Systems, shall be considered use of the Software and shall count towards the Client's volume quota, irrespective of the used means and Client Systems (such as AI agents). In any event, one unique license and account must be set-up for each individual User accessing the Software. gutt has the right to verify whether the license fee correctly reflects the amount of effective Users and processing volumes. The Client shall remain responsible for their Users' compliance with the Agreement.

If the Client's actual use of the Software at any time exceeds the scope of the license granted under this Agreement and Order, including but not limited to exceeding the number of permitted Users or any other agreed usage limits, the Client shall pay (pro rata) such excess subscription fees reflecting the actual level of use and corresponding volume price as set out in the Order. If during the term of its subscription the Client wishes to increase its current subscription plan, the Parties shall execute an additional Order and any additional subscription fees shall be invoiced pro rata (and will thereafter automatically renew in accordance with the provisions of this Terms).

The Client acknowledges that gutt may make future features and functionalities subject to the payment of additional license fees and/or additional conditions. If the Client wants to include such features and functionalities to its license, the Parties shall conclude a new Order detailing the relevant modalities and pricing.

To the maximum extent permitted under applicable law, the Client shall not, directly or indirectly (including, without limitation, through the actions of any affiliate, User or a third party):

1. (a) use the Solution (or any part thereof) other than in accordance with the Agreement, its intended purpose, the Documentation and/or applicable laws;
2. (b) use the Solution (or any part thereof) in any way that is unlawful, illegal, fraudulent or harmful;
3. (c) sell, lease, rent, display, license, sublicense, transfer, provide, disclose or otherwise commercialize, deal in or encumber its rights in the Software;
4. (d) permit access to (or use of) the Software in whole or in part, to (or by) any third party or otherwise use the Software on a service bureau basis;
5. (e) (attempt to) modify, decompile, disassemble, reverse engineer or reconstruct, identify, discover, copy, duplicate, create derivative works based upon the underlying ideas, user interface techniques, algorithms, models, methodologies, methods, software code (including source code) of the Software by any means whatsoever, or disclose any of the foregoing;
6. (f) encumber or suffer to exist any lien or security interest on (its rights to) the Software;
7. (g) take any action that would cause the Software to be placed in the public domain;
8. (h) (attempt to) remove, suppress or modify any proprietary markings (including copyright notices) present on or visible during the operation of the Software;
9. (i) use the Software in any computer environment not expressly permitted under the Agreement; and/or
10. (j) work around any technical limitation in the Software.

The Client acknowledges that it is solely responsible for:

1. (a) assigning, managing and maintaining appropriate User roles (if any) and User authorization rights to Client Systems and Client data on a need-to-know basis (for the performance of its staff's and Users' duties), in accordance with its internal policies, user access levels, permissions and governance rules;
2. (b) determining and managing what Client data sources are connected with the Solution and what data is shared, in accordance with its internal policies and governance rules;
3. (c) the set-up, configuration, and ongoing management of authentication mechanisms and access controls within its own IT environment, including the correct connection and integration of the Software with the Client's authentication systems (such as single sign-on (SSO), identity providers, or other access management systems), unless explicitly agreed otherwise in writing.

The Client acknowledges that the performance of the Services by gutt is at all times subject to the Client's cooperation in good faith. In particular, without limitation, the Client shall:

1. (a) provide such assistance, information, equipment and access to the Client Systems, facilities and resources as reasonably required by gutt to execute the Agreement;
2. (b) respond diligently to inquiries from gutt and provide any management decisions, approvals or acceptances on a timely basis;
3. (c) perform the Client's obligations that may be specified in an Order thereto; and/or
4. (d) use the Solution in accordance with the Documentation and other reasonable instructions communicated by gutt from time to time.

gutt shall not be responsible or held liable for any liabilities, damages, delays or failure in the execution of the Agreement resulting from the Client's failure to comply with this section or resulting from deficiencies in the Client System, infrastructure, authentication setup, assignment and/or management of access rights to Client data and Client Systems.

gutt is entitled to monitor, log, and inspect the usage of the Software for security, compliance, and auditing purposes, including to verify compliance with this Agreement and applicable laws.

The Software may interact with third party systems (through APIs or similar integrations), including the Client Systems. If and to the extent agreed in the relevant Order, gutt shall provide API endpoints to enable interaction between the Software and the Client Systems.

The Client acknowledges that any third party software, systems, AI agents, platforms, environments or services (including any related APIs and Client Systems) used in connection with, integrated into, or required for the use of the Solution (the "Third Party Systems") shall be exclusively governed by the service offering of the applicable third party software vendor and that any commitments, warranties or obligations of gutt included in this Agreement shall not apply to such Third Party Systems. gutt shall not be responsible for any defect in the Solution (or any part thereof) that is caused by (an integration with) a Third Party System (including the unavailability or reduced performance or malfunctioning of Third Party Systems).

It remains the Client's sole responsibility to, at its own cost (i) maintain all necessary rights, licenses, consents and subscriptions required to use the Third Party Systems and to connect the Software thereto via APIs and similar technologies; and (ii) maintaining the necessary infrastructure required to access and use the Software as may be set out in the Documentation, such as hardware, networks, operating systems, data transmission lines with appropriate communication applications, and any other equipment.

gutt does not ensure that the Solution remains at all times compatible and can interface and interwork with any applicable Third Party System. If due to any changes in Third Party Systems, the Software (or any part thereof) needs to be updated, the Parties shall agree on the scope and costs of such update in a separate Order.

If no (third party) API is readily available for a specific Third Party System, the Client may request and gutt may, in its sole discretion, decide to develop an API for such third party system and the Parties shall mutually agree on the scope, costs and other specifics in an Order. All Intellectual Property Rights related to such APIs (including any updates or modifications thereto) shall remain the exclusive property of gutt. No rights are granted to the Client other than those explicitly set forth in the Agreement.

gutt will provide maintenance and support services on a best-efforts basis during its normal business days (i.e. Monday to Friday from 9 a.m. to 5:00 p.m., excluding public holidays in Belgium).

The Client may report a problem relating to the Software, resulting in it to not perform in accordance with its functional description, to gutt via the support channels as made available from time to time. Upon receipt, gutt will endeavor to provide a (temporary) solution.

The Client acknowledges that to ensure a correct functioning of the Software, maintenance services are needed from time to time. gutt shall carry out such maintenance services at its sole discretion and shall use all reasonable endeavors to minimize the impact on the Client. gutt reserves the right to make, at its own discretion, operational or technical changes and updates to the Software, and to modify, add or remove certain functionalities from time to time, provided gutt shall not change any material functionalities of the Software without prior notification.

gutt makes no warranty whatsoever to provide a resolution or workaround for each specific problem that could arise or that the Software shall be completely free of bugs or defects.

During the term of this Agreement, gutt shall, to the best of its abilities, provide such Services as set forth in the Order or as otherwise agreed in writing between the Parties. All Services are deemed accepted upon delivery.

Any timeframe for the performance of Services are indicative target dates only unless such timings are expressly agreed in writing to be binding.

The Client may at any time submit a service request for additional Services (a "Service Request") by sending an email to gutt and gutt may, in its sole discretion, decide to provide such Services. The Parties shall mutually agree on the scope, costs and other specifics in an Order. gutt may invoice the Client on a time and material basis for time spent analyzing any proposed Service Request of the Client, at its then-current rates. Each Service Request shall be governed by the provisions of these Terms and Conditions, which are incorporated therein by reference. Neither Party shall be bound by a Service Request, until executed in an Order by a duly authorized representative of both Parties.

All Client data shall remain the property of the Client. The Client acknowledges that for a proper functioning of the Software, sufficient Client data must be provided or inputted to the Solution. The Client hereby grants gutt the right to use the Client data as necessary for the execution of this Agreement (including to continuously improve the Software and Services). The Client also grants gutt the right to sub-license these rights to its (hosting) service providers to the extent reasonably required for the performance of gutt's obligations under this Agreement.

The Client warrants to gutt that the Client data, used by gutt or recalled by the Solution, will not infringe the (intellectual property) rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction.

The Client is solely liable and responsible for the accuracy and correctness of Client data and to make sufficient back-up copies thereof prior to providing such data in to the Solution. gutt is not responsible for damages or liability resulting from inaccurate or incorrect data used in connection with the Solution.

gutt retains all rights, titles and interests, including any Intellectual Property Rights, in or related to its Confidential Information, the Software, the APIs, the Documentation and the Services (including any enhancements, improvements or amendments thereto, any updates, new releases or modifications in respect thereof and/or any derivatives based thereon) (the "gutt IP").

gutt is and remains the exclusive owner of the gutt IP. Nor the Client nor any third party will acquire any rights, titles, interests, Intellectual Property Rights, or other proprietary rights, in or over the gutt IP other than the limited license granted pursuant to this Agreement.

Output generated by the usage of the Solution shall be owned by the Client, provided that any Intellectual Property Rights and Confidential Information of gutt that may be included therein, shall remain exclusively with gutt.

gutt shall be entitled to use the ideas, concepts, methodologies, methods, models, processes and know-how developed or created by gutt in execution of this Agreement for itself or others to develop similar or other services or products, unless such use would result in a breach of gutt's confidentiality undertakings.

Each Party shall treat as confidential and keep secret all Confidential Information relating to the other Party and shall not disclose to any third party, other than its agents, employees, professional advisors, subcontractors, or consultants where such disclosure is necessary for the performance of the Agreement, any Confidential Information learned during the negotiation and performance of the Agreement, except in the event it is granted prior written consent of the disclosing Party to disclose such Confidential Information. The receiving Party shall ensure that these persons are bound by confidentiality obligations which are not less stringent than those set out in the Agreement.

Both Parties shall implement appropriate measures (at least as stringent to protect their own Confidential Information) to protect the Confidential Information of the disclosing Party.

Confidential Information disclosed under the Agreement shall not be used by the recipient thereof for any purpose other than as required for the performance of its obligations under the Agreement.

Both Parties shall take precautions to maintain the confidentiality of the Confidential Information and, in particular, each Party covenants that it: (i) shall not copy or otherwise exploit any component of the Confidential Information other than as herein provided, nor make any disclosures with reference thereto to any third party, and (ii) shall promptly notify the other Party if it becomes aware of any breach of confidence and give the other Party all reasonable assistance in connection therewith.

The provisions of this clause shall not apply to any information which: (i) is published or comes into the public domain other than by a breach of the Agreement, (ii) can be shown to have been known by the receiving Party before disclosure by the disclosing Party, (iii) is lawfully obtained from a third party or, (iv) can be shown to have been created by the receiving Party independently of the disclosure and other than as part of the project in scope of this Agreement. Additionally, the restrictions in this clause do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation or by any judicial or governmental order or request. In which case the Parties shall cooperate in good faith to ensure the protection of the Confidential Information concerned to the maximum extent permitted by law.

The provisions of this clause shall commence from the start of negotiations and shall continue in force during five (5) years following the termination or expiry of the Agreement, unless such Confidential Information would be protected as Intellectual Property Right or trade secret, in which case such information will be protected as Confidential Information as long as protected in accordance with applicable laws. Upon expiry or termination of the Agreement, the receiving Party will discontinue use of the disclosing Party's Confidential Information and return (or alternatively delete and certify such deletion in the disclosing Party's sole discretion) all documents (or copies made of it) belonging to the disclosing Party.

Each Party shall comply with its obligations under the applicable data protection legislation when processing personal data.

If gutt processes personal data on behalf of the Client, gutt shall process such personal data in accordance with the data processing agreement as attached hereto in Annex 1. The Client represents and warrants that it has the legal right to disclose any personal data that is made available to gutt under or in connection with the Agreement and that it shall inform all data subjects in accordance with applicable laws about the processing activities taking place under this Agreement.

The Client shall pay the license and services fees in the amounts and on the times as set forth in the relevant Order.

Unless expressly agreed otherwise in writing, the following subscription fees shall apply (both during the POC phase as during a production license): (i) the recurring monthly license fee calculated on a per-User basis, charged monthly upfront in accordance with the pricing set out in the Order; and (ii) the LLM ingestion costs (i.e. a recurring usage-based fee for the usage of large language model processing executed via the Software, based on the volume, frequency, and complexity of the data processed as further described in the Order), charged monthly in arrears. Upon request, gutt shall provide monthly usage reports detailing the LLM ingestion costs reflecting the data processing volumes.

In addition, the Client shall pay a one-time setup fee (charged upfront in consideration for the set-up, integration and onboarding services). This set-up fee is non-refundable. Only in the event that the Client switches from a POC to a production license, the set-up fee shall be credited against the first license fees due. No cash reimbursement shall be made. If the set-up fee exceeds the first license fee, the remaining balance shall be credited against the license fee(s) of the following month(s) until fully offset.

Unless expressly agreed otherwise in writing, all Service fees shall be charged monthly in arrears on a time and material basis, according to the hours effectively performed, at the rates specified in the Order.

The Client acknowledges that if gutt has provided a fee estimation (in the Order, or otherwise), such estimate shall be indicative and does not limit gutt to charge all Services actually performed on a time and material basis.

All amounts due hereunder are payable in euro and are exclusive of VAT, costs and expenses which shall be charged separately by gutt. All payments under the Agreement are due to gutt within thirty (30) days from the invoice date. Any disputes relating to invoiced amounts must be submitted by registered mail (containing the reasons for such dispute) within fourteen (14) calendar days following the invoice date, failure of which shall result in the invoice being deemed accepted by the Client. Any undisputed portion of the invoice must be paid in full.

Any amounts of undisputed invoices that have not been paid on the due date, shall automatically and without notice be subject to a late payment interest equal to the rate applicable pursuant to the law of 2 august 2002, which interest shall be compounded daily as of the due date until receipt of full payment. In addition, the Client shall pay all costs incurred by gutt, as a result of the (extra)judicial enforcement of the Client's payment obligation under this Agreement, with a minimum of one hundred fifty euro (EUR 150).

All payments hereunder shall be paid without the right to set off or counterclaim and free and clear of all deductions or withholdings whatsoever unless the same is required by law, in which case the Client shall pay gutt such additional amounts as are necessary in order that the net amounts received by gutt after all deductions and withholdings are not less than such payments would have been in the absence of such deductions or withholding. All fees paid by the Client hereunder are final and non-refundable.

Each contract year gutt shall have the right to increase the fees due by a fixed annual adjustment of two percent (2%), effective on the first (1st) of January.

Except to the extent otherwise provided in this Agreement, the Software, Solution, Output, APIs and Services are provided "as is". gutt does not make any other representations or warranties, express or implied, concerning any matter under this Agreement and, to the maximum extent permitted by applicable law, gutt disclaims any representations or warranties, express or implied, including (without limitation) any implied warranties of accuracy or completeness of data, fitness for a particular purpose, merchantability or non-infringement.

The Client understands that the Solution (i) is only intended to be used as a tool to facilitate the Client's internal business operations and decision-making; and (ii) may provide the Client with advice and recommendations, but that gutt shall not be liable for the Client's implementation or interpretation of any Output nor for any advice and recommendations included therein. Any analyzations and interpretations of and any decisions taken based on the Output generated by the usage of the Solution or the performance of the Services, should be executed by a trained and experienced individual.

The Client acknowledges that all Output is generated by AI based on Client data and/or based on prompts made by its staff. The quality of the Outputs is highly dependent on the quality of the Client data and the submitted prompts. The Client or its staff remain responsible for verifying any Output, prior to using it.

The Client understands that the Software uses AI and that its use and deployment must always be responsible, in accordance with the intended purpose, ethical standards within the sector, and the generally recognized state of the art in AI and related technologies and legislation (including the AI Act).

The Client shall take appropriate measures to ensure that its personnel and other persons who will use the Solution have a sufficient level of AI literacy, skills, knowledge, and understanding to use and deploy the Software in an informed and responsible manner. These measures must take particular account of: (i) the knowledge, experience, and training of the persons involved, (ii) the specific context in which the Solution will be used, and (iii) the persons or groups on or for whom the Solution will be used.

Subject to the maximum extent permitted under mandatory law, gutt's liability under the Agreement, whether arising from negligence, breach of contract or of statutory duty or otherwise howsoever, shall per event (or series of connected events) and in the annual aggregate per contract year not exceed an amount equal to all amounts paid by the Client hereunder during such contract year.

Subject to the maximum extent permitted under mandatory law, under no circumstances shall gutt be liable to the Client for any indirect, punitive, special, consequential or similar damages (including damages for loss of profit, lost revenue, loss of business, loss of corruption of data, loss of Clients and contracts, loss of goodwill, the cost of procuring replacement goods or services, and reputational damage) whether arising from negligence, breach of contract or of statutory duty or otherwise howsoever.

gutt bears no responsibility or liability for (i) damage caused by the actions, or omissions of the Client; (ii) damage resulting from incorrect, incomplete, or inaccurate information, data, or other materials provided by the Client or its Users; and (iii) problems, damage, or losses resulting from Third Party Systems or services, including a lack of interoperability or compatibility with such Third Party Systems, including the Client Systems.

To the maximum extent permitted under applicable law, the Client agrees, and accepts, not to hold the advisers, agents, contractors, directors, employees, representatives, and subcontractors of gutt personally liable for or in connection with the Agreement. Any liability claim for or in connection with the Agreement (including any extra-contractual liability claim) shall be brought by the Client exclusively against gutt.

The right to claim damages for defaults attributable to a Party forfeits irrevocably twelve (12) months after the occurrence of the alleged default.

The duration of the POC shall be thirty (30) days, unless a longer period is specified in the applicable Order (the "POC Period"). The POC shall automatically transition into a production license at the end of the POC term unless the Client provides written notice of non-continuation at least seven (7) days prior to the end of the POC Period.

Upon transition in a product license, the Agreement will remain in effect for a minimum fixed term of one (1) year (the "Initial Term") and will thereafter automatically renew for successive one (1) year terms (each, a "Renewal Term" and, together with the Initial Term, the "Term"), unless terminated in writing by either party three (3) months prior to the expiration of the Initial Term or the then-current Renewal Term.

Either Party may immediately terminate (or gutt may suspend) the whole or any portion of the Agreement, the Client's subscription or an Order without any judicial intervention, without being liable for compensation and without prejudice to its rights to damages and any other rights or remedies to which it may be entitled, upon providing the other Party with written notice of termination if:

1. (a) the other Party performs a material breach to any provision of the Agreement and, if capable for remedy, fails to cure such material breach within thirty (30) calendar days after receipt of written notice of the material breach;
2. (b) the other Party becomes insolvent, is subject to voluntary or involuntary bankruptcy, insolvency or similar proceeding, or otherwise liquidates or ceases to do business; or
3. (c) the other Party breaches its obligations under the provisions regarding the license, data protection, intellectual property rights and/or confidentiality.

Upon termination of the Agreement for whatever reason:

1. (a) the Client's right to access or use the Software shall automatically cease;
2. (b) the Client shall promptly pay to gutt all fees and other amounts due to gutt hereunder up to and including the date of termination; and
3. (c) the provisions of the Agreement that are expressly or implicitly intended to survive termination, shall survive termination of the Agreement.

Entire agreement — The Agreement constitutes the entire agreement and understanding between the Parties with respect to the subject matter hereof and supersedes all prior oral or written agreements, representations or understandings between the Parties relating to the subject matter hereof.

Severability — If any provision of the Agreement is held to be unenforceable (in whole or in part), the other provisions shall nevertheless continue in full force and effect.

Waiver — The terms of the Agreement may be modified or amended only by written agreement executed by a duly authorized representative of both Parties hereto.

Assignment — gutt may assign, transfer and/or subcontract its rights and obligations under the Agreement to any third party. The Client shall not assign or otherwise transfer any of its right or obligations under the Agreement without gutt's prior written consent.

Interpretation and Conflict — If there is a conflict between these Terms and Conditions and any Order, these Terms shall govern, except where it is expressly stated in an Order that a specific provision of these Terms and Conditions is to be overridden.

Force Majeure — Neither Party will be liable for any delay in performing, or failure to perform, any of its obligations under the Agreement due to an event reasonably beyond the control of the Party affected.

Non-solicitation.

Notices — With the exception of notices of default or termination, any notice required to be served by the Agreement shall in first instance be given by electronic mail to the email addresses indicated in the Order.

Publicity — gutt shall have the right to use any trademarks or other marks of Client (including the Client's corporate name) for marketing or promotion purposes, such as client references on gutt's website and social media and during sales presentations.

Dispute Resolution — Before initiating proceedings before the competent courts, the Parties shall exercise reasonable good faith efforts to amicably settle any disputes.

Governing Law and Jurisdiction — This Agreement shall be governed by and construed in accordance with the laws of Belgium, without giving effect to its choice of law or conflict of law laws or principles. The Parties hereto submit to the exclusive jurisdiction of the competent courts of Antwerp (department Antwerp). The United Nations Convention for the International Sale of Goods shall not apply to this Agreement.

This Annex 1 to the Terms and Conditions sets forth the additional terms, requirements and conditions on which gutt (acting in the capacity of Processor) will process Personal Data on the Client's behalf (acting in the capacity of Controller) when executing the Agreement. This Annex 1 contains the mandatory clauses required by Article 28(3) of the GDPR for contracts between controllers and processors and forms an integral part of the Terms.

This Annex 1 describes the modalities whereunder personal data is processed by gutt (acting in the capacity of Processor) on behalf of the Client (acting in the capacity of Controller). This Annex contains the mandatory clauses required by Article 28(3) of the GDPR for contracts between Controllers and Processors.

Capitalized terms used in this Annex 1 shall have the meaning ascribed below. Capitalized terms used in this Annex 1 but not defined herein shall have the meaning set out in the Agreement.

"Business Purposes" means the provisions of the Solution and Services as described in the Agreement (including the continuous improvement of the Processor's product and service offering) and/or any other purpose specifically identified in Schedule A.

"Data Protection Legislation" means the Belgian and European data protection laws including the GDPR (and any applicable implementation legislation under Belgian law).

"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation").

Controller, Data Protection Impact Assessment, Data Subject, Personal Data, Personal Data Breach, process(ing) and Processor shall have the meaning ascribed thereto in the GDPR.

This Annex 1 is governed by and subject to the terms of the Agreement and is incorporated into the Agreement by reference. Any Schedules to this Annex 1, form an integral part of this Annex 1.

In case of conflict or ambiguity between:

• any provision contained in the body of this Annex 1 and any provision contained in the Schedules, the provision in the Schedules will prevail; and
• any of the provisions of this Annex 1 and the provisions of the Agreement, the provisions of this Annex 1 will prevail.

The Controller retains control of the Personal Data and remains responsible for its compliance with the obligations under the applicable Data Protection Legislation, including for providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Processor. The Controller shall inform the Processor of any national and/or sector-specific legislation that applies to the processing by the Processor as a result of the processing by the Controller.

Schedule A describes the nature and purpose of processing, the retention term(s) and the Personal Data categories and Data Subject types in respect of which the Processor may process to fulfil the Business Purposes.

The Processor will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes and in accordance with the Controller's written instructions (including any additional purposes set forth in Schedule A). The Processor will not process the Personal Data for any other purpose. The Processor must promptly notify the Controller if, in its opinion, the Controller's instruction would not comply with the Data Protection Legislation. In said event, the Processor shall have the possibility to (i) suspend the implementation of the instruction in question until the Controller confirms, modifies or withdraws its instruction, or (ii) to terminate the Agreement or cooperation, if, after consultation, the Controller persists in the breach or the unlawful instruction.

The Processor will reasonably and to the best of its abilities assist the Controller with meeting the Controller's compliance obligations under the Data Protection Legislation, taking into account the nature of the Processor's processing and the information available to the Processor, including in relation to Data Subject rights, Data Protection Impact Assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation.

The Controller shall reimburse the Processor in accordance with clause 12 of this Annex for services rendered in connection with this clause, unless this assistance is the result of a proven non-compliance by the Processor with this Annex 1 or the Data Protection Legislation.

The Processor will ensure that all its employees:

• are informed of the confidential nature of the Personal Data and are bound by appropriate confidentiality obligations (statutory or conventional) and use restrictions in respect of the Personal Data; and
• are aware of the Processor's duties and their personal duties and obligations under the Data Protection Legislation and this Annex 1.

The Processor will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Controller or this Annex 1 specifically authorizes the disclosure, or as required by law.

The Processor must implement appropriate technical and organizational measures against unauthorized or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data, as further described in Schedule A. In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of processing and the risks involved for the Data Subjects.

The Controller shall provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing complies with the requirements set out in the GDPR and so that the protection of the rights of Data Subjects is ensured. In particular, the Controller shall only make personal data available to the Processor for processing if it has verified that the appropriate security measures are in place.

The Processor will without undue delay and in any case within seventy-two (72) hours notify the Controller after it becomes aware of a Personal Data Breach.

Where the Processor becomes aware of a Personal Data Breach, it shall, without undue delay, provide the Controller with the following information:

• description of the nature of the Personal Data Breach, including the categories and approximate number of both Data Subjects and Personal Data records concerned;
• the details of a contact point where more information concerning the Personal Data Breach can be obtained;
• the likely consequences;
• the (alleged) cause, the date on which the Personal Data Breach occurred (if no exact date is known: the period within which the Personal Data Breach occurred), the date and time on which the breach became known to the Processor or to a Sub-Processor engaged by it; and
• a description of the measures taken or proposed to be taken to address the Personal Data Breach, including measures to mitigate its possible adverse effects.

Where and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.

Immediately following a Personal Data Breach, the Parties will co-ordinate with each other to investigate the matter. The Processor will reasonably and to the best of its abilities co-operate with the Controller in the Controller's handling of the matter, including:

• assisting with any investigation;
• taking reasonable and prompt steps to mitigate the effects and to minimize any damage resulting from the Personal Data Breach.

The Processor will not inform any third party of any Personal Data Breach without first obtaining the Controller's prior written consent, except when required to do so by law. It is and remains the responsibility of the Controller to report (if applicable) a Personal Data Breach to the supervisory authority and/or the Data Subject(s).

The Controller shall reimburse the Processor in accordance with clause 12 of this Annex 1 for services rendered in connection with this clause and all reasonable expenses associated with the Processor's performance under this clause unless the Personal Data Breach arose from the Processor's negligence or willful misconduct.

The Processor (or any Sub-Processor) shall not transfer or otherwise process Personal Data outside the European Economic Area (EEA) without obtaining the Controller's prior written consent (e.g. by authorization in Schedule A) or if the Client is located outside the EEA (in which event Schedule B applies).

Such consent of Controller is not required when the transfer of Personal Data to countries outside the EEA is mandatory under EU or EU member state provisions.

The Controller agrees that where the Processor engages a Sub-Processor in accordance with this Annex 1 for carrying out specific processing activities (on behalf of the Controller) and those processing activities involve a transfer of Personal Data within the meaning of Chapter V of the GDPR, the Processor and the Sub-Processor can ensure compliance with Chapter V of the GDPR by using standard contractual clauses adopted by the European Commission in accordance with Article 46(2) of the GDPR or any other instruments approved by the European Commission that ensure that the transfer of Personal Data to a country outside the EEA complies with appropriate safeguards as required by the GDPR.

The Processor may only authorize a third party ("Sub-Processor") to process the Personal Data if:

• the Controller is provided with an opportunity to object to the appointment of such Sub-Processor within fourteen (14) days after the Processor has notified the Controller of its intention to appoint such Sub-Processor, it being understood that the Controller shall only object to such appointment in writing and on reasonable and evidenced grounds; and
• the Processor enters into a written contract with the Sub-Processor that contains, as to their subject matter, terms substantially the same as those set out in this Annex 1.

Those Sub-Processors approved at the commencement of this Annex 1 are as set out in Schedule A. The Processor has a general written authorization from the Controller to engage Sub-Processors with a profile similar to the Sub-Processor(s) approved in Schedule A. Upon request, the Processor shall provide an updated list of the engaged Sub-Processors to the Controller.

Subject to clause 15.1, the Processor shall remain fully liable to the Controller for any failure by a Sub-Processor to fulfil its obligations as set forth in this Annex 1.

The Processor must take such technical and organizational measures as set forth in Schedule A, and promptly (i.e. within fourteen (14) calendar days upon receipt of a request) provide such information to the Controller as the Controller may reasonably require, to enable the Controller to comply with:

• the rights of Data Subjects under the Data Protection Legislation; and
• information or assessment notices served on the Controller by any supervisory authority under the Data Protection Legislation.

The Processor must notify the Controller without undue delay (e.g. within fourteen (14) calendar days upon receipt) if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.

The Processor will reasonably and to the best of its abilities cooperate with, and assist, the Controller in responding to any complaint, notice, communication or Data Subject request.

For the avoidance of doubt, it is and remains the sole responsibility of the Controller to respond to and answer Data Subject or third party requests. The Processor shall not respond to such request itself, unless expressly authorized in writing to do so by the Controller.

The Controller shall reimburse the Processor for all services rendered under this clause in accordance with clause 12 of this Annex 1.

This Annex 1 will remain in full force and effect so long as:

• the Agreement remains in effect; or
• the Processor retains any Personal Data related to the Agreement in its possession.

Any provision of this Annex 1 that expressly or by implication should come into or continue in force on or after termination of the Agreement (including, but not limited to, clause 15) will remain in full force and effect.

The services performed under this Annex 1 for which the Processor may charge the Controller will be charged on the basis of the amount of hours worked and the Processor's then standard hourly rates. Upon request, the Processor shall inform the Controller of its standard rates. The Processor will invoice these amounts on a monthly basis in accordance with the payment modalities set forth in the Agreement.

All payments by the Controller to the Processor shall be executed in accordance with the terms of the Agreement.

For the avoidance of doubt, only the services executed by the Processor to ensure the Controller can adhere to its obligations under the Data Protection Legislation shall be charged. Services provided by the Processor under this Annex to ensure the Processor adheres to its own obligations under the Data Protection Legislation, shall not be reimbursed, unless expressly agreed otherwise in writing. Such non-reimbursable services include: (i) the Processor's internal compliance activities (e.g., maintaining its own records of processing activities or staff training on data protection); (ii) implementing and maintaining general security measures required by law (e.g., firewalls, encryption, access control); and (iii) addressing data breaches or non-compliance resulting from the Processor's own fault or negligence.

The Processor shall make available to the Controller all information reasonably necessary to demonstrate compliance with the obligations under this Annex 1 and the Data Protection Legislation and allow the Controller's authorized third party auditors to perform audits regarding the compliance by the Processor with its obligations under this Annex 1. The Processor shall reasonably assist the Controller to the best of its abilities and to the extent commercially reasonable in the execution of such audits.

Any such audit may not take place more than once every contract year (unless there are serious and objective indications that the Controller breached its obligations under this Annex 1), shall be at the sole expense of the Controller and shall be subject to the Controller providing the Processor with at least thirty (30) days prior written notice of its intention to perform an audit. The audit shall take place during the normal business hours of the processor and shall not unreasonably interfere with the Processor's business activities. The Controller's confidentiality obligations towards third parties must be taken into account when conducting such an audit. Both the Controller and its auditors shall keep the information disclosed in the context of an audit confidential and shall only use it for the purpose of verifying the Processor's compliance with this Annex 1. The Processor shall have the right to require any third-party auditor to enter into a non-disclosure agreement prior to performing the audit.

The findings of the audit will be assessed by the Parties in mutual consultation and, will (if necessary) lead to the implementation of adjustments by one of the Parties or by both Parties jointly, as far as this is reasonable in the context of the performance of the Agreement. The relevant Party shall have the possibility to (i) suspend the implementation of the instruction in question until the other Party confirms, modifies or withdraws its instruction, or (ii) to terminate the Agreement or cooperation, if, after consultation, the Party persists in the breach or the unlawful instruction.

The Processor shall be entitled to full compensation for the assistance mentioned in this clause in accordance with clause 12, unless this assistance is the result of a proven non-compliance by the Processor with this Annex 1 or the Data Protection Legislation.

To the extent permitted under applicable law, any limitations and/or exclusions of liability in the Agreement are applicable to this Annex 1. The Processor shall only be liable under these provisions if it has (i) failed to comply with its specific obligations under the GDPR, or (ii) acted outside or in breach of the Controller's lawful instructions.

This Annex 1 will be governed by, and construed in accordance with, the laws and other miscellaneous clauses applicable to the Agreement, unless the context would require otherwise.