VisualTime One upgrade contract clauses – 09/25/2020 – Robotics, S.A.

Version v. 3

Published on 09/25/2020

Authorized Users

Individuals or legal entities assigned by the CUSTOMER who will use the application and interact with the SUPPLIER’s personnel so that the latter can provide the necessary services.

There are different levels of authorization of Authorized Users by the CUSTOMER, to guarantee the CUSTOMER that the SUPPLIER will only deal with topics from different areas (HR, security, technology…) with the appropriate person.

The initial Authorized Users authorization form can be found in the VisualTime solution proposal.

Whenever the CUSTOMER so desires, the CUSTOMER may register or deregister Authorized Users through the SUPPLIER’s HelpDesk Service.

Third

Any natural or legal person outside the present contractual relationship.

Terminals

All physical devices for the introduction of user data, and assigned by the SUPPLIER to the CLIENT to provide the services described in this contract, excluding the elements offered as “External elements”.

Hosting Provider

The company with which Robotics S.A. subscribes to the hosting services is Microsoft Ireland Operations Ltd. with address at Carmenhall Rd, Sandyford, Dublin 18 Ireland.

File

All documentation referring to personal data of any natural person, which is entered in the VisualTime application.

Object

The purpose of this contract is to regulate the relationship between the CLIENT and the SUPPLIER with respect to the VisualTime solution detailed in the offer, as well as to establish the personal data protection policies in compliance with Article 28 of the General Data Protection Regulation (GDPR).

The purpose of the VisualTime solution contracted is for the SUPPLIER to provide the CUSTOMER with time management services for its personnel.

All the services indicated in this offer shall be performed in accordance with the legislation in force and the provisions of the applicable regulatory regulations.

License of use and provision of services

A Duration, Term of Contract and Terms of Payment

The minimum duration of this contract shall be THREE YEARS and shall be automatically renewed for annual periods, except in the cases indicated in the CANCELLATION section.

A.1 Cancellation

A.1.1 The contract may be cancelled in the following cases:

a) The CUSTOMER may terminate the contract by notifying the SUPPLIER 30 calendar days prior to the end date of the period contracted in the last renewal. The cancellation must be made by proving the identity of the CUSTOMER and in writing to the SUPPLIER.

b) For serious breach of the contractual obligations of any of the parties.

c) For delay in payment of more than 3 months.

A.1.2 In any case, the cancellation, termination or cancellation of the contract for reasons beyond the control of the SUPPLIER does not exempt the CUSTOMER from the payment of the entire annual contracted period.

A.1.3 In case of Cancellation, if the CUSTOMER has SUPPLIER’s Terminals as part of this contract, clauses C.6 and C.7 (in the Terminals section) apply.

A.2 Temporary suspension of service due to non-payment and reactivation

A.2.1 In the event of a delay in payment of more than 15 calendar days, the SUPPLIER reserves the right to temporarily suspend the service until the due payment is received.

A.2.2 Upon receipt of the payment due, the SUPPLIER shall restore the service within 24 hours and issue an invoice to the CUSTOMER with the amount of suspension and reactivation of the service corresponding to 2 hours of certified technician service according to Robotics S.A. rates in effect at the time.

A.3 Disposition of Data after deletion

A.3.1 There is a data file in open format (not property of the SUPPLIER) with the data of the service provided by the SUPPLIER to the CUSTOMER.

A.3.2 In the event of cancellation and only if the CUSTOMER is up to date with the SUPPLIER’s payments, the SUPPLIER shall make the file available to the CUSTOMER for a period of 30 calendar days.

A.3.3 In the event that the CUSTOMER is not up to date with payment at the time of the Cancellation, the CUSTOMER shall have 30 calendar days to satisfy the payment due. The SUPPLIER shall make the data file available to the CUSTOMER until 30 calendar days have elapsed since the cancellation of the service.

A.3.4 In all cases of cancellation, after 30 calendar days the SUPPLIER will proceed to the final destruction of the CUSTOMER’s data. The SUPPLIER will keep the data duly blocked, as long as liabilities may arise from its relationship with the CUSTOMER.

B Notifications

The CLIENT expressly accepts that all notifications, communications and information that may be necessary with the SUPPLIER for the provision of the services described in this contract will be made, whenever permitted by law, by written electronic means, the only exception being requests for cancellation of service or termination of contract.

Robotics will use the email addresses provided by the customer in this contract to inform about updates, new features, regulations, services, new versions of VisualTime, news about maintenance plans, events, news and advertising.

You may cancel this subscription at any time by the same e-mail you receive.

C Terminals

C.1 Start-up

The SUPPLIER shall carry out the commissioning of the Terminals offered, while offering the CUSTOMER support regarding their use and the legality of the biometric systems, providing documentation to inform the CUSTOMER’s personnel who will use such Terminals.

C.2 Incidents in the Use of Terminals and/or Accessories

C.2.1 Any situation that prevents the normal use, as described in the manuals, of the Terminals and/or Accessories to less than 10% of the personnel registered in that Terminal and/or Accessory is considered an Incidence in the Use of Terminals and/or Accessories. In the case of situations that affect more than 10% of the personnel, it is considered as a breakdown.

C.2.2 In case of Incidents in the Use of Terminals and/or Accessories, an AUTHORIZED USER of the CUSTOMER shall contact the SUPPLIER’s HelpDesk Service to notify the same immediately, without the failure or delay in notification being attributable to the SUPPLIER. All response times indicated in this section take the date of notification to the Helpdesk as a reference.

C.2.3 The SUPPLIER shall resolve the Incident in compliance with the conditions described in the Service Level Agreement Annex.

C.3 Malfunctions in the Use of Terminals and/or Accessories

C.3.1 The non-functioning of a Terminal and/or Accessory for more than 10% of the personnel registered therein is considered a Failure.

C.3.2 In the event of a Failure, an AUTHORIZED USER of the CUSTOMER shall contact the SUPPLIER’s HelpDesk Service to notify the same immediately, without the failure or delay in notification being attributable to the SUPPLIER. All response times indicated in this section take the date of notification to the Helpdesk as a reference.

C.3.3 Once the Fault has been reported, the HelpDesk Service will carry out a quick diagnosis of the fault. Once diagnosed, there are three possible courses of action as determined by the PROVIDER’s Helpdesk operator:

a) Problems due to the application or communications with the VisualTime solution.
The SUPPLIER’s Terminals and/or Accessories guarantee data storage for at least 1 month.

The SUPPLIER shall remedy the failure in compliance with the conditions described in the Service Level Agreement Addendum.

b) Physical failures in the Terminal and/or Accessories.
The SUPPLIER shall inform the AUTHORIZED USER of the two available options, who shall select the most convenient one. The options are:

b.1) Sending a technician from the SUPPLIER to check and repair the Terminal.

The SUPPLIER shall remedy the failure in compliance with the conditions described in the Service Level Agreement Addendum.

b.2) The Fast-RMA system consists of:

i) Urgent shipment SAME DAY or NEXT BUSINESS DAY (depending on the time of notification of the incident) of a pre-configured Terminal from the SUPPLIER to the CUSTOMER, freight prepaid.
ii) Upon receipt by the CUSTOMER, a technician from the SUPPLIER will assist in the process of replacing the faulty Terminal with the new one.
iii) Once replaced, the CUSTOMER shall send the faulty Terminal to the SUPPLIER, with the transport agency indicated by the SUPPLIER, at the SUPPLIER’s expense. You will have 15 calendar days to do so.

iv) If after 15 calendar days from receipt of the Terminal by the CUSTOMER, the CUSTOMER has still not delivered the damaged Terminal to the transport agency indicated by the SUPPLIER, said Terminal shall be treated as a Terminal not returned in Conditions to the SUPPLIER, applying the clauses described in C.7.
c) Failures due to causes and/or reasons beyond the control of the Terminal and/or Accessories and beyond the solution of the SUPPLIER.
The Helpdesk Service personnel will inform the AUTHORIZED USER of all the information and diagnostics available to the PROVIDER so that the CUSTOMER’s personnel can proceed with the repair. This includes, for example, power failures, use of unauthorized or broken cards, incorrect access attempt due to lack of authorization, etc.

C.4 Coverage in case of Breakdowns and Repairs

C.4.1 All expenses arising from breakdown repairs within the normal use of the solution are covered: parts, labor and travel.

C.4.2 Normal use of the solution is understood to be that described in the solution manuals, and includes wear and tear of batteries and surfaces of digital biometric readers.

C.4.3 They are outside the normal use of the solution, but are not limited to:

a) The misuse of the supplied materials by personnel not belonging to the SUPPLIER.
b) Any form of sabotage
c) Damage caused by improper handling by personnel not belonging to the SUPPLIER.
d) Causes outside or external to the materials themselves (fire, flooding, excessive voltage, excessive current, defective or poor quality grounding installation, radiofrequency emissions, magnetic fields, etc.).
C.4.4 Expenses arising from repairs of breakdowns not included in the normal use of the solution shall be budgeted and invoiced according to the rates in force. Explicitly this includes, but is not limited to, breakdowns due to vandalism, overvoltage or those in which liquid residues are found inside.

C.5 Data Entry Service from HelpDesk during an Incident or Malfunction

C.5.1 The CUSTOMER has forms to enter records of the affected personnel in the Incident Action Procedures documents. Additionally, the CUSTOMER may request the SUPPLIER’s HelpDesk Service to provide him/her with punch-in forms whenever he/she wishes.

C.5.2 From the moment an Incident or Malfunction has been notified to the SUPPLIER, the CUSTOMER may send such completed forms with personnel and punch-in times to the SUPPLIER’s HelpDesk Service by e-mail, indicating the Incident or Malfunction number, and the SUPPLIER will enter the same into the VisualTime solution.

C.5.3 This service is free of charge for Incidents and Malfunctions within the normal use of the solution, as described in D.4. In all other cases, you will be billed according to the HelpDesk Operator’s current rate for fractions of an hour.

C.6 Return of Terminals and/or Accessories in case of termination or cancellation of contract

C.6.1 If either party terminates or cancels the Contract, the CUSTOMER shall return the Terminals (including accessories thereof) forming part of this contract to the SUPPLIER within the following 15 calendar days.

C.6.2 Terminals that are not returned within this period shall be considered as Terminals Not Returned to Supplier or Returned in Bad Condition and the clauses described in C.7 shall apply.

C.7 Terminals and/or Accessories Not Returned to Supplier or Returned in Poor Condition

C.7.1 If one or more Terminals and/or Accessories are not returned to the SUPPLIER within the deadlines indicated, they shall be invoiced by the SUPPLIER at the SUPPLIER’s rates (for the most common models detailed below). It is understood to have been returned to the SUPPLIER if it has been delivered to the transport agency indicated by the SUPPLIER.

C.7.2 If one or more Terminals and/or Accessories are returned to the SUPPLIER in poor condition, non-operational or with significant bumps or scratches, the SUPPLIER may claim by invoice up to 100% of the amount of such Terminals. The SUPPLIER in any case understands that it is used material and will only claim in case of existing damages that are not due to the normal use of the solution. The CUSTOMER may request a third party expertise in case of disagreement.

C.7.3 The prices of the terminals are as follows: rx1 for VisualTime 895€, mx9 for VisualTime 1,395€, rxF 2 for VisualTime 1,095€, rxF Pro for VisualTime 1,495€ and the rxF Pro TD 2,195€.

C.8 Miscellaneous Provisions

C.8.1 The SUPPLIER reserves the right to replace, if necessary, the Terminals and/or Accessories with others of similar characteristics, always guaranteeing the functionalities that the CUSTOMER had in the initially contracted models.

C.8.2 The CUSTOMER agrees to provide access to identified personnel of the SUPPLIER to the locations of the Terminals and/or Accessories, in order to check, install, uninstall, repair and/or update the same. In the event that the CUSTOMER delays access to the identified personnel of the SUPPLIER, with written notification of the action, for more than 30 minutes, the waiting time may be billed by the SUPPLIER according to the current rates for certified technician hours.

C.8.3 If the CUSTOMER requests new terminals not contemplated in the initial offer, the minimum duration of the new terminals shall be two years, regardless of the duration of the initial contract, being automatically renewed for annual periods.

D License

D.1 Concession

D.1.1 The SUPPLIER hereby grants a worldwide, non-transferable and non-exclusive right to use the VisualTime service, solely for its own internal business use and subject to the conditions of this Agreement.

D.1.2 All rights not explicitly indicated are reserved to the SUPPLIER.

D.2 Warranties

The SUPPLIER guarantees that the VisualTime solution will perform substantially in accordance with the user documentation and commits to the proper operation of the application under normal use as described in the user documentation.

D.3 Access and Audit

D.3.1 The SUPPLIER shall provide credentials and passwords to the AUTHORIZED USERS, all with access levels to be agreed upon at start-up.

D.3.2 The SUPPLIER guarantees that the VisualTime solution performs, at all times, an audit of all accesses and actions performed on the system, whether by the CLIENT’s or the SUPPLIER’s personnel.

D.3.3 The AUTHORIZED USERS and the CLIENT are responsible for maintaining the secrecy of their credentials. In no event shall the SUPPLIER be held responsible for data modified, deleted, extracted or viewed by accessing VisualTime with such credentials.

D.3.4 The SUPPLIER guarantees that the accesses by its personnel have an additional security system that prevents the copying or communication of credentials between personnel and that only those data and resources for the development of the contracted services will be accessed.

D.4 Incidents in the Use of the VisualTime application

D.4.1 In the event that the operation of any part of the VisualTime solution is not as described in the instruction manual, the CUSTOMER shall notify the SUPPLIER of the Incident to the HelpDesk Service.

D.4.2 The SUPPLIER shall offer a solution to the incident in compliance with the conditions described in the Service Level Agreement Annex.

D.4.3 Because application modifications require extensive testing and time, the solution can be, on a temporary basis, performed manually by the SUPPLIER’s personnel, all at no cost to the CUSTOMER.

D.5 Number of people managed in the License

D.5.1 The maximum number of Persons managed with the License is detailed in the License offer. This is the maximum number of people who can have an active contract at VisualTime at present. Users whose contracts are inactive in VisualTime do not count for this purpose.

D.5.2 In the event that AUTHORIZED USERS schedule new registrations for future dates, and the total number of people managed for those future dates exceeds that of the license, the VISUALTIME application will notify the AUTHORIZED USERS. If the AUTHORIZED USERS decide to proceed, CLIENT must extend the Number of Managed Persons of the license before that date arrives.

D.5.3 If the VisualTime application detects, for the current date, a number of people managed higher than the maximum, access and service will be prevented until the CUSTOMER indicates to the SUPPLIER how he/she wishes to proceed.

a) The CUSTOMER may request a license extension from the SUPPLIER (see D.6).
b) The CLIENT, through the AUTHORIZED USERS, may request the PROVIDER to make modifications to VisualTime’s data to remedy the situation (if, for example, it has been due to an error for not deactivating persons in time). In this case it will be treated as if it were an inquiry or service request as detailed in section F of Annex 1: Service Level Agreement.

D.6 License Extensions

D.6.1 Any functional expansion, in terms of maximum number of persons managed or maximum number of concurrent users, is considered a License Extension.

D.6.2 If CUSTOMER requests and accepts a License Extension, SUPPLIER will activate the new license within 24 hours of acceptance and issue an invoice for the remaining incremental amount until the end of the current year. This amount will be calculated based on the difference between the previous installment and the new monthly installment, considering the current month and the remaining months until the next annuity. The License Extension will have a minimum duration of two years, regardless of the duration of the initial License, being automatically renewed for annual periods.

D.7 License Reductions

D.7.1 Any reduction in the maximum number of persons managed or maximum number of concurrent users is considered a License Reduction. Functional reductions are not covered by this contract and need to be assessed on a case-by-case basis, as they may not be possible or may entail costs in terms of technician or consultant hours to ensure the compatibility of the solution once the functionalities have been reduced.

D.7.2 The CUSTOMER must request License Reductions (terminals and/or software) at least 15 days prior to the end of the current contracted period. If the CUSTOMER requests and accepts a License Reduction in the number of persons managed, number of users or terminals within this period, the SUPPLIER will activate the new license at the end of the current annual period already invoiced.

D.7.3 In no case shall License Reductions be made prior to the following year.

D.8 Assignment

The subject matter of this contract is of a personal nature. The SUPPLIER may, upon compliance with all the requirements set forth in the regulations in force, as well as prior notice to the CUSTOMER, transfer the ownership of the same without the need to obtain the express consent of the CUSTOMER, without prejudice to the latter’s right to terminate the contract within 10 days of receipt of the notice of assignment.

E Continuity and Maintenance Service

E.1 Authorized contact personnel

E.1.1 Any service in which there is communication of personal data will only be performed between the SUPPLIER and AUTHORIZED USERS with “Business Information” access level.

E.1.2 Any service involving sensitive data communications about physical access control systems or physical security in general will only be performed between the PROVIDER and AUTHORIZED USERS with the “Physical Access and Security Information” access level.

E.1.3 Any service involving sensitive data communications about the CUSTOMER’s IT infrastructures shall only be performed between the SUPPLIER and AUTHORIZED USERS with the “Technical and Information Systems Information” access level.

E.1.4 Any USER AUTHORIZED by the customer with “Administrator” levels can modify, add or remove permissions from AUTHORIZED USERS.

E.2 Services and coverages included

E.2.1 Monitoring: The SUPPLIER undertakes to monitor the status of the service and the connectivity of the Terminals and/or Accessories to the system, in order to detect possible incidents and/or failures and to act on them proactively, even before the CUSTOMER becomes aware of them. All of the above will be carried out regardless of the fact that the CUSTOMER may notify the SUPPLIER of any incident or breakdown at its own expense.

E.2.2 Resolution of Doubts and Queries: The SUPPLIER makes available to the client a HelpDesk Service, via email or telephone, for the attention and resolution of doubts and queries about the daily operations and management elements of VisualTime described in the manual. The SUPPLIER guarantees that any doubt or query will be answered within the defined time of the Continuity and Maintenance Service.

E.2.3 Changes in management: The SUPPLIER makes available to the client changes in time management, accesses, registrations, cancellations and changes in contracts or authorizations.

E.2.4 Annual operation: The SUPPLIER makes available to the CUSTOMER the application of annual work calendars and holiday templates delivered in Excel format or equivalent by the CUSTOMER.

E.2.5 Alerts: The SUPPLIER makes available to the CUSTOMER the configuration of alerts to task managers that require intervention by the CUSTOMER.

E.2.6 Integration: The SUPPLIER makes available to the CUSTOMER the queries related to export/import with a defined response time according to modality of The Continuity and Maintenance Service, format changes in links with another application are not included.

E.2.7 Daily operations: The SUPPLIER makes available to the CUSTOMER the service of requesting advanced reports or data extraction from the external application to the analytical tools and reports included. This service is included in any type of Continuity and Maintenance Service but is subject to additional billing.

E.2.8 Integration: The SUPPLIER makes available to the CLIENT the changes in the data export and import format, including quality tests and updated documentation. This service is included in any type of Continuity and Maintenance Service but is subject to additional billing.

E.2.9 Upgrades: The SUPPLIER agrees to upgrade the application, firmware of the terminals and replace the terminals on-site before they become obsolete with the current equivalent model.

E.2.10 HelpDesk: The SUPPLIER makes available to the Customer a complete HelpDesk Service, by e-mail or telephone. Depending on the type of Continuity and Maintenance Service chosen, refresher training or a day to resolve consultancy doubts per year is included.

E.2.11 Optimization: The SUPPLIER undertakes to perform a consulting service with the objective of making an annual efficiency report, with study and call for advice by a consultant.

E.2.12 Incident training: The SUPPLIER undertakes to conduct a training course after installation and commissioning. Depending on the type of Continuity and Maintenance Service chosen, the duration of the service is defined.

E.2.13 Data Backup: The SUPPLIER agrees to have a backup plan in place that is executed for both Continuity and Maintenance Service modes.

E.2.14 Repair of terminals: The SUPPLIER makes available to the CUSTOMER the FastRMA service consisting of the urgent shipment free of charge of a pre-configured terminal at the moment it is determined that it is a physical failure. It includes remote support for doubts in the replacement procedure and the shipment of the unit to be repaired can be done without urgency once replaced for all the modalities of the Continuity and Maintenance Service.

E.2.15 Technical assistance times: The SUPPLIER makes available to the CUSTOMER a HelpDesk and technical assistance service with a maximum response time defined in the Continuity and Maintenance Service modality.

F Data protection

F.1 The provision of the Services implies the need to access personal data. The SUPPLIER, as data processor, is obliged to comply with the general data protection regulation entered into force on May 25, 2018 and other applicable regulations.

F.2 The CLIENT and the SUPPLIER freely agree to regulate the access and processing of data as detailed in this contract (in compliance with Article 28 of the General Data Protection Regulation (GDPR).

F.3 In order to provide the services associated with the VisualTime platform and to manage the access and/or presence control system of the CLIENT’s personnel, the SUPPLIER, in charge of the processing, is authorized to process on behalf of the client, who is responsible for the processing, the personal data necessary to provide the contracted services, under the responsibility of the CLIENT:

• Employee identification data: name and surname, e-mail, telephone.
• Other employee data: ID number, date of birth, address, cell phone number, private e-mail.
• Employment data: job position, academic qualifications, start date of contract, probationary period, social security, type of contract in force, calendar and working hours.
• Biometric data: All allowed per terminal.
• Location data of the signing (in case it applies to any of the contracted services).

In the event that the SUPPLIER processes and manages the bonus for training courses, data on Social Security affiliation, level of studies, gross salary and disability status will also be processed.

The processing operations will be those necessarily derived from the provision of the services, including mainly the registration and hosting of data.

F.4 The data stored in the VisualTime solution are the property of the CLIENT as Data Controller. For the purposes of Article 28 of the GDPR, the SUPPLIER shall only access the personal data to which it has access in accordance with the instructions of the CUSTOMER and always in consultation/reading mode and shall not apply or use them for a purpose other than the purpose of the Contract, nor communicate them, not even for storage, to other persons. In the event that the SUPPLIER uses the data for another purpose, communicates them or uses them in breach of the provisions of the Contract, he/she will also be considered responsible for the processing, and will be liable for any infringements that he/she may have personally incurred.

F.5 The CLIENT, with respect to files containing personal data, declares that it complies with all legal requirements for their collection and processing. Likewise, it declares that it has adopted the necessary technical and organizational measures to guarantee the security of the personal data included in the files, as established in the current legislation on personal data protection.

CORRESPONDS TO THE SUPPLIER

F.6 The SUPPLIER undertakes to process the data only in accordance with the instructions of the CUSTOMER as documented in the contract regulating the provision of services, in this Agreement or otherwise in writing, based on the regulations in force and purpose stipulated within the framework of the contractual relationship to ensure the continuity of the services provided, and not to apply or use them for purposes other than those stipulated in this document, nor to communicate them, even for storage to third parties.

F.7 To process the data in accordance with the instructions of the data controller. If the SUPPLIER considers that any of the instructions infringes the GDPR or any other data protection provisions of the Union or the Member States, the SUPPLIER shall immediately inform the CUSTOMER.

F.8 Keep, in writing, a record of all categories of processing activities carried out on behalf of the CLIENT, containing:

The name and contact details of the processor(s) and of each controller on whose behalf the processor is acting and, where appropriate, of the representative of the controller or processor and of the data protection officer.
The categories of processing carried out on behalf of each person in charge.
Where applicable, transfers of personal data to a third country or international organization, including the identification of such third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the GDPR, documentation of appropriate safeguards.
An overview of the technical and organizational security measures in accordance with the GDPR.
F.9 The SUPPLIER shall notify the CUSTOMER without undue delay of any personal data security breach of which it becomes aware, providing it with all the necessary details to enable the CUSTOMER to comply with the obligations of notification to the supervisory authority and communication to data subjects established in the applicable regulations.

F.10 The termination, resolution or extinction of the contract for the provision of services will imply the obligation of the SUPPLIER to delete or return to the CUSTOMER the personal data provided, as well as any support or document containing any personal data subject to processing, as indicated in point A3 of the contract of license of Use and Services.

IT IS UP TO THE CUSTOMER

F.11 The CLIENT shall adopt the necessary technical and organizational measures to ensure the security of personal data and prevent its alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or from the physical or natural environment.

F.12 Corresponds to the Client (i) keep a record of registration activities; (ii) carry out an assessment of the impact on the protection of personal data of the processing operations to be carried out by the processor; (iii) to carry out the appropriate prior consultations; (iv) ensure, prior to and throughout the processing, the compliance of the processor with the GDPR; (v) supervise treatment, including conducting inspections and audits; and, (vi) to sign with the customers who will use the VisualTime solution, the mandatory contract informing of the subcontracting, to the SUPPLIER, of the services mentioned in the present contract.

F.13 The CUSTOMER expressly authorizes the SUPPLIER to subcontract with Microsoft Ireland Operations Ltd. the hosting services (Cloud Computing) for the proper provision of the licensed service, in full compliance with the RGPD, being the servers located in the European Union.

F.14 The CLIENT expressly authorizes the SUPPLIER to communicate data to third parties whose intervention is deemed appropriate for the proper performance of the services provided. In this case, the SUPPLIER is obliged to sign a data processor contract with the third party, stipulating the obligations that the third party must comply with in terms of personal data protection.

F.15 The CUSTOMER shall duly attend to the notifications, if any, received from the SUPPLIER regarding data processing; in particular, those related to subcontracting of processing, security breaches and instructions given by the CUSTOMER that, in the opinion of the SUPPLIER, infringe data protection regulations.

F.16 The SUPPLIER shall assist the CUSTOMER in responding to the exercise of rights. When the persons concerned exercise before the SUPPLIER the rights of access, rectification, deletion, opposition, limitation of processing and/or data portability, the SUPPLIER shall notify the CLIENT of this fact as soon as possible. It shall be the responsibility of the CUSTOMER to respond to the affected party, although the SUPPLIER shall be obliged to collaborate and provide any information required by the CUSTOMER to meet the request.

F.17 Data protection responsibilities can be found in section J (Responsibilities).

G Confidentiality

G.1 The SUPPLIER shall maintain due professional secrecy regarding the personal data to which it has access and require the same level of commitment in writing from any person within its organization involved in any phase of the processing of personal data, both during its professional relationship with the CUSTOMER, as well as after its termination for any reason.

G.2 The CLIENT undertakes to respect the provisions of current data protection regulations, as well as to keep secret all information concerning the SUPPLIER to which it has access, and undertakes to return any information or documentation belonging to the SUPPLIER in its possession in the event of termination, resolution or termination of the contract for the provision of services.

H Hosting VisualTime application

H.1 The information entered in the VisualTime application is hosted on the servers of the HOSTING PROVIDER indicated in this contract.

H.2 The HOSTING PROVIDER is solely responsible for the proper functioning of the server, which is physically hosted on its premises. This company will also be considered as “PROCESSOR”, as far as the operation of the server is concerned.

H.3 The HOSTING PROVIDER guarantees that the hosting service is located within the European Union.

H.4 SERVICE PROVIDER complies with the EU-US Privacy Shield principles regarding the collection, use and retention of data from the European Union, the European Economic Area and Switzerland.

I Intellectual Property and Industrial Property

I.1 The SUPPLIER (and its licensors if applicable) is the owner of all rights and interests, including all related intellectual property rights in the technology, content and service of the SUPPLIER and any suggestions, ideas, enhancement requests, comments, recommendations or other information provided by an AUTHORIZED USER or any other party related to the service and licenses provided.

I.2 This agreement does not constitute a sale and does not grant you any ownership rights over the service, the technology of the SUPPLIER or the intellectual property rights held by the SUPPLIER.

I.3 The name Robotics S.A., VisualTime, the Robotics S.A. logo, and the VisualTime logo, as well as the names of services associated with the VisualTime solution are trademarks of the SUPPLIER or third parties and no right or license is granted for their use.

J Responsibility

J.1 Except in the event of a claim or cause of action relating to the CUSTOMER’s failure to pay, the liability of each party arising out of and in connection with this Agreement (for any purpose and for any claim whatsoever) shall not exceed the payments received by the SUPPLIER during the 12 months following such obligation or liability (as applicable).

J.2 Neither party, individually, shall have any liability with respect to such party’s obligations for indirect, special, consequential, punitive, exemplary or incidental damages, including damages for interruption of the other party’s business or losses.

J.3 The existence of more than one claim or cause of action shall not extend the limits of this Section J. SUPPLIER shall not be subject to any equitable remedy in favor of CUSTOMER such as injunctive relief, specific performance or receivership.

J.4 Except in the case of a claim or cause of action related to CUSTOMER’s failure to pay, neither party shall bring any claim or cause of action against the other party more than two years after such claim or cause of action has vested.

J.5 The party in breach of its obligations regarding the protection of personal data shall be liable for any breaches personally incurred. In the event that the CUSTOMER or the SUPPLIER, its personnel or subcontractors fail to comply with any of the obligations assumed in this Agreement or that, due to its status as the party in charge, it must comply with, in such a way that there is a breach of data protection regulations, the party in breach shall hold the other party harmless, in particular against any sanction by the Spanish Data Protection Agency.

J.6 The SUPPLIER disclaims any liability for the information transmitted or disseminated through VISUALTIME and its website, provided that this information has been manipulated or introduced by an external user or third party.

J.7 The CUSTOMER is responsible for the use that may be made of any information extracted from the VisualTime solution, whether data, reports or service links.

J.8 The SUPPLIER is not responsible for the information and contents stored, including but not limited to. However, and in compliance with the provisions of art. 11 and 16 of the LSSI-CE, the SUPPLIER is available to all users, authorities and security forces, and actively collaborating in the removal or blocking, if necessary, of all content that could affect or contravene national or international legislation, the rights of third parties or morality and public order. In the event that the user considers that there is any content on the website that could be susceptible to this classification, please notify the SUPPLIER immediately.

J.9 The SUPPLIER undertakes to incorporate the appropriate and pertinent security measures described in this document, being the CLIENT the only responsible for the content downloaded through the VisualTime solution. Likewise, the SUPPLIER is exempted from establishing security measures higher than those required by law, especially in case of violation by the CUSTOMER of the restrictions of use described in paragraph K.

K Restrictions on Use

K.1 The CUSTOMER and its AUTHORIZED USERS may not make use of this license, nor access the VisualTime application, if the CUSTOMER is a competitor of the SUPPLIER in the market. A competitor is any company that manufactures, sells or distributes access control or time management solutions for personnel at work of any kind (schedule compliance, production or task times, etc.).

K.2 The CUSTOMER may not:

a) Incurring in actions that are illicit, illegal or contrary to the provisions of this contract.
b) Reverse engineering.
c) Access the application to create a competitive product or service.
d) Create a product that uses ideas, features or functions similar to VisualTime.
e) hindering the service of the VisualTime solution by using viruses or other software programs designed to
with the purpose of damaging the VisualTime solution software or any hardware of the SUPPLIER.

f) Make unauthorized modifications or create versions of the VisualTime solution, as well as any other software.
employed by the SUPPLIER.

g) Use any type of script, robot or technology to monitor the SUPPLIER’s website or the VisualTime solution.
h) Pretending to be any other natural or legal person.
K.3 The CLIENT agrees that the AUTHORIZED USERS will use the VisualTime application:

a) In full compliance with the conditions of use described in the user manuals.
b) Without making any attempt to breach access levels, mishandle data, attempt to gain access to
restricted areas of the SUPPLIER’s computer application, introduction of programs, viruses or any device

that may produce or will produce modifications or alterations in the application of the SUPPLIER.

L Contract Integrity and Safeguard Clause

L.1 Each of the provisions of this contract must be interpreted separately and independently from the others. If any of them should become invalid, illegal or unenforceable by virtue of any legal rule or be declared null and void or ineffective by any court or administrative authority, the nullity or ineffectiveness of the same shall not affect the other stipulations, which shall retain their full validity and effectiveness. The parties agree to replace the clause or clauses affected by another or others that have the effects corresponding to the purposes pursued by the parties in this contract.

L.2 The present contract includes all the existing agreements between the parties, and cancels and revokes, if applicable, any other agreements or understandings, verbal or written, that were in force at the date of its execution. This contract may be modified by written agreement of the parties.

M Applicable Law and Jurisdiction

M.1 This contract shall be governed by the terms expressly agreed by the parties in this contract and by Spanish law.

M.2 It is the will of the parties, Supplier and Buyer, to expressly waive the jurisdiction of the courts and submit to arbitration any controversy, question, incidence that may arise between them in connection with this Order.

M.3 The hearing and decision of disputed matters shall be entrusted to a sole arbitrator, who shall be appointed from among the Arbitral Tribunal of Barcelona by agreement of the parties when the dispute arises or, failing such agreement, by the President of the Court, in accordance with the Statutes of the Court.

M.4 It shall be understood that there is no agreement when within fifteen calendar days of the request of one party to the other, there is no affirmative response.

M.5 For any case of doubt or discrepancy with respect to the interpretation or fulfillment of this document, or in the event that there is no agreement between the parties, waiving the jurisdiction of their domicile or any other if they have one, they expressly submit to the Jurisdiction and Jurisdiction of the Courts and Tribunals of the city of Barcelona.

Annex I: Service Level Agreement (SLA-Service Level Agreement)

A Computation of Response Times

A.1 Response Times in any case do not start before notification of an Incident or Breakdown to the SUPPLIER’s HelpDesk Service by AUTHORIZED USERS. The CUSTOMER, through an AUTHORIZED USER, must report the type of incident, namely whether it is:

a) An Incidence in the Terminals and/or Accessories.
b) A Failure in Terminals and/or Accessories.
c) An Incidence in the normal use of the VisualTime application.
Depending on the type of the same, it is necessary to provide additional basic information:

d) In the case of breakdowns in Terminals and/or Accessories, Response Times will not be computed in any case until the CUSTOMER specifies in which specific units the breakdown occurs.
e) In the cases of Incidents in Terminals and/or Accessories, for the Response Times, it will not be computed in any case until the CUSTOMER specifies which persons and in which units of Terminals and/or Accessories present the incident.
f) In the cases of Incidents in the normal use of the VisualTime solution, for the Response Times, it will not be computed in any case until the CUSTOMER specifies in which screens or specific procedures the incident occurs.
A.2 The hours, fractions of days or days elapsed since the notification of an incident, in which the SUPPLIER cannot work to resolve it for reasons beyond its control, shall not be counted for the purposes of Response Times. This includes force majeure and situations in which the SUPPLIER is awaiting a response from the CUSTOMER.

A.3 There are situations in which it is possible to open an incident by personnel outside the group of AUTHORIZED USERS. On these occasions no information of any kind is shared between them and the SUPPLIER, but the SUPPLIER may initiate actions to diagnose and solve the incident. In these cases Response Times do not compute until communication is made with an AUTHORIZED USER.

B General Exceptions to the Service Level Agreement

The following situations are explicitly excluded from this SLA, subject to other exclusions that may occur:

B.1 Planned Maintenance Tasks

The SUPPLIER, with sufficient advance notice, may schedule maintenance or update tasks for the VisualTime application. It is the will of the SUPPLIER to perform these tasks in dates and hours of less access to the application, however, there may be updates for security reasons that must be applied with minimum planning.

B.2 Service incidents attributable to the HOSTING SUPPLIER contracted by the SUPPLIER.

The SUPPLIER guarantees that, at the time of proposing this offer, the proposed HOSTING SUPPLIER has monthly and annual service levels above 99.5%. However, if the CUSTOMER wishes, he/she can request the offer with another Hosting provider.

If the HOSTING PROVIDER will present continued incidences once the present contract has started, the CLIENT and/or the PROVIDER may mutually agree to change to another Hosting provider. In such cases, the SUPPLIER shall bear the costs associated with the migration of the platform and data. In the event that the new Hosting provider agreed has a higher cost, the CUSTOMER will be responsible for the monthly cost increase.

B.3 Access attempts not complying with the requirements, especially from unsupported browsers.

The SUPPLIER guarantees access to the VisualTime application with the browsers and versions indicated in this offer (see technical requirements), as of the date of the offer. The SUPPLIER, as indicated in said requirements, shall update the VisualTime application as quickly as possible to be compatible with new versions that may be released after the submission of the offer. However, the periods from the appearance of a new version of a browser that is incompatible with the VisualTime application until the SUPPLIER installs the update with which said browser becomes compatible, shall not be counted as unavailability of access.

B.4 Attempts to access in breach of the Terms of Use described in this Agreement.

The SUPPLIER disclaims all liability for access attempts in violation of the Terms of Use described in this contract.

B.5 Service incidents attributable to the INTERNET SERVICE PROVIDER contracted by the CUSTOMER.

The SUPPLIER disclaims all liability due to the unavailability of the Internet service by the INTERNET SERVICE PROVIDERS contracted by the CUSTOMER.

B.6 Service incidents attributable to the INTERNET SERVICE PROVIDER contracted by the SUPPLIER.

The SUPPLIER, at the time of proposing this offer, has a service redundancy plan for the availability of the Internet service. If the INTERNET SERVICE PROVIDERS present incidents in the availability of the Internet service beyond the PROVIDER’s control, the latter is exempt from all responsibility.

C Availability of access to the VisualTime application

C.1 The SUPPLIER guarantees the availability, access and operation of the VisualTime application 99.00% of the time, without taking into account Planned Maintenance Tasks and provided that the accesses are made by AUTHORIZED USERS following the Conditions of Use and Restrictions described above in this Agreement.

C.2 The SUPPLIER shall use commercially reasonable efforts to meet or exceed the agreed access availability levels. If during the period of one month the SUPPLIER is not able to provide the mentioned 99.00% of the agreed access level, the CUSTOMER will be entitled to receive a discount according to the following penalty table:

(*) The percentage of access availability is measured monthly, from the first day of the month to the last day of the month.

C.3 If the availability of access to the VisualTime application is less than 95% continuously for 6 months, the CUSTOMER shall have the right to cancel this contract.

D Terminal failures

D.1 The maximum time without penalty for the resolution of faults in Terminals and/or Accessories is 4 working days, computed as indicated in the general provisions of this Service Level Agreement.

D.2 PENALTIES in the event of non-compliance with the response and action times described in this contract, in the event of failures related to the terminals, a credit will be applied, calculated as detailed below:

a) Each failed Terminal, and failed Accessories shall be counted, but if a failed Accessory is connected to a failed Terminal it shall be counted as only one.
b) The Daily Quota shall be established by dividing the monthly quotas indicated in the contract, divided by 30.
c) For each day of delay, double the Daily Fee divided by the number of Terminals in the facility shall be paid.
(For example, if the CUSTOMER has 5 terminals in contract, the daily fee x 2 / 5 would be paid for each day of delay. Another example: If a CUSTOMER has only 1 terminal, the daily fee x 2 would be paid for each day of delay).

E Terminal Incidents

E.1 The maximum time without penalties for the resolution of incidents in Terminals and/or Accessories is 4 working days, computed as indicated in the general provisions of this Service Level Agreement.

E.2 PENALTIES. Due to the fact that Terminal and/or Accessory Incidents affect, by definition, less than 10% of the personnel (otherwise they would be considered Breakdowns), penalties in case of non-compliance with response times are established as 10% of the amounts indicated in case of Terminal and/or Accessory Breakdowns.

F Incidents in the normal use of the VisualTime application

F.1 The maximum time without penalties to offer solution to the Incident in the normal Use of VisualTime is 3 working days, computed as indicated in the General Provisions of this Service Level Agreement.

F.2 PENALTIES in case of non-compliance with the response and action times described in this contract, in incidents related to the operation of the VisualTime application.

F.3 EXCEPTIONS: In addition to the exceptions contemplated in this Annex, the following situations do not give rise to penalties in Incidents in the normal use of the VisualTime application:

a) Incidents in actions that can be performed in an alternative way without cost to the CUSTOMER.
If the software allows to perform an action in alternative ways (of similar complexity), and one of them presents an Incident, the SUPPLIER has the commitment to repair such incidence once it has dealt with other incidences or higher priority improvements. In this case no penalties are applicable as there is no impediment for the AUTHORIZED USERS to use the application.

b) Incidents for which the SUPPLIER offers alternative solutions, at the SUPPLIER’s expense.
For all purposes described in this contract, any Incident in the application that is solved or avoided through manual tasks by Certified Consultants or other certified personnel of the SUPPLIER, at the SUPPLIER’s expense, shall not be considered as an open Incident nor, for the duration of such alternative solutions, subject to possible penalties.

G Miscellaneous provisions

PENALTIES CANNOT BE ACCUMULATED – Several penalties cannot be applied, in the event that the CUSTOMER may request several, he/she must claim the highest of them.

H Notification and Credits

H.1 The CUSTOMER must formulate the claim in writing to the address of the SUPPLIER within 10 days from the occurrence of the claimed events.

H.2 In the event that the SUPPLIER does not respond to the CUSTOMER within 30 days of receipt of the claim, the claim shall be deemed confirmed.

H.3 The amounts paid to the CUSTOMER shall be applied as discounts in the following invoices issued by the SUPPLIER related to this Contract.