VisualTime SaaS contract clauses – 12/11/2020 – Robotics, S.A.

Version v.4

Published on 12/11/2020

Authorized Users

Individuals or legal entities assigned by the CUSTOMER who will use the application and interact with the SUPPLIER’s personnel so that the latter can provide the necessary services.

There are different levels of authorization of Authorized Users by the CUSTOMER, to guarantee the CUSTOMER that the SUPPLIER will only deal with topics from different areas (HR, security, technology…) with the appropriate person.

The initial authorization form for Authorized Users can be found in the VisualTime solution proposal.

Whenever the CUSTOMER wishes, you can register or cancel Authorized Users through the HelpDesk Service of the SUPPLIER.

Third

Any natural or legal person who is not a party to this contractual relationship.

Terminals

All physical devices for the introduction of user data, and transferred by the SUPPLIER to the CLIENT to provide the services described in this contract, excluding the elements offered as “External elements”.

Hosting Provider

The company with which Robotics S.A. subscribes to the hosting services is Microsoft Ireland Operations Ltd. with address at Carmenhall Rd, Sandyford, Dublin 18 Ireland.

File

All the documentation that refers to personal data of any natural person, which is introduced in the VisualTime application.

Object

The purpose of this contract is to regulate the relationship between the CLIENT and the SUPPLIER with respect to the VisualTime solution detailed in the offer, as well as to establish the personal data protection policies in compliance with article 28 of the General Data Protection Regulation (RGPD).

The purpose of the VisualTime solution contracted is for the SUPPLIER to provide the CLIENT with time management services for its personnel.

All the services indicated in the present offer will be carried out in accordance with the legislation in force and the provisions of the applicable regulatory regulations.

License of use and provision of services

A Duration, Term of Contract and Terms of Payment

The minimum duration of this contract will be TWO YEARS, and it will be automatically renewed for annual periods, except in the cases indicated in the CANCELLATION section.

A.1.1 The contract may be cancelled in the following cases:

1. a) The CUSTOMER may terminate the contract by informing the SUPPLIER 30 calendar days prior to the end date of the period contracted in the last renewal. The cancellation must be made by proving the identity of the CUSTOMER and in writing to the SUPPLIER.
2. b) For serious breach of the contractual obligations of any of the parties.
3. c) For late payment of more than 3 months.

A.1.2 In any case, the cancellation, termination or cancellation of the contract for reasons beyond the control of the SUPPLIER does not exempt the CUSTOMER from the payment of the entire annual contracted period.

A.1.3 In case of Cancellation, if the CUSTOMER has SUPPLIER Terminals as part of this contract, clauses C.6 and C.7 (in the Terminals section) apply.

A.2 Temporary suspension of service due to non-payment and reactivation

A.2.1 In the event of a delay in payment of more than 15 calendar days, the SUPPLIER reserves the right to temporarily suspend the service until payment is received.

A.2.2 Upon receipt of the payment due, the SUPPLIER will restore the service within 24 hours and will issue an invoice to the CUSTOMER with the amount of suspension and reactivation of the service corresponding to 2 hours of certified technician service according to the rates of Robotics S.A. in force at the time.

A.3 Disposition of Data after deletion

A.3.1 There is a data file in open format (not owned by the SUPPLIER) with the data of the service provided by the SUPPLIER to the CUSTOMER.

A.3.2 In the event of cancellation and only if the CUSTOMER is up to date with payments to the SUPPLIER, the SUPPLIER will make the file available to the CUSTOMER for a period of 30 calendar days.

A.3.3 In the event that the CUSTOMER is not up to date with payment at the time of cancellation, the CUSTOMER will have 30 calendar days to pay the outstanding amount. The SUPPLIER will make the data file available to the CUSTOMER until 30 calendar days have elapsed since the cancellation of the service.

A.3.4 In all cases of cancellation, after 30 calendar days the SUPPLIER will proceed to the final destruction of the CUSTOMER’s data. The SUPPLIER will keep the data duly blocked, as long as liabilities may arise from its relationship with the CUSTOMER.

B Notifications

The CLIENT expressly accepts that all notifications, communications and information necessary with the SUPPLIER for the provision of the services described in this contract will be carried out, as long as the law allows it, by written electronic means, the only exception being requests for cancellation of service or termination of contract.

Robotics will use the email addresses provided by the customer in this contract to inform about updates, new functionalities, regulations, services, new versions of VisualTime, news about maintenance plans, events, news and advertising.

You can cancel this subscription at any time by the same email you receive.

C Terminals

C.1 Commissioning

The SUPPLIER will implement the terminals offered, while offering the CUSTOMER support regarding their use and the legality of biometric systems, providing documentation to inform the CUSTOMER’s staff that will use such terminals.

C.2 Incidents in the Use of Terminals and/or Accessories

C.2.1 Any situation that prevents the normal use, as described in the manuals, of the Terminals and/or Accessories to less than 10% of the personnel registered in that Terminal and/or Accessory is considered an Incidence in the Use of Terminals and/or Accessories. In the case of situations that affect more than 10% of the staff, it is considered as a breakdown.

C.2.2 In the event of an Incident in the Use of Terminals and/or Accessories, an AUTHORIZED USER of the CUSTOMER must contact the SUPPLIER’s HelpDesk Service to notify the same immediately, without the failure or delay in notification being attributable to the SUPPLIER. All response times indicated in this section take the date of notification to the Helpdesk as a reference.

C.2.3 The SUPPLIER shall resolve the Incident in compliance with the conditions described in the Service Level Agreement Annex.

C.3 Malfunctions in the Use of Terminals and/or Accessories

C.3.1 The non-functioning of a Terminal and/or Accessory for more than 10% of the personnel registered in it is considered a Failure.

C.3.2 In the event of a breakdown, an AUTHORIZED USER of the CUSTOMER must contact the SUPPLIER’s HelpDesk Service to notify it immediately, without the failure or delay in notification being attributable to the SUPPLIER. All response times indicated in this section take the date of notification to the Helpdesk as a reference.

C.3.3 Once the fault has been reported, the Helpdesk will carry out a rapid fault diagnosis. Once diagnosed, there are three possible courses of action as determined by the PROVIDER’s Helpdesk operator:

a) Problems due to the application or communications with the VisualTime solution.
The SUPPLIER’s Terminals and/or Accessories guarantee the storage of data for at least 1 month.

The SUPPLIER shall resolve the fault in compliance with the conditions described in the Service Level Agreement Annex.

b) Physical failures in the Terminal and/or Accessories.
The SUPPLIER will inform the AUTHORISED USER of the two available options, who will select the most convenient one. The options are:

b.1) Sending a technician of the SUPPLIER to check and repair the Terminal.

The SUPPLIER shall resolve the fault in compliance with the conditions described in the Service Level Agreement Annex.

b.2) The Fast-RMA system consists of:

1. i) Urgent shipment SAME DAY or NEXT WORKING DAY (depending on the time of notification of the incident) of a pre-configured terminal from the SUPPLIER to the CUSTOMER, carriage paid.
2. ii) Upon receipt by the CUSTOMER, a technician from the SUPPLIER will advise on the process of replacing the faulty terminal with a new one.
3. iii) Once replaced, the CUSTOMER shall send the faulty Terminal to the SUPPLIER, with the transport agency indicated by the SUPPLIER, at the SUPPLIER’s expense. You will have 15 calendar days to do so.
4. iv) If after 15 calendar days from receipt of the Terminal by the CUSTOMER, the CUSTOMER has still not delivered the damaged Terminal to the transport agency indicated by the SUPPLIER, the said Terminal will be treated as a Terminal not returned in Conditions to the SUPPLIER, applying the clauses described in C.7.

c) Breakdowns due to causes and/or reasons beyond the control of the Terminal and/or Accessories and beyond the solution of the SUPPLIER.
The HelpDesk Service personnel will inform the AUTHORIZED USER of all the information and diagnostics available to the PROVIDER so that the CLIENT’s personnel can proceed with the repair. This includes, for example, power failures, use of unauthorized or broken cards, incorrect access attempts due to lack of authorization, etc.

C.4 Coverage in case of Breakdowns and Repairs

C.4.1 All expenses arising from repairs of breakdowns within the normal use of the solution are covered: parts, labour and travel.

C.4.2 Normal use of the solution is understood to be that described in the manuals of the same, and includes the wear and tear of batteries and surfaces of digital biometric readers.

C.4.3 They are outside the normal use of the solution, but are not limited to:

a) The improper use of the materials supplied by personnel not belonging to the SUPPLIER.
b) Any form of sabotage
c) Damage caused by incorrect handling by personnel not employed by the SUPPLIER.
d) Causes outside or external to the materials themselves (fire, flooding, overvoltage, overcurrent, defective or poor quality earthing systems, radio frequency emissions, magnetic fields, etc.).
C.4.4 Expenses arising from repairs of breakdowns not included in the normal use of the solution will be budgeted and invoiced according to the current rates. This explicitly includes, but is not limited to, malfunctions due to vandalism, overvoltage or those in which liquid residues are found inside.

C.5 Data Entry Service from HelpDesk during an Incident or Failure

C.5.1 The CUSTOMER has forms to enter records of the affected personnel in the Incident Action Procedures documents. In addition, the CUSTOMER may request the SUPPLIER’s HelpDesk Service to provide him/her with forms for entering punches whenever he/she wishes.

C.5.2 From the moment that an Incident or Malfunction has been notified to the SUPPLIER, the CUSTOMER can send these forms filled in with the personnel and clocking times to the HelpDesk Service of the SUPPLIER by e-mail, indicating the number of the Incident or Malfunction, and the SUPPLIER will enter them in the VisualTime solution.

C.5.3 This service is free of charge for Incidents and Malfunctions that fall within the normal use of the Solution, as described in D.5. In all other cases, you will be billed according to the current HelpDesk Operator rate for fractions of an hour.

C.6 Return of Terminals and/or Accessories in case of termination or cancellation of contract

C.6.1 If either party terminates or cancels the Contract, the CUSTOMER shall return the Terminals (including accessories thereof) that are part of this contract to the SUPPLIER within the following 15 calendar days.

C.6.2 Terminals that are not returned within this period shall be considered as Terminals Not Returned to Supplier or Returned in Poor Condition and the clauses described in C.7 shall apply.

C.7 Terminals and/or Accessories Not Returned to Supplier or Returned in Poor Condition

C.7.1 If one or more Terminals and/or Accessories are not returned to the SUPPLIER within the deadlines indicated, they will be invoiced by the SUPPLIER at the SUPPLIER’s rates (for the most common models, see below). It is understood that it has been returned to the SUPPLIER if it has been delivered to the transport agency indicated by the SUPPLIER.

C.7.2 If one or more Terminals and/or Accessories are returned to the SUPPLIER in poor condition, non-operational or with significant knocks or scratches, the SUPPLIER may claim by invoice up to 100% of the amount of such Terminals. The SUPPLIER in any case understands that it is used material and will only claim in case of existing damages that are not due to the normal use of the solution. The CUSTOMER may request a third party expertise in case of disagreement.

C.7.3 The prices of the terminals are as follows: rx1 for VisualTime 895€, mx9 for VisualTime 1.395€, rxF 2 for VisualTime 1.095€, rxF Pro for VisualTime 1.495€ and the rxF Pro TD 2.195€.

C.8 Miscellaneous provisions

C.8.1 The SUPPLIER reserves the right to replace, if necessary, the Terminals and/or Accessories with others of similar characteristics, always guaranteeing the functionalities that the CUSTOMER had in the initially contracted models.

C.8.2 The CUSTOMER agrees to provide access to identified personnel of the SUPPLIER to the locations of the Terminals and/or Accessories, in order to check, install, uninstall, repair and/or update them. In the event that the CUSTOMER delays access to the identified personnel of the SUPPLIER, with written notification of the action, for more than 30 minutes, the waiting time may be billed by the SUPPLIER according to the current rates for certified technician hours.

C.8.3 If the CUSTOMER requests new terminals not included in the initial offer, the minimum duration of the new terminals will be two years, regardless of the duration of the initial contract, being automatically renewed for annual periods.

D License

D.1 Concession

D.1.1 By this Agreement, the SUPPLIER grants a worldwide, non-transferable and non-exclusive right to use the VisualTime service, solely for its own internal business use and subject to the conditions of this Agreement.

D.1.2 All rights not explicitly indicated are reserved to the SUPPLIER.

D.2 Warranties

The SUPPLIER guarantees that the VisualTime solution will perform substantially in accordance with the user documentation and commits itself to the proper operation of the application under normal use as described in the user documentation.

D.3 Access and Audit

D.3.1 The SUPPLIER shall provide credentials and passwords to the AUTHORISED USERS, all of them with the access levels to be agreed at the start-up.

D.3.2 The SUPPLIER guarantees that the VisualTime solution carries out, at all times, an audit of all accesses and actions carried out in the system, whether by the CLIENT’s or the SUPPLIER’s personnel.

D.3.3 AUTHORIZED USERS and the CLIENT are responsible for maintaining the secrecy of their credentials. Under no circumstances will the PROVIDER be held responsible for data modified, deleted, extracted or viewed by accessing VisualTime with these credentials.

D.3.4 The SUPPLIER guarantees that access by its personnel has an additional security system that prevents the copying or communication of credentials between personnel and that only data and resources for the development of the contracted services will be accessed.

D.4 Incidents in the Use of the VisualTime application

D.4.1 In the event that the operation of any of the parts of the VisualTime solution is not as described in the instruction manual, the CUSTOMER must notify the SUPPLIER of the Incident to the HelpDesk Service.

D.4.2 The SUPPLIER shall offer a solution to the incident in compliance with the conditions described in the Service Level Agreement Annex.

D.4.3 Because application modifications require extensive testing and time, the solution can be temporarily performed manually by the SUPPLIER’s personnel, all at no cost to the CUSTOMER.

D.5 Number of people managed in the License

D.5.1 The maximum number of Persons managed with the License is detailed in the License offer. This is the maximum number of people who can have an active contract at VisualTime at the moment. Users whose contracts are inactive on VisualTime do not count for this purpose.

D.5.2 In the event that AUTHORIZED USERS schedule new registrations for future dates, and the total number of people managed for those future dates exceeds that of the license, the VISUALTIME application will notify the AUTHORIZED USERS. If AUTHORIZED USERS decide to proceed, CUSTOMER must extend the Number of Managed Persons on the license before that date arrives.

D.5.3 If the VisualTime application detects, for the current date, a number of people managed higher than the maximum, access and service will be prevented until the CLIENT indicates to the SUPPLIER how he/she wishes to proceed.

a) The CUSTOMER may request a license extension from the SUPPLIER (see D.6).
b) The CLIENT, through the AUTHORIZED USERS, can ask the PROVIDER to make modifications to the VisualTime data to rectify the situation (if, for example, it has been due to an error for not deactivating people in time). In this case it will be treated as if it were an enquiry or service request as detailed in section F of Annex 1: Service Level Agreement.

D.6 License Extensions

D.6.1 Any functional extension, in terms of maximum number of people managed or maximum number of concurrent users, is considered a License Extension.

D.6.2 If the CUSTOMER requests and accepts a License Extension, the SUPPLIER will activate the new license within 24 hours of acceptance and will issue an invoice for the remaining incremental amount until the end of the current year. This amount will be calculated based on the difference between the previous instalment and the new monthly instalment, considering the current month and the remaining months until the next annuity. The License Extension will have a minimum duration of two years, independently of the duration of the initial License, being automatically renewed for annual periods.

D.7 License Reductions

D.7.1 Any reduction in the maximum number of persons managed or maximum number of concurrent users is considered a License Reduction. Functional reductions are not covered in this contract and need to be assessed on a case-by-case basis, as they may not be possible or may incur costs in terms of technician or consultant hours to ensure the compatibility of the solution once the functionalities have been reduced.

D.7.2 The CUSTOMER must request License Reductions (terminals and/or software) at least 15 days prior to the end of the current contracted period. If the CUSTOMER requests and accepts a reduction of the license in number of people managed, number of users or terminals within this period, the SUPPLIER will activate the new license at the end of the current annual period that is already billed.

D.7.3 Under no circumstances shall License Reductions be made prior to the following year.

D.8 Assignment

The subject matter of this contract is of a personal nature. The SUPPLIER may, upon compliance with all the requirements set forth in current legislation, as well as prior notification to the CLIENT, transfer the ownership of the same without the need to obtain the express consent of the CLIENT, without prejudice to the CLIENT’s right to terminate the contract within 10 days of receipt of the notification of transfer.

E Continuity and Maintenance Service

E.1 Authorized contact personnel

E.1.1 Any service in which there is communication of personal data will only be carried out between the SUPPLIER and AUTHORISED USERS with “Business Information” access level.

E.1.2 Any service involving sensitive data communications about physical access control systems or physical security in general will only be performed between the SUPPLIER and AUTHORIZED USERS with the “Physical Access and Security Information” access level.

E.1.3 Any service in which there are sensitive data communications about the CUSTOMER’s IT infrastructures will only be carried out between the SUPPLIER and AUTHORIZED USERS with the “Technical and Information Systems Information” access level.

E.1.4 Any USER AUTHORIZED by the customer with “Administrator” levels can modify, add or remove permissions from AUTHORIZED USERS.

E.2 Services and coverages included

E.2.1 Monitoring: The SUPPLIER undertakes to monitor the status of the service and the connectivity of the Terminals and/or Accessories to the system, in order to detect possible incidents and/or faults and to act on them proactively, even before the CUSTOMER becomes aware of them. All this will be carried out regardless of the fact that the CUSTOMER may inform the SUPPLIER of any incident or breakdown at its own expense.

E.2.2 Resolution of doubts and queries: The SUPPLIER provides the client with a HelpDesk Service, by email or telephone, for the attention and resolution of doubts and queries about the daily operations and management elements of VisualTime described in the manual. The SUPPLIER guarantees that any doubt or query will be answered within the defined time of the Continuity and Maintenance Service.

E.2.3 Changes in management: The SUPPLIER makes available to the client changes in time management, access, registrations, cancellations and changes in contracts or authorisations.

E.2.4 Annual operations: The SUPPLIER makes available to the CUSTOMER the application of annual work calendars and holiday templates delivered in Excel format or equivalent by the CUSTOMER.

E.2.5 Alerts: The SUPPLIER makes available to the CUSTOMER the configuration of alerts to task managers that require intervention by the CUSTOMER.

E.2.6 Integration: The SUPPLIER makes available to the CUSTOMER the queries related to export/import with a defined response time according to modality of The Continuity and Maintenance Service, format changes in links with another application are not included.

E.2.7 Daily operations: The SUPPLIER makes available to the CUSTOMER the service of requesting advanced reports or data extraction from the external application to the analytical tools and reports included. This service is included in any type of Continuity and Maintenance Service but is subject to additional billing.

E.2.8 Integration: The SUPPLIER makes available to the CLIENT changes to the data export and import format, including quality testing and updated documentation. This service is included in any type of Continuity and Maintenance Service but is subject to additional billing.

E.2.9 Upgrades: The SUPPLIER agrees to upgrade the application, firmware of the terminals and replace the terminals on-site before they become obsolete with the current equivalent model.

E.2.10 HelpDesk: The SUPPLIER makes a complete HelpDesk Service available to the Client, by e-mail or telephone. Depending on the type of Continuity and Maintenance Service chosen, refresher training or a day to resolve consultancy queries per year is included.

E.2.11 Optimisation: The SUPPLIER undertakes to carry out a consultancy service with the aim of producing an annual efficiency report, with study and call for advice by a consultant.

E.2.12 Incident training: The SUPPLIER undertakes to carry out a training course after installation and commissioning. Depending on the type of Continuity and Maintenance Service chosen, the duration of the service is defined.

E.2.13 Data Backup: The PROVIDER agrees to have a backup plan in place that is executed for both Continuity and Maintenance Service modes.

E.2.14 Repair of terminals: The SUPPLIER makes available to the CUSTOMER the FastRMA service consisting of the urgent delivery free of charge of a pre-configured terminal at the time it is determined that it is a physical breakdown. It includes remote support for doubts in the replacement procedure and the shipment of the unit to be repaired can be done without urgency once replaced for all the modalities of the Continuity and Maintenance Service.

E.2.15 Technical assistance times: The SUPPLIER provides the CUSTOMER with a HelpDesk and technical assistance service with a maximum response time defined in the Continuity and Maintenance Service mode.

F Data protection

F.1 The provision of the Services implies the need to access personal data. The SUPPLIER, as data processor, is obliged to comply with the general data protection regulation entered into force on 25 May 2018 and other applicable regulations.

F.2 The CLIENT and the SUPPLIER freely agree to regulate the access and processing of data as detailed in this contract (in compliance with Article 28 of the General Data Protection Regulation (GDPR).

F.3 In order to provide the services associated with the VisualTime platform and to manage the access and/or presence control system of the CLIENT’s personnel, the SUPPLIER, in charge of the processing, is authorised to process the personal data necessary to provide the contracted services, under the responsibility of the CLIENT, on behalf of the client, who is responsible for the processing:

• Employee identification data: name and surname, e-mail, telephone.
• Other employee data: NIF, date of birth, address, mobile phone, private e-mail.
• Employment data: job position, academic qualifications, start date of contract, probationary period, social security, type of contract in force, calendar and working hours.
• Biometric data: All those allowed per terminal.
• Location data of the signing (in case it applies to any of the contracted services).

In the event that the SUPPLIER processes and manages the subsidy for training courses, data on Social Security affiliation, level of studies, gross salary and disability status will also be processed.

The processing operations will be those necessarily derived from the provision of services, including mainly the registration and hosting of data.

F.4 The data stored in the VisualTime solution are the property of the CLIENT as Data Controller. For the purposes of Article 28 of the GDPR, the SUPPLIER will only access the personal data to which it has access in accordance with the instructions of the CUSTOMER and always in consultation/reading mode and will not apply or use them for a purpose other than the purpose of the Contract, nor will it communicate them, not even for storage, to other persons. In the event that the SUPPLIER uses the data for another purpose, communicates them or uses them in breach of the provisions of the Contract, he/she will also be considered responsible for the processing, and will be liable for any infringements that he/she may have personally incurred.

F.5 The CLIENT, with respect to files containing personal data, declares that it complies with all legal requirements for their collection and processing. It also states that it has adopted the necessary technical and organisational measures to guarantee the security of the personal data included in the files, as established in the current legislation on personal data protection.

IT IS UP TO THE SUPPLIER

F.6 The SUPPLIER undertakes to process the data only in accordance with the instructions of the CUSTOMER as documented in the contract regulating the provision of services, in this Agreement or otherwise in writing, on the basis of the regulations in force and the purpose stipulated within the framework of the contractual relationship to ensure the continuity of the services provided, and not to apply or use them for purposes other than those stipulated in this document, nor to communicate them, not even for storage to third parties.

F.7 To process the data in accordance with the instructions of the data controller. If the SUPPLIER considers that any of the instructions infringes the GDPR or any other data protection provisions of the Union or the Member States, the SUPPLIER will immediately inform the CUSTOMER.

F.8 Keep, in writing, a record of all categories of processing activities carried out on behalf of the CUSTOMER, containing:

The name and contact details of the processor(s) and of each controller on whose behalf the processor is acting and, where applicable, of the representative of the controller or processor and of the data protection officer.
The categories of processing carried out on behalf of each data controller.
Where applicable, transfers of personal data to a third country or international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the GDPR, documentation of appropriate safeguards.
An overview of the technical and organisational security measures in accordance with the GDPR.
F.9 The SUPPLIER shall notify the CUSTOMER without undue delay of any breach of security of personal data of which it becomes aware, providing all the details necessary for the CUSTOMER to comply with the obligations of notification to the supervisory authority and communication to data subjects established in the applicable regulations.

F.10 The termination, resolution or extinction of the contract for the provision of services will imply the obligation on the part of the SUPPLIER to delete or return to the CUSTOMER the personal data provided, as well as any support or document containing any personal data subject to processing, as indicated in point A3 of the contract for the license of Use and Services.

IT IS UP TO THE CUSTOMER

F.11 The CLIENT shall adopt the necessary technical and organizational measures to ensure the security of personal data and avoid its alteration, loss, treatment or unauthorized access, given the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or the physical or natural environment.

F.12 It is up to the Client (i) keep a record of registration activities; (ii) carry out an assessment of the impact on the protection of personal data of the processing operations to be carried out by the processor; (iii) carry out the appropriate prior consultations; (iv) ensure, prior to and throughout the processing, that the processor complies with the GDPR; (v) overseeing treatment, including conducting inspections and audits; and, (vi) sign with the clients that are going to use the VisualTime solution, the mandatory contract where the subcontracting, to the SUPPLIER, of the services mentioned in the present contract is informed.

F.13 The CUSTOMER expressly authorizes the SUPPLIER to subcontract hosting services (Cloud Computing) with Microsoft Ireland Operations Ltd. for the proper provision of the licensed service, in full compliance with the RGPD, being the servers located in the European Union.

F.14 The CLIENT expressly authorizes the SUPPLIER to communicate data to third parties whose intervention is deemed appropriate for the proper performance of the services provided. In this case, the SUPPLIER is obliged to sign a data processor contract with the third party, stipulating the obligations that the third party must comply with in terms of personal data protection.

F.15 The CUSTOMER shall duly respond to any notifications received from the SUPPLIER regarding the processing of data; in particular, those relating to subcontracting of processing, security breaches and instructions given by the CUSTOMER which, in the opinion of the SUPPLIER, infringe data protection regulations.

F.16 The SUPPLIER will assist the CUSTOMER in responding to the exercise of rights. When the persons concerned exercise their rights of access, rectification, deletion, opposition, limitation of processing and/or data portability before the SUPPLIER, the SUPPLIER shall notify the CLIENT of this fact as soon as possible. It will be the responsibility of the CUSTOMER to respond to the affected party, although the SUPPLIER will be obliged to collaborate and provide any information required by the CUSTOMER to meet the request.

F.17 Data protection responsibilities can be found in section J (Responsibilities).

G Confidentiality

G.1 The SUPPLIER shall maintain due professional secrecy regarding the personal data to which it has access and require the same level of commitment in writing from any person within its organization involved in any phase of the processing of personal data, both during its professional relationship with the CUSTOMER, and once it is terminated for any reason.

G.2 The CLIENT undertakes to respect the provisions of current data protection regulations, as well as to keep secret all information concerning the SUPPLIER to which it has access, and undertakes to return any information or documentation belonging to the SUPPLIER in its possession in the event of termination, termination or expiry of the contract for the provision of services.

H Hosting VisualTime application

H.1 The information entered in the VisualTime application is hosted on the servers of the HOSTING PROVIDER indicated in this contract.

H.2 The HOSTING PROVIDER is solely responsible for the proper functioning of the server, which is physically hosted on its premises. This company will also be considered as “PROCESSOR”, as far as the operation of the server is concerned.

H.3 The HOSTING PROVIDER guarantees that the hosting service is located within the European Union, so no international transfers are made.

H.4 SERVICE PROVIDER complies with the EU-US Privacy Shield Principles regarding the collection, use and retention of data from the European Union, the European Economic Area and Switzerland.

I Intellectual Property and Industrial Property

I.1 The PROVIDER (and its licensors if applicable) is the owner of all rights and interests, including all related intellectual property rights in the technology, content and service of the PROVIDER and any suggestions, ideas, enhancement requests, comments, recommendations or other information provided by an AUTHORIZED USER or any other party related to the service and licenses provided.

I.2 This agreement is not a sale and does not grant you any ownership rights in the service, the technology of the SUPPLIER or the intellectual property rights held by the SUPPLIER.

I.3 The name Robotics S.A., VisualTime, the Robotics S.A. logo, and the VisualTime logo, as well as the names of services associated with the VisualTime solution are trademarks of the SUPPLIER or third parties and no right or license is granted for their use.

J Responsibility

J.1 Except in the event of a claim or cause of action relating to the CUSTOMER’s failure to pay, the liability of each party arising out of and in connection with this contract (for any purpose and for any claim whatsoever) shall not exceed the payments received by the SUPPLIER during the 12 months following such obligation or liability (as applicable).

J.2 Neither party, individually, shall have any liability with respect to such party’s obligations for indirect, special, consequential, punitive, exemplary or incidental damages, including damages for interruption of the other party’s business or losses.

J.3 The existence of more than one claim or cause of action shall not extend the limits of this Section J. PROVIDER shall not be subject to any equitable remedy in favor of CUSTOMER such as injunctive relief, specific performance or receivership.

J.4 Except in the case of a claim or cause of action related to CUSTOMER’s failure to pay, neither party shall bring any claim or cause of action against the other party more than two years after such claim or cause of action is asserted.

J.5 The party in breach of its obligations with regard to the protection of personal data shall be liable for any breaches personally incurred. In the event that the CUSTOMER or the SUPPLIER, its personnel or subcontractors fail to comply with any of the obligations assumed in this Contract or which, due to its status as the party in charge, it must comply with, in such a way that there is a breach of data protection regulations, the party in breach shall hold the other party harmless, in particular in the event of any sanction by the Spanish Data Protection Agency.

J.6 The SUPPLIER disclaims any liability for the information transmitted or disseminated through VISUALTIME and its website, provided that this information has been manipulated or introduced by an external user or third party.

J.7 The CUSTOMER is responsible for the use that can be made of any information extracted from the VisualTime solution, be it data, reports or service links.

J.8 The SUPPLIER is not responsible for the information and contents stored, including but not limited to. However, and in compliance with the provisions of art. 11 and 16 of the LSSI-CE, the SUPPLIER is available to all users, authorities and security forces, and actively collaborating in the removal or blocking, if necessary, of all content that could affect or contravene national or international legislation, the rights of third parties or morality and public order. In the event that the user considers that there is any content on the website that could be susceptible to this classification, please notify the SUPPLIER immediately.

J.9 The SUPPLIER is obliged to incorporate the appropriate and pertinent security measures described in the present document, being the CLIENT the only responsible for the content downloaded through the VisualTime solution. Likewise, the SUPPLIER is exempt from establishing security measures higher than those required by law, especially in the event that the CUSTOMER violates the restrictions on use described in section K.

K Restrictions on Use

K.1 The CLIENT and its AUTHORIZED USERS will not be able to make use of this license, nor access the VisualTime application, if the CLIENT is a competitor of the SUPPLIER in the market. It is understood that any company that manufactures, sells or distributes access control solutions or personnel time management at work of any kind (schedule compliance, production or task times, etc.) is a competitor.

K.2 The CUSTOMER may not:

a) Incurring in actions that are illicit, illegal or contrary to the provisions of this contract.
b) Reverse engineering.
c) Access the application to create a competitive product or service.
d) Create a product that uses ideas, features or functions similar to VisualTime.
e) To hinder the service of the VisualTime solution by using viruses or other software programs designed to
with the purpose of damaging the software of the VisualTime solution or any hardware of the SUPPLIER.

f) Make unauthorized modifications or create versions of the VisualTime solution, as well as any other software.
employed by the SUPPLIER.

g) Use any type of script, robot or technology to monitor the PROVIDER’s website or the VisualTime solution.
(h) Pretending to be any other natural or legal person.
K.3 The CLIENT agrees that the AUTHORIZED USERS will use the VisualTime application:

a) In full compliance with the conditions of use described in the user manuals.
b) Without making any attempt to breach access levels, mishandle data, attempt to gain access to
restricted areas of the SUPPLIER’s computer application, introduction of programs, viruses or any device

that may produce or produce modifications or alterations in the application of the SUPPLIER.

L Contract Integrity and Safeguard Clause

L.1 Each of the provisions of this contract is to be interpreted separately and independently of the others. If any of them should become invalid, illegal or unenforceable by virtue of any legal rule or be declared null and void or ineffective by any court or administrative authority, the nullity or ineffectiveness of the same shall not affect the other stipulations, which shall retain their full validity and effectiveness. The parties agree to replace the clause or clauses concerned by one or more other clauses having the effects corresponding to the purposes pursued by the parties in this contract.

L.2 This contract includes all the existing agreements between the parties, and cancels and revokes, where appropriate, any other agreements or understandings, verbal or written, were in force at the date of its signing. This contract may be amended by written agreement of the parties.

M Applicable Law and Jurisdiction

M.1 This contract shall be governed by the terms expressly agreed by the parties in this contract and by Spanish law.

M.2 It is the will of the parties, Supplier and Purchaser, to expressly waive the jurisdiction of the courts and submit to arbitration any dispute, question or incident that may arise between them in relation to this Order.

M.3 The hearing and decision of disputed matters shall be the responsibility of a sole arbitrator, who shall be appointed from among the Arbitral Tribunal of Barcelona by agreement of the parties when the dispute arises or, failing this, by the President of the Court, in accordance with the Statutes of the Court.

M.4 It shall be understood that there is no agreement when, within fifteen calendar days of the request from one party to the other, there is no affirmative response.

M.5 For any case of doubt or discrepancy regarding the interpretation or fulfilment of this document, or in the event that there is no agreement between the parties, they expressly submit to the Jurisdiction and Jurisdiction of the Courts and Tribunals of the city of Barcelona, waiving the jurisdiction of their domicile or any other if they have one.

Annex I: Service Level Agreement (SLA-Service Level Agreement)

A Response Time Computation

A.1 The Response Times in no case start before notification of Incident or Breakdown to the HelpDesk Service of the SUPPLIER by AUTHORIZED USERS. The CUSTOMER, through an AUTHORIZED USER, must report the type of incident, namely whether it is:

a) An Incidence in the Terminals and/or Accessories.
b) A Failure in Terminals and/or Accessories.
c) An Incidence in the normal use of the VisualTime application.
Depending on the type of the same, it is necessary to provide additional basic information:

d) In the case of breakdowns in Terminals and/or Accessories, for the Response Times, it will not be computed in any case until the CUSTOMER specifies in which specific units the breakdown occurs.
e) In cases of Incidents in Terminals and / or Accessories, for Response Times, will not be computed in any case until the CUSTOMER specifies which persons and in which units of Terminals and / or Accessories present the incident.
f) In the cases of Incidents in the normal use of the VisualTime solution, for the Response Times, it will not be computed in any case until the CLIENT specifies in which screens or specific procedures the incident occurs.
A.2 The hours, fractions of days or days elapsed since the notification of an incident in which the SUPPLIER cannot work to resolve it for reasons beyond its control will not be counted for the purposes of Response Times. This includes force majeure and situations in which the SUPPLIER is awaiting a response from the CUSTOMER.

A.3 There are situations in which it is possible to open an incident by personnel outside the group of AUTHORIZED USERS. On these occasions no information of any kind is shared between them and the SUPPLIER, but the SUPPLIER may initiate actions to diagnose and resolve the incident. In these cases Response Times do not compute until communication is made with an AUTHORIZED USER.

B General Exceptions to the Service Level Agreement

The following situations are explicitly excluded from this SLA, subject to other exclusions that may occur:

B.1 Planned Maintenance Tasks

The SUPPLIER, with sufficient notice, can schedule maintenance or update tasks for the VisualTime application. It is the will of the SUPPLIER to perform these tasks on dates and times of less access to the application, however, there may be updates for security reasons that should be applied with minimal planning.

B.2 Service incidents attributable to the HOSTING SUPPLIER contracted by the SUPPLIER.

The SUPPLIER guarantees that, at the time of proposing this offer, the proposed HOSTING SUPPLIER has monthly and annual service levels above 99.5%. However, if the CUSTOMER wishes, you can request the offer with another hosting provider.

If the HOSTING PROVIDER will present continued incidents once this contract has started, the CLIENT and/or the PROVIDER may mutually agree to change to another hosting provider. In these cases, the SUPPLIER shall bear the costs associated with the migration of the platform and data. In the event that the new hosting provider agreed has a higher cost, the CUSTOMER will be responsible for the monthly cost increase.

B.3 Access attempts in violation of the requirements, especially from unsupported browsers.

The SUPPLIER guarantees access to the VisualTime application with the browsers and versions indicated in this offer (see technical requirements), at the date of the offer. The SUPPLIER, as indicated in these requirements, will update the VisualTime application as quickly as possible so that it is compatible with new versions that appear after the submission of the offer. However, the periods from the appearance of a new version of a browser that is incompatible with the VisualTime application until the PROVIDER installs the update with which said browser becomes compatible, will not be counted as unavailability of access.

B.4 Attempts to access in breach of the Terms of Use described in this Agreement.

The SUPPLIER disclaims all liability for access attempts in breach of the Terms of Use described in this contract.

B.5 Service incidents attributable to the INTERNET SERVICE PROVIDER contracted by the CUSTOMER.

The SUPPLIER disclaims all liability due to the lack of availability of Internet service by INTERNET SERVICE PROVIDERS contracted by the CUSTOMER.

B.6 Service incidents attributable to the INTERNET SERVICE PROVIDER contracted by the SUPPLIER.

The SUPPLIER, at the time of proposing this offer, has a service redundancy plan for the availability of the Internet service. If the INTERNET SERVICE PROVIDERS present incidences in the availability of the Internet service beyond the PROVIDER’s control, the latter is exempted from any responsibility.

C Availability of access to the VisualTime application

C.1 The SUPPLIER guarantees the availability, access and functioning of the VisualTime application 99.00% of the time, without taking into account Planned Maintenance Tasks and as long as the accesses are made by AUTHORIZED USERS following the Conditions of Use and Restrictions described previously in this Contract.

C.2 The SUPPLIER shall use commercially reasonable efforts to meet or exceed the agreed levels of access availability. If during the period of one month the PROVIDER is not able to provide the aforementioned 99.00% of the agreed level of access, the CLIENT will be entitled to receive a discount according to the following table of penalties:

(*) The percentage of access availability is measured monthly, from the first day of the month to the last day of the month.

C.3 If the availability of access to the VisualTime application is less than 95% continuously for 6 months, the CLIENT will have the right to cancel the present contract.

D Terminal Malfunctions

D.1 The maximum time without penalty for the resolution of faults in Terminals and/or Accessories is 4 working days, computed as indicated in the general provisions of this Service Level Agreement.

D.2 PENALTIES in the event of non-compliance with the response and action times described in this contract, in the event of faults relating to the terminals, a credit note will be applied which will be calculated as detailed below:

a) Each faulty Terminal, and faulty Accessories will be counted, but if a faulty Accessory is connected to a faulty Terminal it will be counted as only one.
b) The Daily Fee shall be established by dividing the monthly fees indicated in the contract, divided by 30.
c) For each day of delay, double the Daily Fee divided by the number of Terminals in the facility shall be paid.
(For example, if the CUSTOMER has 5 terminals in contract, the daily fee x 2 / 5 would be paid for each day of delay. Another example: If a CUSTOMER has only 1 terminal, the daily fee x 2 would be paid for each day of delay).

E Terminal Incidents

E.1 The maximum time without penalties for the resolution of incidents in Terminals and/or Accessories is 4 working days, computed as indicated in the general provisions of this Service Level Agreement.

E.2 PENALTIES. Due to the fact that the Incidents in Terminals and/or Accessories affect, by definition, less than 10% of the staff (otherwise they would be considered Breakdowns), the penalties in case of non-compliance with the response times are established as 10% of the amounts indicated in the case of Breakdowns in Terminals and/or Accessories.

F Incidents in the normal use of the VisualTime application

F.1 The maximum time without penalties to offer a solution to the Incident in the normal Use of VisualTime is 3 working days, computed as indicated in the General Provisions of this Service Level Agreement.

F.2 PENALTIES in the event of non-compliance with the response and action times described in this contract, in incidents related to the operation of the VisualTime application.

F.3 EXCEPTIONS: In addition to the exceptions contemplated in this Annex, the following situations do not give rise to penalties in Incidents in the normal use of the VisualTime application:

a) Incidents in actions that can be performed in an alternative way without cost to the CUSTOMER.
If the software allows an action to be carried out in alternative ways (of similar complexity), and one of them presents an Incident, the SUPPLIER is committed to repairing said Incident once it has dealt with other incidents or improvements of higher priority. In this case no penalties are applicable as there is no impediment for AUTHORIZED USERS to use the application.

b) Incidents for which the SUPPLIER offers alternative solutions, at the SUPPLIER’s expense.
For all the purposes described in this contract, any Incident in the application that is solved or avoided through manual tasks by Certified Consultants or other certified personnel of the SUPPLIER, at the SUPPLIER’s expense, shall not be considered as an open Incident nor, for the duration of such alternative solutions, subject to possible penalties.

G Miscellaneous provisions

PENALTIES CANNOT BE ACCUMULATED – Several penalties cannot be applied, in the event that the CUSTOMER can request several, he/she must claim the highest of them.

H Notification and Credits

H.1 The CUSTOMER must make the complaint in writing to the address of the SUPPLIER within 10 days of the occurrence of the events complained of.

H.2 In the event that the SUPPLIER does not respond to the CUSTOMER within 30 days of receipt of the complaint, this will be considered confirmed.

H.3 The amounts paid to the CUSTOMER will be applied as discounts in the following invoices issued by the SUPPLIER in relation to this Contract.