Platform Licence Terms – Canopy – Expert Supplier Management Solutions

Canopy Platform Licence Terms

INTRODUCTION

A. OCG Software Limited is a company registered in England and Wales with registered office at Oak House, Waterside South, Lincoln, LN5 7FB and company number 01604358 (“OCG Software”, “We”, “Us”, “Our”)

B. The Order Form along with these Canopy Platform Licence Terms create an Agreement between OCG Software and the

Customer, as identified on the Order Form, together the “Parties”.

C. OCG Software has developed a software platform and associated materials for the creation, approval, management, and analysis of supplier information by the Customer, which it makes available in the form of a software-as-a-service (SaaS) application, known as Canopy.

D. Subject to the Parties signing an Order Form, OCG Software agrees to provide, and the Customer has agreed to take and pay for, the Services on the terms and conditions of this Agreement.

1. INTERPRETATION

In this Agreement, unless the contrary intention appears:

“Affiliate” means, in respect of any entity, any entity that directly or indirectly controls, is controlled by or is under common control with that entity within the meaning set out in section 1124 of the Corporation Tax Act 2010;

“Agreement” means these Canopy Platform Licence Terms together with all the Order Forms, schedules, annexes and all other documents referred to herein;

“Authorised Users” means the Customer’s staff (“Customer Users”), suppliers (“Supplier Users”), and other individuals determined by the Customer as requiring access to the Canopy Instance, subject to the Licence Restrictions as set out in the Order Form and the user’s acceptance of the End User Licence Agreement (“EULA”);

“Beta Services” means any services or functionality that may be made available to the Customer to try at its option at no additional charge which is clearly designated as beta, pilot, limited release, developer preview, non-production, evaluation, or by a similar description, or made available under a dedicated Beta Programme which the Customer has agreed to join;

“Business Hours” means between 8.30am to 5.30pm on a day other than a Saturday, Sunday or bank or public holiday in England;

“Fees” means the fees payable by the Customer to OCG Software as set out in the Order Form or as otherwise agreed between the parties in accordance with this Agreement;

“Canopy Instance” means the Customer’s unique instance of the Canopy software platform, which shall be accessed through the a dedicated subdomain under the Canopy domain, as follows: [customer_name].canopy-sm.com;

“Confidential Information” means information that is either clearly labelled as confidential, is of a confidential nature or would appear to a reasonable person to be confidential, and shall include all (i) know-how, trade secrets, financial, commercial, technical, tactical or strategic information of any kind, (ii) all information produced or developed in the performance of this Agreement; (iii) Customer Data; and (iv) the Software, the Services and the results of any performance tests in relation to the Services;

“Contract Year” means the period of twelve (12) months from the Effective Date and each subsequent period of twelve (12) months commencing on the anniversary of the Effective Date;

“Customer Data” means all data, including Personal Data, (in any form) that is provided to OCG Software or uploaded or hosted on any part of the Software by the Customer, Customer Affiliate, or by any Authorised User, or generated for the Customer or Customer Affiliates by OCG Software in performing the Services, except for Third Party Data;

“Effective Date” means the earlier of the effective date or date of payment set out in the Order Form;

“Exclusion” has the meaning given in paragraph 5 of Schedule 2 (Service Level Agreement and Support and Maintenance Services);

“Force Majeure Event” means any circumstance not within a party’s reasonable control including, without limitation (a) acts of God, flood, drought, earthquake or other natural disasters; (b) epidemic or pandemic; (c) terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, or breaking off of diplomatic relations; (d) nuclear, chemical or biological contamination or sonic boom; (e) any law or any action taken by a government or public authority, including without limitation imposing an export or import restriction, quota or prohibition, or failing to grant a necessary licence or consent; (f) collapse of buildings, fire, explosion or accident; and (h) interruption or failure of utility service;

“Free Trial” means any period of access to the Services that are made available to the Customer free of charge, as stipulated on the Order Form;

“Good Industry Practice” means the degree of skill and diligence which would reasonably be expected from a skilled and experienced person engaged in the same type of undertaking under the same or similar circumstances;

“Incident” means an unplanned interruption to the availability of the Software which is not due to an Exclusion; “Initial Term” means the term set out in the Order Form;

“Insolvency Event” means, where (i) a party becomes insolvent or unable to pay its debts as and when they become due; (ii) an order is made or a resolution is passed for the winding up of a party (other than voluntarily for the purpose of solvent amalgamation or reconstruction); (iii) a liquidator, administrator, administrative receiver, receiver, or trustee is appointed in respect of the whole or any part of a party’s assets or business; (iv) a party makes any composition with its creditors; (v) a party ceases to continue its business; or (vi) as a result of debt or maladministration a party takes or suffers any similar or analogous action in any jurisdiction;

“Intellectual Property Rights” means any and all copyright, rights in inventions, patents, know-how, trade secrets, trade marks and trade names, service marks, design rights, rights in get-up, database rights and rights in data, semiconductor chip topography rights, utility models, domain names and all similar rights and, in each case:

(a) whether registered or not;

(b) including any applications to protect or register such rights;

(d) whether vested, contingent or future; and

(e) wherever existing;

“Licence Restrictions” means the parameters of permitted use of the Services by the Customer, as set out in the Order Form;

“Order Form” means an ordering document signed by both Parties or a fully paid online order receipt, specifying the Services to be provided to the Customer by OCG Software. By entering into an Order Form, the Parties agree to be bound by the terms of this Agreement;

“Renewal Term” means the shorter of the Initial Term or twelve (12) months; “Schedule” means a schedule to this Agreement;

“Services” means access to the Canopy Instance, including any Updates, as defined by the agreed Subscription Tier and the provision of the Support and Maintenance Services provided by OCG Software to the Customer under this Agreement, as set out in the Order Form;

“Subscription Tier” means the subscription package or plan purchased by the Customer specifying the features and functionality of Canopy that will be made available, the specific level of Services, and any Licence Restrictions, as set out and agreed in the Order Form;

“Support and Maintenance Services” means the support and maintenance services provided by OCG Software to the Customer as described in Schedule 2 (Service Level Agreement and Support and Maintenance Services);

“Term” means the Initial Term and any Renewal Term(s);

“Third Party Claim” means any claim brought by a third party against the Customer, a Customer Affiliate or an Authorised User which arises from the Customer, Customer Affiliates’ or Authorised Users’ use of the Services, including Canopy;

“Third Party Data” means all data, including Personal Data, (in any form) that is sourced, licenced or otherwise procured from third parties either by OCG Software or the Customer;

“Update” means a hotfix, patch, upgrade or new version release of Canopy;

“VAT” means United Kingdom value added tax, any other tax imposed in substitution for it and any equivalent or similar tax imposed outside the United Kingdom.

In this Agreement, unless the context otherwise requires: words importing a gender include any other gender; words in the singular include the plural and vice versa; a reference to a person shall include a company, partnership, joint venture, association, corporation or other body corporate; a reference to any Law or standard shall include a reference to that Law or standard as amended, extended, consolidated or re-enacted from time to time; a reference to a document shall include all authorised amendments, supplements to and replacements to that document; a reference to the parties shall include their permitted successors and assigns; where a word or a phrase is given a particular meaning, other grammatical forms of that word or phrase shall have corresponding meanings; and the words ‘include’, ‘including’, ‘for example’ or similar words shall be construed as illustrative and without limitation to the generality of the related words.

The headings are inserted for convenience only and shall not affect the construction of this Agreement.

In the event of any inconsistency between the provisions of these terms and conditions and the Order Form, the Order Form shall prevail to the extent of such inconsistency.

1. RIGHTS OF USE

1.1. Subject to the terms of this Agreement and the payment of the Fees, OCG Software hereby grants to the Customer a non-exclusive, non-transferable right (without the right to grant sub-licences) to permit the Authorised Users to use the Services (and any Updates) for the internal business purposes of (i) the Customer; and (ii) any Customer Affiliate (in each case) during the Term, in accordance with any Licence Restrictions as set out in the Order Form.

2. AUTHORISED USERS

2.1. Subject to this clause 2, the Customer shall add, remove, and vary the permissions of Authorised Users as its discretion.

2.2. The Customer undertakes that the number and location of Authorised Users it allows to use the Services does not at any time exceed the Licence Restrictions as set out in the Order Form.

2.3. Subject to clause 2.2, the Customer is entitled to remove an individual as an Authorised User and replace them with another individual in accordance with the terms of this Agreement.

2.4. The Customer shall, and shall procure that all Authorised Users, at all times, comply with all provisions of this Agreement.

2.5. The Customer shall not knowingly access, store, distribute or transmit any viruses, or any material during the course of its use of the Services that:

(a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

(b) infringes any rights of third parties;

(d) depicts sexually explicit images;

(e) promotes unlawful violence;

(f) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or

(g) is otherwise illegal or causes damage or injury to any person or property.

OCG Software reserves the right to immediately remove such material and any user who it reasonably believes to be responsible.

2.6. The Customer shall not, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement:

(a) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of Canopy in any form or media or by any means; or

(b) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human- perceivable form all or any part of Canopy; or

(d) use the Services to provide services to third parties; or

(e) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except the Authorised Users, or

(f) attempt to obtain, or assist third parties in obtaining, access to the Services, other than as provided under this Agreement.

2.7. The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, shall promptly notify OCG Software.

2.8. OCG Software staff shall have permission to access the Customer’s Canopy Instance for the purpose of fulfilling its obligations under this Agreement.

3. SERVICES

3.1. OCG Software shall, during the Term, provide the Services to the Customer on and subject to the terms of this Agreement.

3.2. As part of the Services, OCG Software grants the Customer permission to setup, configure, and use their Canopy Instance.

3.3. OCG Software shall make the Services available twenty-four (24) hours a day, seven (7) days a week, except for:

(a) planned maintenance carried out during the maintenance window of 8:00 pm to 6.00 am UK time; and

(b) unscheduled maintenance performed outside Business Hours, provided that OCG Software has used reasonable endeavours to provide the Customer with notice in advance.

3.4. The Customer may upgrade their chosen Subscription Tier at any time during the Term (“Subscription Upgrade”). Upon completion of payment for a Subscription Upgrade, the Services provided by OCG Software to the Customer will be adapted to include the new Subscription Upgrade. The Customer may not downgrade their Subscription Tier during the Term.

3.5. OCG Software will, as part of the Services, provide the Support and Maintenance Services during Business Hours

3.6. OCG Software may suspend access to the Services to all or some of the Authorised Users if:

(a) OCG Software suspects that there has been any misuse of the Services or breach of this Agreement; or

(b) in accordance with clause 13.5 of this Agreement.

3.7. Where the reason for the suspension is suspected misuse of the Services or breach of this Agreement, without prejudice to its rights under this Agreement, OCG Software will take steps to investigate the issue and may restore or continue to suspend access at its discretion.

4. BETA SERVICES

4.1. From time to time, OCG Software may make Beta Services available to the Customer at no additional charge.

4.2. The Customer acknowledges and accepts that the Beta Services (i) may contain errors, defects or bugs; (ii) are provided on an “as is” and “as available” basis; and (iii) shall not be covered by Service Availability SLA, Resolution Time and Service Credits outlined in Schedule 2.

4.3. Subject to clause 12, and as an exception to the provisions in clause 7.2, OCG Software:

(a) does not make nor give any sort of representations, warranties, guarantees, obligations, conditions in relation to the Beta Services; and

(b) expressly disclaim all liabilities, regarding the Beta Services and your use thereof.

4.4. Where the Customer or its Authorised Users provide feedback to OCG Software about the Beta Service, the Customer agrees that any feedback that is shared is owned by OCG Software.

4.5. Unless otherwise specified on the Order Form, the Beta Services may be discontinued at the discretion of OCG Software.

4.6. Nothing in the Contract shall be construed as requiring OCG Software to release Beta Services as part of the regular Services.

5. FREE TRIAL

5.1. If the Customer registers for a Free Trial, OCG Software shall make the applicable Services available to the Customer on a trial basis free of charge until the earlier of (a) the end of the free trial period, as set out on the Order Form, or (b) the start date of any subsequent Order Form entered into by the Parties, or (c) termination by OCG Software at its sole discretion.

6. UPDATES AND CHANGES

6.1. The Customer acknowledges that OCG Software shall be entitled to modify the features and functionality of Canopy by means of an Update.

6.2. The Customer also acknowledges that OCG Software may vary content of each Subscription Tier, including features, functionality and Licence Restrictions (“Subscription Tier Variations”).

6.3. OCG Software shall ensure that such Updates and Subscription Tier Variations do not adversely affect the use of Canopy by the Customer, Customer Affiliates or Authorised Users, and do not downgrade the Services set out in the Order Form for the duration of the current Initial Term or Renewal Term.

7. WARRANTIES

7.1. Each party warrants and undertakes that:

(a) it has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement; and

(b) it will comply with all applicable legal and regulatory requirements applying to the exercise of its rights and the fulfilment of the its obligations under this Agreement

7.2. OCG Software warrants to the Customer that:

(a) it will provide the Services in accordance with Good Industry Practice;

(b) Canopy will incorporate security features reflecting the requirements of Good Industry Practice; and

(c) the Services when used by the Customer in accordance with this Agreement, will not infringe the Intellectual Property Rights of any third party.

8. CUSTOMER RESPONSIBILITIES

8.1. The Customer shall (and shall ensure all its Affiliates and Authorised Users shall):

(a) at all times comply with all applicable laws relating to the use or receipt of the Services;

(b) provide OCG Software with all necessary co-operation in relation to this Agreement and access to such information as may be required by OCG Software in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;

(d) carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner;

(e) obtain and maintain all necessary licences, consents, and permissions necessary for OCG Software, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services;

(f) be solely responsible for their use of any and all information, data and other content made available to Authorised Users through the Service, including Customer Data and Third Party Data, and OCG Software shall not be held responsible for its accuracy, recency, relevancy or business value;

(g) ensure that the Authorised Users use the Services in accordance with the terms of this Agreement;

(h) be responsible for user access to Canopy by Authorised Users and ensure Authorised Users follow best practice for online security, including safeguarding login credentials and preventing the sharing of login credentials with others;

(I) ensure that its network and systems comply with the relevant specifications provided by OCG Software from time to time; and

(j) be, to the extent permitted by applicable law and except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to OCG Software’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.

9. INDEMNITY

9.1. Subject to the remainder of this clause 9, OCG Software shall indemnify and keep the Customer indemnified at all times for all costs and damages awarded or agreed in settlement or final judgment of a Third Party Claim, provided that:

(a) OCG Software is given prompt notice of any such claim;

(b) the Customer provides reasonable co-operation to OCG Software in the defence and settlement of such claim, at OCG Software’s expense; and

9.2. If OCG Software reasonably determines, or any third party alleges, that the use of the Services by the Customer in accordance with this Agreement infringes any person’s Intellectual Property Rights, OCG Software shall at its own cost and expense:

(a) modify the Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or

(b) procure for the Customer the right to use the Services in accordance with this Agreement.

9.3. OCG Software shall have no liability or obligation under this clause 9 in respect of (and shall not be obliged to defend) any Third Party Claim which arises from:

(a) any breach of this Agreement by the Customer; or

(b) use of the Services (or any part) otherwise than in accordance with this Agreement; or

(d) the Customer’s use of the Services in a manner contrary to the instructions given to the Customer by OCG Software; or

(e) the Customer’s use of the Services after notice of the alleged or actual infringement from OCG Software or any appropriate authority.

10. INTELLECTUAL PROPERTY

10.1. Services belong to and shall remain vested in OCG Software or the relevant third-party owner.

10.2. All Intellectual Property Rights in and to the information (including Customer Data) that is contained in reports, spreadsheets and all other output generated by the Customer’s use of the Services belong to and shall remain vested in the Customer (or a Customer Affiliate, as applicable). OCG Software assigns (by way of present and, where appropriate, future assignation) all such Intellectual Property Rights to the Customer.

10.3. The ownership of all Intellectual Property rights in the Third Party Data is retained by and shall remain vested in such third parties. Customer licences to use the Third Party Data are subject to any limitations or restrictions notified to it.

10.4. Except for the rights expressly granted in this Agreement, the Customer, any Customer Affiliate and any Authorised

Users and their direct and indirect sub-contractors, shall not acquire in any way any title, rights of ownership, or Intellectual Property Rights of whatever nature in Canopy or the Services and no Intellectual Property Rights of either party are transferred or licensed as a result of this Agreement.

10.5. This clause 10 shall survive the termination or expiry of this Agreement.

11. CUSTOMER DATA

11.1. The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.

11.2. The Customer hereby grants to OCG Software a non-exclusive licence to copy, modify, reproduce, store, publish, export, adapt, edit and translate the Customer Data, together with the right to sub-license these rights to its hosting, connectivity and telecommunications service providers strictly to the extent required for the performance of OCG Software’s obligations under this Agreement.

11.3. The Customer acknowledges that OCG Software has no responsibility or liability for the Customer Data, including but not limited to any review, clearances or other compliance in relation to the Customer Data.

12. LIMITATION OF LIABILITY

12.1. Notwithstanding any other provision of this Agreement, neither party’s liability shall be limited in any way in respect of the following:

(a) death or personal injury caused by negligence;

(b) fraud or fraudulent misrepresentation; or

12.2. Neither party shall be liable to the other party whether in contract, tort (including negligence) or restitution, or for breach of statutory duty or misrepresentation, or otherwise, for any:

(a) loss of profit;

(b) loss of goodwill;

(d) loss or corruption of data or information;

(e) loss of anticipated savings; and/or

(f) special, indirect or consequential loss.

12.3. Subject to clauses 12.1 and 12.2, OCG Software’s total aggregate liability howsoever arising under or in connection with this Agreement in each Contract Year shall not exceed of an amount equal to the Fees paid to OCG Software in the Contract Year in which the event giving rise to the claim arose.

12.4. Except as expressly and specifically provided in this Agreement:

(a) the Customer assumes sole responsibility for results obtained from the use of the Services by the Customer, and for conclusions drawn from such use. OCG Software shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to OCG Software by the Customer in connection with the Services, or any actions taken by OCG Software at the Customer’s direction;

(b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and

13. FEES

13.1. The Fees and any other Fees expressly agreed between the parties in writing shall be paid by the Customer at the rates and in the manner described in the Order Form.

13.2. The currency of this Agreement is pounds sterling and all amounts due under this Agreement shall be invoiced in pounds sterling.

13.3. All undisputed invoices shall be paid by the Customer within thirty (30) calendar days of the Customer’s receipt of the relevant invoice.

13.4. The Fees are exclusive of VAT which shall be payable by the Customer at the rate and in the manner prescribed by law.

13.5. If OCG Software has not received payment within 30 days after the due date, and without prejudice to any other rights and remedies of OCG Software:

(a) OCG Software may, without liability to the Customer, disable the Authorised User’s password, account and access to all or part of the Services and OCG Software shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and

(b) interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the then current base lending rate of the Bank of England from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.

13.6. OCG Software shall be entitled to increase the Fees at the start of each Renewal Term upon ninety (90) days’ prior notice to the Customer and the Fees shall be deemed to have been amended accordingly.

14. TERM AND TERMINATION

14.1. This Agreement shall come into force on the Effective Date and, shall continue for the Initial Term and thereafter the Agreement shall renew for successive Renewal Terms unless:

(a) either party notifies the other party of termination, in writing, at least thirty (30) days before the end of the Initial Term or any Renewal Term, unless otherwise agreed on the Order Form, in which case this Agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Term; or

(b) otherwise terminated earlier in accordance with this Agreement.

14.2. Either party may terminate this Agreement immediately at any time by giving notice in writing to the other party if:

(a) the other party commits a material breach of this Agreement and such breach is not remediable;

(b) the other party commits a material breach of this Agreement which is not remedied within thirty (30) days of receiving written notice of such breach;

(d) any Force Majeure Event prevents the other party from performing its obligations under this Agreement for any continuous period of three (3) months.

15. CONSEQUENCES OF TERMINATION

15.1. On termination or expiry of this Agreement (for any reason):

(a) the Customer shall, and shall procure that each Customer Affiliate and Authorised User shall stop using Canopy and the Services;

(b) OCG Software shall return to the Customer (in a data format of the Customer’s choosing) all Customer Data within thirty (30) days following the date of termination or expiry; and

(c) each party shall destroy and delete any copies of the other party’s Confidential Information in its possession or control (or in the possession or control of any person acting on its behalf).

15.2. Termination or expiry of this Agreement shall not affect any accrued rights and liabilities of either party at any time up to the date of termination or expiry and shall not affect any provision of this Agreement that is expressly or by implication intended to continue beyond termination.

16. INSURANCE

16.1. OCG Software shall take out and maintain for the Term adequate insurance coverage against all normal business risks including any loss, injury or damage in the performance of the Services and against its liabilities under this Agreement.

16.2. Without prejudice to the generality of the foregoing, OCG Software shall take out and maintain:

(a) Employer’s Liability Insurance to a minimum of £5,000,000 five million pounds sterling;

(b) Professional Indemnity Insurance to a minimum cover of £1,000,000, one million pounds sterling; and

(c) Public and Product Liability Insurance, to a minimum cover of £1,000,000, one million pounds sterling, in each case, in the aggregate per annum.

16.3. On reasonable written request by the Customer, OCG Software shall provide the Customer with certificates of insurance which evidence OCG Software’s compliance with this clause 16.

17. DATA PROTECTION

Each party shall comply with its obligations under Schedule 3 (Data Protection).

18. CONFIDENTIAL INFORMATION

18.1. Each party shall maintain the confidentiality of the other party’s Confidential Information and shall not without the prior written consent of the other party, disclose, copy or modify the other party’s Confidential Information (or permit others to do so) other than as necessary for the performance of its express rights and obligations under this Agreement

18.2. Each party undertakes to disclose the other party’s Confidential Information only to those of its officers, employees, agents and contractors to whom, and to the extent to which, such disclosure is necessary for the purposes contemplated under this Agreement and:

(a) shall procure that such persons are made aware of and agree in writing to observe the obligations in this clause 18; and

(b) shall be responsible for the acts and omissions of such third parties as if they were that party’s own acts or omissions.

18.3. The provisions of this clause 18 shall not apply to information which:

(a) is or comes into the public domain through no fault of the receiving party, its officers, employees, agents or contractors;

(b) is lawfully received by the receiving party from a third party free of any obligation of confidence at the time of its disclosure;

(c) is independently developed by the receiving party, without access to or use of the disclosing party’s Confidential Information; or

(d) is required by law, by court or governmental or regulatory order to be disclosed provided that the receiving party, where possible, notifies the disclosing party at the earliest opportunity before making any disclosure.

18.4. This clause 18 shall survive the termination or expiry of this Agreement

19. MODERN SLAVERY

19.1. In performing its obligations under the Agreement, OCG Software shall:

(a) comply with all applicable anti-slavery and human trafficking laws, from time to time in force including the Modern Slavery Act 2015;

(b) have and maintain throughout the Term its own policies and procedures to ensure its compliance; and

(c) not engage in any activity, practice or conduct that would constitute an offence under sections 1, 2 or 4, of the Modern Slavery Act 2015 if such activity, practice or conduct were carried out in the UK.

20. ANTI-BRIBERY AND CORRUPTION

20.1. OCG Software shall:

(a) comply with all applicable laws, statutes, regulations, relating to anti-bribery and anti-corruption including the Bribery Act 2010 (Relevant Requirements);

(b) not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK;

(c) have and shall maintain in place throughout the Term its own policies and procedures, including adequate procedures under the Bribery Act 2010, to ensure compliance with the Relevant Requirements; and

(d) notify the Customer (in writing) if it becomes aware of any breach of this Clause 20, or has reason to believe that it or any person associated with it has received a request or demand for any undue financial or other advantage in connection with the performance of this Agreement

21. NON-SOLICITATION

For the Term of this Agreement and for the period of six (6) months thereafter, each party must not, without the prior written consent of the other party, directly induce or attempt to induce from the employment of the other party, or any of its Affiliates, any person directly involved in the provision or receipt of the Services, This clause shall not apply to restrict any person from employing (or offering to employ) any employee who has responded to general recruitment advertising through a publicly available medium.

22. NOTICES

22.1. Any notice or other communication given under this Agreement must be in writing and served on a party as follows:

(a) by first class mail;

(b) or recorded delivery post,

to the contact details at the start of this agreement or as otherwise notified in writing.

22.2. Notices or communications sent by first class or recorded delivery post will be deemed to be served three (3) Working Days following the day of posting.

23. FORCE MAJEURE

23.1. Neither party shall be deemed to be in breach of this Agreement or otherwise liable to the other party for any delay in performance or any failure to perform any obligations under this Agreement (and the time for performance shall be extended accordingly) if and to the extent that the delay or failure is due to a Force Majeure Event provided the party whose performance is affected has taken all steps (if any) which it could reasonably be expected to have taken to avoid the effects of and mitigate the effects of the Force Majeure Event.

23.2. A party suffering a Force Majeure Event and seeking to rely on clause 23.1 shall promptly notify the other in writing of the nature and extent of the circumstances giving rise to a Force Majeure Event. Notwithstanding the foregoing, each party shall use all reasonable endeavours to continue to perform its obligations for the duration of any Force Majeure Event.

23.3. If the relevant Force Majeure Event prevails for a continuous or aggregate period in excess of fourteen (14) days, the Customer may elect to immediately terminate this Agreement upon written notice, and OCG Software shall provide a pro-rata refund of applicable Fees paid in advance for Services not supplied.

24. ASSIGNMENT AND SUBCONTRACTING

24.1. Neither party may assign, transfer or, subcontract or sub-license any of its rights or obligations under this Agreement without the prior written consent of the other (such consent not to be unreasonably withheld or delayed).

24.2. OCG Software may subcontract its obligations although it will at all times remain primarily liable for such obligations and the acts or omissions of its sub-contractors.

25. WAIVER

No failure to exercise and no delay in exercising, on the part of either of the parties, any right or remedy in respect of any provision of this Agreement shall operate as a waiver of that right or remedy and any single or partial exercise of any right or remedy shall not preclude any other or further exercise of that right or remedy.

26. SEVERANCE

In the event that any of the terms, conditions or provisions of this Agreement are held to be illegal, invalid or unenforceable under the law of any jurisdiction this shall not affect or impair the validity, legality or enforceability of the remaining provisions of this Agreement which will remain in full force and effect.

27. NO PARTNERSHIP

Nothing in this Agreement shall constitute, or be deemed to constitute a relationship of partnership or profit sharing in the nature of a partnership between the parties nor, except as expressly provided, shall either party be deemed to be the agent of the other.

28. THIRD PARTY RIGHTS

Other than as described below, this Agreement does not create any rights under the Contracts (Rights of Third Parties) Act 1999 which are enforceable by any person who is not a party to it and no person who is not a party to this Agreement may enforce any of its terms or rely on any exclusion or limitation contained in it.

29. PUBLICITY

29.1. Subject to agreement in writing between OCG Software and the Customer:

(a) OCG Software shall be entitled to issue a press release in relation the signing of this Agreement and any Order Forms; and

(b) OCG Software will be entitled to use the Customer name and logo, and clips, extracts or stills from any Project as a factual, non-endorsing reference and/or case study, on OCG Software’s website and external marketing, to the fact that the Customer is a client of OCG Software and the Project was facilitated using OCG Software Services.

30. FURTHER ASSURANCE

Each party shall from time to time execute such documents and perform such acts and things as any party may reasonably require to give full effect to the provisions of this Agreement and the transactions contemplated by it.

31. VARIATION

This Agreement may not be modified or amended except in writing by a duly authorised representative of each party.

32. ENTIRE AGREEMENT

This Agreement (as amended from time to time) together with any document expressly referred to in any of its terms, contains the entire agreement between the parties relating to the subject matter covered and supersedes any other agreements, arrangements, purchase orders, undertakings or proposals, written or oral, between the parties in relation to such matters except in relation to fraudulent misrepresentations. No oral explanation or oral information given by any party shall alter the interpretation of this Agreement.

33. GOVERNING LAW

33.1. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England.

33.2. The parties irrevocably agree that the courts of England shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).

33.3. Nothing in this Agreement shall prevent either party from applying to and obtaining from any court having jurisdiction injunctive or other equitable relief.

SCHEDULE 1

SERVICES SCHEDULE – FUNCTIONALITY DESCRIPTION

Introduction

Canopy is a cloud-hosted SaaS platform used by Customers to assimilate, update, manage and analyse the information they hold about their suppliers.

Access

Canopy is made available to users via a web browser. Users are required to log into the Customer’s dedicated Canopy Instance in order to use the Services.

Canopy is hosted on behalf of OCG Software by Amazon Web Services (AWS) and complies with strict security controls.

Subscription Tiers

Canopy may be purchased through a number of Subscription Tiers, which define the features, functionality and Licence Restrictions of the Customer’s Canopy Instance.

Licence Restrictions may include:

The number of Authorised Users permitted to use the Canopy Instance;
The number of Supplier Records that can be created;
The geographies where the Canopy Instance may be used; and/or
Any other Licence Restriction set out on the Order Form.

Features & Functionality

Canopy includes a wide range of features and functionality to support the management of supplier relationships. The exact features that will be made available to the Customer as part of this Agreement will be determined by the Subscription Tier, as set out in the Order Form.

Canopy may be used to achieve a wide range of supplier management tasks, a sample of which are outlined below. Please note that not all of these tasks can be achieved by all Subscription Tiers. Please refer to the latest Subscription Tier definitions for a definitive list of the features and functionality and any Licence Restrictions.

Aggregating all supplier data in one place;
Categorising and classifying supplier;
Building supplier lists, that are searchable and filterable;
Sharing supplier information with other people in the Customer organisation;
Configurating the data fields contained in Canopy;
Storing key supplier documents, such as contracts, insurance certificates and licences;
Onboarding and approving suppliers;
Collecting information about the goods and services procured from the supplier;
Collecting supplier banking and tax information;
Risk-assessing suppliers;
Due diligencing suppliers using adaptive question sets;
Collecting supplier diversity and ESG data;
Establishing business rules to trigger actions and govern supplier availability;
Automating notifications to be sent to users who have outstanding actions to complete;
Ingesting data from third party data sources, such as credit agencies;
Exchanging data with downsteam applications, such as ERP;
Reporting on data contained in Canopy;
Deleting, rejecting and suspending suppliers;
Managing user access and permissions.

SCHEDULE 2

SERVICE LEVEL AGREEMENT AND SUPPORT AND MAINTENANCE SERVICES

1. SERVICE LEVELS AND SERVICE AVAILABILITY

1.1. The Software will have a Service Availability of at least 99.9% of the time in any calendar month (the “Service Availability SLA”).

1.2. OCG Software shall maintain a Knowledge Centre, available to all Authorised Users, providing system documentation, how- to guides and other support information to assist users in their use of Canopy.

1.3. OCG Software shall provide a Customer Support Helpdesk, having suitably skilled support staff available during Business Hours to log fault calls and to deal promptly with problems encountered by Customer Users. Contact information for the Customer Support Helpdesk may be found in the Knowledge Centre.

1.4. The Customer shall provide the first line of support for its Supplier Users. Under no circumstances shall OCG Software staff communicate directly with Supplier Users.

2. INCIDENT MANAGEMENT

2.1. Notification of Incidents

All Incidents will be notified to OCG Software by the Customer using the contact information found in the Knowledge Centre.

2.2. Measuring elapsed time for Incidents

(a) In order to measure the resolution time of an Incident, OCG Software will calculate the time elapsed between the time the Incident is notified to OCG Software (in accordance with paragraph 2.1.1 above) and the time the Incident is resolved by OCG Software.

(b) When the Incident is reported outside the Business Hours, the Incident is deemed to be notified to OCG Software at the beginning of the next Business Hour.

2.3. Resolution times for Incidents

The agreed resolution time for each Incident depends on its priority as set in the table below in this paragraph 3.3 (the “Agreed Resolution Time SLAs”). The severity level of the Incident will be determined by OCG Software acting reasonably.

1. Urgent

Services as a whole are non- functional or are not accessible. Unauthorised exposure of all or part of Customer Data.

Loss of corruption of all or part of Customer Data.

Resolution Time: 4 hours

2. High

Significant and/or ongoing interruption of a user’s use of a critical function of Canopy and for which no work-around is available and communicated to the user.

Resolution Time: 8 hours

3. Normal

Minor and/or limited interruption of a user’s use of a non-critical function of Canopy for which no work-around is available and communicated to the user.

Resolution Time: 72 hours

4. Low

Cosmetic production problems that do not affect the availability of Canopy, online transaction processing or have a significant monetary or business value, or any problems not captured in Priorities 1, 2 or 3.

Resolution Time: 120 hours

3. SERVICE CREDITS

3.1. Where the Service Availability SLA is not met in a particular month, the “Service Credits” as set out in the table below shall be due by OCG Software to the Customer

Service Availability of the Software

99.9% – 95.0% | 5% of the Subscription Charges, as calculated on a monthly basis for the reporting month, for each full 0.5% reduction in Service Availability

less than 95.0% | 30% of the Subscription Charges, as calculated on a monthly basis for the reporting month

3.2. Where the Agreed Resolution Time SLAs are not met in a particular month, the following Service Credits shall be due by OCG Software to the Customer: “Service Credits” means 2% of the Subscription Charges, as calculated on a monthly basis for the reporting month, for each full 1% reduction below 95% in the proportion of Incidents that met the Agreed Resolution Time SLA, calculated as ((Total Incidents Reported – Total Incidents not meeting the Agreed Resolution Time SLAs) / Total Incidents Reported) x 100%.

3.3. Any Service Credits due to the Customer under this paragraph 4 shall be deducted from the subsequent invoice issued by OCG Software under this Agreement in relation to the Subscription Charges, unless there are no further invoices to be issued in which case OCG Software shall pay the Customer the Service Credits to a bank account notified to OCG Software by the Customer within thirty (30) days of the expiry of the month on which the Service Credits became due.

3.4. Service Credits shall be the Customer’s sole and exclusive remedy in respect of any failure to achieve the Service Levels.

4. SECURITY VULNERABILITIES

4.1. OCG Software shall maintain appropriate administrative, physical, and technical safeguards for the protection of the security, confidentiality and integrity of Customer Data. Those safeguards shall include, but shall not be limited to, measures designed to prevent unauthorised access to or disclosure of Customer Data (other than by Authorised Users).

4.2. OCG Software shall implement regular updates, patches, and security measures to address known vulnerabilities and enhance the overall security of the web application, and the Customer shall promptly apply any updates or instructions provided by OCG Software.

4.3. Should the Customer or its Authorised Users discover any potential security vulnerability or weaknesses in Canopy, they agree to promptly report such findings to OCG Software by using the contact information found in the Knowledge Centre.

4.4. OCG Software shall promptly investigate and address reported security vulnerabilities. The User understands that the response time and actions taken may vary depending on the nature and severity of the reported issue.

5. EXCLUSIONS

OCG Software shall be relieved of its liability in respect of any failure to provide the Services to the Service Levels and make payment of any Service Credits, to the extent that, such failure is attributable to any of the following:

(a) a failure by the Customer to observe any of its obligations under this Agreement; or

(b) a Force Majeure Event, in each case an “Exclusion”.

SCHEDULE 3

DATA PROTECTION SCHEDULE

1. DEFINTIONS

For the purposes of this Schedule 3, the following definitions shall apply:

“Appropriate Safeguards” means such legally enforceable mechanism(s) for transfers of Personal Data to any country outside the European Economic Area and the United Kingdom or to an international organisation as may be permitted under DP Laws from time to time;

“Controller”, “Data Subject”, “international organisation”, “Personal Data”, “processing”, “Processor” and “Personal Data Breach” all have the meanings given to those terms in DP Laws (and related terms such as “process” shall have corresponding meanings);

“Data Subject Request” means a request made by a Data Subject to exercise any rights of Data Subjects under DP Laws;

“DP Laws” means any law, enactment, regulation, or subordinate legislation relating to the processing, privacy, and use of Personal Data, as applicable to the Customer, OCG Software and/ or the Services, including (i) the Data Protection Act 2018;

(ii) the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), (“GDPR”), and/or

(iii) any corresponding or equivalent national laws or regulations, once in force and applicable; and

“Sub-Processor” means another Processor engaged by OCG Software for carrying out processing activities in respect of the Customer Personal Data on behalf of the Customer, and authorised by the Customer in accordance with paragraph 5 of this Schedule.

2. COMPLIANCE WITH DATA PROTECTION LAWS

2.1. The parties agree that, for Customer Personal Data, the Customer shall be the Controller and OCG Software shall be the Processor.

2.2. Each party shall comply with DP Laws and its relevant obligations under this Agreement.

2.3. The Customer warrants, represents and undertakes, that:

(a) all data sourced by the Customer for use in connection with the Services, prior to such data being provided to or accessed by OCG Software for the performance of the Services under this Agreement, shall comply in all respects, including in terms of its collection, storage and processing (which shall include the Customer providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects), with DP Laws; and

(b) all instructions given by it to OCG Software in respect of Personal Data shall at all times be in accordance with DP Laws.

3. DETAILS OF PROCESSING

3.1. Where OCG Software processes Customer Personal Data on behalf of the Customer, OCG Software shall:

(a) unless required to do otherwise by applicable law, shall (and shall take steps to ensure each person acting under its authority shall) process the Customer Personal Data only on and in accordance with the Customer’s documented instructions as set out in this Schedule 3 and Appendix A (Data Processing Particulars) as may updated from time to time in writing by the parties (“Processing Instructions”);

(b) if applicable law requires it to process Customer Personal Data other than in accordance with the Processing Instructions, shall notify the Customer of any such requirement before processing the Customer Personal Data (unless applicable law prohibits such information on important grounds of public interest); an

(c) inform the Customer if OCG Software becomes aware of a Processing Instruction that, in OCG Software’s opinion, infringes DP Laws, provided that:

i) this shall be without prejudice to paragraph 2.3; and

ii)to the maximum extent permitted by applicable law, OCG Software shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing in accordance with the Customer’s Processing Instructions following the Customer’s receipt of that information.

4. TECHNICAL AND ORGANISATIONAL MEASURES

4.1. OCG Software shall implement and maintain, at its cost and expense, appropriate technical and organisational measures in relation to the processing of Customer Personal Data by OCG Software:

(a) such that the processing will meet the requirements of DP Laws and ensure the protection of the rights of Data Subjects; and

(b) so as to ensure a level of security in respect of Customer Personal Data processed by it is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Personal Data transmitted, stored or otherwise processed.

5. SUB-PROCESSORS AND STAFF

5.1. The Customer hereby provides its general written authorisation to OCG Software to engage the Sub-Processors appointed by OCG Software as of the Effective Date. A list of these Sub-Processors is set out in Appendix B (Approved Sub-Processors) of this Schedule. OCG Software may appoint further Sub-Processors, provided that OCG Software shall notify the Customer prior to the commencement of any processing by a new Sub-Processor. The Customer may object in writing to the appointment of such new Sub-Processors on the basis of reasonable security concerns or other reasonable concerns regarding the Sub-Processor’s ability to carry out the relevant Processing in compliance with DP Laws or the Agreement provided that such objection is notified within fourteen (14) days of the date OCG Software notifies the Customer of the intention to appoint the Sub-Processor.

5.2. OCG Software shall ensure that in relation to each Sub-Processor, the Sub-processor is appointed under a binding written contract with enforceable data protection obligations which are no less onerous than those set out in this Schedule (“Processor Contract”).

5.3. Where a Sub-Processor fails to fulfil its data protection obligations in accordance with the Processor Contract, OCG Software shall remain fully liable to the Customer for the performance of that Sub-Processor’s obligations.

5.4. OCG Software shall take reasonable steps to ensure that all Company personnel who have access to Customer Personal Data are reliable and are subject to a binding written contractual obligation with OCG Software to keep Customer Personal Data confidential (except where disclosure is required in accordance with applicable law, in which case OCG Software shall, where practicable and not prohibited by applicable law, notify the Customer of any such requirement before such disclosure).

6. ASSISTANCE WITH THE CUSTOMER’S OBLIGATIONS

6.1 OCG Software shall (at the Customer’s cost):

(a) assist the Customer in ensuring compliance with the Customer’s obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under applicable Data Protection Laws) taking into account the nature of the processing and the information available to OCG Software; and

(b) taking into account the nature of the processing, assist the Customer (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of the Customer’s obligations to respond to Data Subject Requests (and any similar obligations under applicable Data Protection Laws) in respect of any Customer Personal Data.

7. INTERNATIONAL TRANSFERS

7.1 OCG Software shall not (and shall procure that any Sub-Processor shall not) transfer, or allow the onward transfer of, any Customer Personal Data to any country outside the European Economic Area or to any international organisation (an “International Recipient”) without the Customer’s prior written consent. The Customer hereby gives its written consent to the transfer of Customer Personal Data to International Recipients. As a condition of such consent, OCG Software shall ensure that such transfer (and any onward transfer):

(a) is effected by way of Appropriate Safeguards; and

(b) complies with DP Laws.

8. AUDITS

OCG Software shall, in accordance with DP Laws, make available to the Customer such information that is in its possession or control as is necessary to demonstrate OCG Software’s compliance with the obligations placed on it under this Schedule and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR, and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose (subject to a maximum of one audit request in any twelve (12) month period).

9. PERSONAL DATA BREACH

OCG Software shall notify the Customer without undue delay and in writing on becoming aware of any Personal Data Breach in relation to the Customer Personal Data.

10. DELETION OR RETURN OF CUSTOMER PERSONAL DATA

OCG Software shall without delay, at the Customer’s written request, either securely delete or return all the Customer Personal Data to the Customer in electronic form (or such other data format of the Customer’s choosing) after the end of the provision of the relevant Services related to processing or, if earlier, as soon as processing by OCG Software of the Customer Personal Data is no longer required for OCG Software’s performance of its obligations under this Agreement except to the extent that any applicable law requires OCG Software to store such Customer Personal Data.

APPENDIX A

DATA PROTECTION SCHEDULE

1. SUBJECT-MATTER, NATURE AND PURPOSE OF THE PROCESSING:

The context for and purposes for the processing of Customer Personal Data is OCG Software’s provision of the applicable Services under this Agreement.

2. DURATION OF PROCESSING:

Processing of the Customer Personal Data by OCG Software shall be for the Term, provided that such Customer Personal Data shall not be processed for longer than is necessary for the purpose for which it was collected or is being processed (except where required by applicable law).

3. PERSONAL DATA IN SCOPE:

Company may Process the following types/categories of Customer Personal Data:

(a) Customer Personal Data, consisting of:

i) personal details, such as name, gender and date of birth

ii) contact details, such as email address, postal address and telephone number

iii) financial or payment details, such as bank account information

iv) employment information, such as employment history and CV

v) qualifications and insurances, such as certificates, permits and licences

vi) marketing information

vii) data analytics

viii) images or video

(b) Sensitive Personal Data/other special categories of Customer Personal Data, consisting of:

i) criminal offences or other data relating to alleged offences and proceedings

ii) trade union membership

4. PERSONS AFFECTED (DATA SUBJECTS):

The group of Data Subjects affected by the Processing of Customer Personal Data consists of:

(a) Customer users, who may share Personal Data through their use of Canopy;

(b)Supplier users, who may share Personal Data through their use of Canopy;

(c)Contractors & staff of the Customer or Supplier, who may share Personal Data through their use of Canopy.

APPENDIX B

APPROVED SUB-PROCESSORS

OCG Software works with a number of third parties in order to provision the applicable Services for the Customer under this Agreement, in accordance with paragraph 5 of this Schedule.

OCG Software’s approved sub-processes are listed below:

(a) Amazon Web Services, which hosts Canopy and the database and provides the email messaging tool used to send automated emails to users;

(b) Atlassian, which provides the project management software tools used to manage fixes and enhancements to Canopy;

(c) Stripe, which provides payment processing services and manages the Customer’s subscription to Canopy (unless the Customer is making payment by invoice);

(d) Zendesk, which captures and records support tickets from users.