Capillary Named a Leader in The Forrester Wave™ Loyalty Platforms, Q4 2025 Report.    Read more >

Capillary: Recognized as a Leader in Everest Group’s PEAK Matrix® 2025    Read more >

Capillary Named a Leader in The Forrester Wave™ Loyalty Platforms, Q4 2025 Report.     Read more >

Invite for RFP/RFI

Any Sales Orders executed prior to 1 July 2026 shall be governed by the old MSA. Any Sales Orders executed after 1 July 2026 shall be governed by this MSA.

Master Service Agreement

This Master Service Agreement (“MSA”) forms an integral part of the Sales Order executed between the Customer (as defined in the Sales Order) and the Company or its Affiliates (as defined in the Sales Order), for providing software as a service based solutions for implementing customer relationship management (CRM) and consumer loyalty as further defined in the mutually agreed upon the Sales Order executed by and between the Company and the Customer.

If you are entering into this Sales Order accompanied by this MSA on behalf of a legal entity, you represent and warrant that you are authorized to bind that entity to this Agreement.

The Customer has agreed to the terms of this MSA, by executing the Capillary Sales Order, that references this MSA. Company and the Customer shall be referred to as “Parties” collectively and “Party” individually.

1. Definitions

1.1. “Affiliate” means, for a Party, any other person that controls, is controlled by, or under common control with, the Party. For the purposes of this definition, the term “control” means the direct or indirect power to direct the affairs of the other person through at least 50% of the shares, voting rights, participation, or economic interest in this person.

1.2. “Agreement” means and includes this MSA, the Sales Order its annexures, any applicable product specific licensing terms, together with any exhibits, schedules, addendums attached thereto, as modified and amended from time to time.

1.3. “Applicable Law” means any applicable national, state, local or other law (including Data Protection Laws), statute, regulations, rules, by-laws, ordinances, constitution, principles of common law and includes notifications, guidelines, policies, directions, directives, judgment, decree and orders of any authority, statutory authority, court, or tribunal, and having the force of law.

1.4. “Authorized User/s” means any employee, consultant, contractor, agent or other representative of the Customer or its Affiliates who is authorized by the Customer to access and use the Services in accordance with the terms of the Agreement.

1.5. “Business Day” means any day other than Saturday, Sunday or a public/bank holiday in the applicable jurisdiction.

1.6. “Claim” means any direct third-party claim, action, complaint, or legal, regulatory, administrative or judicial proceeding filed against a Party.

1.7. “Company” shall mean the Company defined in the Sales Order.

1.8. “Confidential Information” means non-public or proprietary information about a Disclosing Party’s business-related technical, commercial, financial, employee, or planning information that is disclosed by the Disclosing Party to the other Party, the Receiving Party in connection with the Agreement, and (a) is identified in writing as confidential at the time of disclosure, whether in printed, textual, graphic, or electronic form; or (b) is not identified as confidential at the time of disclosure but is by its nature confidential or the receiving Party knows, or ought reasonably to know, is confidential (which may include Customer content). Any Company technology and the terms and conditions of the Agreement will be deemed Confidential Information of Company without any marking or further designation. Any Customer data will be deemed Confidential Information of Customer without any marking or further designation. “Confidential Information” does not include information that: (i) has become public knowledge through no fault of the Receiving Party; (ii) was known to the Receiving Party, free of any confidentiality obligations, before its disclosure by the disclosing Party; (iii) becomes known to the Receiving Party, free of any confidentiality obligations, from a source other than the Disclosing Party; or (iv) is independently developed by the Receiving Party without use of Confidential Information. (v) is approved for release, disclosure, dissemination or use by written authorization from the Disclosing Party; (vi) or is required to be disclosed pursuant to a requirement of a Governmental Agency or Law so long as the Parties provide each other, subject to permissibility of law, with timely prior written Notice of such requirement and provide all reasonable co-operation in regard to taking protective action against such disclosure requirement.

1.9. “Customer” shall mean the Customer defined under the Sales Order.

1.10. “Customer Data” means all Customer Content, and Customer Personal Data in any format, that is submitted, uploaded or otherwise made available by the Customer to or through the Product/Services to the Company.

1.11. “Customer Content” means any document, material, data or information of any type that is uploaded or submitted by or on behalf of Customer to the Company Software or that is generated or processed by or on behalf of Customer using the Company Software.

1.12. “Customer Personal Data” means data and/or information, other than confidential business information and, which is owned and controlled by or licensed to the Customer and is provided by or on behalf of the Customer (or its Affiliates) for processing to Company (or its Affiliates) under the applicable Agreement/Sales Order and that consists of information or data naming or identifying a natural person such as: (a) personally identifying information that is explicitly defined as a regulated category of data under any data privacy or Data Protection Laws applicable to the concerned Customer entity; (b) government issued information that can be used to identify the natural person, such as a national identification number, passport number, social security number, driver’s license number, and voter identification number;. Provided that Customer Personal Data does not include information or data that is anonymized, aggregated, de-identified or compiled on a generic basis and that does not name or identify a specific individual or person. Customer Personal Data shall be processed by the Company in accordance with applicable Data Protection Laws.

1.13. “Data Protection Laws” mean the laws such as Information Technology Act 2000, GDPR, CCPA, Singapore PDPA, Digital Personal Data Protection Act 2023 and regulations of any jurisdiction regulating or applicable to the use, collection, and storage or processing of Customer Personal Data (or similar data or information) where the Services are being performed or delivered.

1.14. “Deliverables” means any work product, output, or item specifically identified as a deliverable in an executed Statement of Work, specifically created and derived from the Customer Content and Customer Personal Data including any reports to be provided by the Company to the Customer but specifically excludes Product and/or any intellectual property of the Company.

1.15. “Disclosing Party” means the Party disclosing Confidential Information under this Agreement

1.16. “Documentation” means any written or electronic documentation, images, video, text or sounds specifying the functionalities or limitations of the Services/Products describing Service, describing the Services/Products as applicable, provided or made available by the Company to the Customer.

1.17. “De-Identified Data” means any Customer Personal Data which has been anonymized, pseudonymized including aggregate Customer Personal Data

1.18. "Force Majeure Event" means, with respect to a party, any act of God, flood, fire, earthquake, war, invasion, terrorism, riot, or other civil unrest, national or regional emergency, pandemic, epidemic, or other similar event not in the control of or caused by the party (or persons acting on its behalf), that prevents the party from performing its obligations under this Agreement.

1.19. “Information Security Incident” means a breach of Company’s security leading to the accidental or unlawful destruction, loss, alteration or unauthorized acquisition, disclosure, misuse or access to unencrypted Customer Personal Data transmitted, stored or otherwise processed by Company.

1.20. “Intellectual Property Rights" means, Software, Documentation, patents, trademarks, service marks, trade names, registered and unregistered designs, trade or business names, copyright (including, but not limited to, rights in software), software code base, database rights, design rights, rights in Confidential Information (including rights to use, and protect the confidentiality of, Confidential Information (including know-how and trade secrets), business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, and any other intellectual property rights whatsoever irrespective of whether such intellectual property rights have been registered or not and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future and which may subsist in any part of the world.

1.21. “License” means the non-exclusive, non-sub-licensable, non-transferable, revocable and limited right / license granted by the Company to the Customer to use the Products without the right to modify, make derivative works from, practice, and otherwise exploit and to make, have made, sell, offer for sale and use the Products, throughout the Territory, subject to terms in the manner as agreed in the Agreement

1.22. “Material Breach” shall mean a breach committed by either Party in matters and clauses relating to intellectual property rights, non-provision of the services, breach of payment terms, breach of confidentiality and Applicable Laws.

1.23. “Product” means Software and the associated computer programs, software, including relevant updates to the Software, and associated materials and associated Documentation provided by Company to the Customer for limited use as per the Agreement.

1.24. “Receiving Party” means the party receiving the Confidential Information under this Agreement

1.25. “Sales Order” means the sales order form, or any other written document for the delivery of Products and Services to the Customer that is executed between the Parties.

1.26. “Services” means the professional services and the Products to be rendered by the Company to the Customer as described in the Sales Order executed between the Parties.

1.27. “Software” means any computer program, firmware, routine, algorithm, code, instruction, script, macro, application programming or other interface, database (including all structured data contained in the database), tool, document display definition, object library or software tool, or other instruction or set of instructions for hardware or other software to follow, whether in source code or object code and whether expressed in any or all languages including embedded program and human interfaces, SQL and other query languages, hypertext mark-up language and other computer mark-up languages.

1.28. “Subcontractor” means any third-party contractor, agent, partner or Affiliate of Company used in the performance of this Agreement.

1.29. “Taxes” means any applicable federal, state, provincial, or local taxes, levies, duties, or similar governmental charges, including goods and services tax, value-added tax (VAT), sales tax, service tax, or consumption tax, imposed on the supply of goods, services, or digital/electronic products under Applicable Law in the relevant jurisdiction.

1.30. "Term” shall mean period as provided in the Sales Order, for which the Product shall be licensed and made available, and Services are rendered to the Customer by the Company.

1.31. “Territory” shall mean the Territory as mentioned in the Sales Order.

2. Interpretations

2.1. The meanings of defined terms are equally applicable to the singular and plural forms of such defined terms, and words importing the masculine gender include the feminine and neuter genders and vice versa, and words importing individuals shall include juristic persons and vice versa;

2.2. The words “herein,” “hereto,” “hereof” and “hereunder” and words of similar import shall refer to this Agreement as a whole and not to any particular provision hereof;

2.3. References to clauses or schedules are references are to clauses and schedules to this Agreement;

2.4. Any reference to a statute or any provision of a statute includes that statute or provision as well as any rule, regulation or direction made pursuant to such statute or provision, as may be from time to time modified or re-enacted, whether prior to or after the date of this Agreement.

2.5. The term “including” is by way of example and not limitation;

2.6. The term “documents” includes any and all instruments, documents, agreements, certificates, notices, reports, financial statements and other writings, however evidenced, whether in physical or electronic form;

2.7. The subject headings of this Agreement are included for purposes of convenience only, and shall not affect the construction or interpretation of any provision hereof;

2.8. Whenever anything is required to be done or any action is required to be taken hereunder on or by a day which is not a Business Day, then such thing may be validly done, and such action may be validly taken on or by the next succeeding day that is a Business Day.

3. Scope of Services

3.1. The Company shall upon execution of a Sales Order between the Parties, and subject to the timelines and milestones and any other criteria agreed between the Parties in the Sales Order, make available to the Customer, the Products and Services for the Term. In case of any conflict between the terms of the Agreement and any Sales Order, the terms of this Agreement shall prevail unless the Sales Order makes specific reference to the section of this Agreement, that needs to be amended. The service levels for the Deliverable shall be as provided in the Sales Order or the Statement of Work as the case may be.

3.2. The rights, benefits and protections provided herein under this Agreement may be extended to Affiliates of the Customer, subject to prior written consent of the Company and provided that the Customer remains responsible for its compliance hereunder. A Customer Affiliate may also directly purchase the Services or Products of the Company pursuant to the terms of this Agreement provided that such Affiliate (i) executes a Sales Order with the Company; and (ii) agrees to be bound by the terms of this Agreement as if it were an original party hereto. The Customer hereby authorizes the Company to share the content of this Agreement with Customer’s Affiliates, if applicable. The Company may perform its obligations and exercise its rights under this Agreement through its Affiliates. The Company shall remain responsible for the acts and omissions of its Affiliates in connection with this Agreement as if such acts or omissions were its own. A Company Affiliate may also directly provide the Services or Products to the Customer pursuant to the terms of this Agreement. The Customer hereby authorizes the Company to share the content of this Agreement with the Company's Affiliates, if applicable

3.3. The Company shall provide access to the Product, in the Deliverable where access to the Product is necessary, to the Authorized Users, to enable the Customer to use the Deliverable for the intended purpose under in the applicable Sales Order during the Term of this Agreement.

3.4. The Company may make available to the Customer as a part of the Product or Services third-party products or services (“Third-Party Services”). These Third-Party Services may integrate with the Services and are not licensed by the Company pursuant to this Agreement but are governed by the third party provider’s terms and conditions and privacy policies that accompany them, which Customer must separately accept. The Company does not warrant or support Third-Party Services, unless expressly provided otherwise in a Sales Order. The Services and Products may contain features designed to interoperate with Third-Party Services. The Company cannot guarantee the continued availability of such Third-Party Services and may cease supporting them if for example and without limitation, the Third-Party Service provider ceases to make the Third-Party Service available. The Company shall at no point be responsible for any of these Third-Party Services.

4. Term

The term of this Agreement shall commence from the Effective Date/ Start Date mentioned in the Sales Order and shall be in force and effect till the End Date mentioned in the Sales Order, unless terminated in accordance with Clause 13 (Termination) of this MSA (“Term”). Except otherwise specified in the Sales Order, the Sales Order shall automatically renew for a period of 12 (twelve) months each unless either Party gives the other written notice for non-renewal at least 30 (thirty) days before the End Date as specified in the Sales Order or expiry of such renewed term as the case may be.

5. Consideration And Payment Terms

5.1. The Customer shall discharge its payment obligations towards all invoices as provided under each applicable Sales Order.

5.2. All invoices will be raised in the frequency as mentioned in the Sales Order or any addendums etc. and the payments must be made by the Customer within the timelines as stated therein. All payments must be made by electronic transfer according to the remittance instructions on the invoice or as provided by the Company. All invoices will only be delivered electronically to the Customer. Customer must bear any charges, if any, imposed by the Customer’s bank for the payments. A late payment charge of one and half percent per month shall be applied on all overdue invoices. Customer shall provide a detailed remittance advice with each payment to the Company via email on request. Any fees that are unpaid as of the date of termination or expiration will be immediately due and payable. If the Customer is not a publicly traded corporation, then upon the Company’s request, the Customer must provide the necessary financial documents to allow the Company to ascertain the creditworthiness of the Customer.

5.3. The Customer shall not deduct any withholding taxes on payments to the Company, unless it pertains to the country in which the Company is registered.

5.4. The Company is not responsible for non-use of Software/Services by the Customer during the term of the Agreement. The Customer shall be liable to pay the Company for the full duration of the Agreement even if it prefers to not use it despite there being a valid Agreement.

5.5. If the Customer fails to pay any amount due under the Agreement according to the payment terms in the Sales Order the Company will send the Customer a reminder notice. If Customer fails to pay within 30 (thirty) days of the date of the reminder notice, the Company may, in its sole discretion, terminate the applicable Sales Order or suspend or restrict the provision of the Products and Services. Any suspension or termination of the Services by the Company shall be without prejudice to the Company's right to recover any outstanding Fees and applicable late payment interest accrued up to the date of such suspension or termination.

5.6. If the Customer believes, in good faith, that the Company has incorrectly billed the Customer, the Customer shall contact the Company in writing within 5 (five) days of the invoice date, specifying the error. However, the Customer must pay the undisputed portion of the Company’s invoice as required by the Agreement.

5.7. The Service Fee shall be exclusive of Taxes or other statutory deductions, if any at prevalent rates under Applicable Law, which shall be additionally borne by the Customer, unless otherwise agreed in the Sales Order.

5.8. Purchase Order: In the event the Customer requires a purchase order (“PO") for the Service Fee invoices, the Customer shall raise the PO simultaneously on execution of the Sales Order. In case of any delay in raising the PO, the Company shall proceed to send the invoice to the Customer and the same shall be payable within the timelines as agreed in the Sales Order. Notwithstanding anything to the contrary contained in the PO terms and conditions, it is agreed that the terms of this MSA alongwith the Sales Order shall prevail over the said PO.

5.9. Additional Costs, if any, shall be specified in the Sales Order and duly borne by the Customer.

5.10. Short messaging services (SMS) /email/push notification charges as mentioned in the Sales Order may change during the Term of the Agreement as a result of rate revision by regulators or operators. Company shall intimate the Customer in writing regarding any such rate revision.

6. Grant Of License and Intellectual Property Rights

6.1. Subject to the terms and conditions of the Agreement, the Company hereby grants to the Customer a non-exclusive, non-sub-licensable, non-transferable, revocable and limited license to use the Products in the Territory and in the manner as agreed in the Agreement.

6.2. The License is granted to the Customer subject to: (i) the Customer performing its obligations under the Agreement (ii) the requirements under Applicable Law; (iii) the Customer adhering to the restrictions and conditions and for use of the Products under this Agreement.

6.3. The Intellectual Property Rights in the Products and Services shall always remain vested with the Company and/or its Affiliates, and in no circumstances, the Customer or any of its Affiliates shall claim any such Intellectual Property Rights and/or use any intellectual property of the Company under the pretext of the Agreement, without the prior written consent of the Company. The Company reserves all other rights, title and interest in the Intellectual Property Rights under the Products and Services not expressly granted in this Agreement. The Customer may provide suggestions, comments, recommendations, enhancement requests, or other feedback relating to the Services ("Feedback"). The Customer hereby grants the Company a perpetual, irrevocable, worldwide, transferable, sublicensable, royalty-free right and license to use, incorporate, modify, commercialize, and otherwise exploit such Feedback without restriction or obligation to the Customer.

6.4. Except to the extent expressly permitted under the Agreement, the Company shall provide the Licenses under the condition that the Customer shall not:

6.4.1. use the Products (a) in violation of any Applicable Law or regulation, or in connection with unlawful material (such as material that violates any obscenity, defamation, harassment, privacy, publicity, or intellectual property laws); or (b) in a manner that would cause a material risk to the security or operations of the Company or any of its customers, or to the continued normal operation of other Company’s customers;

6.4.2. copy, use, distribute, republish, download, display, transmit, sell, rent, lease, host, or sub-license the Products;

6.4.3. offer, use, or permit the use of the Products and Services in a computer service business or third-party outsourcing service, on a membership or subscription basis, on a service bureau basis, on a time-sharing basis, as part of a hosted service, or on behalf of any third party;

6.4.4. (a) attempt to interact with the operating system underlying the Products, or (b) modify, create derivative works of, adapt, translate, reverse engineer (including monitoring or accessing the inputs and output flowing through a system or an application), decompile, or otherwise attempt to discover, the source code, data representations, or underlying algorithms, processes and methods;

6.4.5. remove, obscure, or alter any proprietary notices associated with the Products and Services (including any notices in reports);

6.4.6. use any software components, modules, or other services that may be delivered with the Products but which are not licensed to Customer and identified in the Sales Order;

6.4.7. share its login IDs and passwords, or allow use of the same login ID simultaneously by two or more users, and Customer is responsible for unauthorized access to its login IDs and passwords;

6.4.8. use the Company’s name, trademark, brand or logo on any of the advertising done by them in any way which might prejudice the Company’s goodwill or in any way cause damage, whether directly or indirectly to the premium position of the Company.

6.5. The Customer agrees to take appropriate actions to protect the Products from any unauthorized usage by its users and its third parties. Any such unauthorized usage or other security breach shall immediately be brought to the notice of the Company by the Customer, failing which it shall be considered as Material Breach of the Agreement.

6.6. No major changes will be made to the Products (or any assumptions related thereto) in the Sales Order, unless the Parties follow the change management process as laid down in the Sales Order. The nature and severity of the change shall be classified in the Sales Order, and shall be subject to applicable costs for such Change as prescribed in the Sales Order.

6.7. The Company may, at any time, without any liability, suspend the access to the Products (a) without in any way limiting the Company’s rights and remedies as set forth in this Agreement, in response to the Customer’s failure to pay when due any undisputed invoices issued pursuant to this Agreement; or (b) if the Company reasonably believes that such a suspension is necessary to maintain the security or integrity of the Software, to prevent misuse of the Software by any person or entity, including the Customer; or (c) the Company reasonably believes that Customer its agents it’s consumers have violated this Agreement; or (d) Company suspects or detects any malicious software connected to a the Customers use of the Products; or (e) such suspension is necessitated by Company’s third party hosting providers, provided that (i) Company notifies the Customer promptly of any such suspension and (ii) Company reinstates access to or operation of the Products as soon as reasonably practicable. The Company shall have no obligation to reinstate access until it is reasonably satisfied, in its sole discretion, that the cause of suspension has been fully remedied by the Customer and the Customer has provided sufficient evidence to the satisfaction to the Company. Any Fees accruing during the period of suspension shall remain payable in full by the Customer.

7. Customer Content and Customer Data

7.1. The Customer shall own (or where applicable, must ensure it has a valid license to) the Customer Data and Customer Content.

7.2. The Customer grants the Company and its Affiliates a non-exclusive, worldwide, royalty-free license to use, copy, transmit, sub-license, index, store, and display Customer Data and Customer Content: (a) to the extent necessary to perform its obligations (including, but not limited to, developing, modifying, improving, supporting, customizing, and operating the Products and Services) or enforce its rights under the Agreement; or (b) where required or authorized by law.

7.3. Company may use anonymized Customer Data for the purpose of developing, improving or customizing the Products and Services.

7.4. Company does not communicate with Customer’s end user directly. Customer is responsible for complying with (including giving any notifications, obtaining any consents, and making any disclosures required under) Data Protection Laws.

7.5. If content generated by consumers of Customer is uploaded to Company’s Products, the Company may access or disclose information about Customer, its consumers, or Customer’s use of the Services when it is required or authorized by law or regulation (e.g. when Company receives a valid subpoena or search warrant).

7.6. Customer must ensure it does not directly or indirectly cause Company or third-party providers that operate servers or host data for the Products, as applicable, to breach any Data Protection Laws in the collection, storage, access, transfer, use or disclosure of Personal Data arising from or in connection with this Agreement. Where required under Data Protection Laws, Customer must ensure that:

7.6.1. each Customer Site contains a notice to its users that identifies the collection, use, disclosure, and transfer of their Personal Data by Customer, Company, or third-party host providers in connection with the Services and Products, as applicable; and

7.6.2. Customer, when disclosing or transferring Personal Data from any source (including Customer sites) to Company or third-party host providers, complies with the requirements for such disclosure or transfer.

8. Compliance with Personal Data Protection (PDP) Laws

8.1. Each Party will comply with the requirements of the Data Protection Laws as applicable to such party with respect to the processing of the Customer Personal Data, attached hereto as Schedule A - Data Processing Agreement

8.2. Customer warrants to Company that it has or will obtain prior to provision thereof, all necessary rights and permissions to provide the Customer Personal Data to Company for the processing to be performed in relation to the Services. Customer shall be responsible for obtaining all necessary consents, and providing all necessary notices, as required under the relevant Data Protection Laws in relation to the processing of the Customer Personal Data.

8.3. In the event of (i) any change to (including generally-accepted changes in interpretation of) a Data Protection Law which requires any change in the manner by which Company is delivering the Services to Customer or (ii) any interpretation of a Data Protection Law by the Customer which requires any change in the manner by which Company is delivering the Services to Customer, or (iii) any material new or emerging cybersecurity threat which requires any change in the manner by which Company is delivering the Services to Customer, if such change is a major change, the parties shall agree upon how Company’s delivery of the Services will be impacted and shall make appropriate adjustments to the terms of the Agreement and the Services in accordance with the provisions of the Agreement related to such change.

8.4. Use of Customer Personal Data. Company will not use Customer Personal Data other than to perform the Services in accordance with this Agreement and any applicable Sales Order. Customer acknowledges that the provision of Services includes benchmarking and improving Company’s offerings generally and, as a result, Company may anonymize, pseudonymize or aggregate Customer Personal Data and use or disclose De-Identified Data as part of the Services, only if and to the extent such creation and use of De-Identified Data is consistent with the consents obtained by the Customer in relation to the underlying Customer Personal Data and is also fully consistent with applicable Data Protection Laws (and both the Customer’s and Company’s obligations thereunder). Subject to the foregoing, the Company will not associate De-Identified Data with Customer’s identity or the personal data of Customer’s Authorized Users and the end user.

8.5. Information Security Incidents. Company shall maintain procedures to detect and respond to Information Security Incidents. If an Information Security Incident occurs which may reasonably compromise the security or privacy of Customer Personal Data, Company will promptly notify Customer with complete details about the breach, within maximum 48 (forty-eight) hours of knowledge of its incident occurrence, and in any event in accordance with Data Protection Laws applicable to both Company and the Customer. Company will cooperate with Customer in investigating the Information Security Incident within the aforesaid 48 (forty-eight) hours and, taking into account the nature of the Services provided and the information available to Company, provide assistance to Customer as reasonably requested with respect to Customer’s breach notification obligations under any applicable Data Protection Laws.

8.6. As applicable, the Laws of the Countries in operation may have rules around Do Not Call Registry (hereinafter referred to as the “DNC Provisions”), or of similar nature, which Customer is required to comply with and ensure it has obtained clear and unambiguous consent in evidential form. It is the obligation of the Customer to inform and keep the Company updated on any consent or Consent withdrawal by its end users via email. The Customer hereby indemnifies the Company for any monetary penalties incurred by Company under the DNC Provisions as a result of Customer’s failure to comply with obligations as stated above.

9. Representation and Warranties

9.1. Each Party hereby represents and warrants to the other as follows:

9.1.1. It has all requisite power and authority to enter into and perform all its obligations under this Agreement.

9.1.2. It has taken all actions, obtained all regulatory, corporate and contractual authorizations, and submitted all notices or filings required to be submitted, for it to validly enter into this Agreement and perform all its obligations under this Agreement.

9.1.3. The execution and delivery of, or the performance of obligations under, this Agreement do not and shall not violate or conflict with any statute, rule, regulation, directive, other law, judgment, order, decree or award applicable to it or to any provision of its constituent documents, or any agreement, contract, promise, covenant, undertaking, representation or warranty, applicable to or made by it.

9.1.4. This Agreement constitutes legal, valid and binding obligations, enforceable against it in accordance with its terms.

9.2. The Company represents

9.2.1. that it has no knowledge that any Products, Services or Deliverables infringes any third party Intellectual Property Rights. The Customer understands and acknowledges that the Products Services and Deliverables are granted on license to the Customer hereunder on an ‘as-is, where-is’ basis.

9.2.2. to the extent the Services consist of professional services, software development/configuration or other services performed by Company’s personnel or its third-party contractors, it will perform the Services in a professional manner and to industry best standards, consistent with the Sales Order and any specifications or documentation applicable to the Services.

9.3. Each of the representations and warranties contained in this Agreement are separate and independent and shall not be qualified or limited by any reference to any other representation or warranty, or any other provision of this Agreement.

9.4. Except as expressly set forth in the Agreement, the Company disclaims any and all promises, representations and warranties with respect to the Products, Services and Deliverables, including its condition, conformity to any representation or description, the existence of any latent or patent defects therein, merchantability or fitness for a particular use or purpose, or any other warranty, express or implied. Notwithstanding anything to the contrary the Company expressly excludes all liability for losses, damages, costs, or penalties arising from or related to: (i) SMS pumping attacks, artificial traffic inflation, or any form of messaging fraud; (ii) the acts or omissions of third-party service providers, telecommunications operators, or infrastructure providers; and (iii) any regulatory penalties imposed on the Customer for non-compliance with applicable messaging or DNC regulation.

9.5. The Customer represents that

9.5.1. The Customer will provide a single point of contact as an authorised decision maker and approver for all deliverables, priorities, activities and change requests.

9.5.2. Customer will ensure that appropriate subject matter experts and technical operational resources are available to collaborate with the Company’s delivery team.

9.5.3. The Customer will deliver timely, accurate and complete information / data as requested by the Company as it pertains to the activities as outlined in the Agreement. The Customer shall also ensure that it responds promptly to any request for information and approvals as sought by the Company.

9.5.4. it shall be responsible for all activities conducted through its Authorized User accounts and shall use commercially reasonable efforts to maintain the confidentiality and security of login credentials and access mechanisms used to access the Services.

10. Indemnity

10.1. Indemnification by Customer. The Customer hereby indemnifies, and undertakes to defend and hold harmless, the Company, its Affiliates, and its employees and officers from and against all third party claims, suits, liabilities, damages, costs, and fees, including, without limitation, attorneys' fees, expenses or losses connected therewith, arising out of or resulting directly from: (i) any personal injury, death or damage to property caused by the gross negligence or willful misconduct of the Customer or its agents and representatives, in the performance of the Agreement (ii) any actual infringement or alleged violation, infringement, unauthorized use or misappropriation of any third party’s copyright, patent, trademark, or other Intellectual Property due to acts or omission of the Customer including due to the use of the data belonging to the Customer; (iii) breach of Applicable Laws and regulations; or (iv) use of the Product other than as permitted under this Agreement.

10.2. Indemnification by the Company. The Company shall defend, indemnify and hold harmless the Customer, its Affiliates and all of their respective officers, directors, agents and employees from and against any and all Claims relating to or based on (i) any personal injury, death or damage to property caused by the gross negligence or willful misconduct of the Company or its agents and representatives, in the performance of the Agreement (ii) breach of Applicable Laws and regulations; (iii) breach of Customer Data; (iv) any actual infringement or alleged violation, infringement, unauthorized use or misappropriation of any third party’s copyright, patent, trademark, or other Intellectual Property Right; If the Company reasonably believes that the Customer’s use of the Product and/or Deliverables is likely to be enjoined, or if the Products and/or Deliverables are held to infringe such patent or any other Intellectual Property Rights of a third party and all use of such Products and/or Deliverables by the Customer is thereby enjoined, the Company shall, at its expense and at its sole option, (a) procure for the Customer, the right to continue using the Products and/or Deliverables, or (b) replace the Products and/or Deliverables with other non-infringing software or services of substantially equivalent functionality, or (c) modify the Products and/or Deliverables so that there is no infringement, provided that such modified software or services provide substantially equivalent functionality. If, in the Company’s opinion, the remedies in clauses (a), (b) and (c) above are infeasible or commercially impracticable, the Company shall refund the Customer, a pro-rated amount of the applicable Fees pre-paid by the Customer for the tenure during which the Customer is unable to use the said Products and/or Deliverables. The Customer shall not settle any matter without the prior written approval of the Company.

10.3. The Company shall not be liable in case of any intellectual property infringement claim, if it arises out of (i) any use of Products and/or Deliverables in violation of the Agreement; (ii) modification of the Products and/or Deliverables by the Customer (or any third party acting on the Customer’s behalf); or (iii) failure by the Customer to install the latest updated version of the Product as requested by the Company to avoid infringement; or (iv) third-party products, services, hardware, software, or other materials, or combination of these with the Products and/or Deliverables, if the Products and/or Deliverables would not be infringing without this combination.

11. Limitation of Liability

11.1. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) SHALL EITHER PARTY TO THIS AGREEMENT, OR THEIR RESPECTIVE AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SERVICE PROVIDERS, SUPPLIERS OR LICENSORS, BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOSS OF GOODWILL, OR FOR ANY OTHER TYPE OF INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE LOSS OR DAMAGES, OR FOR ANY OTHER INDIRECT LOSS OR DAMAGES INCURRED BY THE OTHER PARTY OR ITS AFFILIATES IN CONNECTION WITH THIS AGREEMENT AND APPLICABLE SALES ORDER, THE SERVICES, REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES.

11.2. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, THE COMPANY AND ITS AFFILIATES AGGREGATE LIABILITY TO THE CUSTOMER, ITS AFFILIATES, OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT AND SALES ORDER, SHALL IN NO EVENT EXCEED THE LICENSE FEES (AS AGREED IN THE APPLICABLE SALES ORDER) PAID BY THE CUSTOMER DURING THE TWELVE (12) MONTHS PRIOR TO THE FIRST EVENT OR OCCURRENCE GIVING RISE TO SUCH LIABILITY. THE LIMITATION OF LIABILITY PROVIDED FOR HEREIN APPLIES IN AGGREGATE TO ANY AND ALL CLAIMS BY CUSTOMER AND ITS AFFILIATES AND SHALL NOT BE CUMULATIVE.

11.3. Any claims or damages that the Customer may have against the Company shall only be enforceable against Company and not any other entity, nor any officers, directors, representatives or agents of Company.

12. Confidentiality

12.1. Each Party shall treat Confidential Information with reasonable care and disclose the same only on a need-to-know basis or as permitted under the Agreement. The Receiving Party will only use Confidential Information for the purposes of performing its obligations or as permitted under the Agreement. However, the Receiving Party may disclose the Confidential Information of the Disclosing Party:

i. if approved in writing by the Disclosing Party;
ii. if required by law or regulation;
iii. in the event of dispute between the Parties, as necessary to establish the rights of either Party; or
iv. as necessary to provide the Services licensed by the Customer.

12.2. In the case of (ii) and (iii), the Receiving Party will provide reasonable advance notice to the other Party and provide reasonable assistance to limit the scope of the disclosure unless prohibited by law or regulation.

12.3. Under this Clause 12 (Confidentiality) and the definition of “Confidential Information”, a reference to a Party means a Party and its Affiliates. The Receiving Party is responsible for ensuring that its representatives and Affiliates fully comply with the obligations of the receiving Party under this Clause 12 (Confidentiality).

13. Termination

13.1. Notwithstanding anything herein contained, either Party may, by giving thirty (30) days’ notice in writing, terminate this Agreement only under any one or more of the following conditions, failing which all amounts payable under the Sales Order or this Agreement for the Term shall become immediately payable in full:

13.1.2. if either Party commits a Material Breach of this Agreement or its accompanying Sales Order and fails to correct the breach within thirty (30) days of written specification of the breach, then the breaching party is in default and the non-breaching party may terminate this Agreement or the relevant Sales Order under which the breach has occurred. The non-breaching Party may agree at its sole discretion to extend the thirty (30) day period for so long as the breaching party continues reasonable efforts to cure the breach. Wherein, the breach is not rectified, therein the non-breaching party may at its sole discretion, opt to terminate the agreement.

13.1.3. If a petition for insolvency is filed against any Party and such petition is not dismissed within ninety (90) days after filing and/or if any Party makes an arrangement for the benefit of its creditors or, if the court receiver is appointed as receiver of all/any of any Party's properties.

13.2. Neither Party shall be entitled to terminate the Sales Order without cause during the Term of the Sales Order.

14. Post Termination

14.1. The termination of this Agreement shall not: (a) in anyway affect or prejudice any right accrued to any Party against the other Parties, prior to such termination; including the right of the Company to receive full and complete payments stipulated under the Sales Order; (b) extinguish the rights and obligations that contemplates performance or observance by the Parties under the Agreement, which either expressly or by their nature survive the termination of the Agreement, unless any of such rights, obligations or liabilities, are waived in writing.

14.2. Upon termination of the Agreement for any reason: (a) all Sales Orders and or amended Sales Order, if any then in effect shall immediately terminate, unless expressly stated in contrary in the Sales Orders therein. (b) the License and associated rights in the Products will immediately terminate.

14.3. Within 30 (thirty) days from the date of termination of the Agreement, the Customer shall hand over all the materials, if any, belonging to the Company, including but not limited to Confidential Information of the Company. The Customer hereby agrees that no copies of the materials, documents, data etc., shall be made or retained upon the termination or expiration of the Agreement.

14.4. Upon termination of the provision of the Services, and subject to receipt of all pending payments, if any, the Company shall provide a copy of Customer Data in a mutually agreed format such as .csv or .txt within thirty (30) days and delete the Customer Data within ninety (90) days from the date of termination. Company may retain the data to the extent that it is required or authorized to do so under Applicable Law and/or regulation, in which case Company will securely isolate and protect such data from any further processing, except to the extent required by Applicable Law and/or regulation.

14.5. It is hereby agreed and understood by the Customer that the provisions of this Clause shall not limit or restrict, nor shall they preclude Company from pursuing such further and other legal actions, against the Customer for any breach or non-compliance of the terms of the Agreement.

15. Force Majeure

15.1. To the extent that a Party is unable to perform any of its obligations other than payment obligations under this Agreement solely and directly as a result of a Force Majeure Event, the party (the "Excused Party") will be excused from any liability arising from its failure to perform those obligations, provided that:

15.1.1. the failure to perform could not have been prevented by reasonable foresight or precautions or circumvented through the use of alternate sources, work-around plans, or other means by the Excused Party;

15.1.2. the Excused Party promptly notifies the other party, in writing, of the Force Majeure Event, which includes sufficient documentation to establish to the reasonable satisfaction of the other party the impact of the Force Majeure Event and why the Excused Party should be excused from performance of its obligations under this Agreement based upon the above criteria; and

15.1.3. the Excused Party uses best efforts to recommence its obligations to perform without delay, including through the use of alternate sources, workaround plans, or other means.

16. Export Compliance and Use Restrictions

The Products and Services which the Company may provide or make available to the Customer or Authorized Users may be subject to U.S. (or other territories) export control and economic sanctions laws, rules and regulations, including without limiting the regulations promulgated by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) and the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) (collectively, “Export Control Laws”). Wherever applicable, the Customer agrees to comply with all the Export Control Laws as they relate to access to and use of the Services, Software, and such other components by the Customer. Customer shall not access or use the Products and Services if Customer is located in any jurisdiction in which the provision of the Services, Software or other components is prohibited under U.S. or other Applicable Laws or regulations, including, without limitation, a country or territory that is subject to comprehensive U.S. trade sanctions (including, without limitation Cuba, Iran, North Korea, Syria or the Crimea or so-called Donetsk People’s Republic (DNR) or Luhansk People’s Republic regions of Ukraine) (a “Prohibited Jurisdiction”) and Customer shall not provide access to the Products and Services to any government, entity or individual located in any Prohibited Jurisdiction. Customer represents, warrants and covenants that (i) Customer is not named on, or owned or controlled by any party named on any U.S. government (or other government) list of persons or entities prohibited from receiving U.S. exports, or transacting with any U.S. person, (ii) Customer is not a national of, located in, or a company registered in, any Prohibited Jurisdiction, (iii) Customer shall not permit Authorized Users to access or use the Service in violation of any Export Control Laws, (iv) no Customer Data created or submitted by Customer is subject to any restriction on disclosure, transfer, download, export or re-export under the Export Control Laws, and (v) Customer shall comply with all Applicable Laws regarding the transmission of technical data exported from the United States and the country in which Customer and Customer’s Authorized Users are located. Customer further agrees that Customer will not use the Products and Services to disclose, transfer, download, export or re-export, directly or indirectly, any Customer Data to any country, entity or other party which is ineligible to receive such items under the Export Control Laws or under other laws or regulations to which Customer may be subject. Customer acknowledges that the Service and other Software may not be available in all jurisdictions and that Customer is solely responsible for complying with the Export Control Laws.

17. Anti-Corruption and Anti-Bribery

17.1. None of Customer its Affiliates, their personnel, or representatives have engaged, or will engage, in any corrupt, fraudulent, unfair, or deceptive practices in connection with this Agreement or any other business transactions involving Company, including directly or indirectly offering or providing to a person (including any political party, public official, Regulatory Authority, or other government-related entity) a contribution, gift, bribe, loan, kick-back, payment of money or other benefit, regardless of form, for the purpose of influencing any act, decision or failure to act by such person or to secure an improper advantage to obtain, retain, or direct business.

17.2. Customer will comply with, and will cause its Affiliates, their personnel, representatives and Subcontractors to comply with, all Applicable Law concerning anti-bribery and anti-corruption, including the Canadian Corruption of Foreign Public Officials Act, the UK Bribery Act, 2010 and the United States Foreign Corrupt Practices Act (collectively, "ABAC Laws"), if applicable. Customer represents and warrants that none of Customer, its Affiliates, personnel, representatives or Subcontractors have taken any action in connection with this Agreement or any other business transaction involving the Company that would constitute a violation of any ABAC Laws.

17.3. Customer represents and warrants to the Company that neither the Customer nor its Affiliates have any undisclosed direct or indirect business or personal, financial, or other interest, in any person that would conflict with, or influence in any manner or degree the Customer's obligations under this Agreement or the interests of the Company in connection therewith.

18. Governing Law and Dispute Resolution

The Parties shall resolve any difference or dispute arising out of the Sales Order and / or this Agreement by way of negotiations. If such negotiation process fails, then all disputes shall be resolved in the below mentioned manner

United StatesIn case the Sales Order is executed between the Customer and any Affiliate of the Company in the United States of America then this Agreement shall be governed in accordance with, the laws of Delaware without having regard to the conflict of laws provisions thereunder. The courts of Delaware shall have exclusive jurisdiction over all matters arising pursuant to this Agreement.
EuropeIn case the Sales Order is executed between the Customer and Capillary Technologies Europe Limited, the provisions of this Agreement shall be governed by and construed in accordance with the laws of England and Wales. Any dispute arising out of or in connection or the interpretation of this Agreement or the Sales Order, shall be subject to exclusive jurisdiction of the Courts in London.
DubaiIn case the Sales Order is executed between the Customer and Capillary Technologies DMCC, the provisions of this Agreement shall be governed by and construed in accordance with the laws of Dubai. Any dispute arising out of or in connection or the interpretation of this Agreement or the Sales Order, shall be subject to exclusive jurisdiction of the Courts in Dubai.
IndiaIn case the Sales Order is executed between the Customer and Capillary Technologies India Limited, the provisions of this Agreement shall be governed by and construed in accordance with Indian law. Any dispute, controversy or claims arising out of or relating to the Agreement or the Sales Order, shall be adjudicated exclusively by the courts located at Bangalore.
Singapore a. In case the Sales Order is executed between the Customer and Capillary Pte. Ltd. or Customer and Capillary Technologies (Malaysia) Sdn. Bhd. or Customer and PT Capillary Technologies Indonesia then this Agreement shall be governed by and construed in accordance with the laws of Singapore.

b. the Parties agree to negotiate in good faith to resolve any dispute between them relating to this Agreement.

c. If, within 15 (fifteen) calendar days after one Party has notified the others in writing of such a dispute, the Parties are unable to resolve the dispute as aforesaid, the disputes or differences shall be referred to final and binding arbitration at the request of either of the disputing Parties upon written Notice to that effect to the other. In the event of such arbitration:

d. The arbitration shall be referred to and finally resolved by arbitration administered by Singapore International Arbitration Centre (“SIAC”) in accordance with the arbitration rules of the Singapore International Arbitration Centre ("SIAC Rules"), in force at the relevant time (which is deemed to be incorporated into this Agreement by reference);

(i) All proceedings of such arbitration shall be in the English language and all documents submitted (including those submitted as filings, evidence or exhibits) shall be certified English translations if in a language other than English. The venue and seat of the arbitration shall be Singapore;
(ii) The arbitration shall be conducted by a Sole Arbitrator ("Arbitral Tribunal") appointed in accordance with the SIAC Rules;
(iii) The award shall be made in writing and published by the Arbitral Tribunal no later than 180 (one hundred eighty) days from entering upon the reference in terms of Rule 5.1 of the SIAC Rules. The Parties hereto shall be deemed to have irrevocably given their consent to the Arbitral Tribunal to make and publish the award within the period referred to hereinabove and the award of the Arbitral Tribunal shall be final and binding on the Parties

19. Assignment

Except as permitted herein, neither Party may, directly or indirectly, by operation of law or otherwise, assign all or any part of this Agreement or rights under this Agreement, or delegate performance of its duties under this Agreement, without written prior consent of the other party, which consent will not be unreasonably withheld. Company may assign this Agreement without Customer’s consent to any Affiliate of the Company or in connection with any merger or change of control of Company, any internal restructuring or reorganization of the Company or its corporate group, or the sale of all or substantially all of Company’s assets provided that any such successor agrees to fulfill its obligations pursuant to this Agreement. If requested by the Company, the Customer must execute an assignment to give effect to the Company’s assignment. Subject to the foregoing restrictions, this Agreement will be fully binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns.

20. Miscellaneous

20.1. Amendment and Waiver: Any material provision of the Agreement, prejudicially impacting the Customer, may be amended or waived only if such amendment or waiver is in writing and signed, in the case of an amendment by each Party, or in the case of a waiver, by the Party against whom the waiver is to be effective. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.

20.2. Cumulative Rights: No failure or delay by any Party in exercising any right, power or privilege hereunder shall operate as a waiver thereof nor shall any single or partial exercise of any other right, power or privilege. The rights and remedies herein provided shall be cumulative and not exclusive of any rights or remedies provided by law.

20.3. Successors: The provisions of the Agreement shall be binding upon and inure to the benefit of the Parties hereto and their respective successors and permitted assigns. Where specified in a Sales Order and intimated to the Company, the Customer may allow its Affiliates to use and access the Product and Services.

20.4. Notices: Unless otherwise provided herein, all notices or other communications under or in connection with this Agreement shall be given in writing and may be sent by personal delivery or post or courier or electronic mail. Any such notice or other communication will be deemed to be effective if sent by personal delivery, when delivered, if sent by post, two days after being deposited in the post and if sent by courier, one day after being deposited with the courier, and if sent by electronic mail, when sent (on receipt of a confirmation to the correct email address). The address as provided in the Sales Order shall be used for the purpose of delivering the said Notices.

20.5. Entire Agreement: The Agreement, being the Annexure with all the Sales Order (as amended from time to time), amendments constitute the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior written agreements, understandings and negotiations, both written and oral, between the Parties with respect to the subject matter of the Agreement. No representation, inducement, promise, understanding, condition or warranty not set forth herein has been made or relied upon by any Party hereto.

20.6. Neither the Agreement nor any provision hereof is intended to confer upon any Person other than the Parties to the Agreement any rights or remedies hereunder.

20.7. Non-solicitation: The Parties will not solicit the employment of other Party’s employees / Personnel during the Term of this Agreement, including renewals and extensions, if any and for a period of 1 (one) year thereafter, except that this Section will not restrict the employment of any person as a result of that person making an unsolicited response to a bona fide published general recruitment advertisement not specifically directed at such person.

20.8. No Agency. Nothing in this Agreement is intended to constitute a fiduciary relationship, agency, joint venture, partnership, or trust between the Parties. No Party has authority to bind the other Party. The Agreement is on a principal-to-principal basis between the Parties hereto. Nothing contained in this Agreement shall be construed or deemed to create any association, partnership or joint venture or employer-employee relationship or principal-agent relationship in any manner whatsoever between the Parties. The Company acknowledges that its rendering of the Services is solely within its own control, subject to the terms and conditions agreed upon and agrees not to hold itself out to be an employee, agent or servant of Customer or any subsidiary or affiliate thereof.

20.9. No Third-Party Beneficiaries: Nothing in this Agreement, express or implied, is intended or shall be construed to confer upon or give to any person, firm, corporation, or legal entity, other than the Parties, any right, remedies, or other benefits under or by reason of this Agreement

20.10. Publicity: Neither party shall use the name and/or trademark/logo of the other party, its group companies, subsidiaries or associates in any sales or marketing publication or advertisement, or in any other manner without prior written consent of the other party. However, notwithstanding the foregoing, the Company shall be entitled to use the name / logo of the Customer in its advertising and marketing campaigns, brochures, website etc. strictly as one of the customers of the Company.

20.11. Severability: The invalidity or unenforceability of any provisions of the Agreement in any jurisdiction shall not affect the validity, legality or enforceability of the remainder of the Agreement in such jurisdiction or the validity, legality or enforceability of the Agreement, including any such provision, in any other jurisdiction, it being intended that all rights and obligations of the Parties hereunder shall be enforceable to the fullest extent permitted by law.

SCHEDULE A

Data Processing Agreement

This Data Processing Agreement (“DPA”) forms an integral part of the Sales Order, as updated from time to time between Customer (hereinafter referred to as the “Customer” or “Controller”) and Company (hereinafter referred to as the “Company” or “Processor”), or other agreement between Customer and Company governing Customer’s use of the Service Offerings. This DPA is an agreement between you and the entity you represent (“Customer”, “you” or “your”) and Company.

WHEREAS:

(A) The Customer acts as a Controller for Customer Personal Data (as defined hereunder). The Controller provides Customer Personal Data to the Processor, and provides specific processing instructions to the Processor.

(B) Vide the Sales Order, the Customer has contracted certain Services, detailed therein to the Processor.

(C) The Services include the processing of Customer Personal Data by the Processor in the course of providing services under the Sales Order executed by the Customer.

(D) The Parties seek to implement a Data Processing Agreement that complies with the requirements of the current applicable legal framework on the protection of privacy of natural persons when processing personal data.

(E) The Parties also wish to lay down their rights and obligations relating to such processing of Customer Personal Data.

To the extent Company Processes Personal Data on behalf of Customer in connection with the Services, IT IS AGREED BETWEEN THE PARTIES AS FOLLOWS:

1. Definitions and Interpretation

Unless otherwise defined herein, capitalized terms and expressions used in this DPA shall have the following meaning:

1.1 "DPA" means this Data Processing Agreement;

1.2 "Customer Personal Data" shall have the same meaning as ascribed thereto in the MSA (as defined hereunder); "Data Protection Laws" shall have the same meaning as ascribed thereto in the MSA;

1.3 "Data Transfer" means:

1.3.1 a transfer of Customer Personal Data between the Customer and the Processor; or

1.3.2 an onward transfer of Customer Personal Data from the Processor to a Subprocessor, or between two establishments of the Processor, in each case, where such transfer would be permitted by Data Protection Laws (or permitted by the terms of data transfer agreements put in place to address any data transfer restrictions placed by Data Protection Laws);

1.3.3 “MSA” means the master service agreement which forms an integral part of the Sales Order;

1.4 “Sales Order” means the Sales Order, to which this DPA is an integral part and duly executed between the Company and the Customer;

1.5 "Services" means the services pursuant to or in connection with the Sales Order.

1.6 "Subprocessor" means any person or third-party organization appointed by or on behalf of a Processor to process Personal Data on behalf of Controller in connection with the DPA.

1.7 The terms "Controller", Processor, "Data Subject", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in the applicable Data Protection Laws, and their cognate terms shall be construed accordingly.

2. Role of Parties and Processing of Customer Personal Data

2.1 The Parties acknowledge that, with respect to Customer Personal Data, Customer acts as the Controller and Processor acts as the Processor.

2.2 The Customer has instructed the Processor to process Customer Personal Data collected pursuant to or in connection with the Sales Order.

2.3 Customer warrants that it has all necessary rights and lawful bases to provide Customer Data to Processor and authorize the Processing contemplated under the DPA.

2.4 Each Party shall comply with their respective obligations under Data Protection Laws.

2.5 The Processor shall Process Personal Data only on the Customer's documented instructions, as set out in the DPA, applicable Sales Order, or other mutually agreed written instructions, unless otherwise required by applicable Data Protection Laws. In processing Customer Personal Data, the Processor shall not Process Customer Personal Data other than on the Customer’s documented instructions.

2.4 The Customer shall instruct the Processor through documented processing instructions in the Sales Order or through other agreed documents such as scope of work (SOW), business requirement document (BRD) etc., the modalities of processing Customer Personal Data.

2.6 The Customer shall indemnify and hold the Processor and any Subprocessors harmless against any third-party actions or claims, losses, damages, liabilities, costs, and expenses arising out of or relating to: (a) the Processing of Customer Personal Data, so long as such Processing is in strict compliance with the abovementioned documented processing instructions provided by the Customer and Data Protection Laws; (b) the Customer's instructions that violate applicable Data Protection Laws, (c) the Customer's failure to obtain any required notice, consent, authorization, or lawful basis for Processing, or (d) the unlawful collection, use, disclosure, or transfer of Customer Personal Data, except to the extent such claims arise from the Processor's breach of this DPA or applicable Data Protection Laws.

3. Customer’s representations, warranties and undertaking

The Customer warrants that:

3.1 The Processing of Customer’s Personal Data is based on lawful grounds for Processing, as may be required by applicable Data Protection Laws and that it has obtained and shall maintain throughout the term of the DPA all necessary rights, permissions, registrations and consents in accordance with and as required by applicable Data Protection Laws with respect to Processing of Customer’s Personal Data under this DPA and the MSA;

3.2 it is entitled to and has all the necessary rights, permissions and consents to transfer the Customer’s Personal Data to the Processor and otherwise permit the Processor to Process the Customer’s Personal Data on its behalf, so that the Processor may lawfully use, process and transfer the Customer’s Personal Data in order to carry out the Services and perform Processor’s rights and obligations under this DPA and the MSA;

3.3 it will inform its Data Subjects about its use of a Processor in Processing their Personal Data, to the extent required under applicable Data Protection Laws;

3.4 it will respond, to the extent reasonably practicable, to enquiries by Data Subjects regarding the Processing of their Personal Data, within timelines as prescribed under applicable Data Protection Laws, and to give appropriate instructions to Processor in a timely manner; and

3.5 It will comply with the provisions and obligations imposed on it by the applicable Data Protection Laws and shall procure that its employees and sub-processors observe the provisions of the applicable Data Protection Laws, in relation to the Customers Personal Data.

4. Processor Personnel

Processor shall take reasonable steps to ensure that access to the Customer Personal Data is strictly limited to those individuals who need to know / access the relevant Customer Personal Data, as strictly necessary for the purposes of the Sales Order. The Processor shall ensure compliance with Data Protection Laws in the context of that individual's duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

5. Security

The Processor shall implement technical and organizational security controls in line with industry standards such ISO 27001, or an equivalent security standard, in accordance with the applicable Data Protection Laws and implement and maintain appropriate technical, organizational, and administrative measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data.

6. Data Subject Rights

6.1 Nothing in this DPA shall restrict Customer’s Data Subjects from exercising their rights under the applicable Data Protection Laws.

6.2 Taking into account the nature of the Processing and the information available to the Processor, Processor shall assist the Customer by implementing appropriate technical and organizational security measures as provided in Section 5, for the fulfillment of the Customer obligations to respond to and comply with requests from Data Subjects seeking to exercise their rights under applicable Data Protection Laws.

Processor shall:

6.3.1 promptly notify Customer if it receives a request from a Data Subject under any Data Protection Law in respect of Customer Personal Data; and

6.3.2 ensure that it does not respond to requests except on the documented instructions of the Customer or as required by applicable Data Protection Laws to which the Processor is subject, in which case, the Processor shall to the extent permitted by the applicable Data Protection Laws, inform Customer of the legal requirement before the Processor responds to the request.

6.4 To the extent any assistance requested by the Customer under this Section requires material additional effort beyond the standard functionality of the Services or the Processor's ordinary compliance obligations, the Processor may charge the Customer reasonable fees for such assistance, provided the Processor informs the Customer in advance.

7. Requests for Customer Personal Data

7.1 If Processor receives a valid and binding order (“Request”) from any governmental or regulatory body (“Requesting Party”) for disclosure of Customer Personal Data, Processor shall use every reasonable effort to redirect the Requesting Party to request Customer Personal Data directly from the Customer.

7.2 If compelled to disclose Customer Personal Data to a Requesting Party, Processor shall:

a. promptly notify the Customer of the Request to allow the Customer to seek a protective order or other appropriate remedy, if the Processor is legally permitted to do so.

b. challenge any overbroad or inappropriate Request (including where such Request conflicts with the applicable Data Protection Laws.

7.3 If, after exhausting the steps described in Section 7.2, Processor remains compelled to disclose Customer Personal Data to a Requesting Party, Processor shall disclose only the minimum amount of Customer Personal Data necessary to satisfy the Request.

8. Personal Data Breach

8.1 Processor shall notify Customer promptly without undue delay and, where reasonably practicable, within 48 hours upon Processor becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach as required by the Data Protection Laws.

8.2 Such notification shall include, to the extent available with the Processor, at the time of notification, such information that is pertinent for the Processor to get fully apprised of the Customer Data Breach.

8.3 Notification of a Personal Data Breach by the Processor shall not be construed as an acknowledgement of fault, liability, or responsibility of the Processor for the incident.

8.4 The Processor shall cooperate with the Customer and take reasonable steps as directed by the Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

9. Data Protection Impact Assessment and Prior Consultation

The Processor shall provide reasonable assistance to the Customer with any data protection impact assessments, and prior consultations with Supervisory Authority or other competent data privacy authorities, which Customer reasonably considers to be required under the provisions of the Data Protection Laws, in each case solely in relation to Processing of Customer Personal Data by and taking into account the nature of the Processing and information available to the Processor.

10. Deletion or return of Customer Personal Data

10.1 Upon termination or expiration of the DPA, and subject to the terms of the DPA and applicable Data Protection Laws, the Processor shall, at the Customer's written request, return all Customer Personal Data to the Customer within thirty (30) days of such termination or expiration. Processor shall thereafter delete, and procure the deletion of, all Customer Personal Data through industry-standard deletion or anonymization processes, including any backup copies, within ninety (90) days of such termination or expiration, unless a longer retention period is required under applicable Data Protection Laws, regulatory requirements, legitimate internal compliance obligations, legal hold requirements, dispute resolution processes, or the Processor's standard backup and archival procedures.

10.2 At the Customer's written request, Customer shall provide written certification confirming the deletion of such Customer Personal Data.

10.3 Notwithstanding the foregoing, Processor may retain Customer Personal Data to the extent required or permitted by applicable Data Protection Laws, regulation, or governmental authority. Any Customer Personal Data so retained shall remain subject to the confidentiality, security, and data protection obligations set forth in this DPA, and Processor shall securely isolate and protect such Customer Data from any further processing except as required by applicable Data Protection Laws.

11. Sub processing and Data Transfer

Subprocessor: As a multi-tenant platform provider, the Processor may engage third-party subcontractors, vendors, or Subprocessors in connection with the provision of the Services. Where the Processor engages a subcontractor, vendor, or Subprocessor to perform a customized aspect of the Services developed specifically for a Customer, the Processor shall provide reasonable advance notice to the Customer. The Processor, acting as Data Processor, shall ensure that each Subprocessor is bound by a written agreement imposing privacy, confidentiality, security, and data protection obligations that are no less protective than those imposed on the Processor under this DPA and the applicable data processing clauses. The Processor shall remain responsible for the performance of its Subprocessors' obligations to the extent required by Applicable Law. The Data Processor shall impose by way of a written agreement the same level of obligations (privacy and security controls) on the Subprocessors as are imposed on the Data Processor under the Clauses.

Data Transfer - Customer acknowledges and agrees that Processor, its Affiliates and Subprocessors may Process Customer Data in countries other than the country in which the Customer Data was originally collected, provided that Processor implements appropriate safeguards as required under applicable Data Protection Laws.

12. Security Assurance and Audit Reports

The Processor operates a multi-tenant SaaS platform and provides services to multiple customers through a shared infrastructure environment. Processor maintains independently audited security certifications, including ISO/IEC 27001 and SOC 2 Type II, which are conducted annually by accredited third-party auditors. These audits assess the design and operating effectiveness of Processor’s security controls applicable to its platform and services. Upon fourteen (14) calendar days' prior written request, and not more than once in any twelve (12) month period, Processor shall make available to the Customer the relevant summary audit reports, subject to any applicable confidentiality obligations and third-party restrictions. To the extent that a Customer requires security information or assurance beyond the scope of such audit reports, Processor may reasonably assist by responding to security questionnaires and providing relevant supporting documentation and artifacts, provided that such requests are proportionate, commercially reasonable, and do not impose undue burden or risk on Processor’s operations or other customers.

13. Aggregated and Anonymized Data

Nothing in this DPA restricts Processor from collecting, creating, using, analyzing, or disclosing data that has been aggregated, anonymized, de-identified, or otherwise rendered incapable of identifying Customer, Data Subjects, or individuals. Processor may use such data for analytics, benchmarking, research, product development, machine learning, service improvement, operational and business purposes.

14. General Terms

14.1 Confidentiality - Each Party must keep this DPA and information it receives about the other Party and its business in connection with this DPA (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that: (a) disclosure is required by law; (b) the relevant information is already in the public domain.

14.2 Notices - All notices and communications given under this DPA must be in writing and will be delivered personally, sent by post or sent by email. Controller shall be notified by email sent to the address related to its use of the Service under the Sales Order. Processor shall be notified by email sent to the address: guardians@capillarytech.com.

14.3 Governing Law and Jurisdiction

This DPA is governed by the Applicable Laws as per the relevant provisions of the Sales Order. Any dispute arising in connection with this DPA, will be resolved as per the relevant provisions of the Sales Order.

14.4 Order Of Precedence

With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the DPA and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.

Array
(
    [wp-wpml_current_language] => en
    [icwp-wpsf-notbot] => exp-1782818063
)