TERMS AND CONDITIONS

Effective Date: June 25th, 2026

These Terms and Conditions (these “Terms”) govern your access to and use of the payment gateway services, software-as-a-service platform, and related services (collectively, the “Services”) provided by MODOGATE LTD, a company incorporated and validly existing under the laws of the Republic of Cyprus, having its registered office at EMERALD BUILDING, Flat/Office 304B, John Kennedy 49, 3106 Limassol, Cyprus (the “Company”, “we”, “us”, or “our”). By accessing or using the Services, you (the “Customer”, “Client”, “you”, or “your”) agree to use the Customer’s services or platform to process payments through the Services, including but not limited to merchants, vendors, or other third parties for whom Customer facilitates payment processing.

1 Acceptance and Modification

  • Acceptance. By clicking signing Order Form, accessing the Services, or using any part of the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you are accepting these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms, and references to “Customer”, “Client” or “you” shall refer to such entity.
  • Modification. We reserve the right to modify these Terms at any time. We will notify you of material changes by posting the updated Terms on our website or by sending notice to the email address associated with your account. Your continued use of the Services after such modifications constitutes your acceptance of the modified Terms. If you do not agree to the modified Terms, you must discontinue use of the Services.

2 Definitions

For purposes of these Terms, the following definitions apply:

  • Account” means the customer account created to access and use the Services.
  • Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.
  • Authorized Users” means Customer’s employees, contractors, and agents who are authorized by Customer to use the Services on Customer’s behalf.
  • Confidential Information” means all non-public information disclosed by one party to the other, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.
  • Customer Data” means all data, content, and information submitted by or on behalf of Customer or Authorized Users to the Services.
  • Documentation” means the user guides, manuals, and other documentation provided by Company relating to the Services.
  • Fees” means the fees payable by Customer for the Services as set forth in the Pricing Schedule.
  • Intellectual Property Rights” means all intellectual property rights worldwide, including patents, copyrights, trademarks, trade secrets, and other proprietary rights.
  • Order Form” means an ordering document or online order specifying the Services to be provided under these Terms.
  • Personal Data” means any information relating to an identified or identifiable natural person as defined under applicable data protection laws.
  • Pricing Schedule” means the pricing of the Services, and which could be found at https://modogate.com/pricing/.
  • Pricing Validity Period” means all pricing and fees set forth in these the Order Form or Pricing Schedule and which shall remain valid for a period of twelve (12) months from the Effective Date, unless otherwise specified in writing. Company may adjust pricing upon renewal of the Subscription Term or as otherwise permitted under these Terms.
  • Services” means the payment gateway platform, software-as-a-service offerings, APIs, and related services provided by Company, as described in the Documentation and Order Forms.
  • Subscription Term” means the period during which Customer is authorized to access and use the Services, as specified in the applicable Order Form.
  • Transaction” means any payment, transfer, or other financial transaction processed through the Services.

3 Services

3.1 Provision of Services.

Subject to Customer’s compliance with these Terms, Company will make the Services available to Customer during the Subscription Term in accordance with these Terms, the applicable Order Form, and the Documentation.

3.2 Service Modifications.

Company reserves the right to modify, update, or discontinue any aspect of the Services at any time. Company will use commercially reasonable efforts to notify Customer of material changes that adversely affect Customer’s use of the Services.

3.3 Account Registration.

To access the Services, Customer must register for an Account by providing accurate, complete, and current information. Customer is responsible for maintaining the confidentiality of Account credentials and for all activities that occur under the Account.

3.4 Authorized Users.

Customer may permit Authorized Users to access and use the Services on Customer’s behalf. Customer is responsible for Authorized Users’ compliance with these Terms and for any actions taken by Authorized Users in connection with the Services.

3.5 Service Levels.

Company will use commercially reasonable efforts to make the Services available in accordance with the service level commitments set forth in the Service Level Agreement attached as Schedule A to these Terms.

3.6 Support.

Company will provide technical support for the Services in accordance with the support terms set forth in Schedule A.

4 Customer Obligations

4.1 Compliance with Laws.

Customer shall comply with all applicable laws, regulations, and rules in connection with its use of the Services, including but not limited to laws relating to payment processing, data protection, privacy, anti-money laundering, counter-terrorism financing, and consumer protection.

4.2 Acceptable Use.

Customer shall not, and shall not permit any Authorized User or third party to:

  • Use the Services for any unlawful purpose or in violation of these Terms;
  • Interfere with or disrupt the integrity or performance of the Services;
  • Attempt to gain unauthorized access to the Services or related systems;
  • Use the Services to transmit any viruses, malware, or other harmful code;
  • Reverse engineer, decompile, or disassemble any component of the Services;
  • Remove, alter, or obscure any proprietary notices on the Services;
  • Use the Services to process transactions for prohibited businesses or activities as specified in our Acceptable Use Policy;
  • Engage in any activity that could damage Company’s reputation or business relationships.

4.3 Customer Information.

Customer shall provide and maintain accurate, complete, and current information about Customer’s business, beneficial owners, principals, and representatives. Customer shall promptly notify Company of any material changes to such information, including changes in ownership, control, business activities, or financial condition.

4.4 Transaction Monitoring.

Customer is responsible for monitoring Transactions processed through the Services and for promptly reporting any suspicious, fraudulent, or unauthorized Transactions to Company.

4.5 Know Your Customer.

Customer shall implement and maintain appropriate know-your-customer (KYC) and customer due diligence procedures in accordance with applicable laws and industry standards.

4.6 Security.

Customer shall implement and maintain appropriate technical and organizational measures to protect Customer Data and Account credentials from unauthorized access, use, or disclosure.

5 Fees and Payment

5.1 Fees.

Customer shall pay all Fees in accordance with the pricing set forth in the applicable Order Form or Pricing Schedule. Unless otherwise specified, all Fees are billed in advance and non-refundable and payable in advance.

5.2 Setup Fees.

Customer shall pay applicable setup fees as specified in the Order Form or Pricing Schedule. Setup fees are due upon execution of these Terms and must be paid in full before service activation. Setup fees are non-refundable regardless of termination or cancellation of Services.

5.3 Integration Fees.

Customer shall pay integration fees for setup, configuration, and customization services as specified in the applicable Order Form or Pricing Schedule. Integration fees are due upon completion of the integration work and are non-refundable once services have been performed. Any additional integration work requested by Customer beyond the scope of the original Order Form shall be subject to additional fees at Company’s then-current rates.

5.4 Transaction Fees.

In addition to subscription Fees, Customer shall pay transaction-based Fees as specified in the applicable Order Form or pricing schedule. Transaction Fees are calculated as a percentage of the Transaction amount or as a fixed fee per Transaction.

5.5 Development Work Fees.

In addition to subscription Fees and Transaction Fees, Customer shall pay development work fees for custom integrations, modifications, or enhancements to the Services as specified in the applicable Order Form or Statement of Work. Development work fees are payable upon completion of milestones or deliverables as agreed in writing. All development work fees are non-refundable once work has commenced.

5.6 Payment Terms.

Fees shall be payable within the time period specified in the Order Form or invoice. If no time period is specified, Fees are due within ten (10) days of the invoice date.

5.7 Price Adjustments.

Company reserves the right to adjust pricing annually with sixty (60) days’ prior written notice to Customer. Customer may terminate these Terms within thirty (30) days of receiving notice of a price adjustment by providing written notice to Company.

5.8 Taxes.

All Fees are exclusive of taxes, duties, and other governmental charges. Customer is responsible for all applicable taxes except for taxes based on Company’s net income.

5.9 Late Payment.

If Customer fails to pay any Fees when due, Company may charge interest on the overdue amount at the rate of one and one-half percent (1.5%) per month or the maximum rate permitted by law, whichever is lower. Company may also suspend or terminate Customer’s access to the Services for non-payment.

5.10 Chargebacks and Refunds.

Customer is responsible for all chargebacks, refunds, and reversals associated with Transactions processed through the Services.

5.11 Penalties for Tier Misrepresentation.

5.11.1. Intentional Misrepresentation. If we determines that you have intentionally misrepresented your transaction volumes in order to qualify for a more favourable pricing tier, we reserves the right to:

  • recalculate all fees at the applicable correct tier rates from the commencement date of the relevant service period;
  • apply a penalty equal to 25% of the underpaid amount;
  • require immediate payment of all outstanding amounts so determined; and
  • terminate services upon 7 days’ written notice, in lieu of the standard 30-day notice period.

5.11.2. Repeated Tier Downgrades. Where you are reassigned to a lower pricing tier more than twice within any rolling 12-month period due to failure to sustain the requisite transaction volumes, we may, at its discretion:

  • implement mandatory quarterly volume reviews as a condition of continued service; and
  • restrict your eligibility for certain pricing tiers.

6 PCI DSS Compliance and Security Requirements (Gateway Platform and Integrator Clients Only)

6.1 Scope and Definitions.

  • PCI DSS (Payment Card Industry Data Security Standard) is the security standard applicable to entities that store, process, or transmit credit or debit card data. Section 6 governs card payment processing only.
  • Alternative payment methods (APMs) — including, without limitation, bank transfers, e-wallets, vouchers, and similar non-card payment methods — are not subject to PCI DSS. MODOGATE may integrate APM processors regardless of PCI DSS status, and nothing in Section 6 restricts, delays, or otherwise applies to the integration of APM processors.

6.2 Card Processor Compliance — Precondition to Integration.

  • MODOGATE will only integrate with card payment processors that are PCI DSS compliant. A card processor that is not PCI DSS compliant will not be integrated or made available to any Gateway Platform, Integrator, or Cashier client, whether for S2S or hosted payment page (HPP) processing.
  • Where a card processor already integrated subsequently ceases to be PCI DSS compliant, MODOGATE will suspend all processing — both S2S and HPP — through that processor with immediate effect, and will notify all affected clients in writing without delay. Processing will not resume until the card processor’s compliance is restored or transactions are migrated to an alternative compliant card processor.

6.3 Mandatory Compliance.

Any counterparty that sends card data to, or receives card data from, MODOGATE under the terms of an effective service agreement must maintain a compliance status consistent with the latest PCI DSS requirements.

6.4 Eligibility for Server-to-Server (S2S) Card Processing.

  • S2S card processing is available only where (a) the card processor used is PCI DSS compliant in accordance with Section 6.2, and (b) every counterparty exchanging card data in connection with the relevant flow is PCI DSS compliant in accordance with Section 6.3.
  • Where MODOGATE identifies, or is notified, that any counterparty exchanging card data is no longer PCI DSS compliant as required by Section 6.3, MODOGATE will notify the affected client in writing without delay and suspend S2S processing for the affected entity with immediate effect; processing will continue via hosted payment page (HPP) only until compliance is restored. This is without prejudice to MODOGATE’s other rights and remedies under this Agreement, including those in Section 6.8.

6.5 Required Documentation.

You must collect, maintain, and provide to MODOGATE upon request:

  • for Gateway Platform and Integrator clients, a valid Attestation of Compliance (AOC) or Self-Assessment Questionnaire (SAQ) appropriate to the merchant’s applicable PCI DSS validation level, covering your organization and, in the case of Gateway Platform clients, all merchants processing card payments through your platform;
  • for Cashier clients, at minimum a valid SAQ-A for the merchant;
  • quarterly Approved Scanning Vendor (ASV) vulnerability scans demonstrating passing results, for all client types;
  • quarterly penetration testing reports (applicable to Level 1 and Level 2 merchants);
  • network segmentation documentation, where applicable to your environment; and
  • current and documented incident response procedures.

6.6 Submission Timelines.

The following deadlines apply to the submission of PCI documentation:

  • Platform Activation: all required PCI documentation must be submitted prior to platform activation;
  • Quarterly ASV Scans: results must be submitted within 10 days of completion (every 90 days);
  • Quarterly Penetration Tests: reports must be submitted within 10 days of completion (every 90 days);
  • Annual AOC/SAQ Renewals: renewed documentation must be submitted no later than 15 days prior to expiration; and
  • Ad-hoc Requests: any documentation specifically requested by MODOGATE must be provided within 10 business days of the request.

6.7 Compliance Monitoring.

  • Gateway Platform clients are responsible for ensuring that all merchants and clients using the Gateway Platform maintain current PCI compliance, and must (a) implement a compliance tracking system and provide MODOGATE with quarterly compliance status reports covering all active merchants, and (b) suspend from card processing any merchant found to be non-compliant, maintaining such suspension until full compliance is restored.
  • Integrator clients are responsible for ensuring that their platform or gateway maintains current PCI compliance.
  • Cashier clients are responsible for ensuring that the merchant’s SAQ-A and ASV scan remain current and valid, and must notify MODOGATE promptly if either lapses.

6.8 Material Breach for Non-Compliance.

Failure to provide required PCI documentation within the timelines set out in Section 6.6 constitutes a material breach of this Agreement. Upon such breach:

  • we will issue written notice specifying the missing or outstanding documentation;
  • you will have 7 days from the date of that notice to remedy the breach by providing all required documentation; and
  • failure to remedy within that 7-day period will result in:
  • immediate termination of services, without the benefit of the standard 30-day notice period;
  • immediate suspension of all transaction processing; and
  • all outstanding fees becoming immediately due and payable.

6.9 Security and Compliance Breach Notification.

You must notify us in writing within 24 hours of becoming aware of any actual or suspected security breach, data compromise, or PCI compliance violation affecting you, your platform or gateway, any merchant, or any card processor used by you, and must immediately cease routing the affected entity through S2S processing pending confirmation that compliance has been restored. Failure to provide timely notification, or to cease S2S routing as required, constitutes a material breach of this Agreement and is subject to the consequences set out in Section 6.8.

6.10 Audit and Inspection Rights.

We or any auditor designated by us may review your PCI compliance programme at any time upon reasonable notice. You must provide all necessary access to systems, documentation, and personnel for the purposes of such review. Refusal or failure to cooperate with a compliance audit constitutes a material breach of this Agreement.

6.11 Compliance Costs.

All costs associated with obtaining, maintaining, and renewing PCI compliance applicable to your product and infrastructure are your sole responsibility. For the avoidance of doubt, MODOGATE remains solely responsible, at its own expense, for the PCI compliance of its own systems and infrastructure, including where both you and MODOGATE are involved in the same card payment processing flow. We reserve the right to charge reasonable administrative fees for reviewing compliance documentation or managing non-compliant situations.

6.12 No Waiver.

Our failure to enforce any PCI compliance requirement on any particular occasion shall not constitute a waiver of our right to enforce that requirement on any future occasion. Each instance of non-compliance constitutes a separate and independent breach of this Agreement.

6.13 Indemnification.

You agree to indemnify and hold MODOGATE harmless from and against any fines, penalties, costs, losses, or damages arising from your failure, or the failure of any of your merchants, platform, gateway, or card processor, to maintain PCI compliance, including without limitation:

  • 6.13.1. card scheme fines and penalties;
  • 6.13.2. forensic investigation costs;
  • 6.13.3. card reissuance costs;
  • 6.13.4. regulatory penalties; and
  • 6.13.5. legal fees and settlement costs.

7 Intellectual Property

7.1 Company Ownership.

Company retains all right, title, and interest in and to the Services, Documentation, and all related Intellectual Property Rights. These Terms do not grant Customer any ownership rights in the Services or Company’s Intellectual Property Rights.

7.2 License Grant.

Subject to Customer’s compliance with these Terms, Company grants Customer a limited, non-exclusive, non-transferable, non-sublicensable license during the Subscription Term to access and use the Services and Documentation solely for Customer’s internal business purposes.

7.3 Customer Data.

As between Company and Customer, Customer retains all right, title, and interest in and to Customer Data. Customer grants Company a non-exclusive, worldwide, royalty-free license to use, process, and display Customer Data solely to the extent necessary to provide the Services and fulfill Company’s obligations under these Terms.

7.4 Feedback.

If Customer provides any suggestions, ideas, or feedback regarding the Services (“Feedback”), Company may use such Feedback without any obligation or compensation to Customer. Customer hereby assigns to Company all right, title, and interest in and to any Feedback.

7.5 Restrictions.

Customer shall not, and shall not permit any third party to: (i) sublicense, resell, or distribute the Services; (ii) use the Services to develop competing products or services; (iii) copy, modify, or create derivative works of the Services; or (iv) access the Services for benchmarking or competitive analysis purposes.

8 Confidentiality

8.1 Confidential Information.

Each party agrees to maintain the confidentiality of the other party’s Confidential Information and to use such Confidential Information only for purposes of performing its obligations under these Terms. Each party shall protect Confidential Information using the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care.

8.2 Exceptions.

Confidential Information does not include information that: (i) is or becomes publicly available through no breach of these Terms; (ii) was rightfully known to the receiving party prior to disclosure; (iii) is rightfully received from a third party without breach of confidentiality obligations; or (iv) is independently developed without use of or reference to the disclosing party’s Confidential Information.

8.3 Required Disclosure.

If a party is required by law or court order to disclose the other party’s Confidential Information, the receiving party shall provide prompt notice to the disclosing party (to the extent legally permitted) and cooperate with the disclosing party’s efforts to seek protective measures.

9 Data Protection and Privacy

9.1 Data Processing.

To the extent Company processes Personal Data on behalf of Customer in connection with the Services, the parties agree to comply with the Data Processing Agreement set forth in Schedule B to these Terms.

9.2 Privacy Policy.

Company’s collection and use of information in connection with the Services is governed by Company’s Privacy Policy, available on Company’s website.

9.3 Security Measures.

Company shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

9.4 Data Breach Notification.

Company shall notify Customer without undue delay upon becoming aware of any unauthorized access to or disclosure of Personal Data processed on behalf of Customer.

9.5 International Data Transfers.

To the extent Personal Data is transferred outside the European Economic Area or other jurisdictions with data localization requirements, the parties shall comply with applicable data transfer mechanisms, including the Standard Contractual Clauses set forth in Schedule C to these Terms.

10 Warranties and Disclaimers

10.1 Mutual Warranties.

Each party represents and warrants that: (i) it has the legal power and authority to enter into these Terms; (ii) these Terms constitute a valid and binding obligation; and (iii) its performance under these Terms will not violate any agreement or obligation between it and any third party.

10.2 Customer Warranties.

Customer represents and warrants that: (i) it is a duly organized and validly existing entity; (ii) it has all necessary licenses and permits to conduct its business; (iii) Customer Data and Customer’s use of the Services do not and will not infringe or violate any third party rights; and (iv) Customer will comply with all applicable laws in connection with its use of the Services.

10.3 DISCLAIMER.

EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY LAW, COMPANY DISCLAIMS ALL WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, OR THAT ANY DEFECTS WILL BE CORRECTED. COMPANY DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE USE OF THE SERVICES.

10.4 Third-Party Services.

The Services may integrate with or rely on third-party services, including payment processors, financial institutions, and card networks. Company is not responsible for the performance, availability, or security of any third-party services. Customer’s use of third-party services may be subject to separate terms and conditions imposed by such third parties.

11. Limitation of Liability

11.1 EXCLUSION OF DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 CAP ON LIABILITY.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY IN THE TWO MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

11.3 Exceptions.

The limitations set forth in this Section 9 shall not apply to: (i) either party’s indemnification obligations under Section 10; (ii) Customer’s payment obligations; (iii) either party’s breach of confidentiality obligations; (iv) either party’s gross negligence, fraud, or willful misconduct; or (v) liability that cannot be excluded or limited under applicable law.

11.4 Basis of the Bargain.

The parties acknowledge that the limitations of liability set forth in this Section 9 are fundamental elements of the basis of the bargain between the parties and that Company would not provide the Services without such limitations.

12 Indemnification

12.1 Customer Indemnification.

Customer shall indemnify, defend, and hold harmless Company and its Affiliates, officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to: (i) Customer’s use of the Services; (ii) Customer Data; (iii) Customer’s violation of these Terms; (iv) Customer’s violation of any applicable law or regulation; (v) any Transactions processed through Customer’s Account; or (vi) any claim that Customer Data infringes or violates any third party rights.

12.2 Company Indemnification.

Company shall indemnify, defend, and hold harmless Customer from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of any claim that the Services, when used in accordance with these Terms, infringe or violate any third party Intellectual Property Rights.

12.3 Indemnification Procedure.

The indemnified party shall: (i) promptly notify the indemnifying party in writing of any claim; (ii) grant the indemnifying party sole control over the defense and settlement of the claim; and (iii) provide reasonable cooperation in the defense of the claim. The indemnifying party shall not settle any claim in a manner that admits liability on behalf of the indemnified party or imposes obligations on the indemnified party without the indemnified party’s prior written consent.

12.4 Remedies.

If the Services become, or in Company’s opinion are likely to become, the subject of an infringement claim, Company may, at its option and expense: (i) procure the right for Customer to continue using the Services; (ii) replace or modify the Services to make them non-infringing; or (iii) terminate these Terms and refund any prepaid Fees for the unused portion of the Subscription Term.

13 Term and Termination

13.1 Subscription Term.

These Terms commence on the Effective Date and continue for the Subscription Term specified in the applicable Order Form. Unless otherwise specified, the Subscription Term shall automatically renew for successive renewal periods of equal length unless either party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.

13.2 Termination for Cause.

Either party may terminate these Terms immediately upon written notice if the other party: (i) materially breaches these Terms and fails to cure such breach within ten (10) days of receiving written notice; or (ii) becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to bankruptcy or similar proceedings.

13.3 Immediate Suspension or Termination.

Company may immediately suspend or terminate Customer’s access to the Services without notice if: (i) Customer’s use of the Services poses a security risk or could adversely impact the Services or other customers; (ii) Customer engages in fraudulent or illegal activities; (iii) Customer fails to pay Fees when due; (iv) Company is required to do so by law or by a payment processor or financial institution; or (v) Customer violates the Acceptable Use Policy.

13.4 Effect of Termination.

Upon termination or expiration of these Terms: (i) Customer’s right to access and use the Services shall immediately cease; (ii) Customer shall pay all outstanding Fees; (iii) each party shall return or destroy the other party’s Confidential Information; and (iv) Company shall make Customer Data available for download for a period of thirty (30) days, after which Company may delete Customer Data in accordance with its data retention policies.

13.5 Survival.

The following provisions shall survive termination or expiration of these Terms: Sections 2 (Definitions), 5 (Fees and Payment), 6 (Intellectual Property), 7 (Confidentiality), 10 (Limitation of Liability), 11 (Indemnification), 11(e) (Effect of Termination), 12.4 (Survival), and 13 (General Provisions).

14 General Provisions

14.1 Governing Law.

These Terms shall be governed by and construed in accordance with the laws of Cyprus, without regard to its conflict of laws principles.

14.2 Dispute Resolution.

Any dispute, controversy, or claim arising out of or relating to these Terms, or the breach, termination, or invalidity thereof, shall be finally resolved through binding arbitration, conducted in Limassol, Cyprus by a sole arbitrator in the English language, and in accordance with the International Chamber of Commerce rules of arbitration (“ICC Rules”). The sole arbitrator shall be appointed by agreement of the parties. In the event the parties fail to agree upon the appointment of the sole arbitrator within thirty (30) days after a notice of arbitration is given by either party to the other, then the arbitrator shall be selected and appointed by the appointment authority under the I.C.C Rules. The arbitration award and determination shall be final and binding and judgment may be entered thereon in any court of competent jurisdiction.

14.3 Injunctive Relief.

Notwithstanding the arbitration provision, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of its Intellectual Property Rights or Confidential Information.

14.4 Assignment.

Customer may not assign or transfer these Terms or any rights or obligations hereunder without Company’s prior written consent. Company may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Any attempted assignment in violation of this Section shall be void.

14.5 Force Majeure.

Neither party shall be liable for any failure or delay in performance due to causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, labor disputes, government actions, or failures of internet or telecommunications infrastructure.

14.6 Independent Contractors.

The parties are independent contractors. These Terms do not create any partnership, joint venture, agency, or employment relationship between the parties.

14.7 No Third-Party Beneficiaries.

These Terms are for the sole benefit of the parties and do not confer any rights or benefits upon any third party, except as expressly provided herein.

14.8 Notices.

All notices under these Terms shall be in writing and delivered by email, courier, or certified mail to the addresses specified in the Order Form or Account. Notices shall be deemed given upon receipt.

14.9 Severability.

If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

14.10 Waiver.

No waiver of any provision of these Terms shall be effective unless in writing and signed by the party against whom the waiver is sought to be enforced. No failure or delay in exercising any right or remedy shall constitute a waiver of such right or remedy.

14.11 Entire Agreement.

These Terms, together with any Order Forms and schedules referenced herein, constitute the entire agreement between the parties regarding the subject matter hereof and supersede all prior or contemporaneous agreements, understandings, and communications, whether written or oral.

14.12 Amendment.

Company may amend these Terms from time to time as provided in Section 1(b). No other amendment or modification shall be effective unless in writing and signed by both parties.

14.13 Publicity.

Neither party shall use the other party’s name, logo, or trademarks in any publicity, advertising, or promotional materials without the other party’s prior written consent, except that Company may identify Customer as a customer of the Services in Company’s customer lists and marketing materials.

14.14 Export Compliance.

Customer shall comply with all applicable export control laws and regulations. Customer represents that it is not located in, under the control of, or a national or resident of any country to which the United States has embargoed goods or services.

14.15 Government Rights.

If Customer is a government entity, the Services are “commercial computer software” and “commercial computer software documentation” as defined in applicable government regulations, and are provided with only those rights as are granted to all other customers under these Terms.

14.16 Counterparts.

These Terms may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument. Electronic signatures shall have the same force and effect as original signatures.

 

 


SCHEDULE A – SERVICE LEVEL AGREEMENT

1 Definitions

  • Availability” means the percentage of time during a calendar month that the Services are operational and accessible to Customer.
  • Downtime” means any period during which the Services are unavailable to Customer due to a failure of Company’s systems, excluding Scheduled Maintenance and Excluded Downtime.
  • Excluded Downtime” means any unavailability caused by: (i) factors outside Company’s reasonable control; (ii) Customer’s equipment, software, or internet connection; (iii) Customer’s breach of these Terms; (iv) third-party services or infrastructure; or (v) force majeure events.
  • Scheduled Maintenance” means planned maintenance windows announced by Company at least forty-eight (48) hours in advance.
  • Service Credit” means a credit applied to Customer’s account as the sole remedy for failure to meet the Service Level Commitment.

2 Service Level Commitment

Company commits to maintaining at least 99.5% Availability of the Services during each calendar month, excluding Scheduled Maintenance and Excluded Downtime.

3 Support Services

3.1 Support Channels. Company provides technical support through the following channels: (i) online portal; (ii) email support; and (iii) phone support during business hours.

3.2 Support Hours. Standard support is available Monday through Friday, 9:00 AM to 6:00 PM [GMT+2], excluding public holidays. Emergency support for critical issues is available 24/7.

3.3 Response Times. Company will use commercially reasonable efforts to respond to support requests within the following timeframes based on severity:

Severity Level Definition Response time Binding Channel of Contact
System Down Complete loss of productivity; no access to the system 1 business hour Open Ticket through Portal with the title: System Down and in addition call our support +447888889645
Urgent Business outage or significant customer impact that affects productivity across the board 2 business hours Open Ticket through Portal
High No immediate work stoppage; productivity is significantly reduced, a time-sensitive issue that may affect future productivity; major customer impact 3 business hours Open Ticket through Portal
Medium Issue does not significantly impact current productivity; no considerable customer impact 4 business hours Email
Low Issue requires minor investigation or monitoring; minor customer impact 1 business day Email
Minor Configuration Issue requires minor configuration of the IAPPM; minor customer impact 48-72 business hours Email

3.4 Escalation. If Customer is not satisfied with the support response, Customer may escalate the issue to Company’s support management team.

4 Scheduled Maintenance

Company may perform Scheduled Maintenance during announced maintenance windows. Company will use commercially reasonable efforts to: (i) schedule maintenance during off-peak hours; (ii) minimize the duration of maintenance; and (iii) provide at least forty-eight (48) hours’ advance notice of maintenance windows.

5 Monitoring and Reporting

Company monitors the Services on a continuous basis and maintains records of Availability. Customer may request Availability reports by contacting Company’s support team.

6 SLA Exclusions

This SLA commitment does not apply to any unavailability, suspension, or termination of the IAPPM, or any other SLA performance issue that results from:

  • suspension or remedial action, as described in the Agreement;
  • Any planned or emergency Maintenance;
  • A failure in local access facilities connecting Customer to the network;
  • Any failure of equipment, software, or other technology belonging to Customer (other than Customer’s equipment within Service Provider’s direct control);
  • Any failure by Customer to use the then-current version of the IAPPM, or any improper use of the IAPPM as determined by the Documentation, or any misuse or unauthorized alteration by the Customer of the IAPPM;
  • Factors outside of the Service Provider’s reasonable control, including any force majeure event, internet service provider failure, or issues with Customer networks;
  • Any actions or omissions of Customer or any Customer, including but not limited to: (i) failing to provide Service Provider with the adequate access, information and cooperation required in connection with the provision of the IAPPM; (ii) failing to take any reasonable remedial action in relation to the IAPPM as recommended in writing by the Service Provider (or any of its agents, contractors or vendors), or otherwise preventing Service Provider from doing so; or (iii) any act or omission which causes Service Provider to be unable to meet any of the SLA provisions;
  • Any failures of the IAPPM not attributable to Unavailability;
  • Any fraudulent events by the Customer;
  • Customer’s negligence or willful misconduct; or
  • Any DDOS (denial of service) attack.

 

 


SCHEDULE B – DATA PROCESSING TERMS AND CONDITIONS

These Data Processing Terms and Conditions (these “DP Terms”) constitute a legally binding agreement between you (“User,” “you,” or “your”) and MODOGATE LTD (“Platform,” “we,” “us,” or “our”) governing your access to and use of our services. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by these DP Terms.

1 DEFINITIONS

For purposes of these DP Terms, the following definitions apply:

  • Applicable Data Protection Laws” means all laws and regulations applicable to the processing of Personal Data under these DP Terms, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, the Swiss Federal Act on Data Protection, the California Consumer Privacy Act (“CCPA”), and any other applicable privacy or data protection legislation.
  • Data Subject” means an identified or identifiable natural person whose Personal Data is processed through the Platform.
  • Personal Data” means any information relating to an identified or identifiable natural person that you submit, upload, or otherwise make available through the Platform, including but not limited to names, email addresses, identification numbers, location data, online identifiers, or any other data that can be used to identify a person directly or indirectly.
  • Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
  • Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
  • Services” means all products, features, applications, and services provided by the Platform.
  • Sub-processor” means any third-party service provider engaged by the Platform to process Personal Data on behalf of Users.
  • Supervisory Authority” means an independent public authority established by an EU Member State or other jurisdiction to monitor and enforce compliance with Applicable Data Protection Laws.

2 ACCEPTANCE AND SCOPE

Acceptance of DP Terms. By creating an account, accessing the Platform, or using any of our Services, you expressly agree to these DP Terms. If you do not agree to these DP Terms, you must immediately cease all use of the Platform and Services.

Amendments. We reserve the right to modify these DP Terms at any time. We will notify you of material changes by posting the updated DP Terms on the Platform and updating the “Effective Date” above. Your continued use of the Services after such modifications constitutes your acceptance of the revised DP Terms.

Supplementary Agreements. These DP Terms apply in addition to any separate agreement you may have entered into with us. In the event of any conflict between these DP Terms and a separate written agreement, the separate agreement shall prevail to the extent of the conflict.

3 DATA PROCESSING AND PRIVACY

3.1 Roles and Responsibilities. When you use the Platform to process Personal Data:

  • You act as the data controller and are responsible for determining the purposes and means of processing Personal Data.
  • The Platform acts as a data processor, processing Personal Data solely on your behalf and in accordance with your documented instructions.
  • You warrant that you have all necessary rights, consents, and legal bases to provide Personal Data to the Platform for processing and that such processing complies with Applicable Data Protection Laws.

3.2 Processing Instructions. The Platform will process Personal Data only in accordance with your documented instructions, which include:

  • These DP Terms and any supplementary agreements;
  • Your use of the Services and features you enable or configure;
  • Any other written instructions you provide through the Platform interface or by email to our designated contact.

If the Platform believes that any instruction violates Applicable Data Protection Laws, we will promptly inform you and may suspend performance of the instruction until you confirm or modify it.

3.3 Purpose Limitation. The Platform will process Personal Data solely for the purpose of providing the Services to you and will not use Personal Data for any other purpose unless required by law or with your prior written consent.

3.4 Compliance with Laws. Both parties agree to comply with all Applicable Data Protection Laws in connection with the processing of Personal Data. You are solely responsible for:

  • Ensuring that your use of the Services and your instructions to the Platform comply with Applicable Data Protection Laws;
  • Obtaining all necessary consents from Data Subjects for the collection and processing of their Personal Data;
  • Providing Data Subjects with all required notices regarding the processing of their Personal Data;
  • Responding to Data Subject requests concerning their Personal Data, including requests for access, rectification, erasure, restriction, portability, and objection to processing.

3.5 Prohibited Data. You agree not to submit or process through the Platform any:

  • Special categories of Personal Data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation) unless you have obtained explicit consent or another legal basis under Applicable Data Protection Laws;
  • Personal Data of children under the age of 16 (or the applicable age of digital consent in your jurisdiction) without verifiable parental consent;
  • Any data that violates applicable laws or these DP Terms.

3.6 Data Subject Rights. The Platform will, to the extent legally permitted and upon your written request, reasonably assist you in fulfilling your obligations to respond to Data Subject requests, including requests for access, rectification, erasure, data portability, restriction of processing, and objection to processing. You acknowledge that the Platform’s assistance may be subject to reasonable fees for time and resources expended.

3.7 Data Protection Impact Assessments. Upon your written request, the Platform will provide reasonable assistance in conducting data protection impact assessments and prior consultations with Supervisory Authorities, to the extent such assessments or consultations are required under Applicable Data Protection Laws and relate to the Platform’s processing of Personal Data.

4 CONFIDENTIALITY AND SECURITY

4.1 Confidentiality Obligations. The Platform ensures that all personnel authorized to process Personal Data are subject to confidentiality obligations, whether by contract or statutory duty, and receive appropriate training on data protection requirements.

4.2 Security Measures. The Platform implements and maintains appropriate technical and organizational security measures to protect Personal Data against Security Incidents, including:

  • Encryption of Personal Data in transit and at rest using industry-standard protocols;
  • Regular security assessments, vulnerability testing, and penetration testing;
  • Access controls ensuring that only authorized personnel can access Personal Data on a need-to-know basis;
  • Multi-factor authentication for administrative access;
  • Physical security controls at data center facilities, including restricted access, surveillance systems, and environmental controls;
  • Network security measures including firewalls, intrusion detection and prevention systems, and regular monitoring;
  • Incident response procedures and business continuity planning;
  • Regular backups and disaster recovery capabilities;
  • Secure disposal and destruction procedures for Personal Data.

A detailed description of our security measures is available upon request.

4.3 Security Incident Notification. In the event of a Security Incident, the Platform will:

  • Notify you without undue delay and, where feasible, within 48 hours of becoming aware of the Security Incident;
  • Provide you with sufficient information to enable you to meet any obligations to report or inform Data Subjects or Supervisory Authorities of the Security Incident;
  • Take reasonable steps to mitigate the effects of the Security Incident and to prevent further Security Incidents;
  • Cooperate with you and provide reasonable assistance in investigating and remediating the Security Incident.

Notification of a Security Incident will be delivered to the email address associated with your account or through the Platform interface.

4.4 Your Security Responsibilities. You are responsible for:

  • Maintaining the confidentiality of your account credentials;
  • Implementing appropriate security measures for your own systems and networks;
  • Promptly notifying us of any unauthorized access to your account or any other security concerns;
  • Configuring security settings within the Platform in accordance with your requirements.

5 SUB-PROCESSORS AND THIRD-PARTY SERVICE PROVIDERS

5.1 Authorization to Use Sub-processors. You authorize the Platform to engage Sub-processors to process Personal Data on your behalf, provided that the Platform:

  • Enters into a written agreement with each Sub-processor imposing data protection obligations substantially similar to those set forth in these DP Terms;
  • Remains fully liable to you for the performance of any Sub-processor’s obligations.

5.2 Current Sub-processors. A current list of Sub-processors will be available for your review by a written request.

5.3 Notification of Changes. The Platform will provide you with at least 30 days’ prior written notice of any intended addition or replacement of Sub-processors by updating the Sub-processor list and sending notification to your registered email address.

5.4 Objection Rights. You may object to the appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying us in writing within 15 days of receiving notice of the change. If you object, we will use reasonable efforts to:

  • Make available to you a change in the Services or recommend a commercially reasonable alternative that avoids the use of the objected-to Sub-processor; or
  • Work with you to address your concerns regarding the new Sub-processor.

If we cannot accommodate your objection within a reasonable timeframe, you may terminate the affected Services by providing written notice, and we will refund any prepaid fees for the terminated Services covering the period after termination.

6 INTERNATIONAL DATA TRANSFERS

6.1 Transfer Locations. You acknowledge and agree that the Platform and its Sub-processors may transfer and process Personal Data in the United States and other countries where the Platform or its Sub-processors maintain operations. The Platform will ensure that all such transfers comply with Applicable Data Protection Laws.

6.2 Transfer Mechanisms. For transfers of Personal Data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection:

  • The Platform relies on its certification under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as applicable.
  • Where the Data Privacy Framework is not applicable or is invalidated, the parties agree to be bound by the Standard Contractual Clauses approved by the European Commission (or equivalent mechanisms for UK and Swiss transfers), which are incorporated into these DP Terms by reference.
  • The Platform will implement appropriate supplementary measures to ensure an adequate level of protection for transferred Personal Data, including the technical and organizational security measures described in Section 4.

6.3 Government Access Requests. If the Platform receives a legally binding request from a government authority or law enforcement agency for access to Personal Data, the Platform will:

  • Attempt to redirect the requesting party to request the data directly from you;
  • Promptly notify you of the request unless legally prohibited from doing so;
  • Challenge the request if, after careful assessment, we have grounds to believe the request is unlawful;
  • Provide only the minimum amount of information permissible when responding to the request.

7 DATA RETENTION AND DELETION

7.1 Retention Period. The Platform will retain Personal Data for as long as necessary to provide the Services to you and as required by Applicable Data Protection Laws. You may delete Personal Data at any time through the Platform interface or by contacting us.

7.2 Deletion Upon Termination. Upon termination or expiration of your account or these DP Terms:

  • You may request that the Platform delete all Personal Data within 30 days of termination by submitting a written request to our designated contact.
  • If you do not request deletion, the Platform will automatically delete all Personal Data from active systems within 180 days of termination.
  • Personal Data in backup systems will be deleted within 14 days following deletion from active systems, or in accordance with our standard backup retention schedule.
  • The Platform may retain Personal Data to the extent required by applicable law, which will be securely isolated and protected from further processing except as required by law.

7.3 Return of Data. As an alternative to deletion, you may request that the Platform return your Personal Data in a commonly used, machine-readable format within 30 days of termination. Such requests must be submitted in writing to our designated contact.

8 AUDITS AND COMPLIANCE VERIFICATION

Audit Rights. You have the right to verify the Platform’s compliance with these DP Terms and Applicable Data Protection Laws. Upon your written request and at no additional cost to you, the Platform will provide documentation evidencing compliance, including:

  • Copies of relevant security certifications (such as SOC 2, ISO 27001, or similar standards);
  • Summaries of independent third-party audit reports;

9 COOPERATION AND ASSISTANCE

The Platform will, upon your written request and subject to reasonable fees for time and resources expended, provide you with reasonable cooperation and assistance in:

  • Responding to inquiries from Supervisory Authorities concerning the processing of Personal Data;
  • Addressing Data Subject complaints or requests;
  • Conducting data protection impact assessments and prior consultations with Supervisory Authorities;
  • Implementing appropriate technical and organizational measures to ensure compliance with Applicable Data Protection Laws;
  • Demonstrating compliance with your obligations under Applicable Data Protection Laws.

10 LIMITATIONS AND DISCLAIMERS

10.1 No Sale or Sharing. THE PLATFORM DOES NOT AND WILL NOT SELL OR SHARE PERSONAL DATA FOR MONETARY OR OTHER VALUABLE CONSIDERATION. THE PLATFORM PROCESSES PERSONAL DATA SOLELY AS NECESSARY TO PROVIDE THE SERVICES TO YOU.

10.2 Service Availability. WHILE WE STRIVE TO MAINTAIN CONTINUOUS AVAILABILITY OF THE SERVICES, WE DO NOT GUARANTEE THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.

10.3 Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE PLATFORM BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM:

  • YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICES;
  • ANY CONDUCT OR CONTENT OF ANY THIRD PARTY ON THE SERVICES;
  • ANY CONTENT OBTAINED FROM THE SERVICES;
  • UNAUTHORIZED ACCESS, USE, OR ALTERATION OF YOUR TRANSMISSIONS OR CONTENT.

THE PLATFORM’S TOTAL LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE DP TERMS OR THE SERVICES SHALL NOT EXCEED THE AMOUNT YOU PAID TO THE PLATFORM FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR ONE HUNDRED DOLLARS ($100), WHICHEVER IS GREATER.

10.4 Indemnification. You agree to indemnify, defend, and hold harmless the Platform and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys’ fees) arising from:

  • Your violation of these DP Terms;
  • Your violation of any rights of another party, including Data Subjects;
  • Your violation of Applicable Data Protection Laws;
  • Any Personal Data you submit or process through the Services.

11 TERM AND TERMINATION

11.1 Term. These DP Terms commence on the date you first access or use the Services and continue until terminated in accordance with the Terms.

11.2 Effect of Termination. Upon termination:

  • Your right to access and use the Services will immediately cease;
  • The Platform will delete or return Personal Data in accordance with Section 7;
  • Sections 3.4, 4.1, 7, 10, 11, 12, and 13 will survive termination.

12 GOVERNING LAW AND DISPUTE RESOLUTION

12.1 Governing Law. These DP Terms shall be governed by and construed in accordance with the laws of Cyprus, without regard to its conflict of law provisions.

12.2 Dispute Resolution. Any dispute, controversy, or claim arising out of or relating to these DP Terms, or the breach, termination, or invalidity thereof, shall be resolved as stipulated in the Terms.

13 GENERAL PROVISIONS

13.1 Entire Agreement. These DP Terms, together with any supplementary agreements and policies referenced herein, constitute the entire agreement between you and the Platform regarding the subject matter hereof and supersede all prior or contemporaneous understandings and agreements, whether written or oral.

13.2 Severability. If any provision of these DP Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

13.3 Waiver. No waiver of any provision of these DP Terms shall be deemed or shall constitute a waiver of any other provision, nor shall any waiver constitute a continuing waiver unless otherwise expressly provided in writing.

13.4 Assignment. You may not assign or transfer these DP Terms or any rights or obligations hereunder without the Platform’s prior written consent. The Platform may assign these DP Terms without restriction. Any attempted assignment in violation of this Section shall be null and void.

13.5 Notices. All notices under these DP Terms shall be in writing and shall be deemed given when:

  • Delivered personally;
  • Sent by confirmed email to the email address associated with your account (for notices to you) or to [insert Platform email] (for notices to the Platform);
  • Received by the addressee if sent by certified mail, return receipt requested; or
  • One business day after deposit with a recognized overnight courier.

13.6 Force Majeure. Neither party shall be liable for any failure or delay in performance under these DP Terms (other than payment obligations) due to causes beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, war, epidemics, pandemics, government actions, or failures of the internet or telecommunications infrastructure.

13.7 Relationship of Parties. The parties are independent contractors. These DP Terms do not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

13.8 Third-Party Beneficiaries. These DP Terms do not confer any rights or remedies upon any person other than the parties and their respective successors and permitted assigns, except that Data Subjects are intended third-party beneficiaries of Sections 3, 4, 6, and 7 to the extent such provisions relate to their Personal Data.

13.9 Language. These DP Terms are drafted in the English language. If these DP Terms are translated into any other language, the English version shall prevail in the event of any conflict or ambiguity.

13.10 Contact Information. For questions or concerns regarding these DP Terms or our data processing practices, please contact us at, Email: support@modogate.com Phone: +447888889645

 

 


SCHEDULE B (1): DETAILS OF PROCESSING

Nature and Purpose of Processing: The Platform processes Personal Data to provide cloud-based services as selected and configured by the User, including data storage, management, analysis, and related functionalities.

Duration of Processing: Personal Data is processed for the duration of the User’s subscription to the Services and for the retention periods specified in Section 7 of these DP Terms.

Categories of Data Subjects: Data Subjects may include the User’s customers, employees, contractors, suppliers, business partners, and any other individuals whose Personal Data the User submits to the Platform.

Types of Personal Data: Personal Data processed may include:

  • Identification data (names, usernames, identification numbers)
  • Contact information (email addresses, phone numbers, physical addresses)
  • Professional information (job titles, employer names, work history)
  • Financial information (payment details, transaction records)
  • Technical data (IP addresses, device identifiers, log data, cookies)
  • Usage data (interaction with Services, preferences, settings)
  • Any other Personal Data that the User chooses to submit through the Services

SCHEDULE 2: TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

The Platform implements the following categories of security measures:

Access Control Measures:

  • Multi-factor authentication for administrative access
  • Role-based access controls limiting access to Personal Data on a need-to-know basis
  • Regular review and revocation of access rights
  • Unique user credentials for all personnel
  • Automatic session timeouts
  • Logging and monitoring of access to Personal Data

Encryption and Pseudonymization:

  • Encryption of Personal Data in transit using TLS 1.2 or higher
  • Encryption of Personal Data at rest using AES-256 or equivalent
  • Encrypted backups
  • Secure key management practices

Physical Security:

  • Data centers with 24/7 security personnel and surveillance
  • Biometric and multi-factor authentication for physical access
  • Visitor logging and escort requirements
  • Environmental controls (fire suppression, climate control, power redundancy)
  • Secure disposal of hardware containing Personal Data

Network Security:

  • Firewalls and intrusion detection/prevention systems
  • Network segmentation and isolation
  • Regular vulnerability scanning and penetration testing
  • DDoS protection
  • Security information and event management (SIEM) systems
  • Regular security patching and updates

Organizational Measures:

  • Comprehensive information security policies and procedures
  • Regular security awareness training for all personnel
  • Confidentiality agreements for all personnel with access to Personal Data
  • Incident response plan and procedures
  • Business continuity and disaster recovery plans
  • Regular testing of backup and recovery procedures
  • Vendor risk management program for Sub-processors
  • Data protection impact assessment procedures
  • Regular internal and external security audits

Data Integrity and Availability:

  • Regular automated backups with geographic redundancy
  • Data validation and error checking
  • Redundant systems and failover capabilities
  • Capacity planning and monitoring
  • Change management procedures