Terms of Service for Kaleidosim Cloud Platform

Effective date: April 17, 2023

These Kaleidosim Cloud Platform Terms of Service (the “Agreement”) are entered into by Kaleidosim Technologies AG (“Kaleidosim”) and the entity or person agreeing to these terms (“Customer”) and govern Customer’s access to and use of the Services.

This Agreement is effective when Customer clicks to accept it (the “Effective Date”) or when Customer purchases any computational resources with Kaleidosim or any official Ka-leidosim Reseller. If you are accepting on behalf of Customer, you represent and warrant that (i) you have full legal authority to bind Customer to this Agreement; (ii) you have read and understand this Agreement; and (iii) you agree, on behalf of Customer, to this Agree-ment.

1. Provision of the Services.

1.1 Services Use. During the Term, Kaleidosim will provide the Services in accordance with the Agreement, and Customer may use the Services in accordance with the Agreement.

1.2 Kaleidosim Admin Interface. If applicable, Customer will have access to the Kaleidosim Admin Interface, through which Customer may manage its use of the Services.

1.3 Accounts. Customer must have a Kaleidosim Account to use the Services and is respon-sible for the information it provides to create the Account, the security of its passwords for the Account, and for any use of its Account. Kaleidosim has no obligation to provide multi-ple accounts to Customer.

1.4 Modifications.

(a) To the Services. Kaleidosim may make changes to the Services or any portion of them from time to time in Kaleidosim’s sole discretion. Kaleidosim will inform Customer if Ka-leidosim makes a material change to the Services that has a material impact on Customer’s use of the Services provided that Customer has subscribed with Kaleidosim to be informed about such change.

(b) To the Agreement. Kaleidosim may make changes to this Agreement and pricing from time to time in Kaleidosim’s sole discretion. Unless otherwise noted by Kaleidosim, materi-al changes to the Agreement will become effective 30 days after they are posted, except to the extent the changes apply to new functionality or are required by applicable law, in which case they will be effective immediately. If Customer does not agree to the revised Agreement, Customer may stop using the Services. Customer may also terminate this Agreement for convenience under Section 8.3. Customer’s continued use of the Services after such material change will constitute Customer’s consent to such changes. Kaleidosim will post any modification to this Agreement to its Webpage.

(c) Discontinuation of Services. Kaleidosim may discontinue the Services or any portion of them in Kaleidosim’s sole discretion. Kaleidosim will notify Customer at least one month before discontinuing any Service (or associated material functionality) unless Kaleidosim replaces such discontinued Service or functionality with a materially similar Service or functionality. Nothing in this Section 1.4(c) limits Kaleidosim’s ability to make changes required to comply with applicable law, address a material security risk, or avoid a substan-tial economic or material technical burden. This Section 1.4(c) does not apply to pre-general availability Services, offerings, or functionality.

1.5 Software. Kaleidosim may make third-party software available to the Customer through the Kaleidosim Cloud Platform. Customer’s use of any third-party software is subject to such software’s licensing terms.

2. Payment Terms.

2.1 CPU Hours.

(a) Customer must purchase CPU Hours in order to use the Services. All purchases require pre-payment. There are three models for purchasing CPU Hours as specified on the Pricing Page: https://kaleidosim.com/pricing/

(I) Specific number of CPU Hours: The Customer may purchase a specific number of CPU Hours for use within a specified time period. Once the specified time period has elapsed, any unused CPU Hours will expire and cannot be carried over. If not otherwise specified, the maximum time period for expiration of purchased CPU Hours is: 365 days.

(II) One-time package of CPU Hours: The Customer may purchase a one-time package of CPU Hours for use within a specified time period. Once the specified time period has elapsed, any unused CPU Hours will expire and cannot be carried over. If not otherwise specified, the maximum time period for expiration of purchased CPU Hours is: 365 days.

(III) Recurrent package of CPU Hours: The Customer may purchase a recurrent package of CPU Hours that will renew at a specified time interval for use within a specified time peri-od. Once the specified time period has elapsed, any unused CPU Hours will expire and can-not be carried over. The Customer may cancel the recurrent package of CPU Hours at any time before the next renewal date. If not otherwise specified, the maximum time period for expiration of purchased CPU Hours is: 365 days.

The Fees for the CPU Hours and the packages, the specified time period for their use, and the renewal interval for recurrent packages are set out on the Pricing Page.

(b) Customer will pay all Fees in the currency stated in Kaleidosim’s invoice. Payment must be made by wire transfer or credit card as agreed between the parties. All Fees are due as stated in the invoice. Customer’s obligation to pay all Fees is non-cancellable. Kaleidosim’s measurement of Customer’s use of the Services (CPU Hours) is final. Kaleidosim has no obligation to provide multiple bills. Payments made via wire transfer must include the bank information provided by Kaleidosim.

2.2 Taxes.

(a) Customer is responsible for any Taxes, and will pay Kaleidosim for the Services without any reduction for Taxes. If Kaleidosim is obligated to collect or pay any Taxes, the Taxes will be invoiced to Customer and Customer will pay such Taxes to Kaleidosim, unless Cus-tomer provides Kaleidosim with a timely and valid tax exemption certificate in respect of those Taxes.

(b) Customer will provide Kaleidosim with any applicable tax identification information that Kaleidosim may require under applicable law to ensure its compliance with applicable tax regulations and authorities in applicable jurisdictions. Customer will be liable to pay (or reimburse Kaleidosim for) any taxes, interest, penalties, or fines arising out of any mis-declaration by Customer.

2.3 Payment Disputes & Refunds. Any payment disputes must be submitted before the pay-ment due date. If the parties determine that certain billing inaccuracies are attributable to Kaleidosim, Kaleidosim will not issue a corrected invoice, but will instead issue a credit memo specifying the incorrect amount in the affected invoice. If a disputed invoice has not yet been paid, Kaleidosim will apply the credit memo amount to a disputed invoice and Customer will be responsible for paying the resulting net balance due on that invoice. Re-funds (if any) are at Kaleidosim’s discretion and will only be in the form of credit for the Services. Nothing in this Agreement obligates Kaleidosim to extend credit to any party.

2.4 Delinquent Payments; Suspension. Late payments may bear interest at the rate of 5% per year from the payment due date until paid in full. Customer will be responsible for all reasonable expenses (including attorneys’ fees) incurred by Kaleidosim in collecting such delinquent amounts. Further, if Customer’s payment for the Services is overdue, Kaleidosim may Suspend the Services.

2.5 No Purchase Order Number Required. Customer is obligated to pay all applicable Fees without any requirement for Kaleidosim to provide a purchase order number on Kaleido-sim’s invoice (or otherwise).

2.6 Kaleidosim Cloud Partner. This Section 2 does not apply to Services sold to Customer by a Kaleidosim Cloud Partner.

3. Customer Obligations.

3.1 Compliance. Customer will (a) ensure that Customer and its End Users’ use of the Ser-vices complies with the Agreement, (b) use commercially reasonable efforts to prevent and terminate any unauthorized use of, or access to, the Services, and (c) promptly notify Kalei-dosim of any unauthorized use of, or access to, the Services, Account, or Customer’s pass-word of which Customer becomes aware. Kaleidosim reserves the right to investigate any potential violation of the AUP by Customer, which may include reviewing Customer Data or Projects.

3.2 Restrictions. Customer will not, and will not allow End Users to, (a) copy, modify, or create a derivative work of the Services; (b) reverse engineer, decompile, translate, disas-semble, or otherwise attempt to extract any or all of the source code of, the Services (except to the extent such restriction is expressly prohibited by applicable law); (c) sell, resell, sub-license, transfer, or distribute any or all of the Services; or (d) access or use the Services (i) for High Risk Activities; (ii) in violation of the AUP; (iii) in a manner intended to avoid incurring Fees (including creating multiple Accounts, or Projects to simulate or act as a sin-gle Account, or Project, respectively); (iv) to engage in cryptocurrency mining without Ka-leidosim’s prior written approval; (v) to operate or enable any telecommunications service that allows End Users to place calls or to receive calls from any public switched telephone network (vii) in a manner that breaches, or causes the breach of, applicable laws, including Export Control Laws; or (viii) to transmit, store, or process health information subject to United States HIPAA.

3.3 Documentation. Kaleidosim may provide Documentation for Customer’s use of the Ser-vices, including Documentation regarding the Kaleidosim API.

4. Suspension.

4.1 AUP Violations. If Kaleidosim becomes aware that Customer’s or any End User’s use of the Services violates the AUP, Kaleidosim will notify Customer and request that Customer correct the violation. If Customer fails to correct the violation within 24 hours of Kaleido-sim’s request, then Kaleidosim may suspend all or part of Customer’s use of the Services until the violation is corrected.

4.2 Other Suspension. Notwithstanding Section 4.1, Kaleidosim may immediately Suspend all or part of Customer’s use of the Services if (a) Kaleidosim reasonably believes Custom-er’s or any End User’s use of the Services could adversely impact the Services, other cus-tomers’ or their end users’ use of the Services, or the Kaleidosim network or servers used to provide the Services, (b) there is suspected unauthorized third-party access to the Services, or (c) Kaleidosim reasonably believes that immediate Suspension is required to comply with any applicable law. Kaleidosim will lift any such Suspension when the circumstances giving rise to the Suspension have been resolved. At Customer’s request, Kaleidosim will, unless prohibited by applicable law, notify Customer of the basis for the Suspension as soon as is reasonably possible.

5. Intellectual Property Rights; Protection of Customer Data; Feedback.

5.1 Intellectual Property Rights. Except as expressly stated in this Agreement, this Agree-ment does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellec-tual Property Rights in Customer Data, and Kaleidosim owns all Intellectual Property Rights in the Services.

5.2 Protection of Customer Data. Kaleidosim will only access, use, and otherwise process Customer Data for the purpose of providing the Services and will not access, use, or process Customer Data for any other purpose. The Data Processing Agreement attached to this Agreement shall apply with regard to the processing of Customer Personal Data.

5.3 Deletion of Customer Data. Kaleidosim reserves the right to permanently delete Cus-tomer Data associated with any Project that has not been subject to any processing through the Services for more than 60 days.

5.4 Customer Feedback. At its option, Customer may provide feedback or suggestions about the Services to Kaleidosim (“Feedback”). If Customer provides Feedback, then Kaleidosim and its Affiliates may use that Feedback without restriction and without obligation to Cus-tomer.

6. Technical Support Services.

6.1 By Customer. Customer is solely responsible for technical support of its Projects.

6.2 By Kaleidosim. Subject to payment of applicable Fees and the remainder of this Section 6.2, Kaleidosim will provide technical support services. The level of technical support is specified on the Pricing Page and depends on the model and package under which the Cus-tomer has bought CPU Hours in accordance with Section 2.1(a). At Kaleidosim’s sole dis-cretion, Kaleidosim may or may not provide technical support services to Customers that purchase a specific number of CPU Hours in accordance with Section 2.1(a)(I). .

7. Confidential Information.

7.1 Obligations. The recipient will only use the disclosing party’s Confidential Information to exercise the recipient’s rights and fulfill its obligations under the Agreement, and will use reasonable care to protect against the disclosure of the disclosing party’s Confidential In-formation. The recipient may disclose Confidential Information only to its Affiliates, em-ployees, agents, or professional advisors (“Delegates”) who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that its Delegates use the received Confidential In-formation only to exercise rights and fulfill obligations under this Agreement.

7.2 Required Disclosure. Notwithstanding any provision to the contrary in this Agreement, the recipient or its Affiliate may also disclose Confidential Information to the extent re-quired by applicable Legal Process; provided that the recipient or its Affiliate uses commer-cially reasonable efforts to (a) promptly notify the other party before any such disclosure of its Confidential Information, and (b) comply with the other party’s reasonable requests re-garding its efforts to oppose the disclosure. Notwithstanding the foregoing, subsections (a) and (b) above will not apply if the recipient determines that complying with (a) and (b) could (i) result in a violation of Legal Process; (ii) obstruct a governmental investigation; or (iii) lead to death or serious physical harm to an individual.

8. Term and Termination.

8.1 Agreement Term. The term of this Agreement (the “Term”) will begin on the Effective Date and continue until the Agreement is terminated as stated in this Section 8.

8.2 Termination for Breach. To the extent permitted by applicable law, either party may terminate this Agreement immediately on written notice if (a) the other party is in material breach of the Agreement and fails to cure that breach within 30 days after receipt of written notice of the breach or (b) the other party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within 90 days.

8.3 Termination for Convenience. Customer may stop using the Services at any time. Cus-tomer may terminate this Agreement for its convenience at any time on prior written notice and, upon termination, must cease use of the applicable Services and any pre-paid but un-used CPU Hours will immediately expire. Kaleidosim may terminate this Agreement for its convenience at any time with 30 days’ prior written notice to Customer and any pre-paid but unused CPU Hours will expire upon lapse of the 30-day notice period.

8.5 Termination Due to Applicable Law. Kaleidosim may terminate this Agreement imme-diately on written notice if Kaleidosim reasonably believes that (a) continued provision of any Service used by Customer would violate applicable law(s), including Export Control Laws.

8.6 Effect of Termination. If the Agreement is terminated, then (a) all rights and access to the Services will terminate (including access to Customer Data, if applicable), unless other-wise described in this Agreement, and (b) all Fees owed by Customer to Kaleidosim are immediately due upon Customer’s receipt of the final electronic bill or as stated in the final invoice.

9. Publicity.

Customer may state publicly that it is a Kaleidosim customer and display Kaleidosim Brand Features in accordance with written confirmation by Kaleidosim. Kaleidosim may use Cus-tomer’s name and Brand Features in online or offline promotional materials of the Services in accordance with written confirmation by Customer. Each party may use the other party’s Brand Features only as permitted in the Agreement. Any use of a party’s Brand Features will inure to the benefit of the party holding Intellectual Property Rights to those Brand Fea-tures.

10. Representations and Warranties.

Each party represents and warrants that (a) it has full power and authority to enter into the Agreement, and (b) it will comply with all laws applicable to its provision, receipt, or use of the Services, as applicable.

11. Disclaimer. Except as expressly provided for in the Agreement, Kaleidosim does not make and expressly disclaims to the fullest extent permitted by applicable law (a) any warranties of any kind, whether express, implied, statutory, or otherwise, includ-ing warranties of merchantability, fitness for a particular use, title, noninfringement, or error-free or uninterrupted use of the Services and (b) any representations about content or information accessible through the Services.

12. Limitation of Liability.

12.1 Limitation on Indirect Liability. To the extent permitted by applicable law and subject to Section 12.3, neither party will have any Liability arising out of or relating to the Agreement for any (a) indirect, consequential, special, incidental, or punitive damages or (b) lost revenues, profits, savings, or goodwill.

12.2 Limitation on Amount of Liability. Each party’s total aggregate Liability for dam-ages arising out of or relating to the Agreement is limited to CHF 10.000,00, except Kaleidosim’s total aggregate Liability for damages arising out of or related to Services or Software provided free of charge is limited to CHF 500.

12.3 Unlimited Liabilities. Nothing in the Agreement excludes or limits either party’s Liability for: (a) its obligations under Section 13 (Indemnification), (b) its infringe-ment of the other party’s Intellectual Property Rights, (c) its payment obligations un-der the Agreement, or (d) matters for which liability cannot be excluded or limited under applicable law.

13. Indemnification.

13.1 Indemnification Obligations. Customer will defend Kaleidosim and its Affiliates and indemnify them against Indemnified Liabilities in any Third-Party Legal Proceeding to the extent arising from (a) any Project or Customer Data, or (b) Customer’s or an End User’s use of the Services in breach of the AUP or Section 3.2.

13.2 Conditions. Section 13.1 is conditioned on the following:

(a) Any indemnified party must promptly notify the indemnifying party in writing of any allegation(s) that preceded the Third-Party Legal Proceeding and cooperate reasonably with the indemnifying party to resolve the allegation(s) and Third-Party Legal Proceeding. If breach of this Section 13.2(a) prejudices the defense of the Third-Party Legal Proceeding, the indemnifying party’s obligations under Section 13.1 will be reduced in proportion to the prejudice.

(b) Any indemnified party must tender sole control of the indemnified portion of the Third-Party Legal Proceeding to the indemnifying party, subject to the following: (i) the indemni-fied party may appoint its own non-controlling counsel, at its own expense; and (ii) any settlement requiring the indemnified party to admit liability, pay money, or take (or refrain from taking) any action, will require the indemnified party’s prior written consent, not to be unreasonably withheld, conditioned, or delayed.

13.5 Remedies.

(a) If Kaleidosim reasonably believes the Services might infringe a third party’s Intellectual Property Rights, then Kaleidosim may, at its sole option and expense (i) procure the right for Customer to continue using the Services; (ii) modify the Services to make them non-infringing without materially reducing their functionality; or (iii) replace the Services with a non-infringing, functionally equivalent alternative.

(b) If Kaleidosim does not believe the remedies in Section 13.5(a) are commercially reason-able, then Kaleidosim may Suspend or terminate Customer’s use of the impacted Services.

13.6 Sole Rights and Obligations. Without affecting either party’s termination rights, this Section 13 states the parties’ sole and exclusive remedy under this Agreement for any third-party allegations of Intellectual Property Rights infringement covered by this Section 13 (Indemnification).

14. Miscellaneous.

14.1 Notices. Under the Agreement, notices to Customer must be sent to the provided Cus-tomer Email Address and notices to Kaleidosim must be sent to [email protected]. No-tice will be treated as received when the email is sent. Customer is responsible for keeping its Customer Email Address current throughout the Term.

14.2 Emails. The parties may use emails to satisfy written approval and consent require-ments under the Agreement.

14.3 Assignment. Neither party may assign any part of this Agreement without the written consent of the other, except to an Affiliate where (a) the assignee has agreed in writing to be bound by the terms of this Agreement, and (b) the assigning party has notified the other party of the assignment. Any other attempt to assign is void.

14.5 Force Majeure. Neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.

14.6 Subcontracting. Kaleidosim may subcontract obligations under the Agreement but will remain liable to Customer for any subcontracted obligations.

14.7 No Agency. This Agreement does not create any agency, partnership, or joint venture between the parties.

14.8 No Waiver. Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.

14.9 Severability. If any part of this Agreement is invalid, illegal, or unenforceable, the rest of the Agreement will remain in effect.

14.10 No Third-Party Beneficiaries. This Agreement does not confer any benefits on any third party unless it expressly states that it does.

14.11 Governing Law. This Agreement and all claims arising out of, or in connection with, this Agreement or Customer’s or End User’s use of the Service (including all claims arising out of contract, tort, or unjust enrichment) are in all respects governed, construed, and en-forced according to the substantive laws of Switzerland. The U.N. Convention on the Inter-national Sale of Goods of 11 April 1980 will not apply.

14.12 Jurisdiction. Any dispute, controversy, or claim arising out of, or in relation to this Agreement or Customer’s or End User’s use of the Service, including regarding the validity, invalidity, breach, or termination of this Agreement, will exclusively be resolved by the competent courts in Zurich, Canton of Zurich, Switzerland.

14.13 Amendments. Except as stated in Section 1.4(c), any amendment must be in writing, signed by both parties, and expressly state that it is amending this Agreement.

14.14 Survival. The following Sections will survive expiration or termination of this Agreement: Section 2 (Payment Terms), Section 5 (Intellectual Property Rights; Protection of Customer Data; Feedback), Section 7 (Confidential Information), Section 8.6 (Effect of Termination), Section 11 (Disclaimer), Section 12 (Limitation of Liability), Section 13 (In-demnification), and Section 14 (Miscellaneous).

14.15 Entire Agreement. This Agreement sets out all terms agreed between the parties and supersedes all other agreements between the parties relating to its subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation, or warranty (whether made negligently or innocently), except those expressly stated in this Agreement.

14.17 Headers. Headings and captions used in the Agreement are for reference purposes only and will not have any effect on the interpretation of the Agreement.

14.18 Definitions.

Capitalized terms used in this Agreement, have the following meanings:

“Account” means Customer’s Kaleidosim Cloud Platform account.

“Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is un-der common Control with a party. For the purpose of the foregoing, “Control” means con-trol of greater than 50 percent of the voting rights or equity interests of a party.

“Agreement” means these Terms of Service.

“AUP” means the then-current Kaleidosim Cloud Platform Acceptable Use Policy. As of the Effective Date, the AUP is accessible at https://kaleidosim.com/terms-conditions/.

“Brand Features” means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party, respectively, as secured by such party from time to time.

“Confidential Information” means information that one party (or an Affiliate) discloses to the other party under this Agreement, and which is marked as confidential or would normal-ly under the circumstances be considered confidential information. It does not include in-formation that is independently developed by the recipient, is rightfully given to the recipi-ent by a third party without confidentiality obligations, or becomes public through no fault of the recipient. Subject to the preceding sentence, Customer Data is considered Customer’s Confidential Information.

“CPU Hour” means the amount of time during which a central processing unit (CPU) of a server is utilized to perform a specific task or set of tasks on the Kaleidosim Cloud Plat-form.

“Customer Data” means data provided to Kaleidosim by Customer or End Users through the Services under the Account, such as simulation data.

“Customer Email Address” means the email address registered by the Customer on the Kaleidosim Cloud Platform.

“Documentation” means Kaleidosim’s then-current documentation of the Services (as may be updated from time to time) in the form generally made available on the documentation subpage(s) of the Webpage. As of the Effective Date, the documentation subpage is acces-sible at https://kaleidosim.com/wiki/ and at https://api.kaleidosim.com.

“End Users” means the individuals who are permitted by Customer to use the Services. For clarity, End Users may include employees of Customer Affiliates and other authorized third parties.

“Export Control Laws” means all applicable export and re-export control laws and regula-tions worldwide.

“Fees” means the applicable then-current fees for the Services. The then-current Fees for the Services are stated on the Pricing Page.

“High Risk Activities” means activities where the use or failure of the Services would rea-sonably be expected to lead to death, personal injury, or environmental or property damage (such as the creation or operation of nuclear facilities, air traffic control, life support sys-tems, or weaponry).

“HIPAA” means the Health Insurance Portability and Accountability Act of 1996 as it may be amended from time to time, and any regulations issued under it.

“including” means including but not limited to.

“Indemnified Liabilities” means any (i) settlement amounts approved by the indemnifying party and (ii) damages and costs finally awarded against the indemnified party by a court of competent jurisdiction.

“Intellectual Property Rights” means current and future worldwide rights under patent, copyright, trade secret, trademark, and moral rights laws, and other similar rights.

“Kaleidosim Account” means (i) a Kaleidosim for OpenFOAM Account (to be registered here: https://app.kaleidosim.com/register) or (ii) a Kaleidosim for COMSOL Account (to be registered here: https://comsol.app.kaleidosim/register) or (iii) any other account or registration option provided by Kaleidosim and required to use the Services.

“Kaleidosim Admin Interface” means the online console(s) or dashboard provided by Ka-leidosim to Customer for administering the Services.

“Kaleidosim Cloud Partner” means a company authorized by Kaleidosim to market and resell the Services integrated into such company’s software.

“Legal Process” means an information disclosure request made under law, governmental regulation, court order, subpoena, warrant, or other valid legal authority, legal procedure, or similar process.

“Liability” means any liability, whether under contract, tort (including negligence), or oth-erwise, regardless of whether foreseeable or contemplated by the parties.

“Pricing Page” means the pricing subpage of the Webpage. As of the Effective Date, the pricing subpage of the Webpage is accessible at https://kaleidosim.com/pricing/.

“Project” means a collection of Kaleidosim Cloud Platform resources configured by Customer via the Services.

“Services” means Kaleidosim’s then-current services described on the products subpage of the Webpage, including the Kaleidosim Cloud Platform. As of the Effective Date, the prod-ucts subpage is accessible at https://kaleidosim.com/products/.

“Suspend” or “Suspension” means disabling or limiting access to or use of the Services or components of the Services.

“Taxes” means all government-imposed taxes, except for taxes based on Kaleidosim’s net income, net worth, asset value, property value, or employment.

“Term” has the meaning stated in Section 8.1 of this Agreement.

“Third-Party Legal Proceeding” means any formal legal proceeding filed by an unaffiliat-ed third party before a court or government tribunal (including any appellate proceeding).

“Webpage” means https://kaleidosim.com/ and its subpages.

Acceptable Use Policy

Effective date:April 17, 2023

Use of the Services is subject to this Acceptable Use Policy (AUP).

Capitalized terms have the meaning stated in the Kaleidosim Cloud Platform Terms of Ser-vice.

Customer agrees not to, and not to allow third parties to use the Services:

• to violate, or encourage the violation of, the legal rights of others;

• to engage in, promote or encourage illegal activity, including child sexual exploitation, child abuse, or terrorism or violence that can cause death, serious harm, or injury to individuals or groups of individuals;

• for any unlawful, invasive, infringing, defamatory or fraudulent purpose including Non-consensual Explicit Imagery (NCEI), violating intellectual property rights of oth-ers, phishing, or creating a pyramid scheme;

• to distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature;

• to gain unauthorized access to, disrupt, or impair the use of the Services, or the equipment used to provide the Services, by customers, authorized resellers, or other authorized users;

• to disable, interfere with or circumvent any aspect of the Services, Software, or the equipment used to provide the Services;

• to generate, distribute, publish or facilitate unsolicited mass email, promotions, adver-tisements, or other solicitations (“spam”); or

• to use the Services, or any interfaces provided with the Services, to access any other Kaleidosim product or service in a manner that violates the terms of service of such other Kaleidosim product or service.

Data Processing Agreement for Customers of Kaleidosim Cloud Platform

Effective date:April 17, 2023

This Kaleidosim Cloud Platform Data Processing Agreement for Customers (“the Data Pro-cessing Agreement”) is entered into by Kaleidosim Technologies AG (“Kaleidosim”) and the Customer.

If you are accepting on behalf of Customer, you represent and warrant that (i) you have full legal authority to bind Customer to this Data Processing Agreement; (ii) you have read and understand this Data Processing Agreement; and (iii) you agree, on behalf of Customer, to this Data Processing Agreement.

1. Processing of Customer Personal Data.

1.1 Processor and Controller Responsibilities. The parties acknowledge that:

(a) Kaleidosim is a processor of Customer Personal Data under European Data Protection Law;

(b) Customer is the controller of Customer Personal Data under European Data Protection Law; and

(c) each party will comply with the obligations applicable to it under Data Protection Laws with respect to the processing of that Customer Personal Data.

1.2 Details of processing. The subject-matter and duration of the processing of Customer Per-sonal Data, the nature and purpose of the processing of Customer Personal Data, the type of personal data contained in the Customer Personal Data and categories of data subjects are set out in Appendix 1 of this Data Processing Agreement.

1.3 Instructions. Customer instructs Kaleidosim to process Customer Personal Data in ac-cordance with the applicable Terms of Service and applicable law only: (a) to provide, secure, monitor and support the Services; and (b) as further specified via (i) Customer’s use of the Services, and (ii) any other written instructions given by Customer. Kaleidosim will comply with the instructions unless prohibited by applicable law.

1.4 Processor Obligations. Kaleidosim shall:

(a) process Customer Personal Data on documented instructions from the Customer only (in-cluding this Data Processing Agreement), including with regard to transfers of Customer Per-sonal Data to a third country or an international organization;

(b) ensure that persons authorized to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiali-ty;

(c) take all measures required pursuant to Article 32 of the GDPR and similar European Data Protection Law, as specified in Section 4 and Appendix 2.

(d) taking into account the nature of the processing, assist the Customer by appropriate tech-nical and organizational measures, insofar as this is possible, for the fulfilment of the control-ler’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR and similar European Data Protection Law. Kaleidosim will charge Customer for any activities under this Section 1.4(d) at its then-current hourly rates (currently CHF 150.00 plus VAT per hour);

(e) assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR and similar European Data Protection Laws taking into account the nature of processing and the information available to Kaleidosim. Kaleidosim will charge Customer for any activities under this Section 1.4(d) at its then-current hourly rates (currently CHF 150.00 plus VAT per hour);

(f) at the choice of the Customer, delete or return all the Customer Personal Data to the Cus-tomer after the end of the provision of services relating to processing, and deletes existing copies unless applicable law requires storage of the personal data; and

(h) make available to Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and similar European Data Protection Law and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. Kaleidosim will charge Customer for any activities under this Section 1.4(h) at its then-current hourly rates (currently CHF 150.00 plus VAT per hour);

(i) immediately inform the Customer if, in Kaleidosim’s opinion, an instruction infringes Data Protection Law.

2. Subprocessors.

2.1 Consent to Subprocessor Engagement. Customer specifically authorizes the engagement as Subprocessors of those entities disclosed under Section 2.2. In addition, without prejudice to Section 2.4, Customer generally authorizes the engagement of other third parties as Sub-processors (“New Subprocessors”).

2.2 Information about Subprocessors. Then-current names, locations and activities of Sub-processors are provided under https://kaleidosim.com/wiki-article/kaleidosims-subprocessors/.

2.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Kaleido-sim will:

(a) ensure that: (i) the Subprocessor only accesses and uses Customer Personal Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the applicable Agreement (including this Data Processing Agreement); and (ii) if the pro-cessing of Customer Personal Data is subject to European Data Protection Law, the data pro-tection obligations described in this Data Processing Agreement (as referred to in Article 28(3) of the GDPR, if applicable), are imposed on the Subprocessor; and

(b) remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.

2.4 Opportunity to Object to Subprocessor Changes.

(a) When any New Subprocessor is engaged, Kaleidosim will, at least 30 days before the New Subprocessor starts processing any Customer Personal Data, notify Customer of the engage-ment (including the name, location and activities of the New Subprocessor); and

(b) Customer may, within 90 days after being notified of the engagement of a New Subpro-cessor, object by immediately terminating the Agreement for convenience by notifying Kaleidosim.

3. Data Transfers.

3.1 Subject to the terms of this Section 3, Customer Personal Data may be processed in any country in which Kaleidosim or its Subprocessors maintain facilities and data centers. As of the effective date of this Data Processing Agreement, Kaleidosim’s data centers are located in the European Union and Switzerland.

3.2 The parties acknowledge that European Data Protection Law does not require SCCs (Pro-cessor-to-Processor Module) or an Alternative Transfer Solution in order for Customer Per-sonal Data to be processed in or transferred to an Adequate Country.

3.3 If Customer Personal Data is transferred to any country not being an Adequate Country and European Data Protection Law applies to the transfer, then Kaleidosim will conclude the SCCs (Processor-to-Processor Module) with the applicable Kaleidosim entity or Subproces-sor.

3.4 If Customer concludes, based on its current or intended use of the Services, that the Alter-native Transfer Solution and/or SCCs (Processor-to-Processor Module), as applicable, do not provide appropriate safeguards for Customer Personal Data, then Customer may immediately terminate the Agreement for convenience by notifying Kaleidosim.

4. Technical and Organizational Measures.

Kaleidosim will implement and maintain technical, organizational and physical measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). The Security Measures include measures to encrypt Customer Personal Data; to help ensure ongo-ing confidentiality, integrity, availability and resilience of Kaleidosim’s systems and services; to help restore timely access to Customer Personal Data following an incident; and for regular testing of effectiveness. Kaleidosim may update the Security Measures from time to time pro-vided that such updates do not result in a material reduction of the security of the Services.

5. Definitions.

Capitalized terms used in this Data Processing Agreement have the meaning given to them in the Terms of Service. Capitalized terms used in this Data Processing Agreement and not defined in the Terms of Service have the following meaning:

“Adequate Country” means:

(a) for data processed subject to the EU GDPR: the EEA, or a country or territory recog-nized as ensuring adequate protection under the EU GDPR;

(b) for data processed subject to the UK GDPR: the UK, or a country or territory recognized as ensuring adequate protection under the UK GDPR and the Data Protection Act 2018; and/or

(c) for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that is: (i) included in the list of the states whose legislation ensures adequate protection as pub-lished by the Swiss Federal Data Protection and Information Commissioner, or (ii) recog-nized as ensuring adequate protection by the Swiss Federal Council under the Swiss FDPA;

“Customer Personal Data” means those portions of the Customer Data that contain personal data, i.e. information relating to an identified or identifiable natural person; an identifia-ble natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Data Protection Law” means (a) European Data Protection Law; and (b) other data protec-tion laws that apply to the processing of Customer Personal Data by Kaleidosim.

“European Data Protection Law” means, as applicable: (a) the GDPR; (b) the UK GDPR, and/or (b) the Swiss FDPA.

“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of per-sonal data and on the free movement of such data, and repealing Directive 95/46/EC.

“New Subprocessor” has the meaning given to it in Section 2.1.

“Security Measures” has the meaning given to it in Section 4.

“SCCs” means Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on stand-ard contractual clauses for the transfer of personal data to third countries pursuant to Regula-tion (EU) 2016/679 of the European Parliament and of the Council.

“Subprocessor” means a third party authorized as another processor under this Data Pro-cessing Agreement to have logical access to and process Customer Personal Data in order to provide parts of the Services.

“Swiss FDPA” means the Swiss Federal Data Protection Act of 19 June 1992, and from September 1, 2023 onwards, the Swiss Federal Data Protection Act of 25 September 2020.

“UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.

Appendix 1

Subject Matter and Details of the Data Processing

Subject Matter of the Processing

Kaleidosim’s provision of the Services to Customer.

Duration of the Processing

While Kaleidosim performs the Services until deletion of all Customer Personal Data by Ka-leidosim in accordance with this Data Processing Agreement.

Nature and Purpose of the Processing

Kaleidosim will process Customer Personal Data for the purposes of providing the Services to Customer.

Categories of Data

Personal data relating to individuals provided to Kaleidosim via the Services, by, or at the direction of, Customer or by the End Users.

Appendix 2

Security Measures

1 Databases

User data is stored in a database. This includes emails and passwords.

This database is hosted in a cloud project separate to the simulation data.

1.1 Passwords

Passwords are stored in an one way encrypted form and plain text passwords are not stored.

2 Simulation data

Simulation data is stored in a separate cloud project away from customer identifiable

information which is stored in the database cloud project.

Simulation data is encrypted before being written to disk and cannot be read by cloud

partners.

3 Inter-system communication

We employ encrypted HTTPS communication between our customer facing system and our backend systems.

Secure HTTPS communication is used on our browser based web portals, API systems and distributed applications such as the cloudCompanion.

4 Credit card data

We do not store credit card information.

5 User account security

5.1 Passwords

Users login to their account using a username and password.

5.2 Two factor authentication

Users can optionally secure their account with 2-factor authentication. Kaleidosim uses a code based system which operates with software on a customer’s smartphone. The user is prompted to input a one time use code into our system on login to verify their identity, along with their username and password.

6 Third party software libraries

Kaleidosim conducts periodic software reviews and updates 3rd party libraries used as part of the Kaleidosim system as required. Also we update the software interpreters and

database systems we utilise in the system.

7 Cloud machine security

Our simulation machines are treated internally as unfriendly systems, and have very limited access to our cloud systems. They are also firewalled off from direct access from the internet.

8 Software distribution security

For applications that Kaleidosim distributes, for example the cloudCompanion, we em-ploy certification to the relevant platforms dependent on the operating system where the application is being deployed enabling the end user to validate the source of the software they have downloaded.

9 Staff access

Kaleidosim differentiates between staff that can access various types of systems we

maintain.

9.1 Full Time staff

Only full-time, trusted, staff can access the production clouds and customer data. Also only full-time staff can deploy software into the production environment and create software for distribution and upload distribution software to our upload channels.

9.2 Contract staff

Contractors are periodically utilised by Kaleidosim. They can only access and update test

and staging cloud deployments that do not have customer data present.

10 Subprocessor certification: ISO 27001

Our subprocessors Google Cloud and MongoDB are ISO 27001 certified.

• For information on Google Cloud certification see https://cloud.google.com/security/compliance/iso-27001?hl=de

• For information on MongoDB certification see https://www.mongodb.com/cloud/trust/compliance/iso