DeepJudge AG 
Subscription Terms & Conditions

These subscription terms and conditions (“Terms and Conditions”) are entered into between DeepJudge AG, with its registered address at Zeughausstrasse 31, 8004 Zürich Switzerland (“DeepJudge”), and Customer, with name and address as indicated on the Order Form (“Customer”). These Terms and Conditions and the form upon which they are referenced (“Order Form”) together constitute one binding contractual agreement (“Agreement”) between DeepJudge and Customer. The Agreement is effective as of the date you accept these Terms and Conditions in the applicable Order Form or use the Services (the “Effective Date”).

BY EXECUTING THIS AGREEMENT, AND WHERE NO SIGNATURE BOX IS AVAILABLE, BY CLICKING THROUGH TO ACCESS THE SERVICES OR OTHERWISE INDICATING CUSTOMER’S ACCEPTANCE OF THIS AGREEMENT, OR THROUGH CUSTOMER’S ACCESS TO OR USE OF THE SERVICES, CUSTOMER EXPRESSLY AGREES TO BE BOUND BY THIS AGREEMENT. IF THE PERSON SIGNING OR ACCEPTING OR CLICKING THROUGH TO THE SERVICES IS ENTERING THIS AGREEMENT ON BEHALF OF ANOTHER ENTITY OR PERSON, SUCH PERSON HEREBY REPRESENTS TO DEEPJUDGE THAT THEY HAVE SUCH AUTHORITY TO BIND CUSTOMER TO THIS AGREEMENT. IF SUCH PERSON DOES NOT HAVE SUCH AUTHORITY OR IF CUSTOMER DOES NOT AGREE TO THIS AGREEMENT, DO NOT ACCESS OR USE DEEPJUDGE’S SERVICES.

1. Services

DeepJudge shall provide the Services listed on the applicable Order Form (“Services”), for the term listed thereon, on a subscription basis and subject to the terms and conditions of this Agreement. During the term, DeepJudge grants Customer a limited, non-exclusive, non-transferable, non-assignable, non-sublicensable license for its Users to access and use the Services, subject to this Agreement. 

a. Deployment.
Services shall be provided via cloud.

i. Hosting. The Services shall reside on (a) server(s) in the Cloud Hosting Location indicated on the Order Form.

ii. Upgrades and Maintenance.
During the term, DeepJudge may at its own discretion provide software fixes, revisions, upgrades or releases incorporating enhancements to the Services as well as carry out maintenance or other improvements to the Services and its infrastructure, and Customer acknowledges that this may result in temporary delays and interruptions from time to time. DeepJudge will inform Customer about planned interruptions reasonably in advance.

iii. Service Availability.
Subject to this Agreement, DeepJudge shall use commercially reasonable efforts to maintain an Uptime Percentage of 99% or higher, calculated each calendar quarter. The Uptime Percentage shall be calculated as 100 x (total minutes in quarter - total minutes of Downtime in quarter) / total minutes in quarter. Downtime is defined as the time the Services are not available to log in or are not functioning in any material respect (the “Downtime”), but shall not include: a) scheduled system maintenance, b) unscheduled maintenance deemed necessary to protect security and confidentiality of Customer Data, c) failures caused by Customer’s or a third party’s systems, d) Customer’s own acts or omissions, e) periods of suspension of this Agreement, and/or f) other events outside of DeepJudge’s control such as changes resulting from government, political, or other regulatory actions or court orders, strikes, riots, labor disputes, health crises, insurrection, fires, floods, explosions, war, governmental action, labor conditions, earthquakes, natural disasters, acts of or against third parties (including third party carriers or other vendors), or any other force majeure event.

2. Fees

a. Subscription, Implementation and other Fees.
Customer shall pay the fees and other charges indicated on the applicable Order Form(s). Payments shall be made without any right to set-off or deduction and, except as expressly set forth herein, nonrefundable. Invoices are payable within thirty (30) calendar days from the date of the invoice, unless otherwise specified on the applicable commercial platform ("Marketplace") through which services and solutions are made available for purchase.

b. Bespoke Services.
Customer may request DeepJudge to provide bespoke services (e.g., customizations or other related professional services) in relation to Customer’s use of the Services (the “Bespoke Services”), and DeepJudge may, in its discretion, agree to provide the Bespoke Services. Any such Bespoke Services will be provided subject to the terms and conditions set forth in a mutually agreed statement of work (“SOW”), including the fees payable by Customer to DeepJudge, which shall form a schedule to and be incorporated into and form part of this Agreement. Unless otherwise provided for in the applicable SOW, fees for Bespoke Services shall be invoiced monthly and payable within thirty (30) calendar days of receipt of the invoice. To the extent that there is any inconsistency between any provision in any SOW and the rest of this Agreement, the terms of such SOW shall prevail.

c. Currency and Taxes.
If not explicitly stated otherwise, all fees are in United States dollars (USD). All fees exclude applicable taxes. Customer is responsible for applicable federal, national, state, provincial, and/or sales, use, excise or other applicable taxes.

d. Suspension for non-payment.
In case Customer does not pay the applicable fees as agreed between the parties and after notice of non-payment, DeepJudge reserves the right to limit or suspend access to the Services. In case of a suspension for non-payment, Customer remains liable for all charges and fees incurred during the suspension period.

3. Term & Termination.

The term of this Agreement begins on the start date specified on the Order Form, or if no start date is stated, on the Effective Date, and ends at the end of the term specified on the Order Form. Unless otherwise specified on the Order Form, the Agreement will automatically renew for subsequent periods of one (1) year. Either party may terminate the Agreement at any time with immediate effect if the other party is in material breach of the Agreement. In all other cases, either party may terminate prior to the end of each subscription term by notifying the other party in writing, including email, at least three (3) months before the end of such subscription term.

1. Obligations upon termination. Customer shall delete any software, source code, object code, documentation or data related to Services immediately upon  termination becoming effective. DeepJudge shall delete any Customer Data, including any Training Data, if applicable, and Customer Models, if applicable, within sixty (60) calendar days from termination becoming effective.

2. Termination does not affect any rights, obligations, or liabilities of either party that have accrued before or are intended to stay effective beyond termination.

4. Customer Obligations

1. Compliance with law.
Customer shall use the Services in compliance with the Agreement and all applicable laws and government regulations.

2. Users.
Users of Customer may need to register an account to access and use all or parts of the Services. “Users” shall mean individual employees, directors and officers of Customer, and any contractors who are granted access to the Services by Customer or other Users.

3. Security of User Accounts.
Customer shall provide, and shall ensure Customer’s Users shall provide, accurate, current, and complete information during registration and keep their account information up-to-date. Account sharing for the purposes of reducing the effective number of users or for implying to have a smaller effective number of users is prohibited. Customer is responsible for maintaining the confidentiality and security of User account credentials and may not disclose their credentials to any third party. Customer is responsible and liable for activities conducted through their account, including the actions of any User, and shall immediately notify DeepJudge if there is any suspicion that their credentials have been lost, stolen, and/or their account is otherwise compromised.

4. Cooperation.
Customer shall undertake commercially reasonable efforts to provide DeepJudge with all reasonably necessary access, data, documents, information, materials, software as well as competent staff, and anything else reasonably required for the provision of Services. Furthermore, Customer is obliged to inform DeepJudge immediately if errors or faults occur and to support DeepJudge in the analysis and, if necessary, in the elimination of errors and faults to the extent reasonably required. If the provision of Services under this Agreement is delayed due to circumstances for which Customer is responsible, Customer shall bear the disadvantages and additional costs incurred. Customer shall immediately inform DeepJudge of all circumstances that might endanger or may be relevant to providing the Services and all misuses or suspicions of misuse of the Services.

5. Restrictions.
Customer shall not (a) circumvent or attempt to circumvent any security protection of the Services; (b) use the Services in unlawful or fraudulent ways or for any unlawful or fraudulent purpose or effect; (c) access the Service via any automated system or take any action that may impose an unreasonable load on the Services or the underlying infrastructure; (d) bypass the measures that DeepJudge may use to prevent or restrict access to or use of the Service; (e) reverse engineer, decompile, disassemble and/or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation and/or data related to Services; (f) copy, modify, distribute, reproduce, translate, disassemble or use in any other non-intended way (other than as permitted by the Agreement) any information, text, graphics, images, software obtained from the Services, and/or any other part of the Services, unless with DeepJudge’s prior written permission; (g) sell, sublicense, allow access and/or make the Services or any part of it otherwise available to third-parties (h) create derivative works based on the whole or any part of the Services or any content (other than Customer Data) available on the Services, unless with DeepJudge’s prior written permission; and/or (i) access the services in order to build, or to share with anyone who builds, a product or service competitive to the Services and/or any product or service offered by DeepJudge.

6. Suspension.
Customer acknowledges that DeepJudge is permitted and possibly required by law to suspend access to the Services or Customer's account based upon reasonable determination of the occurrence or potential for occurrence of illegal or wrongful activity, fraudulent use and/or attempted fraudulent activity, or a breach of the foregoing obligations. In case of a suspension, Customer remains liable for all charges and fees incurred during the suspension period.

5. Intellectual Property, Data. 

a. Intellectual Property Ownership.
Each party retains all rights, titles, and interests to its own intellectual property, including all copyrights, inventions, trademarks, designs, domain names, know-how, trade secrets, data and other intangible property rights (“Intellectual Property Rights”).

i. DeepJudge retains all Intellectual Property Rights in and to the Services, Usage Data, Feedback, documentation and related materials, and/or any part(s) of thereof.  

ii. Customer retains all Intellectual Property Rights in and to the Customer Data, including Training Data, if applicable.

b. Customer Models
DeepJudge does not use Customer Data to train the artificial intelligence (AI) and/or machine learning (ML) models underlying the Services, except in the case that prior consent was provided by Customer. With Customer’s prior consent, DeepJudge may train artificial intelligence (AI) and/or machine learning (ML) models for exclusive use by Customer (“Customer Models”) using subsets of Customer Data (“Training Data”). Training of Customer Models is conducted solely on IT infrastructure in the Cloud Hosting Location. Customer Models shall be subject to the same confidentiality and privacy requirements as applicable to Customer Data, including their deletion requirements upon termination of this Agreement.

c. Usage Data.
DeepJudge may collect Usage Data and other information to improve the Services, as well as for security, support, product and operations management, and research and development purposes. “Usage Data” is statistical and other information about Customer’s and Users’ configuration and use of the Services, such as hardware usage, operating systems and environments, cluster setup (e.g., node type and counts), cluster health, system performance (e.g., uptime and response times), feature usage, User inputs and User behavior. DeepJudge does not share Usage Data with third parties. 

d. Feedback.
In case Customer provides DeepJudge with information and/or feedback concerning complaints, errors, problems, suggestions for improvements, ideas, and other matters related to Services (“Feedback”), DeepJudge may use, or not use, any such Feedback, without any obligation, whether financial or otherwise, to the Customer. Customer irrevocably assigns all rights (including but not limited to Intellectual Property Rights) in the Feedback to DeepJudge and acknowledges it has no claim in relation to the Feedback.

6. Liability & Indemnity

a. Disclaimers.
THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE”, AND, OTHER THAN AS SET FORTH IN THIS AGREEMENT, DEEPJUDGE MAKES NO WARRANTIES OR REPRESENTATIONS OF ANY KIND RELATED TO THE SERVICES OR THE INFORMATION AND MATERIALS CONTAINED THEREON. DEEPJUDGE DOES NOT GUARANTEE THAT THE SERVICES ARE ERROR-FREE AND WILL FUNCTION WITHOUT ANY INTERRUPTION OR DISRUPTION. DEEPJUDGE IS NOT RESPONSIBLE FOR INACCURACY OR INCOMPLETENESS OF THE SERVICES BEYOND OF WHAT IS SET FORTH HEREIN, OR THE INCOMPATIBILITY OF THE SERVICES WITH ANY SPECIFIC OBJECTIVES THAT CUSTOMER IS HOPING TO ACHIEVE. DEEPJUDGE DISCLAIMS ALL REPRESENTATIONS, WARRANTIES AND CONDITIONS, WHETHER IMPLIED BY OPERATION OF LAW OR OTHERWISE, INCLUDING ANY WARRANTIES OF MERCHANTABLE QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ERROR-FREE OR UNINTERRUPTED OPERATION, AND ANY REPRESENTATIONS OR WARRANTIES OR CONDITIONS ARISING FROM A COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. NO ORAL OR WRITTEN COMMUNICATIONS BY DEEPJUDGE, ITS EMPLOYEES, DIRECTORS, OFFICERS OR AGENTS WILL CREATE ANY NEW OR ADDITIONAL WARRANTIES. 

b. Limitation of Liability.

i. EXCEPT FOR DAMAGES ARISING FROM THE OTHER PARTY’S FRAUD, WILLFUL MISCONDUCT, OR INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, AND NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, LOST PROFITS OR OTHER BUSINESS INTERRUPTION DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF REVENUES, DATA LOSS OR USAGE LOSS, IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE RELATING TO THE SERVICES, WHETHER OR NOT THE LIKELIHOOD OF SUCH LOSS OR DAMAGE WAS CONTEMPLATED.

ii. DEEPJUDGE’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES, REGARDLESS OF CAUSE OR THEORY OF RECOVERY, IS LIMITED TO THE FEES PAID TO DEEPJUDGE UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD PRIOR TO THE EVENT FIRST GIVING RISE TO SUCH LIABILITY. TO THE EXTENT ANY LIABILITY OF A PARTY CANNOT BE DISCLAIMED, EXCLUDED OR LIMITED UNDER APPLICABLE LAWS, SUCH LIABILITY SHALL BE DISCLAIMED, EXCLUDED AND LIMITED TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAWS.

c. Indemnity by DeepJudge.
DeepJudge shall defend Customer and its officers, directors, employees and agents, from any and all third-party claims that the use of the Services as permitted hereunder infringes and/or violates any third-party intellectual property right. If Customer’s use of the Services is (or in DeepJudge’s opinion is likely to be) enjoined, DeepJudge, at its expense and in its sole discretion, may: (i) procure the right to allow Customer to continue to use the Services, or (ii) modify or replace the software or the Services or infringing portions thereof to become non-infringing, or (iii) if neither (i) nor (ii) is commercially feasible, terminate Customer’s right to use the affected portion of the Services. Notwithstanding the foregoing, DeepJudge will have no liability for any such claim that arises in whole or in part from: (a) modifications to the Service made by Customer or any third-party not authorized by DeepJudge; (b) Customer’s use of the Services other than in accordance with this Agreement or in violation of applicable law; or (c) Customer Data. The indemnification obligations set forth in this Section 6.c are DeepJudge’s sole and exclusive obligations, and Customer’s sole and exclusive remedies, with respect to infringement or misappropriation of third-party intellectual property rights of any kind.

d. Indemnity by Customer.
Customer shall defend and hold harmless DeepJudge and its officers, directors, employees and agents from any and all third-party claims related to (i) the Customer Data or (ii) failure to comply with applicable laws, rules or regulations in performance of this Agreement. 

e. Indemnity Requirements.
With respect to any claims brought against an indemnified party hereunder, the party seeking indemnification shall promptly advise the indemnifying party of any threat or initiation of any claim, demand, action or proceeding to which the requested indemnification may apply, provide the indemnifying party sole control over the defense and settlement of the matter, and assist the indemnifying party in the defense or settlement thereof.

7. Confidentiality, Privacy, and Security.

a. Confidential Information.
Each party (“Discloser”) may disclose to the other (“Recipient”) Confidential Information. “Confidential Information” includes, without limitation, any information which is marked as confidential and information which has otherwise been indicated as being confidential or could reasonably be deemed confidential and attributable to Customer or DeepJudge, including but not limited to organization information, customer information, functionalities, features, specifications and documentation of the Services, or, in the case of Customer as Discloser, Customer Data. The following are not considered Confidential Information: (a) information that is publicly available or becomes publicly accessible, provided that such public availability or accessibility did not arise from any fault, omission, or other act of the Recipient; (b) information lawfully and unrestrictedly received; or (c) information independently developed by the receiving party without use of or reliance on the other party’s Confidential Information.

b. Confidentiality.
Except as required by law, DeepJudge shall treat as confidential and will not use (other than for the purposes set forth herein) during the term of this Agreement and thereafter, disclose or otherwise make available any Confidential Information to any other person other than as permitted by Customer in writing in advance, and on a strict need to know basis. DeepJudge will instruct its employees and such other persons who have access to Confidential Information to keep it confidential by using the same care and diligence that DeepJudge is required to use with respect to Confidential Information, which shall be no less than professional care and diligence, and shall ensure that any third party is either subject to professional secrecy obligations by law or by contract. If DeepJudge is required by applicable law, regulation, court order or legal process to disclose any Confidential Information, DeepJudge will provide Customer with prompt notice of such request or requirement and DeepJudge will request that all Confidential Information so disclosed is treated confidentially. Disclosure of Confidential Information in accordance with the foregoing sentence will not violate the terms of this Agreement. This confidentiality obligation remains in force even after the termination of the Agreement.

c. Security.
DeepJudge will implement and maintain appropriate administrative, technical and organizational safeguards for protection of the security, confidentiality, and integrity of Customer’s Confidential Information, including Usage Data, processed by DeepJudge as set forth herein. Those safeguards include, but are not limited to, measures for preventing access to or use, modification or disclosure by DeepJudge personnel (including affiliates, subprocessors and contractors) of Customer Data and Usage Data except as permitted by the provisions of this Agreement or as Customer expressly permits in writing in advance.

d. Breach notification.
DeepJudge shall notify Customer reasonably promptly upon becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data transmitted, stored or otherwise processed.

e. Data Processing Addendum.
To the extent Customer Data includes personal data sent by Customer through the Services, the terms of the Data Processing Addendum (“DPA”) found at Appendix A shall apply and be deemed incorporated into this Agreement.

8. Miscellaneous

a. Marketing.
Unless otherwise specified on the applicable Order Form, customer entitles DeepJudge to use Customer’s name, logo, and a brief description of the services provided for advertising purposes on DeepJudge's website and other marketing or sales materials. The use of Customer’s name and logo is expressly permitted in confidential investment materials.

b. Entire Agreement; Amendments.
This Agreement constitutes the entire agreement between DeepJudge and Customer, and supersedes all prior agreements, between the parties relating to the subject matter of the Agreement. Any amendments to this Agreement must be agreed in writing and signed by both parties. If any provision of the Agreement (in whole or part) is held to be illegal, invalid or otherwise unenforceable, the other provisions will remain in full force and effect.

c. Notices: Notices must be given in writing, including email, and need to be communicated:

d.To DeepJudge’s attention: via email to: legal@deepjudge.ai;

e. To Customer's attention: via email to the business contact listed on the Order Form or Azure Marketplace. It is Customer's responsibility to keep provided contact information current.

f. Assignment. Neither party may assign this Agreement or any Order Form, in whole or in part, without the other party’s prior written consent, not to be unreasonably withheld; provided, however, that DeepJudge may assign the Agreement without Customer’s consent to any entity that acquires all or substantially all of the business or assets of DeepJudge related to the Services, whether by merger, reorganization, acquisition, sale, operation of law, change in control or otherwise. Any assignment made in conflict with this provision shall be void. This Agreement is binding upon and will inure to the benefit of each of the parties and their respective successors and assigns.

g. Relationship of the Parties; Third Parties. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect. Nothing in this Agreement is intended or shall be construed to give any person, other than the parties hereto, their successors and permitted assigns, any legal or equitable right, remedy or claim under or in respect of this Agreement.

h. Governing Law & Jurisdiction: This Agreement, and all claims or causes of action that may be based upon, arise out of or relate to this Agreement shall be governed by and construed in accordance with the substantive laws of Switzerland, excluding its conflict of law provisions and the United Nations Convention on Contracts for the International Sale of Goods (CISG). The parties consent to exclusive jurisdiction and venue in courts located in Zurich.

APPENDIX A

DeepJudge AG
Data Processing Addendum

This Data Processing Addendum, including any annexes, exhibits, or appendices (“DPA”) forms part of the Agreement or any other agreement about the delivery of contracted services (“Agreement”) between DeepJudge AG (“DeepJudge”) and Customer, which are parties to that Agreement, to reflect the parties’ agreement about the Processing of Customer Personal Data (as those terms are defined below). This DPA is effective on the Effective Date of the Agreement, unless this DPA is separately executed, in which case it is effective on the date of the last signature. In the event of any conflict between this DPA and the Agreement, the provisions of this DPA will control with respect to the subject matter of Processing Customer Personal Data.

All capitalized terms not defined herein shall have the meaning set forth in the Agreement or in Applicable Data Protection Law.

1. Definitions

1.1. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. 

1.2.Applicable Data Protection Law” means any applicable laws, rules, regulations, and governmental requirements relating to the privacy, confidentiality, or security of Personal Data, as they may be amended or otherwise updated from time to time, including, without limitation, the General Data Protection Regulation 2016/679 (“GDPR”) and supplementing data protection law of the European Union Member States, the United Kingdom's Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (“UK GDPR”), the Swiss Federal Data Protection Act (“Swiss DPA”), and the California Consumer Privacy Act (“CCPA”) of 2018.

1.3.Controller” (or “Business” as used in Applicable Data Protection Law) means the entity which determines the purpose and means of the Processing of Personal Data.

1.4. “Controller Affiliate” means an Affiliate of Customer which is permitted to use the Services pursuant to the Agreement between DeepJudge and Customer but has not signed its own agreement with DeepJudge. 

1.5.Customer Personal Data” means the Personal Data that Customer or a Controller Affiliate provides under the Agreement for DeepJudge to Process on behalf of Customer or Controller Affiliate in connection with the Services. Customer Personal Data does not include information that is anonymized.

1.6.Data Subject” means an identified or identifiable person to whom Personal Data relates. 

1.7. Data Subject Request means a request from Data Subjects seeking to exercise their rights under Applicable Data Protection Law.

1.8.“​​Personal Data” (which will include “Personal Information” as used in Applicable Data Protection Law) has the meaning as defined under Applicable Data Protection Law. 

1.9.Process,” “Processing,” and “Processed” will have the meaning as defined under Applicable Data Protection Law.

1.10. Processor” (or “Service Provider” as used in Applicable Data Protection Law) means the entity engaged to Process Personal Data on behalf of the Controller. 

1.11.Restricted Country” means (i) where the GDPR applies, a country outside of the European Economic Area (“EEA”) not subject to an adequacy determination by the European Commission; (ii) where the Swiss Federal Act on Data Protection of June 19, 1992, applies, a country outside Switzerland which has not been recognized to provide an adequate level of protection by the Federal Data Protection and Information Commissioner; and (ii) countries that do not qualify for the adequacy regulations under Section 17A of the UK GDPR. 

1.12. Restricted Transfer” means, (i) where the GDPR applies, a transfer of Personal Data from the EEA to a Restricted Country; (ii) where the Swiss Federal Act on Data Protection of June 19, 1992, applies, a transfer of Personal Data from Switzerland to a Restricted Country; and (iii) transfers covered by Chapter V of the UK GDPR. 

1.13. Security Incident” means an actual breach of security that leads to the loss or unauthorized access, use, alteration, or acquisition of (including authorized internal access to) Customer Personal Data. 

1.14. Sell” and “Share” will have the meaning as defined under Applicable Data Protection Law.

1.15.Standard Contractual Clauses” or “SCCs” means (i) where the GDPR applies, the clauses annexed to the European Commission’s Implementing Decision 2021/914 of June 4, 2021 for the transfer of Personal Data to third countries; and (ii) where the UK GDPR applies, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner under Section 119A(1) Data Protection Act 2018 (“UK IDTA”) (in each case, as updated, amended or superseded from time to time).

1.16.Subprocessor” means any Processor engaged by DeepJudge to assist in fulfilling its obligations with respect to providing the Services. For purposes of this DPA, Subprocessor includes subcontracted Service Providers or Contractors as defined under Applicable Data Protection Law.

2. Role of the Parties.

The parties acknowledge and agree to the following: (i) Customer is the Controller of Customer Personal Data and (ii) DeepJudge is the Processor of Customer Personal Data. 

3. Scope and Responsibility.

3.1. Each Party represents that it will comply with its respective obligations under Applicable Data Protection Law. Customer represents and warrants that it has obtained any necessary consents or otherwise has a lawful basis to provide Personal Data to DeepJudge for Processing in accordance with the Agreement and this DPA, and its instructions to DeepJudge do and shall comply with Applicable Data Protection Law. Customer will notify DeepJudge if the Data Subject withdraws consent.

3.2. DeepJudge will ensure that: (i) all personnel authorized to Process Customer Personal Data are made aware of the confidential nature of Customer Personal Data and have committed themselves to confidentiality (e.g., by confidentiality agreements) or are under an appropriate statutory obligation of confidentiality; (ii) access to Customer Personal Data is restricted only to those personnel who require it for the purposes of fulfilling DeepJudge’s obligations under the Agreement; (iii) reasonable and appropriate steps are taken to help ensure that any Customer Personal Data provided to it is Processed in a manner consistent with Applicable Data Protection Laws and (iv), upon notice, it takes reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Data.

3.3. DeepJudge will promptly notify Customer if it believes or confirms that it cannot follow the instructions of Customer or meet its obligations under the Agreement or Applicable Data Protection Law for any reason, unless it is prohibited by applicable law from making such notification.

3.4. DeepJudge will Process the Customer Personal Data solely to provide the Services to Customer, to carry out its obligations under the Agreement, and in accordance with the Customer’s written instructions unless doing so would otherwise violate Applicable Data Protection Law. DeepJudge will not, nor will it permit any Subprocessor to: (i) Sell or Share any of Customer Personal Data; (ii) Process Customer’s Personal Data for any purpose other than for the business purpose of performing the Services and fulfilling its obligations under the Agreement (or as otherwise permitted by Applicable Data Protection Law); (iii) retain, use, or disclose Customer Personal Data outside of the direct business relationship between the parties as defined in the Agreement; or (iv) combine Customer Personal Data with Personal Data that it receives from, or on behalf of, another person or persons or that it collects from its own consumer interaction.

4. Cooperation

DeepJudge will reasonably cooperate with and assist Customer with meeting its Applicable Data Protection Law obligations and will immediately notify Customer if it receives any complaint, notice, or communication that relates to Customer’s compliance with Applicable Data Protection Law.

5. Subprocessors

DeepJudge is authorized to engage Subprocessors to Process the Customer Personal Data as necessary to carry out its obligations under the Agreement. DeepJudge will conduct reasonable due diligence on each Subprocessor to ensure each Subprocessor is capable of providing the level of data protection required by this DPA. DeepJudge will enter into a written agreement with each of its Subprocessors that imposes no less restrictive terms as those contained in this DPA. To the extent this criteria changes, DeepJudge will notify the Customer may object to such change in criteria. DeepJudge is responsible for the acts and omissions of its Subprocessors in connection with Processing of Customer Personal Data under the Agreement.

6. Data Security

6.1 DeepJudge shall maintain appropriate technical and organizational measures with regard to Customer Personal Data and to ensure an appropriate level of security.

6.2 Customer acknowledges that the Security Measures are subject to technical progress and development and that DeepJudge may update or modify the Security Measures from time to time, provided that such updates and modifications do not degrade or diminish the overall security of the Services.

7. Security Incidents

In the event of a confirmed Security Incident (at DeepJudge or at a Subprocessor of DeepJudge), DeepJudge shall, without undue delay, but in any event within seventy-two (72) hours of discovery, inform Customer of the Security Incident and take such steps as DeepJudge in its sole discretion deems necessary and reasonable to remediate such violation. In the event of such a Security Incident, DeepJudge shall, taking into account the nature of the Processing and the information available to DeepJudge, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its obligations under Applicable Data Protection Law with respect to notifying (i) the relevant Supervisory Authority and/or (ii) Data Subjects affected by such Personal Data Breach without undue delay.

8. Data Subject Requests

As between the parties, Customer will have sole discretion and responsibility in responding to the rights asserted by any individual in relation to Customer Personal Data under Applicable Data Protection Law. DeepJudge will forward to Customer without undue delay any Data Subject Request received by DeepJudge or any Subprocessor. Processor shall not be responsible for directly responding to Data Subject Requests. 

9. Audits

DeepJudge, upon written request, either provide information regarding its compliance in the form of third-party certifications and audits reports on its security, privacy and architecture or respond with industry standard written audit questionnaires, provided that the purpose of such audit is to verify that DeepJudge is Processing Personal Data in accordance with its obligations under the DPA. Such audit may be carried out by Customer or an inspection body composed of independent members and in possession of required professional certificates or qualifications that bind said body to a duty of confidentiality, and for the avoidance of doubt, no access to any part of DeepJudge’s information technology systems, data hosting sites or centers, or its infrastructure will be permitted. Only to the extent that such audit of DeepJudge’s third-party certifications, audit reports and/or industry standard written audit questionnaires cannot reasonably demonstrate DeepJudge’s compliance with its obligations under the DPA, may Customer or an inspection body composed of independent members elected by Customer that is bound by a duty of confidentiality conduct an audit of DeepJudge. Any audit shall: (i) be conducted at the expense of Customer; (ii) be conducted under mutually agreed notice, scope and duration; (iii) exclude any internal accounting or financial information, trade secret, data or information of any other DeepJudge customer (including its end users), or any information that in DeepJudge’s reasonable opinion could compromise the security of its systems or premises or cause DeepJudge to be in breach of its obligations under Applicable Data Protection Law or its security, confidentiality, or privacy obligations to any other DeepJudge customer or third-party; and (iv) be limited to once per calendar year.

10. International Data Transfers

DeepJudge will only transfer Customer Personal Data across international borders and between jurisdictions in accordance with Applicable Data Protection Law. The parties agree that when the transfer of Customer Personal Data from Customer to DeepJudge is a Restricted Transfer, such transfer shall be subject to Standard Contractual Clauses, which shall be deemed incorporated by reference and form an integral part of this DPA. Appendix B hereto provides additional details as required by Annex I of the SCCs. In the event of a conflict between this DPA and the SCCs, the provisions of the SCCs will control.

11. Disposal and Return

Upon request, and except as required by Applicable Data Protection Law, each DeepJudge will promptly destroy or return to Customer, and upon request, certify such destruction of, all of Customer Personal Data in its possession, on its systems, or held by Subprocessors in its behalf. Any such Customer Personal Data so retained will remain subject to the terms of the Agreement.

12. DeepJudge contact/representative

Please contact yannic@deepjudge.ai regarding any questions or issues related to this DPA. 

APPENDIX B
ANNEX 1 – Details of Processing

A. List of Parties

Data exporter(s): 
The individual or entity that has entered into the Agreement with data importer for the provision of the products and services as described in the Agreement and/or applicable Order Form. 

Activities relevant to the data transferred under these Clauses: Uploading, transmitting, and otherwise processing the data through products or services of Processor.

Role (controller/processor): Controller

Data importer(s)
Name: DeepJudge AG
Address: Zeughausstrasse 31, 8004 Zürich Switzerland 
Contact: Data Protection Officer, yannic@deepjudge.ai

Activities relevant to the data transferred under these Clauses: Providing services upon request to customers

Role (controller/processor): Processor

B. Description of Transfer

For the purposes of the Standard Contractual Clauses, the supervisory authority that shall act as competent supervisory authority is either (i) where Customer is established in an EU Member State, the supervisory authority responsible for ensuring Customer's compliance with the GDPR; (ii) where Customer is not established in an EU Member State but falls within the extra-territorial scope of the GDPR and has appointed a representative, the supervisory authority of the EU Member State in which Customer's representative is established; or (iii) where Customer is not established in an EU Member State but falls within the extra-territorial scope of the GDPR without having to appoint a representative, the supervisory authority of the EU Member State in which the Data Subjects are predominantly located. In relation to Personal Data that is subject to the UK GDPR or Swiss DPA, the competent supervisory authority is the UK Information Commissioner or the Swiss Federal Data Protection and Information Commissioner (as applicable).