Terms of Use for Vention Hub App

These Terms of Use are a legally binding contract between the User/Client on one side and the Company on the other side, which governs the access to and use of Vention Hub provided by the Company to the Clients represented by the Users.

These Terms of Use are intended to ensure a clear understanding of the rights and responsibilities of the Users, theClients, and the Company, with respect to the access to and use of Vention Hub.

By accessing or using Vention Hub, the User and Client agree to be bound by the terms outlined in these Terms of Use. Please read these Terms of Use carefully. If you do not agree to these Terms of Use, you may not access or use Vention Hub.

Section 1: Definitions

For the purposes of these Terms of Use, the following definitions shall apply:

1.1 "User"

The term "User" refers to any individual who created an Account for access or use of Vention Hub on behalf of a Client. The User may also be referred to as "you" or "your" in these Terms of Use. By using Vention Hub, the Useraffirms that they have the authority to represent the Client and bind the Client to these Terms of Use.

1.2 "Client"

The term "Client" refers to the legal entity, such as a corporation, partnership, or other organization, that has a signed contract with one of the Company’s affiliates and that the User represents when accessing or using Vention Hub. The Client is responsible for ensuring that its representatives comply with these Terms of Use and for any actions taken by its representatives within Vention Hub.

1.3 "Vention Hub"

The term "Vention Hub" refers to the Vention Hub app owned and operated by the Company, which is a web-based platform designed to help with coordination of the Services (in particular, schedule activities, provide feedback, etc.). Vention Hub includes all associated services, features, and functionality made available by the Company.

1.4 "Terms of Use"

The term "Terms of Use" refers to this agreement, which governs the access to and use of Vention Hub by theUsers/Clients. The Terms of Use include all rules, conditions, and provisions set forth herein, as well as any future amendments or updates made by the Company to govern the access to and use of Vention Hub.

1.5 "Company"

The term "Company" refers to VENSOLUTIONSGROUP LTD, with its registered office at Griva Digeni 59, Kaimakliotis Building, 5th Floor, 6043 Larnaca, Cyprus, a company incorporated and existing under the laws of Cyprus, which owns and operates Vention Hub. The Company is responsible for providing access to and maintaining Vention Hub, as well as establishing the rules and policies governing its use. The Company may also be referred to as "we," "us," or "our" in these Terms of Use.

1.6 "User-Generated Content"

The term "User-Generated Content" refers to labels, notes, and feedback created by the User within Vention Hub. User-Generated Content does not include the proprietary software, design, or materials owned by the Company.

1.7 "Account"

The term "Account" refers to the individual user profile and associated access credentials created by the User to access and use Vention Hub. The User is responsible for maintaining the confidentiality of their Account credentials.

1.8 "Services"

The term "Services" refers to the services provided by the Company and their affiliates to the Clients according to separate agreements signed between them.

Section 2: User and Client Obligations

2.1 Representation of the Client

The User acknowledges and agrees that they are acting as a representative of the Client (the legal entity to which they belong or for which they work) in connection with their use of Vention Hub. By accepting these Terms of Use, the User affirms that they have the authority to bind the Client to these Terms of Use, and that the Client is legally responsible for the User’s actions within Vention Hub. The User further acknowledges that all their actions/omissions, including creation of User-Generated Content, shall be deemed actions taken by the Client, and the Client will be held responsible for these activities.

2.2 Client’s Responsibility for User Compliance

The Client shall ensure that all its representatives, including the User, comply with these Terms of Use and any applicable laws or regulations. The Client agrees to provide adequate training, guidance, and monitoring of its representatives’ use of Vention Hub to ensure adherence to these Terms of Use. The Client’s failure to do so does not exempt the Client from its responsibility for the conduct of its representatives within Vention Hub.

2.3 Liability of the Client for Breach by User

The Client acknowledges and agrees that it shall be fully responsible for any breach of these Terms of Use committed by its representatives, including the User. Any violation or misuse of Vention Hub by a User or any representative of the Client shall be considered a breach by the Client, and the Client shall be liable for any damages, losses, or legal consequences arising from such breach. This includes, but is not limited to, unauthorized sharing of content, infringement of intellectual property rights, or any unlawful activity conducted within Vention Hub by the User.

2.4 Duty of Good Faith

The Client and the User both agree to act in good faith and to cooperate fully with the Company in any investigation, dispute, or legal proceeding arising from their use of Vention Hub. The Client shall ensure that any disputes or claims related to the User’s actions or omissions within Vention Hub are promptly addressed and resolved, including any claims brought by third parties against the Company as a result of such actions.

2.5 Obligation to Report Misuse

The Client and the User are required to immediately notify the Company of any suspected misuse of Vention Hub, including but not limited to unauthorized access, fraudulent activities, or any content that violates the intellectual property rights of the Company or third parties. Failure to report such misuse within a reasonable time frame may result in liability for the Client for any damages caused by the delay in reporting.

2.6 Ongoing Duty of Compliance

The Client and the User acknowledge that their obligations under this section are ongoing and extend beyond the termination of their access to Vention Hub. Even after Account deactivation, suspension, or termination, the Clientremains liable for any activities that occurred while the User had access to Vention Hub, and the Client’s obligation to ensure compliance with these Terms of Use continues until all obligations are fulfilled.

Section 3: User and Client Access & Control

3.1 Grant of Access

The Company grants both the User and the Client a limited, non-exclusive, non-transferable, and revocable license to access and use Vention Hub solely for the purpose of coordination of the Services. This access is subject to the User's and Client's compliance with these Terms of Use, any additional policies or guidelines established by the Company, and all applicable laws and regulations. The User's and the Client's access to Vention Hub is provided on a conditional basis, which may be revoked or terminated by the Company at any time, at its sole discretion.

3.2 Revocation of Access

The Company reserves the right, at its sole discretion, to revoke, suspend, deactivate, or terminate the User's or the Client's access to Vention Hub at any time and for any reason, without notice, unless otherwise required by law. Such actions may be taken for reasons including, but not limited to, breach of these Terms of Use, violation of applicable laws, or any conduct deemed detrimental to the operation, security, or integrity of Vention Hub. The Company furtherreserves the right, at its sole discretion, to discontinue all or part of Vention Hub at any time and for any reason, without notice, unless otherwise required by law. The User and the Client agree that the Company shall not be liable for any loss, damage, or inconvenience arising from such revocation, suspension, deactivation, termination of access or discontinuation.

3.3 No Obligation to Provide Access

The Company is under no obligation to provide access to Vention Hub or to reinstate access for the User or the Clientwhose access has been revoked, suspended, or terminated. Any decision to reinstate access is at the sole discretion of the Company and will be made on a case-by-case basis. The Company is under no obligation to provide compensation or damages in the event of access being revoked, suspended, or terminated.

3.4 License Limitations

The User and the Client agree not to:

Reverse-engineer, decompile, disassemble, or attempt to discover the underlying source code of Vention Hub.
Copy, modify, adapt, distribute, or create derivative works based on Vention Hub or any part thereof as well as to violate the Company’s intellectual property rights to Vention Hub in any other possible way.
Use Vention Hub or take any other actions with regard to Vention Hub for any purpose other than coordination of the Services.
Share, disclose, or distribute their Account credentials or login information to anyone other than the User who created the respective Account.

3.5 Account Security and Responsibilities

The User and the Client are both responsible for maintaining the confidentiality and security of their respective Account credentials and for all activities that occur under their Accounts. The User and the Client agree to:

Notify the Company immediately of any unauthorized access or use of their Account.
Ensure that their Accounts are used in accordance with these Terms of Use and all applicable laws and regulations.
Maintain accurate and up-to-date information within their Account profiles.

3.6 Termination and No Compensation

Upon termination of the Services, whether by the Company’s affiliates or by the Client, User’s or Client’s access to Vention Hub will be lost. The Company shall not be liable for any damages, losses, or inconvenience resulting from the termination or suspension of access to Vention Hub. No compensation or damages shall be owed to the User or the Client upon such termination or suspension of access.

3.7 Continued Obligations After Termination

Termination of access to Vention Hub does not relieve the User or the Client of any obligations accrued prior to the termination, including but not limited to, any legal responsibilities or obligations related to intellectual property rights. Any provisions of these Terms of Use that, by their nature, should survive termination (such as, but not limited to, data protection, indemnification, and dispute resolution provisions) shall remain in effect after termination.

Section 4: Intellectual Property & User-Generated Content

4.1 Company's Intellectual Property Rights

The Company retains exclusive ownership and all intellectual property rights in and to Vention Hub, including but not limited to all proprietary software, source code, user interfaces, designs, trademarks, logos, content, and any other materials provided by the Company as part of Vention Hub. These rights are protected under applicable intellectual property laws, including copyright, trademark, and patent laws. The User and the Client acknowledge that they have no ownership rights in Vention Hub or any part thereof and that their use of Vention Hub is strictly limited to the terms set forth in these Terms of Use.

4.2 License to Use Vention Hub

Subject to the User's and Client's compliance with these Terms of Use, the Company grants the User and the Client a limited, non-exclusive, non-transferable, and revocable license to access and use Vention Hub solely for the purpose of coordination of the Services. This license does not grant the User or the Client any ownership or other rights in Vention Hub or any intellectual property associated with it.

4.3 User-Generated Content License

By submitting User-Generated Content to Vention Hub, the User and the Client grant the Company and its affiliates a non-exclusive, worldwide, royalty-free license to use, store, display, distribute, reproduce, and modify such User-Generated Content as necessary for the coordination of the Services, as well as for internal purposes such as maintaining and improving Vention Hub and other related purposes.

4.4 Ownership of User-Generated Content

The User and the Client retain full ownership of any User-Generated Content they create or upload to Vention Hub. By submitting such content, the User and the Client acknowledge that the Company and its affiliates are granted the rights described in Section 4.3. The Company does not claim ownership of any User-Generated Content except as necessary to exercise the license granted herein.

4.5 User-Generated Content Guidelines

The User and the Client agree to adhere to the following guidelines when submitting User-Generated Content within Vention Hub:

Accuracy: Content must be accurate, truthful, and relevant to the purpose of Vention Hub.
Professionalism: Content should be respectful, professional, and free from offensive, defamatory, or inappropriate language.
Non-Infringement: Content must not violate the intellectual property rights of others, including copyright, trademark, or patent rights.
Confidentiality: Content must not contain any confidential, proprietary, or sensitive information, which may not be disclosed to the Company or its affiliates.
Legality: Content must comply with all applicable laws and regulations.

The Company reserves the right, but is not obligated, to review, monitor, or remove any User-Generated Content that violates these guidelines or the Terms of Use, at its sole discretion.

4.6 Removal of User-Generated Content

The Company may, at its sole discretion, remove any User-Generated Content that it believes violates these Terms of Use or any applicable laws. The User and the Client acknowledge and agree that they have no right to request the deletion of any content uploaded to Vention Hub, except where required by applicable law. The Company may also suspend or terminate access to Vention Hub for violations related to User-Generated Content.

4.7 No Obligation to Use User-Generated Content

The Company is under no obligation to use, display, or promote any User-Generated Content submitted by the Useror the Client.

Section 5: Financial Responsibilities

5.1 No Charges for Use of Vention Hub

The Client acknowledges that the use of Vention Hub by the User and the Client is provided free of charge. There are no fees or charges for accessing or using Vention Hub now or in the future. The Company does not plan to introduce any paid features or services to Vention Hub.

5.2 Reimbursement for Damages, Legal Costs, or Fines

Although Vention Hub is free to use, the Client agrees to reimburse the Company for any damages, legal costs, fines, or other liabilities incurred by the Company as a result of the Client’s or its representatives' use or misuse of Vention Hub. This includes, but is not limited to, any legal costs or fines arising from violations of intellectual property rights, data protection laws, or any unlawful activity carried out within Vention Hub by the Client or its representatives.

Section 6: Prohibited Uses & Violations

6.1 Prohibited Uses of Vention Hub

The User and the Client agree not to use Vention Hub for any unlawful, harmful, or inappropriate purposes. Specifically, the User and the Client shall not:

Use Vention Hub for any illegal activity or in a manner that violates any applicable laws, regulations, or third-party rights.
Engage in fraudulent or deceptive activities, including but not limited to impersonating others, falsifying information, or engaging in phishing schemes.
Upload, post, or distribute any User-Generated Content that is defamatory, offensive, discriminatory, harassing, abusive, obscene, or otherwise harmful to others.
Violate the intellectual property rights of the Company, third parties, or other Users, including unauthorized copying, distribution, or use of any content.
Attempt to reverse-engineer, decompile, disassemble, or modify Vention Hub, or use any part of Vention Hubfor purposes not expressly authorized by these Terms of Use.
Introduce viruses, malware, or any other harmful software or code into Vention Hub or any associated systems.
Engage in actions that could compromise the security, integrity, or functionality of Vention Hub, including attempting unauthorized access to Vention Hub or any related systems or networks.

6.2 Consequences of Violations

In the event of a violation of these Terms of Use, the Company may take appropriate action, including but not limited to the following:

Suspension or termination of the User's or the Client's access to Vention Hub.
Removal of any User-Generated Content that violates these Terms of Use or any applicable laws.
Legal action, including seeking damages, in response to any unlawful conduct or actions that harm the Companyor its users.
Notification of relevant authorities if the Company believes that the User or the Client's actions involve illegal activity.

The User and the Client acknowledge that any violation of these Terms of Use may result in immediate and irreversible consequences, including loss of access to Vention Hub and potential legal actions.

6.3 Reporting Violations

The User and the Client agree to promptly notify the Company if they become aware of any activity or content within Vention Hub that violates these Terms of Use. The Company will investigate such reports and take appropriate action in accordance with these Terms of Use.

The Company is not obligated to monitor the content or activity within Vention Hub, but it reserves the right to do so and to remove content or suspend access as necessary to ensure compliance with these Terms of Use.

6.4 No Tolerance for Abuse

The Company has a zero-tolerance policy for abuse, harassment, or any conduct that creates a hostile or unsafe environment for other Users or the Company’s staff. The User and the Client agree to respect others and engage in respectful, professional conduct at all times while using Vention Hub.

Section 7: Disclaimers & Liability Limitations

7.1 No Warranties

Vention Hub is provided "as is" and "as available," without any representations or warranties of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, non-infringement, or any warranty arising out of the course of dealing or usage of trade. The Company does not warrant that:

Vention Hub will meet the User's or Client's specific requirements or expectations.
Vention Hub will be uninterrupted, secure, error-free, or free from bugs, viruses, or other harmful components.
Any defects or errors in Vention Hub will be corrected.
The use of Vention Hub will result in the desired outcome or be completely reliable, accurate, or complete.

7.2 Limitation of Liability

To the fullest extent permitted by applicable law, the Company shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, or data, whether in an action in contract, tort, or otherwise, arising out of or in connection with:

The User's or Client's use or inability to use Vention Hub.
Any errors or omissions in the content or services provided through Vention Hub.
Unauthorized access to or alteration of the User's or Client's Account, content, or data.

Section 8: Indemnification Clause

8.1 Indemnification by the User and the Client

The User and the Client agree to indemnify, defend, and hold harmless the Company, its affiliates, directors, officers, employees, agents, and licensors from and against any and all claims, damages, liabilities, costs, expenses (including reasonable attorneys’ fees), and other losses arising out of or in connection with:

Any violation of these Terms of Use by the User or the Client.
Any use of Vention Hub by the User or the Client, including any User-Generated Content submitted or uploaded by the User or the Client.
Any infringement or alleged infringement of third-party intellectual property rights arising from the User’s or the Client’s use of Vention Hub or any User-Generated Content.
Any breach of applicable laws, regulations, or third-party rights by the User or the Client while using Vention Hub.
Any act or omission that causes harm to the Company, other Users, or third parties, whether intentional or negligent.

8.2 Indemnification Procedure

The Company shall promptly notify the User and the Client in writing of any claim, suit, or proceeding brought against it for which the User or the Client is required to provide indemnification under this section. The User and the Client shall cooperate with the Company in the defense of any such claim, suit, or proceeding, at their own expense. The User and the Client shall not settle any such claim without the prior written consent of the Company, which consent shall not be unreasonably withheld.

8.3 No Limitation on Indemnification

Nothing in these Terms of Use shall limit or exclude the User's or the Client's liability to indemnify the Company for any damages arising from personal injury, death, fraud, or intentional misconduct.

Section 9: Modifications to Terms

9.1 Right to Modify the Terms of Use

The Company reserves the right to modify, amend, or update these Terms of Use at any time, at its sole discretion. Any modifications, amendments, or updates to these Terms of Use will be posted on Vention Hub or otherwise communicated to the User and the Client via email or other appropriate means.

9.2 Notification of Changes

The Company will make reasonable efforts to notify the User and the Client of any material changes to the Terms of Use. Such notifications may be provided through email, a pop-up notice within Vention Hub, or other communication methods deemed appropriate by the Company. It is the responsibility of the User and the Client to review the updated Terms of Use periodically.

9.3 Acceptance of Modifications

Any modifications or updates to these Terms of Use will become effective immediately upon posting or notification, unless otherwise stated. Continued use of Vention Hub after the effective date of any modifications constitutes the User's and the Client's acceptance of the updated Terms of Use. If the User or the Client does not agree to the modified Terms of Use, they must immediately cease using Vention Hub.

Section 10: Service Maintenance & Outages

10.1 Scheduled Maintenance

The Company may, from time to time, schedule maintenance for Vention Hub to improve its performance, security, or functionality. The Company will make reasonable efforts to notify the User and the Client in advance of any planned maintenance, including expected downtime. However, the Company is not obligated to provide advance notice in all cases, particularly for minor maintenance or emergency maintenance.

Scheduled maintenance may result in temporary unavailability or reduced functionality of Vention Hub, and the Userand the Client acknowledge and accept that such downtime is a possibility.

10.2 Unscheduled Outages

Vention Hub may also experience unscheduled outages or interruptions due to factors beyond the Company's control, such as technical failures, network issues, or force majeure events. The Company will make reasonable efforts to restore Vention Hub to normal operation as quickly as possible in the event of an unscheduled outage.

The Company does not guarantee uninterrupted or error-free service and is not liable for any downtime or outages, including those caused by third-party service providers, network issues, or hardware failures.

10.3 No Compensation for Service Interruptions

The User and the Client acknowledge that no compensation, refunds, or damages will be owed by the Company for any interruptions, delays, or outages of Vention Hub, whether scheduled or unscheduled. The Company does not guarantee a specific level of availability, and any downtime does not affect the User's or the Client's obligations under these Terms of Use.

10.4 Emergency Maintenance

In the event of an emergency maintenance situation, such as security vulnerabilities or critical system failures, the Company may perform maintenance without prior notice to ensure the integrity and security of Vention Hub. The User and the Client acknowledge that emergency maintenance may result in service interruptions or reduced functionality, and agree to cooperate with the Company as needed during such periods.

Section 11: Governing Law & Dispute Resolution

11.1 Governing Law

These Terms of Use shall be governed by, and construed in accordance with, the laws of Cyprus, without regard to its conflict of law principles. The User and the Client agree that any disputes arising out of or in connection with these Terms of Use shall be subject to the exclusive jurisdiction of the courts located in Cyprus.

11.2 Dispute Resolution

In the event of any dispute, claim, or controversy arising out of or in connection with these Terms of Use, the User and the Client agree to attempt to resolve the dispute informally through good-faith negotiations. The User and the Clientshall promptly notify the Company in writing of any dispute, and the parties shall work together to reach a resolution in a reasonable time frame.

If the dispute cannot be resolved through informal negotiations, the parties agree that the dispute shall be submitted to the courts of Cyprus, which shall have exclusive jurisdiction to resolve the matter. The User and the Client waive any objections to the personal jurisdiction of the courts of Cyprus and agree to submit to such jurisdiction.

11.3 No Requirement for Mediation or Arbitration

The User and the Client agree that there shall be no requirement to engage in any form of mediation or arbitration before resorting to litigation. The parties may choose to pursue any available legal remedies in Cyprus courts without first attempting alternative dispute resolution methods.

11.4 Class Action Waiver

The User and the Client agree that any dispute, claim, or controversy arising out of or relating to these Terms of Usemust be brought in an individual capacity, and not as a class action, collective action, or representative action. The Userand the Client waive any right to participate in a class action or collective action related to any such disputes.

Section 12: Severability Clause

12.1 Severability of Provisions

If any provision of these Terms of Use is determined to be illegal, invalid, or unenforceable under applicable law, such provision shall be deemed to be modified or severed from these Terms of Use to the extent necessary to make it enforceable, and the remaining provisions shall remain in full force and effect. The invalidity or unenforceability of any provision shall not affect the legality, validity, or enforceability of any other provision of these Terms of Use.

Section 13: Survival Clause

13.1 Survival of Key Provisions

Notwithstanding the termination or expiration of these Terms of Use, the following provisions shall survive and remain in effect:

Intellectual Property Rights: The Company's ownership of intellectual property in Vention Hub and the User's and Client's obligations related to the use of Vention Hub shall survive.
Indemnification: The User and the Client's obligation to indemnify the Company for claims, damages, and liabilities shall survive.
Liability Limitations: The limitations of liability set forth in these Terms of Use shall continue to apply after termination.
Governing Law & Dispute Resolution: The dispute resolution provisions, including the requirement for litigation in Cyprus, shall survive.

Section 14: Compliance with Local Laws

14.1 Responsibility for Compliance

The User and the Client are responsible for ensuring that their use of Vention Hub complies with all applicable local, national, and international laws, regulations, and ordinances. This includes, but is not limited to, data protection laws, intellectual property laws, and any other laws that may apply to their use of Vention Hub.

14.2 Prohibited Jurisdictions

The User and the Client agree not to use Vention Hub in any jurisdiction where Vention Hub or these Terms of Usewould be illegal or in conflict with local laws. If the User or the Client is located in such a jurisdiction, they must immediately cease using Vention Hub.

14.3 Export Control Laws

The User and the Client agree that they will not export, re-export, or otherwise transfer any content, software, or services provided through Vention Hub in violation of any applicable export control laws or regulations of any jurisdiction.

Section 15: Data Protection

15.1 Compliance with Data Protection Laws

The Company, the User and the Client acknowledge and agree that their use of Vention Hub involves the collection, processing, and storage of personal data. The Company, the User and the Client agree to comply with all Applicable Data Protection Laws and regulations, including but not limited to the General Data Protection Regulation (GDPR)for users in the European Union, and any other relevant laws governing the protection of personal data.

15.2 User’s Personal Data

The Company is committed to protecting the privacy and confidentiality of User’s personal data. The collection, use, and processing of User’s personal data through Vention Hub are governed by the Privacy Policy, which is incorporated by reference into these Terms of Use.

15.3 Company’s Personal Data

In connection with the use of Vention Hub, the User and Client will process personal data of the Company’s or its affiliates’ staff members who are involved in the operation and maintenance of Vention Hub as well as provision or coordination of the Services. The processing of the Company’s personal data is governed by Appendix 1, which is an integral part of these Terms of Use.

15.4 Client’s Personal Data

In connection with the operation of Vention Hub, the Company may process personal data of the Client’s staff members involved in provision or coordination of the Services. The processing of the Client’s personal data is governed by Appendix 2, which is an integral part of these Terms of Use.

Section 16: Restriction on Assignment

16.1 Prohibition on Assignment

The Client and the User may not assign, transfer, sublicense, or otherwise delegate their rights or obligations under these Terms of Use to any third party without the prior written consent of the Company. Any unauthorized assignment, transfer, or delegation shall be void and without effect.

16.2 Assignment by the Company

The Company may assign, transfer, or sublicense its rights and obligations under these Terms of Use, in whole or in part, to any third party at its sole discretion, without the consent of the User or the Client. Any such assignment shall be binding upon the User and the Client.

Section 17: Termination Waiver

17.1 Waiver of Claims Upon Termination

The User and the Client acknowledge and agree that upon the termination, suspension, or revocation of access to Vention Hub, the User and the Client shall have no right to claim any damages, compensation, or refund for any loss of access, data, or service, unless such claims are explicitly permitted by applicable law.

The User and the Client waive any rights to pursue legal action or seek remedies for the termination or suspension of Vention Hub access, provided that the termination or suspension is in accordance with these Terms of Use.

17.2 No Waiver of Rights for Violations

Notwithstanding the waiver of claims upon termination, this section does not limit the Company's right to enforce its legal rights or remedies for any breach or violation of these Terms of Use prior to termination. The Company may take action to remedy violations of these Terms of Use, including seeking legal action or other remedies as appropriate.

Section 18: Entire Agreement

18.1 Complete and Binding Agreement

These Terms of Use, together with any other policies or agreements expressly incorporated by reference, constitute the entire agreement between the User, the Client, and the Company with respect to the access to and use of Vention Hub. This agreement supersedes all prior or contemporaneous agreements, representations, warranties, and understandings, whether written or oral, relating to the subject matter of these Terms of Use.

18.2 No Reliance on Prior Representations

The User and the Client acknowledge that, in entering into these Terms of Use, they have not relied upon any representations, statements, or warranties made by the Company or any third parties, except as expressly set forth in these Terms of Use. Any prior representations not expressly incorporated into these Terms of Use are void and without effect.

18.3 Modifications to the Agreement

Any modifications or amendments to these Terms of Use shall only be valid if made in writing and agreed upon by both the User/Client and the Company. The Company reserves the right to modify these Terms of Use in accordance with Section 9 (Modifications to Terms), but any such modifications will not affect rights or obligations accrued prior to the date of modification.

Section 19: Headings

19.1 Purpose of Headings

The headings used in these Terms of Use are for convenience and reference only. They do not affect the interpretation or construction of any provisions of these Terms of Use. In the event of any ambiguity or conflict between the headings and the actual provisions, the provisions shall control.

19.2 No Legal Effect

The headings are not intended to alter the legal effect of the respective sections and shall not be used for any legal purpose other than for ease of reference.

Section 20: Contact Information

The User/Client can reach the Company at the following contact details:

Email: IPSD.Request@ventionteams.com

Appendix 1 to Terms of Use for Vention Hub App

Independent Controller Agreement

This ICA is entered into by and between the Company and the Client, each acting as an independent Controller, collectively referred to as the "Parties" or individually as a "Party".

This ICA sets out the terms and conditions, under which the Company provides access to the Company Personal Data to the Client, who will also be acting as an independent Controller. The Parties recognize their respective roles as independent Controllers for the Company Personal Data processed under this ICA.

This ICA is incorporated into and shall form part of the Terms of Use. In the event of a conflict between any of the provisions of this ICA and the provisions of the Terms of Use, the provisions of this ICA shall prevail.

Section 1. Definitions

For the purposes of this ICA, the following definitions shall apply:

1. Affiliate: any entity that directly or indirectly controls, is controlled by, or is under common control with a Party.

2. Applicable Data Protection Laws: all data privacy or data protection laws or regulations globally that apply to the Processing of the Company Personal Data under the ICA (including, where applicable and without limitation: the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK Data Protection Act of 2018 and the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act of 2018 (the “UK GDPR”), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA”)), inclusive of any U.S. state law that draws a distinction between a Controller and a Processor, and, in each case as amended, replaced or superseded from time to time and together with implementing regulations.

3. Company Personal Data: Personal Data of the staff members of the Company or its affiliates shared with the Client via Vention Hub.

4. Controller: has the meaning given under the Applicable Data Protection Laws that employ that term in designating between “processors” and “controllers” of Personal Data. Where applicable, “Controller” shall also have the same meaning as “Business” for the purposes of the CCPA.

5. Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Company Personal Data transmitted, stored or otherwise processed.

6. Data Subject: has the meaning given under the Applicable Data Protection Laws, and shall also mean a “consumer” for purposes of the Applicable Data Protection Laws using that term.

7. EEA: the Member States of the European Union together with Iceland, Norway, and Liechtenstein.

8. ICA: this present Independent Controller Agreement.

9. Personal Data: has the meaning given under the Applicable Data Protection Laws, and, where applicable, shall include information that is “Personal Information” for the purposes of the CCPA.

10. Processing: has the meaning given under the Applicable Data Protection Laws, and "Process" and its cognates will be interpreted accordingly.

11. Processor: has the meaning given under the Applicable Data Protection Laws that employ that term in designating between “processors” and “controllers” of Personal Data. Where applicable, “Processor” shall also have the same meaning as “Service Provider” for the purposes of the CCPA.

12. Standard Contractual Clauses: either or both of the following, as the context requires, along with any successor clauses thereto:

a. The “EU SCCs”, meaning the Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (located https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj) and completed as set forth herein.

b. The “UK SCCs”, meaning the United Kingdom International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (located at https://ico.org.uk/media2/migrated/4019539/international-data-transfer-addendum.pdf) and completed as set forth herein.

13. Sub-processor: Any third-party Processor engaged by the Client to process Company Personal Data on behalf of the Client. A sub-processor must comply with the data protection obligations outlined in this ICA.

14. Supervisory Authority: the data protection supervisory authority (including any cognate terms) as defined under the Applicable Data Protection Laws.

Terms defined in the Applicable Data Protection Laws as well as in the Terms of Use shall have the same meaning when used in this ICA, unless defined in this ICA.

Section 2: Types of Company Personal Data Accessed

Under this ICA, the Client will have access to the following types of Company Personal Data via Vention Hub:

Photo.
Title/Position.
First Name.
Last Name.
Contact Email.
Specialization: (e.g., .NET).

Access to this data will be provided only to the extent necessary for the Client to coordinate the Services.

The Client agrees not to access or use any Company Personal Data beyond what is necessary for the coordination of the Services and to adhere to the principle of data minimization. The Company retains the right to limit or restrict access to specific data elements based on the needs of the Client and the purpose of the Services.

Section 3: Lawful Basis for Processing

The Parties acknowledge that the lawful basis for Processing Company Personal Data under this ICA is provided by the Applicable Data Protection Laws. Both the Company and the Client, acting as independent Controllers, will ensure that any Company Personal Data accessed, processed, and stored through Vention Hub is processed lawfully, fairly, and transparently.

The lawful basis for the Processing of Company Personal Data under this ICA is as follows:

1. Legitimate Interest: Both the Company and the Client may rely on legitimate interests as the lawful basis for Processing Company Personal Data in cases where such Processing is necessary for the purposes of team management, feedback sharing, or other activities directly related to the coordination of the Services. This basis applies where Processing is proportionate and does not override the rights and freedoms of the Data Subjects.

The Company and the Client will ensure that they provide appropriate transparency and inform the Data Subjectsabout the Processing activities in accordance with the requirements set out in the Applicable Data Protection Laws, including providing clear notices regarding the Processing of their Personal Data through Vention Hub.

Section 4: Use of Company Personal Data

The Parties agree that Company Personal Data accessed through Vention Hub will only be used for the purpose of coordination of the Services, and the Client shall not process or use such Company Personal Data for any other purpose. The Company and the Client agree to comply with the principles of data minimization and purpose limitation, ensuring that only the necessary Company Personal Data is processed in a lawful and transparent manner.

Section 5: Security Measures

The Company and the Client agree to take appropriate technical and organizational measures to ensure the security of Company Personal Data processed under this ICA. These measures are intended to protect the Company Personal Data from unauthorized access, disclosure, alteration, loss, or destruction, in line with Applicable Data Protection Laws.

1. Security Measures to Be Implemented: Both Parties will implement security measures that are appropriate to the risks involved in the Processing of Company Personal Data, which may include but are not limited to:

Encryption: Encrypting Company Personal Data both at rest and during transmission to protect it from unauthorized access.
Access Control: Implementing access controls to ensure that only authorized personnel have access to Company Personal Data based on the principle of least privilege.
Data Integrity: Ensuring that Company Personal Data is accurate and complete and that Processingactivities do not lead to data corruption or unintended modification.
Authentication and Authorization: Using strong authentication and authorization mechanisms to verify the identity of individuals accessing Company Personal Data through Vention Hub.
Monitoring and Logging: Implementing logging and monitoring of access to the Company Personal Data to detect any unauthorized attempts to access or manipulate it.

2. Notification of New Risks: If either Party identifies any new risks to the security of Company Personal Data(such as the introduction of new Processing activities or vulnerabilities), they are required to notify the other Partyimmediately. The Company reserves the right to request additional safeguards if new risks are identified that could impact Company Personal Data security, especially in cases involving sensitive data.

3. Updates to Security Measures: The Parties agree to periodically review and update their security measures to reflect changes in technological developments, regulatory requirements, or operational needs. The Companymay request changes to the security measures from the Client if the existing measures are deemed inadequate to protect the Company Personal Data.

4. Security Incident Management: In the event of a Data Breach or any other security incident that compromises Company Personal Data, the Parties must immediately take appropriate action to contain and mitigate the incident. The Client must inform the Company without undue delay and in any case, within 72 hours of becoming aware of the breach, in compliance with GDPR notification requirements.

Section 6: Data Breach Notification

In the event of a Data Breach, both the Company and the Client have an obligation to promptly notify the other Partyand take necessary actions in accordance with Applicable Data Protection Laws. This section outlines the procedures to follow in the event of a Data Breach.

1. Notification of Data Breach:

Client's Obligation: The Client must immediately notify the Company without undue delay, and in any case within 72 hours of becoming aware of a Data Breach. The notification must include the following details:

The nature of the Data Breach, including the categories and approximate number of Data Subjectsand data records affected.
The likely consequences of the Data Breach.
The measures taken or proposed to mitigate the impact of the Data Breach.

Company's Obligation: Upon receiving the notification from the Client, the Company will assess the Data Breach's impact and determine the necessary steps for mitigating risks to the affected Data Subjects. The Company will cooperate with the Client and any relevant authorities to ensure appropriate actions are taken.

2. Cooperation with Supervisory Authorities

Both Parties agree to cooperate with any relevant Supervisory Authority. In case the Data Breach needs to be reported to the Supervisory Authority, the Company will lead the communication process, and the Client must provide any required information in a timely manner.

3. Notification to Affected Data Subjects

If the Data Breach is likely to result in a high risk to the rights and freedoms of the affected Data Subjects, the Company shall notify those Data Subjects without undue delay, in accordance with the Applicable Data Protection Laws. The Client agrees to cooperate with the Company in providing information to affected Data Subjects as required.

4. Mitigation of Damage

Both Parties agree to take reasonable steps to mitigate the impact of the Data Breach. The Client must take any necessary actions to prevent further breaches, including but not limited to enhancing security measures, conducting an internal investigation, and implementing corrective actions as needed.

Section 7: Data Retention

The Client agrees to retain Company Personal Data only for as long as necessary to fulfill the purposes outlined in this ICA, in compliance with the Applicable Data Protection Laws.

1. Data Retention:

Company Personal Data accessed through Vention Hub will be retained for the duration of the Client’s use of the Services. The retention period will be determined based on the specific business needs of the Client, the duration of the Services provided, and legal or regulatory requirements.
The Client agrees to review the data retention periods periodically to ensure that Company Personal Datais not retained for longer than necessary for the purposes for which it was collected.

2. Exceptions for Retention

The Client may retain Company Personal Data beyond the retention period if required by the Applicable Data Protection Laws. In such cases, the Client will notify the Company of the retention requirement and will ensure that the data is securely stored and protected.

Section 8: Changes to Data Processing Practices

The Client agrees to notify the Company in writing of any significant changes to its data Processing practices that could affect the Processing of Company Personal Data under this ICA. This includes changes related to the types of Company Personal Data processed, the purposes of Processing, or the security measures in place.

1. Notification of Changes: The Client must provide the Company with written notice of any significant changes to its data Processing activities, including but not limited to:

Changes in the types of Company Personal Data being processed (e.g., additional categories of Company Personal Data).
Changes in the Processing purposes (e.g., new uses for the Company Personal Data).
Changes in the Processing methods or the introduction of new technologies used to process the Company Personal Data.

2. Evaluation and Approval: Upon receiving notification of any changes, the Company will assess whether the changes impact the terms of this ICA or require modifications to ensure continued compliance with Applicable Data Protection Laws. The Company may request additional security measures, data protection safeguards, or revisions to the ICA to address any new risks posed by the changes.

If the changes affect the Processing of Company Personal Data in a way that requires a renegotiation of the terms or additional safeguards, the Client agrees to cooperate in making such revisions or adjustments.

3. Impact on Data Subject Rights: The Client agrees to assess whether any changes to the data Processingpractices may affect the rights and freedoms of the Data Subjects. If the changes introduce new risks (e.g., increased risk of unauthorized access, use, or loss of Company Personal Data), the Client must immediately notify the Company and work together to implement appropriate measures to mitigate those risks.

4. Ongoing Compliance: Both Parties agree to ensure that their data Processing practices remain in compliance with the Applicable Data Protection Laws. If the Company becomes aware of any breach of these obligations or potential non-compliance, it will work with the Client to correct the issue promptly.

Section 9: Audit Rights and Compliance

The Company retains the right to audit the Client’s data Processing activities to ensure compliance with this ICA and Applicable Data Protection Laws. This section outlines the procedures for conducting audits, the Client’s obligations, and the actions required in the event of non-compliance.

1. Audit Rights: The Company has the right to:

Conduct audits or inspections of the Client’s data Processing activities to assess compliance with this ICAand Applicable Data Protection Laws.
Request copies of the Client’s internal policies, procedures, and documentation related to the Processingof Company Personal Data.
Request audit reports or certifications to ensure that the Client is meeting the required standards for data protection and security.

The Company may request access to the Client’s premises, systems, and relevant records during the audit. The Clientagrees to grant the Company access for such audits and to provide all reasonable assistance during the process.

2. Frequency of Audits: Audits may be conducted on a regular basis, or as necessary, if the Company becomes aware of any issues related to the Client’s data Processing activities. The frequency of audits will depend on factors such as the risk of non-compliance, the sensitivity of the Company Personal Data processed, and the level of risk involved.

3. Corrective Actions: In the event that an audit identifies any non-compliance with this ICA or Applicable Data Protection Laws, the Client agrees to take corrective actions to address the findings. These actions may include:

Implementing additional security measures or improvements to data Processing practices.
Updating policies and procedures to ensure ongoing compliance with Applicable Data Protection Laws.
Rectifying any deficiencies in record-keeping, documentation, or security protocols.

4. Client’s Cooperation: The Client agrees to fully cooperate with the Company during any audit, including providing timely access to relevant information, systems, and personnel. The Client will also take appropriate steps to address any issues identified during the audit to ensure continued compliance with this ICA and Applicable Data Protection Laws.

5. Audit Costs: The costs associated with conducting an audit will generally be borne by the Company. However, if the audit reveals significant non-compliance by the Client, the Client may be required to cover all or part of the costs associated with the audit, including any additional assessments or corrective actions necessary to remedy the identified issues.

Section 10: Sub-Processors

The Client agrees to ensure that any Sub-Processors engaged by the Client to process Company Personal Data are bound by the same data protection obligations as those set out in this ICA. This section outlines the procedures for engaging Sub-Processors, and the responsibilities of the Client regarding Sub-Processor compliance.

1. Engagement of Sub-Processors:

The Client may engage Sub-Processors to process Company Personal Data only if they are necessary for the coordination of the Services. The Client must ensure that any Sub-Processor complies with the terms of this ICA and Applicable Data Protection Laws.

2. Obligations of Sub-Processors:

The Client must ensure that any Sub-Processor engaged is subject to written contractual obligations that impose the same level of data protection and security obligations as set out in this ICA.
The Client is responsible for ensuring that Sub-Processors act in compliance with these obligations and for monitoring their performance to ensure data protection standards are maintained.

3. Liability for Sub-Processors:

The Client remains fully responsible for the acts and omissions of its Sub-Processors. If any Sub-Processorfails to comply with data protection obligations, the Client is liable for any damages, losses, or legal claims arising from the failure to meet the terms of this ICA.
The Client agrees to indemnify and hold the Company harmless from any claims, losses, or damages resulting from the Client’s failure to ensure Sub-Processor compliance with this ICA.

4. Sub-Processor Audits:

The Client agrees to ensure that Sub-Processors cooperate with the Company in the event that an audit or inspection is required. The Client must also ensure that Sub-Processors provide the Company with relevant records or certifications upon request to confirm compliance with data protection obligations.

Section 11: Indemnification and Liabilities

This section outlines the indemnification provisions and liabilities of the Client under this ICA. It ensures that the Client holds the Company harmless for certain damages and liabilities arising from non-compliance or improper use of Company Personal Data.

1. Indemnification: The Client agrees to indemnify, defend, and hold the Company harmless from any claims, losses, damages, fines, penalties, or legal costs (including legal fees) arising from:

The Client’s breach of any provision of this ICA, including any failure to comply with Applicable Data Protection Laws.
Any misuse or unauthorized Processing of Company Personal Data by the Client.
The Client’s failure to properly monitor its Sub-Processors’ compliance with data protection obligations.
Any third-party claims or actions related to the Client’s Processing of Company Personal Data that are inconsistent with the terms of this ICA or Applicable Data Protection Laws.

2. Limitation of Liability:

No Liability for Indirect Damages: Neither Party shall be liable for any indirect, special, consequential, or punitive damages, including but not limited to loss of profits, loss of data, or loss of business, arising from the performance or non-performance of obligations under this ICA.
Liability Cap: Company’s total liability for damages arising out of or in connection with this ICA shall be limited to the total fees paid by the Client to the Company or its Affiliates for the Services in the 12 months preceding the incident that gave rise to the liability, unless the damages arise from intentional misconduct or gross negligence.

3. Procedure for Indemnification:

The indemnified Party must promptly notify the indemnifying Party of any claim, loss, or damage for which indemnification is sought.
The indemnifying Party will have the right to assume control of the defense of any claim or action, and the indemnified Party agrees to cooperate fully with the indemnifying Party in defending the claim.
The indemnified Party shall not settle any claim or action without the prior written consent of the indemnifying Party, unless such settlement does not impose any liability or obligation on the indemnified Party.

Section 12: Applicable Law and Jurisdiction

This section establishes the governing law and jurisdiction for any disputes arising from this ICA, ensuring clarity on the legal framework that governs the terms and the processes for resolving disputes.

1. Governing Law: This ICA shall be governed by, and construed in accordance with, the laws of Cyprus, without regard to its conflict of law principles. The Parties agree that the provisions of this ICA shall be interpreted in light of the laws and regulations applicable in Cyprus, including Applicable Data Protection Laws.

2. Jurisdiction: Any disputes arising out of or in connection with this ICA, including any questions regarding its existence, validity, or termination, shall be subject to the exclusive jurisdiction of the courts of Cyprus. The Partieshereby submit to the personal jurisdiction of these courts and agree that any legal action or proceeding arising out of or related to this ICA shall be brought exclusively in such courts.

3. Enforceability: In the event that any provision of this ICA is deemed to be invalid or unenforceable by a court of competent jurisdiction, the remainder of the ICA shall continue in full force and effect. The Parties agree to replace any unenforceable provision with a provision that comes as close as possible to the original intent of the unenforceable provision, in a manner that complies with applicable laws.

Section 13: Data Transfers

1. Transfers Mechanism. To the extent that the Processing of Company Personal Data involves the transmission of such Company Personal Data to a country or territory outside the country from which such Company Personal Datawas provided to the Client, the Parties will comply with any requirements under Applicable Data Protection Lawsregarding such transfers. To the extent required by Applicable Data Protection Laws, the Client shall ensure that a lawful data transfer mechanism is in place prior to engaging in any onward transfers of Company Personal Data from one country to another.

2. EU SCCs. To the extent legally required, the Parties are deemed to have entered into and signed the EU SCCsand its Annexes, which form part of this ICA and take precedence over the rest of this ICA to the extent of any conflict. Except as described in Section 13.3 below, the EU SCCs are deemed completed as follows:

a. Module 1 of the EU SCCs applies to transfers of Company Personal Data.

b. Clause 7 (the optional docking clause) is excluded.

c. Clause 11 (Redress): The optional language requiring that Data Subjects be permitted to lodge a complaint with an independent dispute resolution body is not included.

d. Clause 17 (Governing law): The Parties choose Option 1 (the law of an EU Member State that allows for third-Party beneficiary rights) and select the law of Cyprus.

e. Clause 18 (Choice of forum and jurisdiction): The Parties select the courts of Cyprus.

f. Annex I is completed as set forth in Exhibit 1 of this ICA. For Annex I(C), the Parties select the Commissioner for the Protection of Company Personal Data in Cyprus. Annex II is completed as set forth in Exhibit 2 of this ICA. Annex III is not applicable.

3. UK SCCs. To the extent legally required, by entering into this ICA, the Parties are deemed to have entered into and signed the UK SCCs, which form part of this ICA and take precedence over the rest of this ICA to the extent of any conflict. The Tables within the UK SCCs are deemed completed as follows:

a. Table 1: The Parties’ details shall be the Parties and their Affiliates to the extent any of them is involved in such transfer, and the Key Contact shall be the contacts set forth in Exhibit 1 of this ICA, as applicable.

b. Table 2: The Approved EU SCCs referenced in Table 2 shall be the EU SCCs as executed by the Partiesand completed above, except that: (a) Clause 17 (Governing law): The Parties choose the law of England and Wales; (b) Clause 18 (Choice of forum and jurisdiction): The Parties select the courts of England and Wales and (c) Annex 1C and Clause 13: the Parties select the UK Information Commissioner.

c. Table 3: Annex I is set forth in Exhibit 1 of this ICA. Annex II is set forth in Exhibit 2 of this ICA. Annex III is not applicable.

d. Table 4: The Parties may end the UK SCCs as set out in Section 19 of the UK SCCs.

Exhibit 1 to the ICA

List of Parties

Data exporter(s):

Name: the Company, as defined in the Terms of Use.

Address: the address of the Company specified in the Terms of Use.

Contact person’s name, position and contact details: Andrei Kulhachou, Director, Legal.Privacy@ventionteams.com.

Activities relevant to the data transferred under these Clauses: coordination of the Services through the use of Vention Hub.

Signature and date: N/A

Role (controller/processor): Controller

Data importer:

Name: the Client, as defined in the Terms of Use.

Address: as set forth in the agreement between the Client and the Company’s Affiliate.

Contact person’s name, position, and contact details: as set forth in the agreement between the Client and the Company’s Affiliate.

Activities relevant to the data transferred under these Clauses: coordination of the Services through the use of Vention Hub.

Signature and date: N/A

Role (controller/processor): Controller

Description of Transfer

Categories of Data Subjects whose Company Personal Data is transferred: Company’s or Company’s Affiliates’staff members.

Categories of Company Personal Data transferred: as specified in Section 2 of the ICA.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): On a continuous basis.

Nature of the Processing: as set forth in the ICA.

Purpose(s) of the data transfer and further Processing: coordination of the Services through the use of Vention Hub.

The period for which the Company Personal Data will be retained, or, if that is not possible, the criteria used to determine that period: as specified in Section 7 of the ICA.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the Processing: Same as above.

Exhibit 2 to the ICA

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Client shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

(a) the pseudonymisation and encryption of Company Personal Data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;

(c) the ability to restore the availability and access to Company Personal Data in a timely manner in the event of a physical or technical incident;

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.

Appendix 2 to Terms of Use for Vention App

Data Processing Agreement

This DPA shall apply if and to the extent Company collects or otherwise processes Client Personal Data in connection with the operation of Vention Hub.

Section 1: Definitions

For the purposes of this DPA, the following definitions shall apply:

1. “Adequacy Decision” means a decision issued by the European Commission or equivalent Supervisory Authorityof other countries where the country has been determined to have adequate level of data protection under Applicable Data Protection Laws.

2. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.

3. “Applicable Data Protection Laws” means all data privacy or data protection laws or regulations globally that apply to the Processing of Personal Data under this DPA (including, where applicable and without limitation: the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK Data Protection Act of 2018 and the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act of 2018 (the “UK GDPR”), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA”)), inclusive of any U.S. state law that draws a distinction between a Controller and a Processor, and, in each case as amended, replaced or superseded from time to time and together with implementing regulations.

4. “Client Personal Data” means any Personal Data in respect of which the Client is acting as a Controller or another Controller’s Processor and such Personal Data is processed by Company in connection with operation of Vention Hub.

5. “Controller” has the meaning given under the Applicable Data Protection Laws that employ that term in designating between “Processors” and “Controllers” of Personal Data. Where applicable, “Controller” shall also have the same meaning as “Business” for the purposes of the CCPA.

6. “Data Subject” has the meaning given under the Applicable Data Protection Laws, and shall also mean a “consumer” for purposes of the Applicable Data Protection Laws using that term.

7. “DPA” means the present Data Processing Agreement.

8. “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein.

9. Personal Data: has the meaning given under the Applicable Data Protection Laws, and, where applicable, shall include information that is “Personal Information” for the purposes of the CCPA.

10. Processing: has the meaning given under the Applicable Data Protection Laws, and "Process" and its cognates will be interpreted accordingly.

12. Purpose: to operate Vention Hub or provide the Services.

13. Standard Contractual Clauses: either or both of the following, as the context requires, along with any successor clauses thereto:

14. Sub-Processor: contractor, agent, or other third party (including Company’s Affiliate), which act as a sub-processor on behalf of Company.

15. Supervisory Authority: the data protection supervisory authority (including any cognate terms) as defined under the Applicable Data Protection Laws.

Terms defined in the Applicable Data Protection Laws and the Terms of Use shall have the same meaning when used in this DPA, unless defined within this DPA.

Section 2: Nature of the Processing

The data Processing activities carried out by the Company are described in Annex A to this DPA.

Section 3: Limitations on Use and Compliance with Laws and Regulations

Company acknowledges and agrees that Client may act as either the Controller or Processor of the Client Personal Data, and that Company shall act as Client’s Processor or Sub-Processor, respectively. Company’s obligations under this DPA as a Sub-Processor are equivalent to that of a Processor.

Accordingly, Company shall only use or otherwise process Client Personal Data:

(a) on behalf of and for the benefit of Client in order to carry out the Purpose, and shall not use, sell, rent, transfer, distribute, combine with other information, or otherwise make available or disclose Client Personal Data for Company's own purposes or for the benefit of anyone other than Client, in each case, without Client's prior written consent;

(b) in accordance with Client’s written instructions;

(d) If EU law or EU member state law requires Company to process Client Personal Data other than as specified above, Company shall give Client written notice prior to any such Processing, unless that law prohibits such notice on important grounds of public interest.

The Client guarantees that the Client Personal Data transferred to the Company is received and processed by the Client in accordance with Applicable Data Protection Laws, including the legislative requirements regarding lawfulness of receiving and Processing.

Section 4: Authorization to Share Client Personal Data

1. Company shall not share, transfer, disclose, or otherwise provide access to Client Personal Data to any person or entity other than:

(a) Company’s employees who fulfill the requirements in Section 8 below;

(b) to the extent specified in Client’s consent, Sub-Processors;

(c) on the basis of a court order, subpoena, or other governmental authority, or in case Company is otherwise required to disclose such information by law or regulation; or

(d) to the extent explicitly authorized by Client in writing, and to the extent such disclosure is necessary for the Purpose, to other third parties. Disclosures in accordance with (a) – (c) are hereinafter referred to as “Authorized Disclosures”.

2. If Company receives Client Personal Data in hashed or otherwise obfuscated format, Company shall:

(a) not attempt to reverse engineer or otherwise try to re-identify the hashed or obfuscated Client Personal Data, unless instructed to do so by Client; and

(b) only share the Client Personal Data in the format it received it from Client.

Section 5: Use of Sub-Processors

1. The engagement of Sub-Processor(s) by the Company is only allowed with the prior written consent of the Client. The Client hereby agrees to the engagement of Sub-Processor(s) as follows:

(a) The Client hereby approves the engagement of the Sub-Processors listed in Annex C to this DPA, and such approval is considered as the prior written consent of the Client.

(b) The Client hereby approves the engagement of the Sub-Processor(s) not listed in Annex C to this DPA(“New Sub-Processor(s)”) if the Company notifies the Client of such engagement in writing (email sufficient) before the start of the Client Personal Data Processing by the NewSub-Processor(s), and such approval is considered as the prior written consent of the Client. The Client may object to the use of the New Sub-Processor, at the same time, the Client shall not unreasonably withhold its consent to Company’s engagement of the New Sub-Processor.

2. The Company shall ensure that it enters into a written agreement with the Sub-Processor that includes the same obligations (and, to the extent relevant, specific Processing instructions) as those in this DPA.

3. Company shall be fully responsible for, and liable to, Client for the acts and omissions of its Sub-Processorsas if they were Company’s own acts and omissions.

Section 6: Disclosures under Compulsory Requests

If Company receives a compulsory request from the relevant Supervisory Authority it shall:

(a) provide Client with all information relating to the compulsory request;

(b) give Client a reasonable opportunity to take any steps it considers necessary to protect the confidentiality of Client Personal Data and the rights of the relevant Data Subjects; and

Section 7: Transfer of Personal Data outside of the EEA

1. Notwithstanding anything else set out herein, Company agrees not to transfer Client Personal Data (in each case referred to hereafter as a “Transfer”) to a location outside of the EEA without Client’s prior written consent. Clientmay consent to a Transfer outside of the EEA where Company or Sub-Processor (as the case may be):

(a) becomes a signatory to Standard Contractual Clauses;

(b) where such Transfer will be subject to an Adequacy Decision.

2. Subject to the requirements set forth in section 5 as well as clauses 7.1 (a) or (b) hereof being met, Clienthereby approves Transfer in a location outside of the EEA to the Sub-Processors listed in Annex C to this DPA or the NewSub-Processor(s), engagement of which was approved by Client, and such approval of Transfer is considered as the prior written consent of the Client. The Client may object to the Transfer, at the same time, the Client shall not unreasonably withhold its consent to the Transfer.

Section 8: Information Security Practices

1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Company shall implement and maintain appropriate technical, administrative and organizational measures required to ensure a level of confidentiality and security appropriate to the risks represented by the Processing and the nature of Client Personal Data, and to prevent unauthorized or unlawful Processing of Client Personal Data, including but not limited to measures against unauthorized or unlawful Processing of Client Personal Data and against accidental, unauthorized, or otherwise unlawful loss, misuse, access, alteration, disclosure or destruction of, or damage to, Client Personal Data (Annex B to this DPA). Without limiting the generality of the foregoing or the sole responsibility of Company to implement and maintain appropriate measures, such measures shall, as appropriate, include, but not be limited to, those ensuring that:

(a) Client Personal Data may be kept in a pseudonymous or anonymous format;

(b) Client Personal Data is not changed while stored, transferred, or otherwise processed, unless such change constitutes a functionality of Vention Hub;

(c) the availability of and access to Client Personal Data can be restored in a timely manner in the event of a physical or technical incident;

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing is in place; and

(e) appropriate safeguards are in place to restrict and/or limit access to Client Personal Data to those employees who have a strict need to know in order to carry out the Purpose.

Section 9: Security Incidents and Notices to Third Parties

Company agrees to notify Client without undue delay where Company becomes aware of or reasonably suspects that Client Personal Data has been, or may have been, destroyed, lost, altered, damaged, or subjected to unauthorized internal or external disclosure or access (“Security Incident”), and to take reasonable steps to mitigate the impact of any such Security Incident. To the extent Client seeks the assistance of Company, Company agrees to reasonably cooperate with Client to: (a) determine the scope, severity and root cause of any such Security Incident; and (b) give notice to Supervisory Authorities and the individuals whose Personal Data is the subject of such Security Incident. Unless Company is obliged to give such notice under Applicable Data Protection Laws (if Company gives such notice, it shall promptly notify Client in writing), Company shall not give notice to Supervisory Authorities or the affected individuals except with the prior written approval of Client.

Section 10: Obligation to Restrict Processing of Client Personal Data

Upon Client’s request at any time during the term of the DPA, Company shall restrict or cease the Processing of Client Personal Data identified by Client. The restrictions on Processing may include, but are not limited to, restriction or cessation of profiling and/or automated individual decision-making. All restrictions or directions to cease Processing should be ensured by technical means in such a manner that all or parts of the Client Personal Data, except for storage, is not subject to further Processing operations, and cannot be changed. The fact that the Processing of such Client Personal Data is restricted or required to cease should be clearly flagged in the Company’s systems.

Section 11: Obligation to Anonymize, Delete, and Return Client Personal Data

1. Upon Client’s request at any time during the operation of Vention Hub, (and, if so requested by Client, at regular intervals set by Client), Company shall, at Client's election, either:

(a) render all or part of Client Personal Data anonymous in such a manner that the data no longer constitutes Personal Data; or

(b) permanently delete or render all or parts of the Client Personal Data unreadable.

2. Notwithstanding the aforesaid, upon completion of its obligations towards Client in relation to Processing of Client Personal Data, Company must, at Client's election;

(a) return all or subsets of the Client Personal Data in Company’s possession to Client;

(b) render all Client Personal Data anonymous in such a manner that the data no longer constitutes Personal Data; and/or

3. Company shall delete all existing copies of the Client Personal Data unless EU or member state law requires storage of the Client Personal Data.

4. Upon request by Client, Company must provide written confirmation to Client of anonymization, return, and deletion of Client Personal Data as required by this Section 11.

Section 12: Obligation to Rectify and Update Client Personal Data

Company shall assist Client in ensuring that Client Personal Data is accurate and, where necessary, kept up to date.

Section 13: Obligation to Provide Information and Access

1. Company shall furnish Client any information that Client reasonably requires in order for Client to demonstrate and fulfill its obligations under Applicable Data Protection Laws, including notifying Client as soon as possible of any requests or complaints received from a Data Subject and/or Supervisory Authority by Company in respect of Client Personal Data. Such obligations of Client may include, but are not limited to:

(a) informing Data Subjects of the data Processing practices involved in Company’s operation of Vention Hub;

(b) resolving or responding to any dispute involving Client Personal Data or otherwise demonstrating compliance with this DPA, such as by providing relevant information and documentation;

(c) responding as required to lawful requests by public authorities, including to meet national security or law enforcement requests;

(d) notifying Data Subjects and supervisory authorities of a Security Incident; and

(e) performing data protection impact assessments.

2. If the Company receives a request from a Data Subject for the exercise of the Data Subject’s rights under the Applicable Data Protection Laws and such request is related to the Client Personal Data, the Company must immediately forward the request to the Client and must refrain from responding to the person directly.

3. Company shall immediately notify Client in the event that Company determines that it is no longer able to comply with the provisions of this DPA, and Company shall take reasonable and appropriate steps to stop and remediate any unauthorized Processing.

4. Company shall notify Client immediately, giving full details of Company’s concerns, if it considers any request made by Client under this Section 13 infringes Applicable Data Protection Laws.

Section 14: Obligation to Keep Record

Company shall maintain a record of all categories of Processing activities carried out on behalf of Client, as required by Applicable Data Protection Laws. Said record shall be in writing and in electronic form. Company shall make the record available to Client justified on request.

Section 15: Right to Monitor

1. Upon the request of Client, Company shall grant Client (or a mutually acceptable independent auditor) permission to perform an assessment, audit, examination, or review (“Assessment”) of all controls in Company’s organizational, physical and/or technical environment in relation to all Client Personal Data being processed. Company shall fully cooperate with such Assessment by providing access to knowledgeable personnel, physical premises, documentation, infrastructure and application software that processes, stores or transfers Client Personal Data, sufficient to assure Client that Company complies with its obligations related to privacy and data security under this DPA. The Client's auditing activities may not be carried out in violation of the business secret of the Company as well as may not result in the disclosure of data relating to other customers of the Company or a breach of the Company’s confidentiality obligations. In the event where there is a risk of a violation or disclosure as described above, the Company will be entitled to refuse access to resources including such data or information, without any negative consequences resulting from such refusal. In such a situation, the Company will make every effort to provide the information expected by the Client in a manner that is safe for its resources and does not violate its rights. In addition, upon Client's written request, Company shall provide Client with the results of any audit performed by or on behalf of Company that assesses the effectiveness of Company's information security program as relevant to the security and confidentiality of Client Personal Data. The Client shall compensate any and all costs for requested audit. The request for audit shall be sent to Company not later than 4 months prior to the expected start date of audit. An audit should take place during the working hours of the Company and in a manner that does not hinder the conducted activity.

2. The costs of any such Assessment shall be borne solely by Client, unless (a) Client has initiated the Assessment in light of an established and proven Security Incident caused by the breach of this DPA and/or the Applicable Data Protection Laws by Company, or (b) Company has requested, and Client has agreed, to conduct such Assessment at a location other than at Company’s premises. In the case of (a) or (b), the Assessment shall be conducted at Company’s expense.

Section 16: Indemnification and liability

Client indemnifies Company and holds Company harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the Company and arising directly or indirectly out of or in connection with a breach of this DPA and/or the Applicable Data Protection Laws and/or the rights of Data Subjects by Client.

The Company shall not accept any responsibility and shall not be held responsible for any loss or damage arising from or in respect of any instructions or actions taken (non- taken) by Client that do not comply with Applicable Data Protection Laws.

Section 17: Governing Law and Venue

This DPA shall be governed by, and interpreted in accordance with, the laws of the Cyprus. Any and all disputes arising hereunder shall be resolved exclusively in the competent courts of Larnaka, Cyprus.

Section 18: Final provisions

If any provision of this DPA is found to be invalid, the validity of the other provisions of this DPA shall not be affected. Client and Company shall then enter into consultations with each other to jointly draw up a new provision. This provision shall be in the spirit of the invalid provision where possible, but obviously drafted in such a manner that the provision is valid.

Annex A to the DPA

Description of Data Processing

The data Processing activities carried out by the Company under the DPA may be described as follows:

Subject matter

The subject matter concerns the operation of Vention Hub and provision of the Services.

Duration

Company will process Client Personal Data during provision of the Services.

Nature and purpose

Company will process Client Personal Data as necessary to operate Vention Hub and provide the Services.

Data categories

Company shall process the following categories of Client Personal Data:

First name, last name, position, contact email.

Data Subjects

Processing concerns the following categories of Data Subjects:

Staff members of the Client, its Affiliates or vendors.

Annex B to the DPA

Description of the technical and organizational security measures implemented by the Company

Technical measures

A network scanning to identify vulnerabilities is performed weekly. Based on the results of the scanning, a situation analysis is performed and actions are taken to close the detected vulnerabilities (installing updates / patches or software configuration).
Penetration tests are conducted on the infrastructure part of the network to provide access control to data Processing systems. The penetration test is conducted on the external facing network and internet facing applications to provide input control.
The state-of-art encryption algorithms are used in the Company`s computer software. Internet resources available only through HTTPS + TLS.
IPSEC and SSL / TLS encryption are used when transmitting data over the Internet.
Principle of Least Privilege is used. The user is able to access only the information and resources that are necessary to perform his/her work tasks.
Environment Segregation Principle is used. The development process, the testing process, and the demonstration of prototypes to customers are performed in separate environments.
Anti-virus protection mechanisms are used on all devices and servers of the Company, including email and web applications.
Email encryption includes encrypted email transmission (TLS) and encryption of email content (S/MIME).
Sandboxing of email attachments is implemented using Microsoft Exchange Online Protection (EOP).
Personal computer or mobile device must be encrypted.
Windows OS: full Bitlocker encryption, the password must be requested during boot ○ Mac OS: FileVault encryption for Mac OS, the password must be requested during login ○ Linux: native encryption for Linux distribution, the password must be requested during boot ○ iOS/Android: password or fingerprint protection must be activated for screen activation (unlock).
All devices must be protected by authentication mechanisms to prevent unauthorised access.
All latest operating system security updates must be installed.
Password manager must be used to store corporate credentials.
Antivirus software must be installed and active with most recent threat signatures database on personal computers.
The personal computer should not be shared among family members and third parties.
The personal computer must be kept out of reach by any unauthorised person such as family members, friends, visitors.
Automatic locking features of the devices must be enabled and configured to be active after a period of inactivity.

Organizational measures

ISO 27001 policies and procedures are implemented by the Company.
Physical Security Access Policy is in place, which establishes the rules for management, control, monitoring, and removal of physical access to Company’s facilities.
Data Encryption Policy is in place.
Information Security Policy is in place, which provides for specific requirements regarding user identification and passwords. Each user is allocated an individual user name and password, and must log in with their individual username and not log into a shared account. Requests for new computer accounts and for termination of existing computer accounts must be authorized by the relevant manager and communicated to IT Department. Requests for additional access to specific areas must be authorized in writing.
Asset Management Policy, Remote Access Policy and Physical Security Access Policy are in place. The account shall be removed/disabled/revoked from any computing system, including but not limited to termination of remote access to networks (VPN), physical access to locations, at the end of the individual’s employment or when continued access is no longer required. As for the access to the premises, there are 3 levels of access control, as well as video surveillance to ensure that only authorized personnel have access to equipment, resources and other assets in a facility.
Risk Analysis. The Company has classified and described in its policies and procedures the factors that may cause risks to the operation of the Company, in order to (i) prevent these factors; or (ii) reduce the factors' impact on the operation of the Company if such factors occur.
Data Backup Policy is in place, which provides for the rules for data protection from accidental or intentional deletion.
Background check of all personnel is in place.
Security event monitoring and Security Incident management process (SIEM) is in place. Incident Response Plan Policy is in place.

Annex C to the DPA

List of approved Sub-Processors

Sub-Processors	Transfer mechanism
Vention Development sp. z o.o., a company incorporated in Poland, bearing company registration number 0000865089, and having its registered address at Piotrkowska str. 157a, 90-440 Lodz, the Republic of Poland.	N/A
Vention Development UAB, a company incorporated in Lithuania, bearing company registration number 305887744, and having its registered address at Lvivo str. 25-104, LT-09320 Vilnius, the Republic of Lithuania.	N/A
VENTION FE LLC, a company incorporated in Uzbekistan, bearing company registration number 1036872, and having its registered address at 100070, the Republic of Uzbekistan, Tashkent, Shota Rustaveli str. 32A.	Standard Contractual Clauses
Vention Development LLP, a company incorporated in Kazakhstan, bearing company registration number 220440011311, and having its registered address at Bayzakov street 280, room No.9, zip code 050040, Bostandyk district, Almaty city, Kazakhstan.	Standard Contractual Clauses
Vention Development LLC, a company incorporated in Georgia, bearing company registration number 402215508, and having its registered address at 12 Merab Aleksidze St., floor 3, office space No.24a, Tbilisi, Georgia.	Standard Contractual Clauses
Vention Development LLC, a company incorporated in Kyrgyzstan, bearing company registration number 205977-3300-ООО, and having its registered address at Togolok Moldo str., 60 "a", office 203, 720033 Bishkek, Kyrgyz Republic.	Standard Contractual Clauses
Vention Development s.r.o., a company incorporated in Slovakia, bearing company registration number 54 771 765, and having its registered address at Mlynské nivy 5, 821 09 Bratislava-City district Ružinov, Slovak Republic.	N/A
”VenSolutions” EOOD, a company incorporated in Bulgaria, bearing company registration number 207075466, and having its registered address at p.c. 1000, Triaditsa district, Knyaz Boris I street No. 99, floor 3, the city of Sofia, the Republic of Bulgaria.	N/A
VENTEAMS, LLC WITH VARIABLE CAPITAL, a company incorporated in Mexico, bearing company registration number 2022066110, and having its registered address at Bosque de Ciruelos, 180, PP 101, Bosques de las Lomas, Miguel Hidalgo, Mexico City, 11700.	Standard Contractual Clauses
Vention Inc., a company incorporated in Delaware, USA, bearing company registration number 7298219, and having its registered address at 251 Little Falls Drive, Wilmington, DE 19808, New Castle County.	Standard Contractual Clauses
Vention Solutions Inc., a company incorporated in New Jersey, USA, bearing company registration number 0450937266, and having its registered address at PRINCETON SOUTH CORPORATE CTR STE 160, 100 CHARLES EWING BLVD EWING, NEW JERSEY 08628.	Standard Contractual Clauses
VENTION SOLUTIONS LTD., a company incorporated in UK, bearing company registration number 14787106, and having its registered address at 1st Floor 8 Bridle Close, Kingston Upon Thames, Surrey, England, KT1 2JW.	N/A
Vention Solutions GmbH, a company incorporated in Germany, bearing company registration number HRB 250544 B, and having its registered address at Neue Schönhauser Straße 3-5, 10178 Berlin, Germany.	N/A
Vention Teams GmbH, a company incorporated in Austria, bearing company registration number FN 617598h, and having its registered address at Gertrude-Froehlich-Sandner-Straße 2-4/Tower 9, 1100 Vienna, Austria.	N/A
Vention Solutions LLP, a company incorporated in Kazakhstan, bearing company registration number 241040019458, and having its registered address at Ergozhina str. 27 (Fortis BC), Kazakhstan, Almaty, 050040.	Standard Contractual Clauses