Legal information

Last modified 8 March 2024

SERVICES AND PLATFORM USER AGREEMENT

SECTION I. GENERAL TERMS AND CONDTIONS

PREAMBLE

These terms and conditions of this Services and Platform User Agreement (the “Platform User Agreement”) create a contract between anyone using Vaultinum’s internet platform ( “User” or “you”) and Vaultinum  (“Vaultinum”), a Swiss limited liability company identified by the number BID CHE-225.897.477, having its principal place of business at Rue de Genève 18, 1225 CHENE-BOURG – SWITZERLAND (collectively the “Parties” and individually the “Party”).  Please read the Platform User Agreement carefully. To confirm your understanding and acceptance of the Platform User Agreement, click “I accept.”

Access to the Vaultinum Platform (defined below) and use of the services, including content, data, analytics, reports, white-labelling services, components, products, support, developments, implementations, and related materials provided via the Vaultinum Platform or through another media, such as API, email or cloud services depending on the product or service including Know Your Software I and II solutions, Deposits and Escrow services and Timestamping services provided by Vaultinum (collectively, the “Services”) constitutes your consent to enter into and be legally bound by this Platform User Agreement, the documents referenced herein, Vaultinum’s posted rules and policies, and to make transactions electronically.

YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS PLATFORM USER AGREEMENT AND THAT YOUR AGREEMENT SHALL BE DEEMED RENEWED EACH TIME YOU ACCESS AND USE THE VAULTINUM PLATFORM AND SERVICES PROVIDED THERETHROUGH.  YOU ACKNOWLEDGE THAT YOUR ELECTRONIC SUBMISSIONS CONSTITUTE YOUR AGREEMENT AND INTENT TO BE BOUND BY AND TO PAY, WHERE APPLICABLE, FOR SUCH AGREEMENTS AND TRANSACTIONS. YOUR AGREEMENT AND INTENT TO BE BOUND BY ELECTRONIC SUBMISSIONS APPLIES TO ALL TRANSACTIONS YOU ENTER INTO ON THE VAULTINUM PLATFORM AND ALL USE OF THE SERVICES, INCLUDING NOTICES OF CANCELLATION, SERVICES, POLICIES, CONTRACTS, AND DATA.

In order to access and use the Vaultinum Platform and Services you may be required to have certain hardware, software and Internet access (fees may apply), which are your sole responsibility. Our Services’ performance may be affected by these factors.

ARTICLE I - PURPOSE

The purpose of this Platform User Agreement is to define the general terms and conditions applicable to Vaultinum’s internet platform (the “Vaultinum Platform”) which permits access to and, where applicable and at your option, use of the Services. The platform includes vaultinum.com and any other website operated by Vaultinum.

The Platform User Agreement, the Terms of Use specific to the Service used, the possible service order(s) referring to it (“Service Order”) as well as the service terms negotiated between the Parties (the "Service Terms") constitute the entirety of the commitments existing between the Parties (the “Agreement”).

The Agreement is made up of the following contractual documents presented in order of decreasing legal precedence:

• the Service Order(s) and its Service Terms, if any;
• the Terms of Use specific to each Service;
• the present Platform User Agreement.

If any inconsistency is found among one or more provisions in any of these documents, the document of higher precedence shall prevail.

The Platform User Agreement and the Terms of Use of each Service can only be modified by the provisions of the Service Terms negotiated between the Parties.

ARTICLE 2 - DEFINITIONS

“Account” means the account registered by User at the Vaultinum Platform in order to have access to and, where applicable and at the User’s option, use of the Services.

“Agreement” means the entirety of the commitments existing between the Parties, namely the Platform User Agreement, the Terms of Use specific to the Service ordered, the possible Service Order(s) and Service Terms.

“Assessed Company” means any business or entity which registers an account on the Vaultinum Platform, upon request by a Client or voluntarily, and uses the Know Your Software I Solution and/or the Know Your Software II Solution.

“Audit Report” means the results of the software source code scan and assessment provided by Vaultinum including the illustrations, comparative score card, statistical report and charts, SWOT analysis and recommendations. Audit Reports can include (i) OSS analysis; (ii) language verification; (iii) OSS usage; (iv) inventory of open-source licenses used; and (v) good practices scoring and recommendations.

“Escrow Beneficiary” means any natural person or legal entity benefiting, within the framework of a contractual agreement, from a right of access to the Deposited Elements under the conditions provided in Section I – Deposit and Escrow Services Terms of Use.

“Client” means any natural person or legal entity with the authority to and that has purchased any Vaultinum Services, including the Deposit or Escrow solutions, or the Know Your Software I Solution or Know Your Software II Solution. Client may be a Supplier, an Assessed Company, a Client Beneficiary, a Representative, a Supplier, a depositor, an agent etc.

“Client Beneficiary” means any business, investor, lender, potential acquiror, etc. that has the authority to and that has directed their client (the Assessed Company) to use the Know Your Software I Solution and/or the Know Your Software II Solution.

“Representative” means any agent, consultant, advisor, legal counsel or other representative, including distributors of the Vaultinum Services (whether through white-labeling or otherwise), of the Client or Client Beneficiary.

“Contributions” means any input and/or suggestion of input of different questions, recommendations, responses, weight of impact of questions or responses,  requests for documents and information, as well as any other modification to Vaultinum’s Services by a User, and notably a Representative.

“Code Analyzer” means the crawling and scanning program that analyses the software source-code provided by the Assessed Company.

“Code Audit” means the analysis of the results of the Code Analyzer or other related services provided by Vaultinum under this Agreement.

“Confidential Information” means all proprietary or confidential material or information disclosed orally or in writing by the disclosing party to the receiving party, that is designated as proprietary or confidential or that reasonably should be understood to be proprietary or confidential given the nature of the information and the circumstances of the disclosure, provided that Confidential Information shall not include any information or material that: (i) was or becomes generally known to the public without the receiving party's breach of any obligation owed to the disclosing party, (ii) was or subsequently is independently developed by the receiving party without reference to Confidential Information of the disclosing party, (iii) was or subsequently is received from a third party who obtained and disclosed such Confidential Information without breach of any obligation owed to the disclosing party, or (iv) is required by law to be disclosed (in which case the receiving party shall give the disclosing party reasonable prior notice of such compelled disclosure and reasonable assistance, at disclosing party's expense, should disclosing party wish to contest the disclosure or seek a protective order).

“Data” means services, content, data, and applications from third parties that may be included in certain content and services available via the Vaultinum Platform and Services.

“Deposit” means the registration and archiving of the Digital Creation with Vaultinum allowing the recording of the content of a Digital Creation and the attribution of a certain date to this creation.

“Deposited Elements” means a set of files making up the content of a Deposit.

“Digital Creation” means any digital work, whether or not it is protected by intellectual property law, including software, database, construction plans, website, video game and/or any element attesting to the development and production of the digital work, to be deposited.

“Evaluation Report” means the Assessed Company’s Know Your Software I Solution assessment results provided by Vaultinum.  Evaluation reports can include (i) quantitative ratios; (ii) qualitative information on the Assessed company’s practices; and (iii) benchmarking of all Assessed companies’ performance.

“Escrow” means the contractual means by which a Beneficiary is granted access to the Deposited Elements by a Supplier, under the conditions provided by the parties to this agreement and in accordance with Section I – Deposit and Escrow Services Terms of Use.

“Fee(s)” means the fees Vaultinum may charge for Services accessed through the Vaultinum Platform.

“IDDN Certificate” means the certificate provided by Vaultinum attesting to the Deposit of a given Digital Creation or of each of its successive versions and the listing thereof on the IDDN register.

“IDDN Number” means the unique registration number assigned to each Deposit with Vaultinum. The Inter Deposit Digital Number (IDDN) identifies the organization with which the creation is registered, the number of updates, the type of registration, and the year of the first Deposit. All deposits of the same IDDN parentage (initial deposit and update deposit(s)) share a root IDDN Number.

“Know Your Software I Solution” means an auditing tool developed by Vaultinum to enable companies to conduct their own due diligence in a number of areas including security, intellectual property, and software management, which are evaluated by reference to good practices and other quality standards, which includes the Services. The Know Your Software I Solution, also known commercially as Know Your Software Online-Assessment or Self-Assessment, may be accessed and used as part of Know Your Software II Solution Full Audit in accordance with the Service Order.

“Know Your Software II Solution” means an intelligent audit program developed Vaultinum aimed at helping companies analyze and understand the components of a software source-code, which includes the Services.  The Know Your Software II Solution offers an in-depth scanning of a software source code providing a detailed analysis of the software of a company or product related to Intellectual Property, maintainability, security and SWOT analysis.  The Know Your Software II Solution, also known commercially as Know Your Software Full Audit, Tech Audit or Tech Due Diligence, includes access to and use of the Know Your Software I Solution in accordance with the Service Order.

“Privacy Policy” means the terms which set out how Vaultinum collects and processes a User’s personal data as well as the User’s rights regarding such processing, available at https://vaultinum.com/legal-information.

“Product Analyses” means the analyses made by Vaultinum by (i) compiling statistical and other information related to the performance, operation and use of the Vaultinum Platform or Services, and (ii) using and sharing data from the Vaultinum Platform or Services, in aggregated form to create statistical analysis for research and development purposes.

“Rules” means the Swiss Rules of International Arbitration of the Swiss Chambers' Arbitration Institution in force on the date on which the Notice of Arbitration is submitted in accordance with these Rules.

“Service Order” means an order form describing Services to be provided to Client pursuant to these terms and conditions.

“Service Terms” means the specific terms and conditions for the purchase of a Service agreed between Vaultinum and the Client.

“Supplier” means any individual or legal entity that grants to one or more Escrow Beneficiaries a right of access to certain Deposited Elements within the framework of a contractual agreement.

“Timestamping” means a technical process by which it is possible to certify, by a timestamping token, that a document existed at a given time.

“User” means anyone using the Vaultinum Platform and/or Services.

“User Content” means the data, documents, files, comments and other materials that the User inputs, uploads, modifies or otherwise makes available in the Vaultinum Platform.

ARTICLE 3 - PAYMENT TERMS

Access to the Vaultinum Platform itself is free. However, Vaultinum may charge a fee for Services accessed through the Vaultinum Platform (“Fee”), and you shall at your sole discretion decide whether to subscribe to any Services. If you subscribe to any Services for which a fee is charged, you agree to pay all such fees and all taxes related thereto.

Vaultinum reserves the right to increase the Fees by up to three (3) percent annually.

All Fees are non-refundable. All charges for Services are net of applicable taxes, including sales, licenses, any applicable withholding taxes, and bank charges. Should any taxes be withheld, the Fees will automatically be increased so that the amount effectively paid is the exact amount as stated on the invoice.

ARTICLE 4 - VAULTINUM PLATFORM SECURITY

Vaultinum will use reasonable efforts to provide 24-hour availability of the Vaultinum Platform. However, Vaultinum makes no representation or warranty that the Services will be available on a 24-hour basis. The Parties acknowledge that the Vaultinum Platform and Services will, at times, be unavailable due to regularly scheduled maintenance, service upgrades or other mechanical or electronic failures.  Vaultinum reserves the right to change or discontinue the Vaultinum Platform and Services in its sole discretion without notice, liability or refund. 

Vaultinum will use its best efforts to make the Vaultinum Platform secure from unauthorized access. The Vaultinum Platform requires industry standard 128 bit encryption on all communications between the User's end user device and the solution server. The Vaultinum Platform server operating system and applications software will be updated and virus-scanned regularly. However, the Parties recognize that no completely secure system or electronic data storage transfer has yet been devised. Vaultinum makes no warranty, express or implied, regarding the efficacy or the security of the Vaultinum Platform and shall never be liable for any claimed direct, actual, indirect, incidental or consequential damages arising from any breach or alleged breach of security of the Vaultinum Platform.

ARTICLE 5 - VAULTINUM PLATFORM AVAILABILITY

Vaultinum reserves the right to change or discontinue the Vaultinum Platform and Services including Data in its sole discretion without notice, liability or refund.

ARTICLE 6 - USE OF VAULTINUM PLATFORM AND SERVICES

You are granted a nonexclusive, nontransferable, revocable, limited license to access and use the Vaultinum Platform and Services solely as provided in this Agreement. Any other use of the Vaultinum Platform or Services is a violation of this Agreement and may constitute one or more instances of copyright infringement. Vaultinum reserves the right to modify this Agreement at any time. Your use of the Vaultinum Platform and Services may be controlled and monitored by Vaultinum for compliance purposes, and Vaultinum reserves the right to enforce this Agreement without notice to you.  You acknowledge that, because some aspects of the Vaultinum Platform and Services entail the ongoing involvement of Vaultinum, if Vaultinum changes any part of or discontinues the Vaultinum Platform, which Vaultinum may do at its election, you may not be able to use the Vaultinum Platform and Services to the same extent as prior to such change or discontinuation, and that Vaultinum shall have no liability to you in such case.

ARTICLE 7 - THIRD-PARTY CONTENT AND USER CONTENT

Certain content and services available via the Vaultinum Platform and Services may include services, content, data, and applications from third parties (the “Data”). Vaultinum may also provide links to third-party websites as a convenience to you. You agree that Vaultinum is not responsible for the content or accuracy of Data or any services provided by third parties, and Vaultinum does not warrant and will not have any liability or responsibility for any Data including for any materials, data, content, products, or services of third parties. You agree that you will not use any Data in a manner that would infringe or violate the rights of any other party and that Vaultinum is not in any way responsible for any such use by you.

The use of Services on the Vaultinum Platform will involve your inputting, uploading, modifying or otherwise making available data, documents, files, comments and other materials (“User Content”).  You are solely responsible for your User Content.  Without limiting the foregoing, you will ensure that:

1. The provision of your User Content on the Vaultinum Platform has been approved by an authorized officer at your organization and by the owners of such content;
2. Your User Content does not contain any content that could be reasonably viewed as false, offensive, indecent, defamatory, libelous, harassing, threatening or otherwise harmful;
3. Your User Content, and the provision of it by you on the Vaultinum Platform, does not violate any laws, rules, regulations or professional standards that are applicable to you or the organization that you represent, including any third-party privacy right, or third-party copyright, trademark or other intellectual property right.

You grant Vaultinum the non-exclusive and royalty-free right, on a world-wide basis, to host, store in cache-mode, process, reproduce, and display the User Content for the purposes of providing the Services and you warrant and represent that you have all the rights and authorizations that are necessary to use the User Content for purposes of the Service, and that you can freely grant the above license rights.

For the avoidance of doubt, you acknowledge that the business of Vaultinum involves the aggregation and re-use of data and statistics including for benchmarking purposes.  You acknowledge that Vaultinum is entitled to use aggregated data and statistical results for its own purposes and for the provision of services to other parties provided that such data and results do not identify and are not referable back to you. Upon creation, Vaultinum will be the owner of such aggregated and/or anonymized data and may copy, commingle, and use such data, in Vaultinum’s sole discretion, for any lawful purpose. Vaultinum may also (i) compile statistical and other information related to the performance, operation and use of the Vaultinum Platform or Services, and (ii) use and share data from the Vaultinum Platform or Services, in aggregated form to create statistical analysis and for research and development purposes (“Product Analyses”). Vaultinum retains all intellectual property rights in Product Analyses.

ARTICLE 8 - RESTRICTIONS ON USE

Violations of this Agreement or of our system or network security may result in the permanent revocation of your right to access the Vaultinum Platform and/or Services, and civil or criminal liability.  Except as otherwise expressly permitted:

(1) You shall be authorized to use the Vaultinum Platform and Services for internal business use only.

(2) If you are a Representative or Client Beneficiary, you acknowledge that access to the Assessed Company information is provided on a confidential basis and that you will use such information as authorized by the Assessed Company.

(3) You shall not use any system, device or program to (A) acquire, copy or monitor any portion of the Vaultinum Platform, Services, Data or any content thereof, or (B) interfere or attempt to interfere with or disrupt the Vaultinum Platform, Services or Data.

(4) You shall not attempt to gain unauthorized access to the Vaultinum Platform, Services or Data or any Accounts related thereto.

(5) You shall not test, probe the vulnerability of, or attempt to trace or obtain any information on other users, data or information transmitted through the Vaultinum Platform.

(6) You shall not use the Vaultinum Platform for any unlawful or prohibited purpose.

(7) Posting or transmitting any unlawful, threatening, libelous, defamatory, obscene, scandalous, inflammatory, pornographic, or profane material or any material that could constitute or encourage conduct that would be considered a criminal offense, give rise to civil liability, or otherwise violate any law is prohibited.

(8) You shall not, directly or indirectly, make any misrepresentation while accessing or using the Vaultinum Platform.

(9) You shall not, and shall not encourage or assist another to, violate, circumvent, reverse-engineer, decompile, disassemble, or otherwise tamper with any of the Vaultinum Platform, Services or Data for any reason.

(10) You shall not access or attempt to access the Services by any means other than through the Vaultinum Platform.

(11) You shall not access or attempt to access an Account that you are not authorized to access.

(12) You shall not modify the Vaultinum Platform in any manner or form, or use modified versions of the Vaultinum Platform for any purpose, including obtaining unauthorized access to the Services.

(13) Unless otherwise provided in a written agreement between you and Vaultinum, you shall not modify, rent, lease, loan, sell, distribute, or create derivative works based on the Vaultinum Platform and Services in any manner;

(14) You shall not exploit the Vaultinum Platform and Services in any unauthorized way whatsoever, including, but not limited to, by trespass or burdening network capacity.

(15) You shall not use the Vaultinum Platform to damage, disable, or overburden Vaultinum’s servers or network or impair the Vaultinum Platform or interfere with any other party’s use of the Vaultinum Platform.

ARTICLE 9 - PERSONAL DATA

Vaultinum undertakes to respect and to ensure respect for all persons under its control, all the legal and regulatory provisions relating to the protection of personal data and in particular the provisions of the general data protection regulation (EU) n° 2016/679 of April 27, 2016.

In the context of the use of Vaultinum platform and the provision of Services, Vaultinum undertakes to collect and process personal data concerning its Users in accordance with the Privacy Policy.

In accordance with the Privacy Policy, the User acknowledges that it can exercise its right of access, rectification, opposition, its right to erasure of data, to limitation of processing and to data portability, at any time, by sending an email to the following address: dpo@vaultinum.com. The User undertakes to inform its employees and managers of the procedures for exercising these rights.

ARTICLE 10 - INTELLECTUAL PROPERTY

You agree that the Vaultinum Platform and Services, including but not limited to Data, Surveys, Evaluation Reports, Audit Reports and the scripts and software used to implement the Vaultinum Platform and Services, contain proprietary information and material that are owned by Vaultinum and/or its licensors, and are protected by applicable intellectual property and other laws, including but not limited to copyright, trademark, patent, and other laws of Switzerland, other countries and international treaties. You agree that you will not use such proprietary information or materials in any way whatsoever except for use of the Vaultinum Platform and Services in compliance with this Agreement and any agreement that you may enter to access and use Data. No portion of the Vaultinum Platform or Services may be reproduced in any form or by any means, except as expressly permitted in this Agreement. Notwithstanding any other provision of this Agreement, Vaultinum, its licensors and third-party owners of Data reserve the right to change, suspend, remove, or disable access to the Vaultinum Platform, the Services and/or Vaultinum content, or other materials comprising a part of the Vaultinum Platform or Services at any time without notice. In no event will Vaultinum be liable for making these changes. Vaultinum may also impose limits on the use of or access to certain features or portions of the Services, in any case without notice or liability.  All copyrights in and to the Vaultinum Platform and Services (including the compilation of content, postings, links to other Internet resources, and descriptions of those resources) and related software are owned by Vaultinum and/or its licensors and Data owners, who reserve all their rights in law and equity. THE USE OF THE VAULTINUM PLATFORM OR ANY PART OF THE SERVICES, EXCEPT FOR USE AS PERMITTED IN THIS AGREEMENT AND IN AGREEMENTS FOR DATA, IS STRICTLY PROHIBITED AND INFRINGES ON THE INTELLECTUAL PROPERTY RIGHTS OF OTHERS AND MAY SUBJECT YOU TO CIVIL AND CRIMINAL PENALTIES, INCLUDING POSSIBLE MONETARY DAMAGES.  Trademarks, service marks, graphics, and logos used in connection with the Vaultinum Platform and Services are trademarks or registered trademarks of Vaultinum and its licensors. Other trademarks, service marks, graphics, and logos used in connection with the Services may be the trademarks of their respective owners. Except as otherwise expressly provided in an agreement, you are granted no right or license with respect to any of the aforesaid trademarks or any use of such trademarks.

Notwithstanding any User Content submitted, uploaded, or provided in furtherance of the Services which shall remain the sole property of the User, if the User provides any feedback, including recommendations and/or contributions for improvement to the Services,  suggestions to modify, add, delete or change questions, recommendations, and/or weight of impact of questions or responses in the Know Your Software questionnaires, then Vaultinum may use that information without obligation to User, and User irrevocably assigns to Vaultinum all rights, title, and interest in that feedback. Such feedback relating to Vaultinum Services shall become the sole property of Vaultinum, without need for any specific action or notice or any consideration other than as provided for by this Agreement.

Notably, Representatives that may have access to Vaultinum’s questionnaires, reports and other documents created by Vaultinum and that may input and/or suggest the input of different questions, responses, recommendations, weight of impact of questions or responses, requests for documents and information, as well as any other modification to Vaultinum’s Services (“Contributions”) irrevocably assigns to Vaultinum all rights, title, and interest in these Contributions.  Any Contributions or work relating to Vaultinum Services shall become the sole property of Vaultinum, without need for any specific action or notice or any consideration other than as provided for by this Agreement.

ARTICLE 11 - SUPPORTED BROWSER

The Vaultinum Platform is accessible using the most common internet browsers, except for old versions of such browsers. Should your browser not be supported, Vaultinum shall advise you and indicate alternatives.  Vaultinum has no obligation to support any particular browser or any particular browser version.

ARTICLE 12 - LOGIN ACCOUNT

12.1. Account Creation and Security

Before you can access the Vaultinum Platform you will need to create an account with Vaultinum (“Account”).  Vaultinum will set up individual login accounts for those who request access to the Vaultinum Platform. An email shall be sent to you enabling you to create a User password.  You will be required to agree to the terms and conditions of this Agreement when setting up your Account.  You may not create your password or set up your Account if you do not agree to these terms and conditions.

Vaultinum may create multiple login accounts per User. In order to maintain security, you agree to designate a single individual (if a business, must be owner or officer of the business) as the authorized person to contact Vaultinum to request different logins. You shall be responsible for Accounts including login accounts and for the actions and omissions of any and all of its users on the Vaultinum Platform.  All logins will be transmitted by email to users. Additional user requests must be in writing from the initial designee.

12.2. Termination of login Account

You agree to immediately notify Vaultinum's Platform administrator via email at support@vaultinum.com when an individual account is to be terminated. Vaultinum will make every effort to terminate access immediately. However, you cannot be assured that access has been terminated until you receive an email confirmation of termination.

ARTICLE 13 - DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY

Vaultinum does not guarantee, represent, or warrant that your use of the Vaultinum platform and services will be uninterrupted or error-free, and you agree that from time to time Vaultinum may remove any or all services for indefinite periods of time, or cancel the Vaultinum platform and services or any part thereof at any time, without notice to you.

Notwithstanding any clause to the contrary, you expressly agree that your use of, or inability to use, the Vaultinum platform and services, including data is at your sole risk. The Vaultinum platform and services and all products and data delivered to you or accessed by you through the Vaultinum platform and services are (except as expressly stated otherwise by Vaultinum) provided "as is" and "as available" for your use, without warranties of any kind, either express or implied, including all implied warranties of merchantability, fitness for a particular purpose, title, and noninfringement. because some jurisdictions do not allow the exclusion of implied warranties, the above exclusion of implied warranties may not apply to you. you acknowledge that Vaultinum obtains raw data from a variety of third parties and that such third parties make no representations and warranties in relation to the accuracy or completeness, or availability of such data. Vaultinum does not warrant that the data it obtains from third parties is accurate and complete or that such third parties will continue to provide data to Vaultinum.

Notwithstanding any clause to the contrary, in no case shall Vaultinum, its directors, officers, employees, affiliates, agents, contractors, or licensors be liable for any direct, indirect, incidental, punitive, special, or consequential damages arising from your use of the Vaultinum platform or services or for any other claim related in any way to the Vaultinum platform or services, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of, or inability to use, any content (or product) posted, transmitted, or otherwise made available via the Vaultinum platform or services, even if advised of their possibility. Because some states or jurisdictions do not allow the exclusion or the limitation of liability for consequential or incidental damages, in such states or jurisdictions, Vaultinum liability shall be limited to the extent permitted by law.

You and Vaultinum agree that, unless prohibited by law, any proceedings to resolve or litigate any dispute arising hereunder will be conducted solely on an individual basis, and that you will not seek to have any dispute heard as a class action, a representative action, a collective action, a private attorney-general action, or in any proceeding in which you act or propose to act in a representative capacity. You further agree that, unless prohibited by law, no proceeding will be joined, consolidated, or combined with another proceeding without the prior written consent of Vaultinum and all parties to any such proceeding.

Vaultinum shall use reasonable efforts to protect information submitted by you in connection with the Vaultinum platform and services, but you agree that your submission of such information is at your sole risk, and Vaultinum hereby disclaims any and all liability to you for any loss or liability relating to such information in any way, unless prohibited by law.

Vaultinum does not represent or guarantee that the Vaultinum platform or services will be free from loss, corruption, attack, viruses, interference, hacking, or other security intrusion, and Vaultinum disclaims all liability relating thereto. you shall be responsible for backing up your own system, including any content, data or information accessed or obtained using the Vaultinum platform and services.

ARTICLE 14 - WAIVER AND INDEMNITY

By using the Vaultinum platform and services, you agree, to the extent permitted by law, to indemnify and hold Vaultinum, its present and future directors, officers, employees, affiliates, agents, contractors, and licensors harmless with respect to any claims arising out of your breach of this agreement, your access or use of the Vaultinum platform, data and/or services, and any action taken by Vaultinum as part of its investigation of a suspected violation of this agreement or as a result of its finding or decision that a violation of this agreement has occurred. This means that you cannot sue or recover any damages from Vaultinum or its present or future directors, officers, employees, affiliates, agents, contractors, or licensors as a result of its decision to remove or refuse to process any information or content, to suspend or terminate your access to the Vaultinum platform, data, and/or services, or to take any other action during the investigation of a suspected violation or as a result of Vaultinum conclusion that a violation of this agreement has occurred. This waiver and indemnity provision applies to all violations described in or contemplated by this agreement.

ARTICLE 15 - DISPUTE RESOLUTION

Except as expressly agreed in writing between the parties, this Agreement shall be construed and enforced exclusively in accordance with the internal law of Geneva, Switzerland without giving effect to its principles of conflicts of law. Except for disputes solely relating to the failure to pay Fees by Client, any dispute, controversy or claim arising out of or in relation to this contract, including the validity, invalidity, breach or termination thereof, shall be resolved by arbitration in accordance with the Swiss Rules of International Arbitration (“Rules”) of the Swiss Chambers' Arbitration Institution in force on the date on which the Notice of Arbitration is submitted in accordance with these Rules. The number of arbitrators shall be one. The seat of the arbitration shall be Geneva. The arbitral proceedings shall be conducted in English. Within fifteen (15) days from receipt of the Notice of Arbitration, the Respondent shall submit to the Secretariat an Answer to the Notice of Arbitration together, in principle, with any counterclaim or set-off defence. The time-limit with respect to the designation of an arbitrator shall be fifteen (15) days. If the circumstances so justify, the Court may extend or shorten the above time-limits. The Expedited Procedure (art. 42 of the Rules) shall apply and the dispute shall be decided on the basis of documentary evidence only.

Notwithstanding the above, the Parties may agree at any time to submit the dispute to mediation in accordance with the Swiss Rules of Commercial Mediation of the Swiss Chambers' Arbitration Institution. Vaultinum shall also have the right to commence and prosecute any legal or equitable action or proceeding before any court of competent jurisdiction to obtain injunctive or other relief against you in the event that, in the opinion of Vaultinum, such action is necessary or desirable.  The 1980 United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement and is hereby disclaimed.

ARTICLE 16 - TERM AND TERMINATION

This Agreement and Services may be terminated by either Vaultinum or you with or without cause and with or without notice at any time; however, the warranty disclaimer and limitation on liability in Articles 13 and 14 and the dispute resolution provision in Article 15 shall survive any termination. If you fail, or Vaultinum suspects that you have failed, to comply with any of the provisions of this Agreement, Vaultinum, at its sole discretion, without notice to you may: (i) terminate this Agreement and/or your Account, and you will remain liable for all amounts due under your Account up to and including the date of termination, and/or (ii) preclude access to the Vaultinum Platform and Services (or any part thereof).

Unless otherwise specified in writing, services are subscribed to for one (1) year from date of the invoice for the service and are automatically renewed for an equivalent period of time unless terminated by the Client or Vaultinum, such termination being notified via e-mail,  return-receipt requested and acknowledgment of receipt obtained, at least ninety (90) calendar days before the expiration of the current period.

ARTICLE 17 - UNILATERAL RIGHTS

Vaultinum reserves the right to modify, suspend, or discontinue the Vaultinum Platform and Services (or any part or content thereof) at any time with or without notice to you, and Vaultinum will not be liable to you or to any third party should it exercise such rights.

ARTICLE 18 - CONFIDENTIALITY

By virtue of this Agreement, the Parties may have access to information that is confidential to the other. Neither party shall use or disclose any Confidential Information of the other party for any purpose outside the scope of this Agreement, except with the other party's prior written consent. Each party shall protect the other party's Confidential Information in a manner similar to its own Confidential Information of like nature (but in no event using less than reasonable care). In the event of an actual or threatened breach of a party's confidentiality obligations, the non-breaching party shall have the right, in addition to any other remedies available to it, to seek injunctive relief, it being specifically acknowledged by the breaching party that other remedies may be inadequate.

“Confidential Information” means all proprietary or confidential material or information disclosed orally or in writing by the disclosing party to the receiving party, that is designated as proprietary or confidential or that reasonably should be understood to be proprietary or confidential given the nature of the information and the circumstances of the disclosure, provided that Confidential Information shall not include any information or material that: (i) was or becomes generally known to the public without the receiving party's breach of any obligation owed to the disclosing party, (ii) was or subsequently is independently developed by the receiving party without reference to Confidential Information of the disclosing party, (iii) was or subsequently is received from a third party who obtained and disclosed such Confidential Information without breach of any obligation owed to the disclosing party, or (iv) is required by law to be disclosed (in which case the receiving party shall give the disclosing party reasonable prior notice of such compelled disclosure and reasonable assistance, at disclosing party's expense, should disclosing party wish to contest the disclosure or seek a protective order).

ARTICLE 19 - TRADEMARKS AND PUBLICITY

Unless otherwise requested in writing, the User hereby grants Vaultinum the right to list User’s trademarks, service marks and trade names or to otherwise refer to User in any marketing, promotional or advertising materials or activities in connection to the Services.  Vaultinum shall be able to issue a press release on the fact that User is a User of the Vaultinum Platform.  Further, User hereby consents that Vaultinum may contact User from time to time to discuss Vaultinum services, offer new services and provide support on services.

ARTICLE 20 - GENERAL PROVISIONS

Article 20.1. Force Majeure

Neither Party shall be liable, nor shall any credit allowance or other remedy be extended, for any performance that is prevented or hindered due to a force majeure event, including acts of god, government, terrorism and other conditions beyond the reasonable control of the applicable party; provided that lack of funds shall not excuse Client’s obligation to pay all Fees when due.

Article 20.2. Waiver

The fact that one of the Parties has not required the application of any provision of this Agreement, whether permanently or temporarily, shall in no way be considered as a waiver of the rights of that Party arising from the said provision.

Article 20.3. Modification

Any waiver, modification or amendment of any provision of this Agreement will be effective only if in writing and signed by Vaultinum.

Article 20.4. Assignment and Transfer

You may not assign or transfer this Agreement or any rights herein without the prior, written consent of Vaultinum. Vaultinum may assign this Agreement to any direct or indirect subsidiaries, or to any other third party.

Article 20.5. Headings

In the event of difficulties in the interpretation of any of the headings or subheadings placed at the beginning of a provision, with any one of the provisions, the headings shall be declared null and void.

Article 20.6. Severalbility

If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remaining portions hereof, and the institution declaring the portion of this Agreement invalid shall be authorized to substitute for the invalid provision a valid provision that most closely approximates the economic effect and intent of the invalid provision.

Article 20.7. Notifications

Any notice required to be given under this Agreement shall be in writing in French or English.

All notifications shall be delivered either by (i) personal delivery, (ii) sent by certified mail with acknowledgement of receipt, (iii) sent via nationally-recognized private express courier, or (iv) by email with acknowledgement of receipt to the address and attention of the addressee indicated above or to any other address communicated for this purpose by each of the Parties in Article 20.8.

 Notices shall be deemed to have been received on the date of receipt if delivered personally or via email, or two (2) days after deposit via certified mail or express courier.  Either party may change its address for purposes hereof by written notice to the other in accordance with the provision of this section.

Article 20.8. Address for Service

The addresses for the Parties shall be for User the address provided in the Account or any registered address and for Vaultinum as indicated in is website.

Article 20.9. Entire Agreement

This Agreement sets forth the entire obligations of the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous negotiations, proposals and communications between the Parties, including any non-disclosure agreements, with respect thereto.  No statement or representation that is not incorporated herein has been relied upon by a Party in agreeing to enter into this Agreement. 

Section II. Deposit and Escrow Services Terms of Use

Background

Vaultinum is a company specializing in the protection of digital creations and intangible assets such as software, mobile applications, video games, databases, websites, trade secrets, construction plans, confidential information, etc.

Vaultinum, as a trusted third party, offers a deposit service to meet the needs for simple and rapid protection of any type of Digital Creation and provides its clients with the means to build, manage and enhance their portfolio of intangible assets.

Vaultinum also offers escrow services to secure the relationship between the supplier of a Digital Creation and its client, allowing the latter to access the creation deposited with Vaultinum in case of, for example, default of the supplier, in order to continue its exploitation.

These terms of use include and are in addition to Vaultinum’s Platform User Agreement.  If any inconsistency is found among the terms and conditions, these Deposit and Escrow Services Terms of Use shall have precedence.

1. SCOPE OF APPLICATION

Any User of the Vaultinum Platform that uses the Deposit and/or Escrow Services, is subject to these specific terms of use.

At the time of each deposit request, the Client certifies that the Digital Creation is deposited on the Account of the owner of the intellectual property rights of said Digital Creation on the date of said deposit request or certifies that Client has obtained the prior authorization of the intellectual property rights holder.

2. DEPOSIT SERVICES

2.1. Types of Deposit

Vaultinum, as a trusted third-party receiver, registers each Digital Creation submitted to it and gives it a certain date and an IDDN Number.

Vaultinum offers three types of digital Deposits. The Deposit is limited to 10 GB and 1000 files per deposit.

(1) Standard Deposit: The entire procedure is carried out online and the Deposit is electronically sealed and archived. At the end of the procedure, the User can download the IDDN Certificate directly from its Account.

(2) Element Checked Deposit: While guaranteeing the non-alteration of the Deposited Elements, this advanced procedure certifies that the elements provided in the Deposit contain readable data, presented in the form of a clear tree view, and exploitable by the Escrow Beneficiary in the case of an Escrow.  

The Element Checked Deposit includes:

• Verification by a Vaultinum agent of the Deposited Elements contained in the files;
• Verification of the files and tree structure provided by the User;
• Calculation of the electronic footprint (HASH) of each file;
• Registration of the Deposit with Vaultinum;
• Sealing of the Deposit;
• Secure archiving of the Deposit in Switzerland;

Delivery of a special Element Checked Deposit Report attesting to the verification (the Report is also annexed to the Deposit).
At the end of the Element Checked Deposit procedure, the User receives an IDDN Certificate and an Element Checked Deposit report describing the Deposited Elements and attesting to their verification.

(3) Content Checked Deposit: This Deposit is specific to software and represents a higher level of verification of Deposited Elements. Vaultinum offers three levels of Content Checked Deposits: Silver, Gold & Platinum. Depending on the option chosen, Vaultinum undertakes to implement a number of checks that can include verification that (1) the Digital Creation deposited with it corresponds to the specifications provided by the Escrow Beneficiary and (2) it functions in accordance with such specifications, or (3) for software provided in SAAS mode, that the escrow process will in effect be useful to Escrow Beneficiary and provide an opinion to the Escrow Beneficiary to that effect if required.

At the end of the Content Checked Deposit procedure, the User receives an IDDN Certificate and a Content Checked Deposit report describing the findings of the review of the contents deposited and attesting to their verification.

2.2.  Archiving of Deposits

Data uploaded via the Vaultinum Platform is archived and secured electronically by Vaultinum.  Data is hosted on Swiss territory in compliance with the ISO 27001 standard.
Deposits are retained by Vaultinum as long as the Client pays the Fees due to Vaultinum.

2.3.  Method of Deposits

Vaultinum offers two ways to make deposits:

(1) Digital Deposits made by the User: User electronically uploads their Deposited Elements via their Account or by contacting Vaultinum for an Element Checked Deposit or Content Checked Deposit;

(2) SCM automated Deposit: If this option is chosen, User hereby authorizes Vaultinum to make automatic deposits by connecting to the hosted repository of the source code.  User undertakes to provide to Vaultinum all necessary access codes and authorizations.  User hereby grants the necessary powers to Vaultinum to implement this for User and User shall defend and hold Vaultinum harmless against any claims, proceedings or investigations in relation to such service or Deposits.  Vaultinum shall use the right to connect to the hosted repository for the sole purpose of making Deposits of the Deposited Elements.

2.4.  Deposit Updates

Deposit Updates refers to the deposit of subsequent or successive versions of a Digital Creation.  The IDDN Number assigned at the time of the initial Deposit includes an encoding element, which increases with each updated Deposit of the same Digital Creation.  The Client can thus maintain a link between the Deposits of different versions of the same Digital Creation.

Depending on the option chosen by the Client, the Deposit of a new version of a Digital Creation shall:

•  Not replace the previous Deposit(s) and Vaultinum shall keep a copy of all Deposits made as well as the corresponding Deposited Elements as long as the Client pays the Fees; or
• Replace the previous Deposit, with Vaultinum keeping only the most recent Deposited Elements as long as the Client pays the Fees.
  

2.5.  Duplication procedure

Duplication is a procedure by which a Vaultinum agent makes a copy of a Digital Creation deposited with Vaultinum.

Vaultinum can only duplicate a deposit:

• upon request of the duly identified Client after payment of the duplication Fees;
• upon request of an Escrow Beneficiary after a favorable opinion of the Access Commission (as described below) of Vaultinum and payment of duplication Fees;
• by court order.

 The duplication procedure involves:

• creating a digital copy of the Deposit on a physical medium;
• calculating hash value of the copied data and checking conformity with the original hash value;
• delivery of the physical copy to the Client.
  

2.6.  Transfer of Rights

The User undertakes to promptly declare to Vaultinum any change in the ownership of its rights in Deposited Elements (transfer or alienation, total or partial) occurring, for example, in the context of rights assignment or assets transfer.  User shall cooperate with Vaultinum in transferring the rights and the payment of related fees unless the assignee agrees to pay for such.

 The new rights owner may also notify Vaultinum of its acquisition of rights subject to the production of documents incontestably proving the transfer of rights.  Vaultinum will proceed with a legal investigation of any request for transfer of rights and shall, at its sole and absolute discretion, without regard to any standard of reasonableness or other standard by which the determination of Vaultinum might be challenged, decide as to whether to effect such transfer in its systems.  The beneficiary of such rights is a User for purposes of this Agreement.

 The purpose of the transfer of rights is to allow the new rights holder to keep the Deposit history made by the previous intellectual property rights owner, update the transferred Digital Creation, receive IDDN Certificates established in its name and/or take over any concluded escrow agreements.

 Depending on the nature and type of transfer, the transfer of rights procedure involves either:

•  the transfer of the Deposits to the Account of the new rights holder ; or
• a replacement of the existing Account holder.

Vaultinum will assess each request on a case-by-case basis and will decide in its sole and absolute discretion, without regard to any standard of reasonableness or other standard by which the determination of Vaultinum might be challenged, which procedure to implement.

3. ESCROW SERVICES

An Escrow Beneficiary to Deposited Elements may request access to the Deposited Elements subject to a written agreement with the Supplier, provided that the Supplier has declared to Vaultinum the existence of such agreement and purchased the related Escrow service provided by Vaultinum.

All escrow agreements are subject to these Terms of Use, unless expressly stated otherwise, which prevail in the event of a contradiction.

Vaultinum offers three types of Escrow services:

1. Access clause;
2. Bipartite escrow agreement;
3. Tripartite escrow agreement (including through framework contracts).

If a User has not purchased an Escrow service proposed by Vaultinum or a Client has ceased to pay the Fees due to Vaultinum, except in a particular situation (e.g. bankruptcy of the Client), any request for access by an Escrow Beneficiary will be refused unless a court decision authorizes such access to the Deposited Elements and the relevant fees (including all annual fees and past fees due as if an escrow had been entered into originally) have been paid to Vaultinum.

3.1. Access clause

An access clause is inserted into a two-party agreement (e.g. license agreement) between the Supplier and the Escrow Beneficiary.

To be effective, an access clause shall mention:

• The name and IDDN Number of the Deposit concerned;
• The fact that Vaultinum is the third-party escrow agent;
• The cases in which access to the Deposited Elements is possible.

Upon purchase of this Escrow service, an access clause template will be made available to the Supplier. The Supplier shall be responsible for drafting the access clause and Vaultinum cannot guarantee its applicability.

The number of Beneficiaries and access clauses available under this Escrow service is unlimited on the condition that the Deposit is identical for all Escrow Beneficiaries.  Otherwise, additional Escrow services will have to be purchased where the Deposited Elements are different.

The Access clause service does not give the Escrow Beneficiary any right to information, even if the content of the access clause provides otherwise. It is the responsibility of the Supplier to inform the Escrow Beneficiary about the payment of fees relating to the service and any Deposit Updates.

The Access clause service is valid for one (1) year from the date of the invoice for the service.  It shall be automatically renewed for an equivalent period of time unless terminated by the Supplier or Vaultinum, such termination being notified via e-mail, return-receipt requested and acknowledgment of receipt obtained, at least ninety (90) calendar days before the expiration of the current period.

Only the Supplier may contractually grant access to the Deposited Elements. If a third party (e.g. a distributor/reseller, subsidiary company, etc.) wishes to provide access to the Deposited Elements, the third party or the Supplier must provide Vaultinum with a certificate indicating that the Supplier authorizes the third party to include an access clause in the contracts concluded with its own clients allowing access to the Deposited Elements. Otherwise, no access will be granted.

3.2. Bipartite escrow agreement

The bipartite escrow agreement is a two-party agreement concluded between the Supplier and the Escrow Beneficiary which stipulates the terms of the Deposit of a Digital Creation and access cases to the Deposited Elements. Vaultinum is not a signatory to this agreement.

To be effective, the bipartite escrow agreement shall mention:

• The name and IDDN Number of the Deposit concerned;
• The cases in which access to the Deposited Elements is possible;
• The name, registered office and identification number (e.g. SIREN number) of the Supplier and the Escrow Beneficiary;
• The fact that Vaultinum is the third-party escrow agent.

Upon purchase of this Escrow service, a bipartite escrow agreement template will be made available to the Supplier. The Supplier shall be responsible for drafting this agreement and Vaultinum cannot guarantee its applicability.

The number of Beneficiaries and bipartite escrow agreements available under this Escrow service is limited to five on the condition that the Deposit is identical for all Escrow Beneficiaries.  Otherwise, additional Escrow services will have to be purchased where the Deposited Elements are different.

The Supplier may provide the contact information of Beneficiaries to Vaultinum in order to give the  Escrow Beneficiaries access to a Vaultinum “guest” account.  At the end of each Deposit, the Escrow Beneficiary may view and/or download the corresponding IDDN Certificate via the “guest” account. “Guest” account users are Users for the purpose of this Agreement.

The bipartite escrow agreement service is valid for one (1) year from the date of the invoice for the service.  It shall be tacitly renewed for an equivalent period of time unless terminated by the Supplier, such termination being notified via e-mail, return-receipt requested and acknowledgment of receipt obtained, at least ninety (90) calendar days before the expiration of the current period.

3.3. Tripartite escrow agreement

The tripartite escrow agreement is an agreement concluded between the Supplier, the Escrow Beneficiary and Vaultinum which stipulates the terms of the Deposit of the Digital Creation and access cases to the Deposited Elements.

In the context of an escrow agreement, it is recommended to make an Element Checked Deposit or a Content Checked Deposit.

The Supplier must provide Vaultinum with a finalized version of the tripartite escrow agreement before signing.

The Supplier may provide the contact information of Beneficiaries to Vaultinum in order to give the Escrow Beneficiary access to a Vaultinum “guest” account. At the end of each Deposit, the Escrow Beneficiary may view and/or download the corresponding IDDN Certificate via the “guest” account. “Guest” account users are Users for the purpose of this Agreement.

The tripartite escrow agreement service is valid for one (1) year from the date of the invoice for the service.  It shall be automatically renewed for an equivalent period of time unless terminated by the Supplier or Vaultinum, such termination being notified via e-mail at least ninety (90) calendar days before the expiration of the current period unless otherwise provided in the escrow agreement.

Vaultinum offers an online Escrow Agreement and framework Escrow Agreement at the Supplier's and Escrow Beneficiary’s option. 

3.4.  Deposit Updates

Supplier agrees to update its deposits as required under the escrow agreement.  If there are no changes to the deposited materials but the deposit update is set as a periodical update, Supplier shall complete the self-declaration form provided by Vaultinum attesting that the deposited materials have not been changed or altered since the previous update.  This declaration will be added to the deposited materials and be invoiced as a Deposit, and will not replace the previous Deposit.

3.5. Procedure for accessing Deposited Elements

Access to Deposited Elements shall be conducted in accordance with the procedure for accessing Deposited Elements, described below, and after the issuance of a decision from the Access Commission of Vaultinum, taken in the Access Commission’s sole and absolute discretion.  Any contrary stipulation cannot be enforceable against Vaultinum.

The Access Commission is formed by three experts, one of which is Vaultinum Senior Legal Advisor who will analyze and decide whether to grant access to Deposited Elements within the framework of an escrow in the case of a request by an Escrow Beneficiary.

In the event of a favorable decision from the Access Commission, the identical duplication of the Deposited Elements will be carried out by a Vaultinum agent from the last update of the Deposit, unless expressly requested by the Escrow Beneficiary to access a prior Deposit, if available depending on the Deposit Update form defined by the Client as indicated in Article 2.4.

Duplication of the Deposited Elements may be given to the Escrow Beneficiary or to any person holding a mandate granted by the Escrow Beneficiary and expressly authorizing it to obtain said duplication.

 3.6. Procedure for accessing Deposited Elements

3.6.1. Referral to the Access Commission 

The Escrow Beneficiary who wishes to access the Deposited Elements with Vaultinum shall send its request by registered letter with acknowledgment of receipt to the Access Commission, Rue de Genève 18 1225 Chêne-Bourg Genève – SWITZERLAND and/or by e-mail to legal@vaultinum.com.

 The Escrow Beneficiary shall  append  to  such  request  the documents  that substantiate its request and must provide the written agreement(s) in which the access to the Deposited Elements has been previously agreed between Supplier and Escrow Beneficiary.

 3.6.2. Appointment of a rapporteur 

Upon receipt of the Escrow Beneficiary’s access request, the legal  General Counsel of Vaultinum appoints, among the members of the Access Commission, a rapporteur whose role is to gather the requests and claims formulated by the parties. 

3.6.3.  Notification to the depositor 

The rapporteur shall inform the Supplier, their successors in title and/or their legal representative of the request of the Escrow Beneficiary(ies), by registered letter with acknowledgement of receipt and/or by e-mail. The depositor, their successors in title and/or their legal representative have the possibility of formulating their observations within a maximum period of eight (8) working days following the reception of the said notification. 

The rapporteur shall inform the Escrow Beneficiary by simple letter or by e-mail of the opening of a procedure for access to the Deposited Elements. 

 3.6.4. Drafting of the report submitted to the Access Commission 

The rapporteur shall prepare a report for the purpose of: 

• declaring the jurisdiction of the Access Commission; 
• establishing the deposit of the claimed elements; 
• recording the requests and claims of the parties; 
• assessing whether a condition of access to the Deposited Elements, which is the subject of the written agreement binding the Escrow Beneficiary and the Supplier, has been met; 
• providing an advisory opinion in favor of or against access to the Deposited Elements. 
  

3.6.5. Opinion of the Access Commission 

After having reviewed the report and validly deliberated, the Access Commission issues a favorable or unfavorable opinion on the Escrow Beneficiary's request. When the elements presented to the Access Commission demonstrate that the conditions of access are fulfilled, and this without prejudice to the laws and regulations in force, the Access Commission systemati gives a favorable opinion. In case of unfavorable opinion of the Access Commission, the dispute will be decided by referral of the case to the competent court of Geneva. Vaultinum will then comply with the court decision. 

3.6.6. Delivery of the Deposited Elements 

 In case of a favorable opinion of the Access Commission or upon receipt of a court decision in favor of the Escrow Beneficiary, an employee of Vaultinum will proceed to the opening of the sealed envelopes containing the Deposited Elements or to the opening of the electronic seals in case of digital archiving.  

The duplication will be done in the same manner, by an employee of Vaultinum, from the last update of the deposit, unless expressly requested by the Escrow Beneficiary to access a previous deposit of the same IDDN source, if available depending on the Deposit Update form defined by the Supplier as indicated in Article 2.4.  

The duplication of the Deposited Elements shall be delivered to the Escrow Beneficiary, to any other person expressly referred to in the Agreement organizing access to the said elements or to any person having a mandate granted by the Escrow Beneficiary and expressly authorizing them to obtain the said delivery. 

3.6.7. Fees 

The costs of duplicating the Deposited Elements will be the subject of an estimate prior to the realization of these operations.  No access to the Deposited Elements will be authorized in the event of non-payment of the duplication fees.  

3.6.8. Intellectual Property Rights 

Unless otherwise specified, the intellectual property rights on the element(s) delivered to the Escrow Beneficiary are not transferred. 

4. PAYMENT OF FEES

The Fees related to Deposit and Escrow services are available online at vaultinum.com or upon request for an estimate.
Fees are paid by credit card or SEPA direct debit at the time of the order.  Fees are due in full, without discount, and are payable on the bank account whose contact details are indicated on the invoice.
Fees can be paid for by the depositor/Supplier, the Escrow Beneficiary or a third-party payor.  If Supplier is identified as payor but fails to pay, Vaultinum shall be entitled to alert Escrow Beneficiary to this and Escrow Beneficiary shall be entitled to pay the Fees for Supplier. 
If a purchase order is required for the payment of invoices issued by Vaultinum, it is up to the depositor/Supplier or its third-party payer to send this purchase order by email to contact@vaultinum.com.
In the event of rejection of a SEPA direct debit, a lump sum of thirty (30) euros will be applied as of right in compensation for the rejection costs borne by Vaultinum.

5. RETURN AND DESTRUCTION OF DEPOSITS

5.1. During the contractual relationship

The depositor may, at any time during the contractual relationship, request that Vaultinum return and/or destroy the Deposited Elements.
The return of the Deposited Elements means the definitive recovery by the depositor of all or part of the Deposited Elements, provided that the export of this information is technically possible.
In the event of a request for restitution, the Parties undertake to cooperate actively in order to determine the modalities for implementing such restitution.

5.2. In case of non-payment of Fees

In the absence of payment of all or part of the Fees owed to Vaultinum, the depositor will have the opportunity to request the return of the Deposited Elements within thirty (30) days following a formal notice from Vaultinum that has gone unanswered. At the end of this period, Vaultinum will be entitled to destroy the Deposited Elements.

 5.3. In the event of a termination request

The depositor will have the opportunity to request the return or destruction of the Deposited Elements within thirty (30) days of the Client's request for termination.
In the absence of a request for the return or destruction of the Deposited Elements sent by the depositor within the above-mentioned period, Vaultinum may proceed with their destruction.

6. CONFIDENTIALITY

All information relating to Deposits made with Vaultinum is strictly confidential.
Only the depositor or any person duly authorized by the depositor and duly identified by Vaultinum is authorized to request and obtain information on Deposits except as provided in Article 3 – Escrow services.

7. LIABILITY

Vaultinum's services are governed by this Agreement, then in effect and as published on the website vaultinum.com at the time of the triggering event that may engage Vaultinum's responsibility, which the User expressly acknowledges and irrevocably accepts.

Acting solely as a custodian, Vaultinum may not be held liable for the content, corrections, authenticity, integrity and validity of the Deposited Elements.

Vaultinum is not subject to any obligation other than those provided in this Agreement and, as appropriate, in an ad hoc agreement signed by Vaultinum (such as an escrow agreement).  Apart from the cases of death or bodily injuries caused by one of the Parties, of fraud or gross negligence, the full liability of Vaultinum or of one of its suppliers arising from its services may not under any circumstances exceed the lesser of either the total Fees paid by Client in the twelve months preceding the event that resulted in damages or twenty-five thousand (25,000) euros in total.  Vaultinum may not be held liable for the following damage: interruption of business, loss of profits, loss of income, loss of personal information, loss of clients or the costs related to obtaining replacement goods and services of the Deposited Elements, whether or not Vaultinum has been informed of the eventuality or of the occurrence of such damage. The Parties agree that Section 7 herein provides for a sharing of the reasonable risks and constitutes a decisive clause without which it would not have been entered into by Vaultinum.

 For SCM automated Deposit, the Client shall provide all access codes and authorizations to enable Vaultinum the right to connect to the hosted repository and shall be fully responsible for failure to do so or for the inability of Vaultinum to connect to the hosted repository.

 For Element Checked Deposit and Content Checked Deposit, Vaultinum warrants the implementation of the process as described to the depositor according to the information provided by the depositor and its needs. Vaultinum will use its best commercial efforts to ensure that Deposited Elements verified by a Vaultinum agent are usable.

SECTION III. KNOW YOUR SOFTWARE ONLINE ASSESSMENT TERMS OF USE

Background

The goal of the Know Your Software suite of solutions is to help companies improve their operational structures whether they (i) wish to prepare for a sale of their business, (ii) are seeking investments, (iii) are seeking to capture new clients, or (iv) wish to improve on their internal controls and processes, limit risks and put in place structures that will foster smoother operations and facilitate growth.

Vaultinum has developed an auditing tool to enable companies to conduct their own due diligence in a number of areas including security, intellectual property, and software management, which are evaluated by reference to good practices and other quality standards (the “Know Your Software I Solution”). 

These terms of use include and are in addition to Vaultinum’s Platform User Agreement and any applicable Service Order. 

Any business or entity which registers an account on the Vaultinum Platform, upon request by a Client or voluntarily, and uses the Know Your Software I Solution are subject to these specific terms of use.

1. CLIENT BENEFICIARY

Any business, investor, lender, potential acquirer, etc. may direct their client(s) to use the Know Your Software I Solution and/or become certified, and as such they are a third-party beneficiary to the Know Your Software I Solution (the “Client Beneficiary”).  A Client Beneficiary may elect to register an  account on the Vaultinum Platform and thus undertakes and agrees to the Platform User Agreement herein above.  Client Beneficiaries may also pay the fees in relation to the Services provided hereunder pursuant to Vaultinum’s agreement to such in the form of a Service Order.

However and regardless of whether the Client Beneficiary has paid for the Evaluation Report, the Client Beneficiary agrees that it is solely responsible for obtaining authorization from the Assessed Company to access the Evaluation Report(s) and that Vaultinum is not responsible for obtaining such authorization.  Vaultinum assumes no responsibility for the sharing or the absence thereof by the Assessed Company of the said reports with the Client Beneficiary.  

The Client Beneficiary acknowledges that the Evaluation Report(s) are sensitive information to the Assessed Company and as such the Client Beneficiary agrees to not share, reproduce, copy or communicate any of the information found in the Evaluation Report(s) without first obtaining written consent from the Assessed Company. 

2. KNOW YOUR SOFTWARE INFORMATION AND USER CONTENT

The content of the Know Your Software I Solution surveys, evaluations, recommendations and information related to Vaultinum’s assessment methodology is considered Confidential Information of Vaultinum and User agrees not to copy, download, screen-print, publish, transmit, communicate any of the information accessed using the Services except for the Evaluation Report.

The User Content provided to generate the Evaluation Report belongs to the Assessed Company.  The Assessed Company warrants and represents that it is their belief that the User Content is accurate, complete, and correct and that you have conducted reasonable investigations to confirm such.  The Assessed Company acknowledges and agrees that the User Content will be available to Vaultinum staff and experts for the preparation and generation of the Evaluation Report.  The Assessed Company's User Content may also be accessed, in certain limited circumstances and for limited periods of time, for site administration, troubleshooting, system maintenance, emergencies, and other technical support by Vaultinum network personnel and contractors, each of whom will be subject to confidentiality obligations.

Notwithstanding that Vaultinum will develop a general knowledge of the Assessed Company’s business in the course of other engagements, the Assessed Company will ensure that all the information/User Content that is necessary for the performance of the particular Services is given to Vaultinum directly.  In this context, it is agreed that Vaultinum shall not be treated as being on notice of (i) information provided to Vaultinum in the course of other engagements or the provision of other Services; or (ii) information posted on an internal or external website or other media.  Accordingly, all information that is relevant to the Services must be given directly in the context of a specific Service even if the same information has been given to Vaultinum previously in the course of a different service or other engagement or is available on a forum to which Vaultinum may have access.  Except as expressly set out otherwise in writing, Vaultinum will not audit or otherwise test or verify the information provided by or on behalf of the Assessed Company in the course of performing the Services.  You acknowledge and agree that Vaultinum shall be entitled to rely on all information/User Content provided, and decisions and approvals given, by or on behalf of the Assessed Company in connection with the Services and to assume that all such information/User Content provided to Vaultinum, from whatever source, is true, complete, and not misleading.  Vaultinum will not be responsible for the consequences of any information provided in the course of the Services for not being complete, accurate or current, or not being provided in a timely manner.  Notwithstanding the above, and although Vaultinum is under no obligation to verify the accuracy or completeness of your User Content, or to review the nature or content of your User Content, unless otherwise agreed in accordance with the  Know Your Software Certified Service, Vaultinum may review and/or remove any portion of the Assessed Company's User Content that Vaultinum believes has been provided in breach of these Terms, or appears inaccurate, incomplete, or outdated.

Where the Assessed Company is using third parties to provide information, materials or support in respect of the Services, or other suppliers and advisers are being employed whose work may affect the Assessed Company’s ability to carry out the Services, the Assessed Company will be responsible for the management of such persons and their performance, including the timeliness and quality of their input and work.

Where needed or requested by Vaultinum to assist Vaultinum in performing the Services, the Assessed Company will ensure that (i) within the Assessed Company's organization, decisions are taken and management approvals are obtained promptly; (ii) Vaultinum is given full and prompt access to the people and premises of the Assessed Company and to other suppliers and advisers associated with the engagement, together with all necessary administrative support; (iii) any approvals, licenses and security clearances are obtained promptly (including any relating to third parties, Vaultinum personnel and any subcontractors); and (iv) Vaultinum is promptly provided with all information and documents that appear to you to be relevant to the Services and any other information or documents that Vaultinum may specifically request.

You agree that you remain solely responsible for managing all aspects of your business and for taking all decisions.  This includes (i) designating one or more individuals who possess suitable skill, knowledge, and/or experience to oversee the Services; (ii) evaluating the adequacy and results of the Services; and (iii) accepting responsibility for the results of the Services.  The Assessed Company or Client Beneficiaries are solely responsible for deciding whether our Services, evaluations and certifications make sense in the context of their business, and whether to rely on, implement or act on any information contained in the Evaluation Report.

3. EVALUATION REPORT

Vaultinum shall provide a summary of the Assessed Company’s  assessment results (the “Evaluation Report”).  Evaluation reports can include (i) quantitative ratios; (ii) qualitative information on the Assessed company’s practices; and (iii) benchmarking of all Assessed companies’ performance.

The Evaluation Report is based on the disclosed information available at the time of the assessment.  Should any information or circumstances materially change during the period of the assessment, Vaultinum reserves the right to place the Evaluation Report on hold and, if appropriate, to re-assess and possibly issue a revised Evaluation Report.

Vaultinum does not warrant any results from the use of the Know Your Software I Solution and Services.  The Evaluation Report is based on information/User Content provided by the Assessed Company.  As a result, Vaultinum cannot warrant or represent that the Evaluation Report is complete, accurate or correct.  Further, the evaluations provided in the Evaluation Report are based on Vaultinum’s experts own view of good practices and industry standards and may not reflect some specific industry standards or all standards and good practices.  Finally, the Evaluation Report is based on a complex decision tree structure in which answers are assigned different evaluations and recommendations depending on the answers provided.  As a result, and although Vaultinum experts review the audit tool regularly, some questions, answers, evaluations and recommendations may contradict others, seem irrelevant or provide incomplete or inaccurate feedback.

The information, including the evaluations and recommendations provided in the Evaluation Reports, are general and made available solely for informational purposes and do not constitute a professional consultation. In other words, if the Know Your Software I Solution and the Services may be regarded as a general decision-making aid, Vaultinum accepts no liability for actions taken as a result of implementing recommendations and it cannot guarantee that implementing a recommendation will have the desired effect.  Assessed Companies should consult experts such as lawyers or engineers for professional advice.

Know Your Software Verified Assessment and Certification.  In the context of Know Your Software Verified Assessment and Certification services that you may subscribe to from time to time at your discretion, you will be requested to provide documents in support of your responses to Vaultinum’s questionnaires.  The Vaultinum team is under no obligation to, and will not, review the quality, format and completeness of such documents but will check that they exist and that their content purports to confirm the answer that you have provided.  If our team makes a finding that a document is irrelevant or does not appear to provide adequate support for the answer provided, we may, at our discretion, contact you for a review, request that you update the document or consider that the appropriate document was not provided.  Vaultinum shall make each determination for certification at its own discretion and you agree to follow the certification review process as outlined herein should you wish to contest or update a certification.

Client Beneficiary.  The Assessed Company may direct Vaultinum to send the Evaluation Reports and  Know Your Software Certificates as applicable, directly to Client Beneficiaries such as investors, lenders, potential acquirers, clients, etc.  The Assessed Company agrees to pay for any fees in relation to this. 

4. PAYMENT OF FEES

Client can select between a one-time or subscription based use of the Know Your Software I Solution.  Subscription Fees are due upon the initial request for the generation of an Evaluation Report and by selecting “Subscription.” A subscription allows for an unlimited number of non-certified Evaluation Reports for a period of one year from the date of registration. 

The payment of Fees for a one-time use of the Know Your Software I Solution are due upon request for an Evaluation Report.  A one-time or “one shot” use of the Know Your Software I Solution means the generation of one (1) Evaluation Report.  Upon the successful Fee transaction, the Evaluation Report will be provided to the Assessed Company via the Know Your Software I Solution. 

Prices are available online at vaultinum.com.

SECTION IV. KNOW YOUR SOFTWARE CODE AUDIT TERMS OF USE

Background

The goal of the Know Your Software suite of solutions is to help companies improve their operational structures whether they (i) wish to prepare for a sale of their business, (ii) are seeking investments, (iii) are seeking to capture new clients, or (iv) wish to improve on their internal controls and processes, limit risks and put in place structures that will foster smoother operations and facilitate growth.

Vaultinum has developed an intelligent audit program aimed at helping companies analyze and understand the components of a software source-code (the “Know Your Software II Solution”).  The Know Your Software II Solution offers an in-depth scanning of a software source code providing a detailed analysis of the software of a company or product related to Intellectual Property, maintainability, security and SWOT analysis.  The Know Your Software II Solution, also known commercially as Know Your Software Full Audit, Tech Audit or Tech Due Diligence, includes access to and use of the Know Your Software I Solution in accordance with the Service Order.

These terms of use include and are in addition to Vaultinum’s Platform User Agreement, Know Your Software I Solution Terms of Use and hereby incorporate the terms and conditions of any Service Order. 

1. KNOW YOUR SOFTWARE CODE AUDIT

1.1. Confidentiality
For the purposes of the confidentiality obligations hereunder, the Confidential Information of the Assessed Company also includes the Audit Reports provided hereunder and the software source code and any documentation (including the file layouts, screen layouts, data and database models and structures, comments and other related information).  The content of the Know Your Software II Solution and information related to the Code Analyzer and Code Audit methodology of Vaultinum is considered Confidential Information of Vaultinum.

1.2. Services
Vaultinum will perform the Services described in any fully executed Service Order in a professional, good and workmanlike manner consistent with industry standards.  Each fully executed Service Order will be governed by these terms and conditions and will be automatically incorporated in the Agreement as of the effective date of the Service Order.

1.3. Change Orders
In the event the Client requests to make any changes to the scope of the Services to be provided, Client will notify Vaultinum and Vaultinum will promptly provide a written estimate of any adjustments in the delivery schedule or Fees which would result from such changes.  Client and Vaultinum will implement any agreed-to changes in the form of an amended Service Order signed by both Parties.

1.4. Responsibility of Vaultinum
For purposes of the Know Your Software II Solution and Services, the Code Analyzer is stored and runs on Vaultinum servers located in Europe.  The software source code uploaded to Vaultinum’s servers and scanned by the Code Analyzer never leaves Vaultinum’s servers and shall be completely and permanently deleted from Vaultinum’s servers within 24 hours of the termination of the Code Analyzer audit.  The results of the Code Analyzer audit are anonymized and thereafter these anonymized results are analyzed, interpreted and packaged for the purposes of the Know Your Software II Solution and Services.

1.5. Responsibility of Client
For purposes of the Know Your Software II Solution and Services, the Assessed Company shall upload the software source code to Vaultinum’s servers.  The Assessed Company grants Vaultinum the right to host and process the software source code for the limited duration and limited purpose of running the Code Analyzer in connection with and in the course of the Know Your Software II Solution and Services.

 3. AUDIT REPORT

Vaultinum shall provide a detailed summary of the Code Analyzer results which includes a review by a Vaultinum technical consultant in an Audit Report.  Audit reports can include (i) OSS analysis; (ii) language verification (iii) OSS usage; (iv) inventory of open-source licenses used; and (v) good practices scoring and recommendations.

The Audit Report is based on the software source code provided by the Assessed Company.  As a result, Vaultinum cannot warrant or represent that the Audit Report is complete, accurate or correct.  Further, the assessment provided in the Audit Report is based in part on Vaultinum’s technical consultant’s expert view of good practices and industry standards and may not reflect some specific industry standards or all standards and good practices.

Vaultinum does not warrant any results from the use of the Know Your Software II Solution and Services.  The Know Your Software II Solution and the Services may be regarded as a decision-making tool and Vaultinum cannot be and is not liable for any decision taken by the Client on such basis.

Users who have access to Audit Reports acknowledge that the Audit Report(s) contain sensitive information belonging to the Assessed Company and agree to not share, reproduce, copy or communicate any of the information found in the Audit Report(s) without first obtaining written consent from the Assessed Company.

4. PAYMENT OF FEES

The payment of Fees for a one-time use of the Know Your Software II Solution are due by the Client upon request for an Audit Report.  A one-time or “one shot” use of the Know Your Software II Solution means the generation of one (1) Audit Report.  Upon the successful Fee transaction, the Audit Report will be provided to the Assessed Company  via the Know Your Software II Solution.   

Prices are available online at vaultinum.com or upon request for an estimate.

PRIVACY POLICY

ARTICLE 1. PREAMBLE

This Privacy Policy is an integral part of the Vaultinum Platform Terms of Service, so the definitions used in the latter are incorporated herein. The Vaultinum Platform Terms of Service can be found at the following URL: https://vaultinum.com/platform-user-agreement. The purpose of this Privacy Policy is to inform Data Subjects about how their Personal Data is collected, how it is processed when using the Platform and/or the Services and finally the Specific Rights that Data Subjects have regarding such processing.

ARTICLE 2. DEFINITIONS

The following terms, whether used in the singular or plural in this Privacy Policy, shall have the following meanings:

"Intermediate Archiving" means the archiving of Personal Data that is still of administrative interest to Vaultinum (for example, in case of litigation and / or legal obligation) in a distinct database, which is separated rationally or physically and to which, in any case, access is restricted. This archiving is an intermediate step before the deletion or anonymization of the Personal Data concerned;

"Beneficiary" has the meaning given by the TOS;

"TOS" means the Vaultinum Platform Terms of Service accessible on the Vaultinum website;

"Deposit" has the meaning given by the TOS;

"Personal Data" means the personal data of a Data Subject, as defined in the General Data Protection Regulation, collected and/or processed by Vaultinum in the context of the use of the Platform and/or the Services;

"Specific Rights" means the rights granted by the General Data Protection Regulation regarding the processing of Personal Data;

"Data Subject" means, without distinction, any person whose Personal Data is likely to be processed by Vaultinum including Users;

"Platform" means the online platform accessible on the website of Vaultinum, by means of access codes and allowing the User to access the Services;

"Privacy Policy" means this privacy and data protection policy for Data Subjects implemented by Vaultinum;

"General Data Protection Regulation" means the law n°78-17 of January 6, 1978 relating to data processing, files and freedoms, in application of the EU regulation of April 27, 2016 published in the Official Journal of the European Union on May 4, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (known as "GDPR" for General Data Protection Regulation);

"Services" has the meaning given by the TOS;

"User" has the meaning given by the TOS;

"Vaultinum" means VAULTINUM, a Swiss limited liability company, identified by the BID number CHE-225.897.477, whose registered office is located at Rue de Genève 18 1225 Chêne-Bourg Genève – SWITZERLAND

ARTICLE 3. LEGAL QUALIFICATIONS

3.1. Vaultinum Qualifications

Vaultinum determines the purposes and means implemented to provide the Platform and Services to Users and must be, as such, qualified as responsible for the processing of Personal Data. Vaultinum acts on the instructions of the Users concerning the hosting of the Deposits and the Personal Data of the Beneficiaries and must be, as such, qualified as a processor of the Personal Data.

3.2. Warranties of the parties

3.2.1 Collection of Personal Data from Data Subjects

The User is solely responsible for the collection of Personal Data of the Data Subject that the User transmits directly (by communicating them) or indirectly (within the Deposits for example) to Vaultinum during the use of the Platform and/or the Services. When Vaultinum acts as a processor, it is the User's responsibility to ensure that the Personal Data of the Data Subjects are:

- collected in a lawful, fair and transparent manner with regard to the Data Subject;

- collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;

- adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization);

- accurate and, where necessary, kept up to date;

- kept in a form that allows the identification of the Data Subjects for no longer than is necessary for the purposes for which they are processed;

- treated in such a way as to ensure their appropriate security.

3.2.2 Processing of Personal Data of Data Subjects
The use of the Platform and/or Services by the User necessarily calls for one or more processing of Personal Data of the User and/or, where appropriate, of Data Subjects with whom Vaultinum has no direct contractual relationship. As such, the User guarantees to Vaultinum that the processing of Personal Data of Data Subjects benefits from an adequate legal basis in accordance with the General Data Protection Regulation such as, in particular, the Data Subjects having consented to the processing of their Personal Data by Vaultinum in the context of the use of the Platform and/or the Services. The User guarantees to Vaultinum that it will ensure that the information of the Data Subjects whose Personal Data are processed shall be in a timely manner and in the forms required by the General Data Protection Regulation, and where applicable for what concerns the processing carried out by Vaultinum, by making available to the Data Subjects the present Privacy Policy.

ARTICLE 4. VAULTINUM ACTS AS THE DATA CONTROLLER

Vaultinum undertakes to implement adequate measures to ensure the protection of Personal Data of Users and to process them in compliance with the General Data Protection Regulation.

4.1. Identity and contact details of the data controller

The controller is Vaultinum and the representative of the controller is Mr. Philippe THOMAS, in his capacity as legal representative of Vaultinum, who may be reached at the email address contact@vaultinum.com or by phone at +41 41 511 82 08.

4.2. Collection of Personal Data

Vaultinum is required to collect and process Personal Data provided by the User via the registration form which is essential to the processing of their request for the creation of an account. By using this form, the User is required to submit the following:

- Surname;

- First name;

- E-mail address;

- Telephone number (optional);

- Date of birth (optional);

- Nationality (optional).

Non-optional information is mandatory and necessary only for the processing of the User's request. The absence of a response to a mandatory field is likely to compromise the processing of the User's request. Depending on the Service chosen by the User, the information indicated as optional when creating an account may become mandatory when subscribing to a Service.

4.3. Purposes of processing

The information collected in the registration form and transmitted directly by the User is recorded in a digital file by the controller and is used for the following purposes:

- Access to the Platform and provision of the Services;

- Customer relationship management and billing;

- Processing requests for access to deposited material;

- Technical support and maintenance of the Platform and/or Services;

- Management of requests to exercise Specific Rights;

- Traceability of operations carried out via the Platform.

The Personal Data is also used to send e-mails for informational purposes, and/or commercial prospecting concerning products or services similar to those already provided to the User. The User acknowledges that they can, at any time, object to the use of their Personal Data (see article 4.8"Exercise of Specific Rights") provided that such use is not necessary for the execution of a contract with Vaultinum and/or for a legitimate interest.

4.4. Legal basis for processing

In accordance with Article 6(1)b of the General Data Protection Regulation, the processing of Personal Data collected via the registration form and/or when subscribing to a Service is necessary for the execution of the TOS to which the User is party. The processing of traces (connection logs) related to operations carried out by the User via the Platform is necessary for the purposes of the legitimate interests pursued by Vaultinum, namely the security of information systems (see Article 6(1)f of the General Data Protection Regulation).

4.5. Retention period

The data collected is kept for the duration of the contractual relationship and, at the end of this period, for the legal period of preservation of data as evidence. Log data (connection logs) is kept for a maximum of one (1) year from the date of their collection. During these periods, Vaultinum undertakes to implement all necessary measures to ensure the confidentiality, integrity and security of Personal Data, so as to prevent, in particular, their access by unauthorized third parties.

4.6. Recipients and transfer of Personal Data

The Personal Data is transmitted to the relevant departments of Vaultinum in order to ensure the processing for the sole purpose provided and agreed upon by the User. Vaultinum uses the technology of the company INGENICO to provide banking transactions. Thus, when paying by credit card, the bank details are encrypted and transmitted to the company INGENICO, without Vaultinum ever having knowledge of such details. As such, Vaultinum does not collect the full number of the credit card, nor its cryptogram. To exercise its rights as set out in Article 4.8- "Exercise of Specific Rights", relating to credit card details, the User is invited to contact the company INGENICO directly. Vaultinum undertakes not to commercialize the personal data collected and not to make any transfer of Personal Data outside the European Union and/or Switzerland. In the event that Vaultinum uses a subcontractor who transfers data outside the European Union and/or Switzerland, it undertakes to ensure that this subcontractor provides sufficient guarantees regarding the implementation of appropriate technical and organizational measures.

4.7. Users' rights

In accordance with the General Data Protection Regulation, the User may, at any time, benefit from the following Specific Rights:

- Right of access;

- Right of rectification;

- Right to erasure;

- Right to restrict processing;

- Right to data portability;

- Right to object;

- Post-mortem instructions.

4.7.1 Right of access
The User has the possibility to obtain from Vaultinum the confirmation that the Personal Data concerning them is or is not processed and, when it is, the access to the said Personal Data as well as the following information:

- the purposes of the processing;

- categories of Personal Data;

- the recipients or categories of recipients to whom the Personal Data have been or will be communicated;

- the length of time the Personal Data will be kept or, where this is not possible, the criteria used to determine this length of time;

- the existence of the right to ask Vaultinum the correction or deletion of Personal Data, or a limitation of the processing of its Personal Data, or the right to object to such processing;

- the right to lodge a complaint with the competent control authority (CNIL in France);

- where Personal Data is not collected from the User, any available information as to its source;

- the existence of automated decision-making, including profiling, and, at least in such cases, relevant information concerning the underlying logic and the significance and intended consequences of such processing for the User.

When Personal Data is transferred to a third country or to an international organization, the User has the right to be informed of the appropriate safeguards with respect to such transfer. Vaultinum provides a copy of the Personal Data being processed and may require payment of a reasonable fee based on administrative costs for any additional copies requested by the User or in the event of a request for transmission of the Personal Data in paper and/or physical form. Where the User submits an application electronically, the information shall be provided in a commonly used electronic form, unless the User requests otherwise. The User's right to obtain a copy of their Personal Data shall not infringe the rights and freedoms of others.

4.7.2 Right of rectification
The User has the possibility to obtain from Vaultinum, as soon as possible, the correction of Personal Data that is inaccurate. The User also has the possibility to obtain from Vaultinum an assurance that any incomplete Personal Data has been completed, including by providing a complementary declaration.

4.7.3 Right of erasure
The User has the possibility to obtain from Vaultinum the deletion, as soon as possible, of Personal Data concerning them where one of the following reasons applies:

- Personal Data is no longer necessary for the purposes for which they were collected or otherwise processed by Vaultinum;

- The User has withdrawn their consent for the processing of their Personal Data and there is no other legal basis for the processing;

- The User exercises their right to object under the conditions recalled below and there is no compelling legitimate reason for the processing;

- The Personal Data has been processed unlawfully;

- Personal Data must be deleted to comply with a legal obligation;

- The Personal Data was collected from a child.

4.7.4 Right to restrict processing
The User has the possibility to restrict Vaultinum from the processing of their Personal Data when one of the following reasons applies:

- Vaultinum verifies the accuracy of Personal Data following the User's challenge of the accuracy of the Personal Data;

- The processing is unlawful and the User objects to the deletion of the Personal Data and demands instead the limitation of their use;

- Vaultinum no longer needs the Personal Data for the purposes of processing but they are still necessary to the User for the establishment, exercise or defense of legal rights;

- The User has objected to the treatment in the conditions outlined hereafter and Vaultinum verifies whether the legitimate reasons pursued prevail over the alleged reasons.

4.7.5 Right to the portability of Personal Data
The User has the possibility to receive from Vaultinum Personal Data concerning the User, in a structured, commonly used and machine-readable format where: - The processing of Personal Data is based on consent or contract; and - The treatment is carried out using automated processes. When the User exercises their right to portability, they have the right to have the Personal Data transmitted directly by Vaultinum to another controller that they will designate when technically possible. The right to portability of the User's Personal Data must not infringe on the rights and freedoms of others. ➢ Right to object The User may object at any time, for reasons relating to their particular situation, to the processing of Personal Data concerning them based on the legitimate interest of Vaultinum. The latter will then no longer process the Personal Data, unless it demonstrates that there are compelling and legitimate reasons for the processing that prevail over the interests, rights and freedoms of the User, or may retain them for the establishment, exercise or defense of legal rights.

4.7.6 Post-Mortem Instructions
The User has the possibility to communicate instructions to Vaultinum on the preservation, deletion and sharing of their Personal Data after their death, such instructions can also be registered with a "certified digital trustworthy third party". These instructions, or a kind of "digital will", can designate a person in charge of their execution; failing that, the User's heirs will be designated. In the absence of any instruction, the heirs of the User may contact Vaultinum:

- to access the processing of Personal Data for the "organization and settlement of the estate of the deceased";

- to receive disclosure of "digital assets" or "data resembling family heirlooms that may be transmitted to heirs";

- to proceed to the closure of the User's account and to oppose the continuation of the processing of their Personal Data.

In any case, the User has the possibility to indicate to Vaultinum, at any time, that the do not want, in case of death, that their Personal Data is communicated to a third party.

4.8. Exercise of Specific Rights

The above Specific Rights may be exercised at any time by sending an e-mail to the following address: dpo@vaultinum.com or by completing the contact form available at the following address: https://vaultinum.com/fr/contact. In order to exercise his or her Specific Rights under the conditions described above, the User must prove his or her identity by any means. Where Vaultinum has reasonable doubts about the identity of the person making the request to exercise a Specific Right, Vaultinum may request such additional information as is necessary, including, where required, a photocopy of a signed identity document. A response will be sent to the User within a maximum of one (1) month from the date of receipt of the request. If necessary, this period may be extended by two (2) months by Vaultinum, which will alert the User, taking into account the complexity and/or number of requests. In case of request from the User for deletion of their Personal Data and/or in case of exercise of their right to ask for the deletion of their Personal Data, Vaultinum will be able however to keep them in the form of Intermediate Archiving, and this for the duration necessary to satisfy its legal obligations, or for evidentiary purposes during the applicable prescription period. The User is informed that they may lodge a complaint with the competent control authority (in France, this is the CNIL). The User is also informed that they have the possibility to withdraw their consent to receive information and commercial offers by clicking on the unsubscribe link accessible at the bottom of an e-mail received.

ARTICLE 5. VAULTINUM ACTS AS A PROCESSOR

5.1. Description of the processing operation, purpose of the processing

Vaultinum is authorized to process, on behalf of the User, certain Personal Data necessary for the use of the Platform and/or the Services. The nature of the processing operations carried out is the collection, processing and storage of data.

The purposes of the processing are:

- the hosting of the Deposits;

- the hosting of the Personal Data of the Beneficiaries.

The categories of Data Subjects are:

- the Beneficiaries;

- any person whose data is included in a Repository.

The Personal Data is:

- the identity of the Beneficiaries: surname, first name, e-mail address, telephone number, company name;

- any other data contained within a Repository.

The data collected is kept for the duration of the contractual relationship and, at the end of this period, for the legal period of preservation of data as evidence.

5.2. Vaultinum's obligations to the User

Vaultinum is committed to:

- process the data only for the purposes for which they are intended to be processed;

- process data in accordance with this Privacy Policy;

- guarantee the confidentiality of the Personal Data processed;

- ensure that persons authorized to process Personal Data are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality and receive the necessary training in the protection of personal data;

- take into account the principles of data protection by design and data protection by default for its tools, products, applications or services.

5.3. Third-party processor

Vaultinum may use another processor (hereinafter referred to as the "Third-Party Processor") to conduct specific processing activities. In this case, it informs the User in advance and in writing of any changes envisaged concerning the addition or replacement of other processors. This information must clearly indicate the subcontracted processing activities, the identity and contact details of the Third-Party Processor and the dates of the processing. The User has a period of eight (8) working days from the date of receipt of this information to terminate his or her account in the event of an objection in accordance with the conditions set out in the TOS. The Third-Party Processor is required to comply with the obligations hereunder on behalf of and according to the instructions of the User. It is the responsibility of Vaultinum to ensure that the Third-Party Processor presents the same sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the General Data Protection Regulation. If the Third-Party Processor does not fulfill its data protection obligations, Vaultinum remains fully responsible to the User for the Third Party Processor's performance of its obligations.. Right to information of the Data Subject It is the responsibility of the User, as the data controller, to provide information to the Data Subjects at the time of collection of the Personal Data.

5.5. Exercise of Specific Rights

To the extent possible, Vaultinum shall assist the User in fulfilling its obligation to respond to requests for the exercise of the Specific Rights of Data Subjects. Unless otherwise specified by the User, Vaultinum must respond, in the name and on behalf of the User and within the time limits provided by the General Data Protection Regulation to requests from the Data Subjects in case of the exercise of their Specific Rights, regarding the data subject to the processing provided by this Privacy Policy.

5.6. Notification of Breaches of Personal Data

Unless otherwise specified by the User, Vaultinum shall notify the competent control authority (CNIL in France), in the name and on behalf of the User, of violations of Personal Data as soon as possible and, if possible, no later than seventy-two (72) hours after becoming aware of them, unless the violation in question is not likely to create a risk for the rights and freedoms of a natural person. Unless otherwise specified by the User, Vaultinum communicates, in the name and on behalf of the User, the violation of Personal Data to the Data Subjects as soon as possible, when this violation is likely to generate a high risk for the rights and freedoms of a natural person.

5.7. Security measures

Vaultinum is committed to implementing the following security measures:

- Pseudonymization and encryption of Personal Data;

- the means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;

- the means to restore the availability of, and access to, Personal Data within a reasonable timeframe in the event of a physical or technical incident;

- a procedure to regularly test, analyze and evaluate the effectiveness of the technical and organizational measures to ensure the security of the processing.

5.8. Disposal of Personal Data

At the end of their contractual relationship, Vaultinum undertakes to destroy all Personal Data, including copies existing in Vaultinum's information systems, with some exceptions. Upon request of the User, Vaultinum can certify their destruction in writing.

5.9. Data Protection Officer

The Vaultinum Data Protection Officer can be reached at dpo@vaultinum.com.