Incorporation

1.1 The Customer shall be entitled at any time during the Term to request the provision of System and Services from gther, and the parties thereafter will negotiate to seek to agree upon the commercial detail of the draft Order Form. Upon execution by both parties, each Order Form shall become incorporated into, and subject to, the terms of this Services Agreement in respect of the System or Services set out therein. The terms of this Services Agreement shall take precedence over any terms set out in an Order Form unless the Order Form expressly states, in the field titled "Special Terms" that certain specific provisions (or part of them) are to take precedence by cross reference to the specific term of this Services Agreement over which it is intended to take precedence.

Term

2.3 Term. This Agreement shall come into force on the Effective Date and shall, unless terminated earlier, continue in force for the period set out in the Order Form ("Term").

Services, System and Customer Data

1.3 Grant of rights. For the duration of the Term, a non-exclusive, non-sublicensable, non-transferable right to access and use the System will be granted solely for the purpose of managing and organising fully digital, virtual, hybrid or in person events, using gther's technology.

1.4 System and Services. Subject to the terms and conditions of this Agreement, gther will provide the System and services identified in the Order Form (the "Services") and Schedule 1: Services. in a reasonable and workmanlike manner, consistent with good industry practice. The Customer's sole and exclusive remedy for breach of this warranty is gther's re-performance of the non-conforming Services and if gther is unable to re-perform such Services to that they conform with this warranty, gther will refund any Fees paid in respect of the non-conforming Services.

1.5 The System and the Services are provided "as is" and gther disclaims all warranties, either express or implied, including but not limited to implied warranties/conditions of accuracy, merchantability and fitness for a particular purpose or any other warranties or conditions implied by applicable law, with respect to the System and/or the Services. gther does not warrant or undertake that the System and/or the Services will meet the Customer's requirements or that they or their access or use will be uninterrupted, free from viruses, bug or error or completely secure. Except as expressly provided in this Agreement, the entire risk as to the System and/or the Services is with the Customer, including for quality and performance and for accuracy or quality of any information transmitted, received or otherwise delivered via the System.

1.6 Prohibited uses: The System and the Services can only be used for lawful purposes and not in any way that breaches any applicable law or regulation. The Customer shall not: (a) use the System or the Services to create liability for or cause damage to gther in any way; (b) duplicate, reproduce, resell, licence or copy the System (or any part of it), or otherwise provide access to the Services to any third party, other than expressly permitted by this Agreement; (b) attempt to, reverse compile, de-compile, reverse engineer or disassemble or otherwise reduce to human-readable form all or any part of the software used to deliver the System; (c) attempt to obtain, or assist third parties in obtaining, access to the Services, other than as provided under this Agreement; (d) attempt to build a product or service competing with the Services and/or the System; (e) build or attempt to build a product, using ideas, features or graphics featured in the Services or the System; (f) copy any ideas, features, functions or graphics of the Services or the System; or (g) delete, amend or otherwise alter any copyright or other ownership notices or legends displayed or contained in any part of the System. gther reserves the right to suspend Customer's access to the System for any breach of this clause without liability or prejudice to its other rights to the Customer.

1.7 Viruses. Customer must not knowingly access, store, transmit or distribute any viruses on to or through the System (or anything that is designed to adversely affect the hardware, software or the System). Customer shall use all reasonable endeavours to protect against this being done (without deliberate intent), including by using up to date virus protection software.

1.8 Cooperation. Customer shall cooperate with gther in all matters relating to the System and/or Services including by providing any information requested, in a timely manner. Customer shall provide or procure for gther all necessary access to the Customer personnel for the purposes of regular touch points and event execution.

1.9 Compliance with laws; permits and licences. The parties shall comply with all applicable laws in connection with their obligations under this Agreement, including the receipt or the use, or the provision, of the System and/or Services.

Data

1.10 The parties hereby enter into the Data Processing Addendum as of the Effective Date and the parties shall comply with their respective obligations as set out therein.

1.11 System. gther uses a proprietary software enabling management and organising digital, virtual and hybrid or in person events (the "System"). Customer acknowledges and agrees that gther owns all intellectual property rights in the System, the Services, all components, contents and data therein (other than Customer Data), the means and methods of performing the Services, and any related documentation. Gther does not grant to Customer any rights to, under or in, any trademarks, patents, database right, trade secrets, trade names, copyright or other rights or licences in respect of the Services or the System, except as expressly stated in this Agreement. Any improvements or modifications to the Services and/or the System or the means and methods of performing the Services or providing the System that may be made by or on behalf of gther, alone or with others, or suggested or requested by Customer, will be the sole and exclusive property of gther. Nothing in this Agreement shall operate to transfer any intellectual property rights from one party to the other. This means that the Customer retains all ownership in any intellectual property rights in any Customer Data.

1.12 Customer Data. Customer will provide to gther all images, information, and other content that Customer desires to be used under this Agreement ("Customer Content"). Customer Content typically consists of video files, presentations and images, and will be submitted by Customer electronically in a format and pursuant to procedures reasonably designated by gther. gther will have no liability with respect to the accuracy, completeness, correctness or any other matter related to such Customer Content.

1.13 After the Customer Content has been submitted to gther and the event(s) completed, gther will provide Customer with a report in an industry standard format of the results and statistics of such event(s) (the "Customer Reports", and together with Customer Content, the "Customer Data"). At Customer's request, Customer Reports will be delivered by gther in portable document or spreadsheet format to one or more email addresses designated by Customer or will be made accessible through a web browser link provided by gther. Any further customisation of Customer Report might be agreed by the Parties for an additional fee. gther may use such Customer Data in the performance of its obligations hereunder. gther agrees that all Customer Reports shall be the exclusive property of Customer and that Customer, in its sole discretion, may use the information contained therein for its own business purposes.

Payment Terms

1.14 Fees and Invoices. Unless agreed in writing by the Parties, in consideration for the supply of the System and/or Services, and the delivery of the Customer Reports, Customer will pay to gther the fees indicated on the cover page (the "Fees"), due and payable monthly based on date of signed Agreement and within 30 days from the invoice date. Fees are to be invoiced in the currency specified on the cover page and if no currency is specified, the Fees are to be invoiced in pounds sterling.

1.15 Late Payment. gther may charge interest on the late payment of any sums properly invoiced and undisputed within fifteen (15) days of the invoice. Such interest shall accrue daily from the due date to the date of actual payment on any such overdue amounts under the Agreement (whether before or after judgment) at the rate of four percent (4%) per annum above the base rate of Natwest Bank PLC in the UK for the time being in force. The Parties agree that the provisions of this Clause 1.14-1.18 provide a substantial contractual remedy for the late payment of sums under this Agreement.

1.16 Without prejudice to Clause 1.8 and any of gther's other rights and remedies, gther may, without liability to the Customer, suspend or remove Customer's access to the System and/or Services in whole or in part if gther has not received payment in full within ten (10) days of notifying the Customer of its intention to do so.

1.17 Indexation. gther may increase the Fees on a written notice to the Customer in line with inflation, up to once a year with effect from each 12-month period of the Effective by the lower of: (a) the percentage increase in the Retail Price Index published by the Office of National Statistics in the preceding 12- month period, and (b) five percent (5%). The first such increase may be exercised by gther twelve (12) months after the Effective Date and shall be based on the latest available figure for the percentage increase in the Retail Price Index.

1.18 Expenses and Taxes. All amounts due from the Customer to gther under or in connection with this Agreement shall be paid in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of taxes required by law). The Fees are exclusive of all (a) reasonable, documented, out-of-pocket costs and expenses incurred by gther that are reasonably approved by Customer in advance, and (b) value added tax which must be stated on the invoice(s) at the appropriate rate and will be the Customer's responsibility. gther will provide with each invoice a reasonable description of all reimbursable expenses set forth on such invoice, and, upon Customer's request, copies of supporting documentation for any out-of-pocket expenses incurred by gther in the course of performing its obligations under this Agreement.

IPR Indemnity

1.19 IPR Indemnity. gther shall at all times during and after the terms of this Agreement indemnify, keep indemnified and hold harmless the Customer against all claims, demands, actions, proceedings and losses in relation to any infringement or alleged infringement of any third party's intellectual property rights in the United Kingdom suffered by the Customer as a result of the Customer's receipt, use of the System.

1.20 In no event shall gther, its employees agents and subcontractors be liable to the Customer to the extent that the alleged infringement is based on: (a) Customer's use of the System in a manner contrary to any instructions given; (b) Customer's use of the System after notice of the alleged or actual infringement from gther or a third party; or (c) a modification to the System by anyone other than gther.

1.21 In the defence or settlement of any claim, gther may: (a) procure the right for the Customer to continue using the System; (b) modify or replace the System so it becomes non infringing; or, (c) if such remedies are not reasonably available, cease performing the part of the System that infringes third party's intellectual property rights, refund to Customer the corresponding portion of any Fees paid in advance and terminate the Agreement with respect to such infringing part of the System.

1.22 The Customer shall at all times during and after the terms of this Agreement indemnify, keep indemnified and hold harmless gther against all claims, demands, actions, proceedings and losses in relation to any infringement or alleged infringement of any third party's intellectual property rights in the United Kingdom suffered by the gther in connection with or a result of receiving Customer Data or Customer Content in the course of performance of fulfilling its obligations under this Agreement.

1.23 The foregoing states the parties' sole and exclusive rights and remedies, and their entire obligations and liability, for the infringement of any intellectual property rights.

Liability

1.24 Nothing in this Agreement limits or excludes either party's liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any other liability that cannot be limited or excluded by law.

1.25 Subject to Clauses 1.23 and 1.24:

in connection with this Agreement, neither party shall be liable for: (a) for loss of business, loss of revenue, any loss of profits, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, in each case whether direct or indirect; or (b) for any special, consequential, or indirect loss; and each party's total aggregate liability in connection with this Agreement, whether in contract, tort (including negligence or breach of statutory duty) or otherwise shall be limited to the total Fees paid or payable under the Agreement during the twelve (12) months immediately preceding the date on which the claim arose.

Termination

1.26 This Agreement may be terminated by either party if:

the other party commits a material breach of any term of the Agreement which is irremediable or (if such breach is remediable) fails to remedy that breach within a period of thirty (30) days after being notified in writing to do so;

the other party suspends, ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business; or

the other party becomes insolvent, seeks to make an arrangement with its creditors, is wound up or any event occurs, or proceedings are taken, with respect to the other party in any jurisdiction that has an equivalent or similar effect.

1.27 gther may terminate this Agreement on giving written notice if the Customer fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than ninety (90) days after being notified in writing to make such payment.

Consequences of termination

1.28 The parties agree that if this Agreement expires or is terminated, Customer's access to the System, and its rights with respect thereto, will terminate.

1.29 In the event of service of any notice of termination of this Agreement, gther shall be entitled to submit an invoice in respect of the System provided and Services performed prior to termination which have not been invoiced and Customer shall make payment in respect of any such invoice in accordance with this Agreement.

1.30 Any rights, obligations, liabilities or remedies of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced.

1.31 The provisions of Clauses 1.10-1.13 (Data), 1.24-1.25 (Liability), 1.26-1.27 (Termination), 1.28-1.31 (Consequences of Termination), 1.32-1.35 (Confidentiality and Announcements), and any other clauses which are intended by their nature to continue or to come into effect after termination or expiry, shall survive the termination or expiry of this Agreement and shall continue in full force and effect in accordance with their terms.

Confidentiality and announcements

1.32 During the term of this Agreement and for a period of five (5) years after termination or expiry of this Agreement, a recipient of Confidential Information from a discloser shall keep that information strictly confidential and shall not copy, record or use it or disclose it other than for the purposes of the proper performance of, or to exercise its rights under, this Agreement (both of which shall include disclosure under equivalent terms to the recipient's employees, officers, representatives or advisors), or with the prior written consent of the discloser. "Confidential Information" means any information, however conveyed by one Party to the other Party and/or a member of its group, whether before or after the Effective Date, including: (a) any technical and non-technical information related to a party's business and current, future and proposed products and services of each of the parties, including for example and without limitation, each party's respective information concerning research, development, trade secrets, know-how, design details and specifications, financial information, procurement requirements, engineering and manufacturing information, market opportunities (including customer lists), business forecasts, sales information and marketing plans and (b) any information a party has received from others that relates to the business affairs of the Discloser or which would appear to a reasonable business person to be confidential or proprietary.

1.33 The obligations in this Clause 1.32-1.35 shall not extend to any matter if (and only to the extent that) it: (a) is required by law, governmental or regulatory authority (including any relevant security exchange), any court or other authority of competent jurisdiction; (b) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; (c) was in the other party's possession before the disclosure; (d) is independently developed by the receiving party, which independent development can be shown by written evidence; or (e) is or becomes publicly known other than through any act or omission of the receiving party.

1.34 The recipient acknowledges and agrees that damages alone may not be an adequate remedy for any breach, or threatened breach, of the confidentiality obligations set out in this Clause 1.32-1.35 and that the discloser shall be entitled to the remedies of injunction, specific performance and other equitable relief.

1.35 gther may publicise the fact that it is providing the System to the Customer and use the Customer's logo in its materials subject to Customer's prior consent (not to be unreasonably withheld or delayed). Neither party shall make any public announcement concerning this Agreement without the prior written consent of the other (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority, any court or other authority of competent jurisdiction.

General terms

1.36 Variation. No variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

1.37 Counterparts. This Agreement may be executed in several counterparts each of which shall be deemed an original but all of which shall constitute one and the same instrument.

1.38 Force Majeure. Each party shall be excused from performance of its obligations under this Agreement (excepting obligations to pay money) if and insofar as such performance is hindered or prevented (directly or indirectly) by reason of any government action, riot, armed conflict, or act of God ("Force Majeure Event") provided that, as soon as practicably possible after any of such circumstances or events arising, the party so affected notifies the other party in writing; in which event the time for performance of the affected obligation will be extended by such period as is reasonable, or as agreed between the parties.

1.39 Rights and remedies. The rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law except as expressly provided in this Agreement.

1.40 Waiver. No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

Data Processing Addendum

The Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Terms and references in this Addendum to the Terms are to the Terms as amended by, and including, this Addendum.

In consideration of the mutual promises and obligations of the Parties set forth herein, the sufficiency of which they expressly recognize and accept, the Parties have agreed as follows:

Definitions

1. In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

(a) "Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with either Customer or gther (as the context allows), where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;

(b) "Customer Personal Data" means any Personal Data Processed by gther on behalf of Customer (including for the sake of clarity, any Customer Affiliate), pursuant to or in connection with instructions given by Customer in writing, consistent with the Terms;

(c) "Controller to Processor SCCs" means the Standard Contractual Clauses (processors) for the purposes of Article 26(2) of Directive 95/46/EC set out in Decision 2010/87/EC as the same are revised, updated or replaced from time to time by the European Commission;

(d) "Data Protection Laws" means (i) Regulation (EU) 2016/679 ("GDPR") together with applicable legislation implementing or supplementing the same or otherwise relating to the processing of Personal Data of natural persons, and (ii) the GDPR as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, together with the Data Protection Act 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 and other data protection or privacy legislation in force from time to time in the United Kingdom; in each case as may be amended or replaced from time to time.;

(e) "Services" means the services to be supplied by gther to Customer or Customer Affiliates pursuant to the Terms.

2. The terms "Controller", "Data Subject", "Personal Data", "Personal Data Breach", "Process" or "process", "Processor" or "processor" and "Supervisory Authority" have the same meanings as described in the Data Protection Laws and cognate terms shall be construed accordingly.

3. Capitalized terms not otherwise defined in this Addendum shall have the meanings ascribed to them in the Terms.

Annex 1: Description of Processing of Customer Personal Data -- Sub-processors

This Annex includes certain details of the Processing of Customer Personal Data as required by Article 28(3) GDPR and, as applicable, Controller to Processor SCCs.

The obligations and rights of Customer

The obligations and rights of Customer are set out in the Terms and in the Addendum.

Subject matter and duration of Processing of the Personal Data

The Processor will provide merchandise analytics services as described in the Terms, which will include the following processing of personal data on behalf of Customer:

Customer will receive a link to Data Processor's online event experience platform to participate in events, which Customer can distribute to its customers, who have signed up to participate in the event. If the consumers consent to participate in the event, the Data Processor will collect certain personal data in order to make available relevant general insights to Customer.

The nature and purpose of the Processing of the Personal Data

The Services will involve processing of Personal Data concerning categories of data subjects and categories of Personal Data specified below for the following purposes:

The overall purpose of the processing is to enable the Data Processor to provide merchandise analytics services as described in the Main Agreement.

The categories of Data Subject to whom the Customer Personal Data relates

The Services will include processing of Personal Data concerning the following categories of data subjects:

• Employees of Customer
• Job candidates
• Former employees of Customer
• Vendors of Customer (including the vendors' employees etc.)
• Customers of Customer (including the customers' employees etc.)
• End-consumers etc., who consent to participate in the events
• Visitors at Customer premises
• Children under 16 years of age

The types of Customer Personal Data to be Processed

The Services may include processing of the data subjects' Personal Data within the following categories of Personal Data:

• Names (incl. first, middle and surnames and aliases)
• Private contact details (e.g. phone no., address, private e-mail etc.)
• Work related contact details (e.g. employer name, work e-mail, work phone, work address etc.)
• Demographic data (e.g. gender, age, nationality, family status)
• Personal interests and preferences
• Private passwords
• Work related passwords
• Data from social media
• Pictures of data subjects
• Videos of data subjects
• Audio of data subjects
• Geo-location data
• Credit card details
• Bank account details
• Payment details
• Purchase details
• Internet use and behavior
• Data about data subjects' relatives(e.g. contact details, names of spouse, age, birth date etc.)
• Job position data (e.g. position, job description, employment date, seniority, termination date, etc.)
• Job CV data (e.g. educational data, former employments etc.)
• Job performance data (e.g. performance, warnings, termination / resignation reasons etc.)
• Payroll data (e.g. salary, pension, tax and benefits etc.)
• Personality tests or similar
• IP-address
• MAC-address
• Contents of messages sent through the platform
• Copy of e-mails, letters and other documents to/from the data subject
• Copy of e-mails, letters and other documents concerning the data subject

Special Categories of Personal Data

The Services will not include processing of special categories of personal data, revealing sensitive data such as:

• Racial or ethnic origin
• Political opinions
• Religion or philosophical beliefs
• Trade union membership
• Sex life or sexual orientation
• Health
• Genetic data
• Biometric data
• Criminal records
• Social security number

List of Sub-processors

For a full list of sub-processors please submit a support ticket using this link, or contact your customer success representative.

Annex 2: Technical and Organizational Security Measures

The technical and organizational security measures applied by gther to the Customer Personal Data are set forth in the Agreement.

1. All facilities used for storage and Processing of Personal Data will have access control and/or restricted access to prevent access by non-authorized persons.
2. gther will take reasonable steps to ensure the reliability of any employees of gther , who have access to the Personal Data. gther shall ensure that such employees have received appropriate training and sufficient instructions in the care and handling of Personal Data.
3. The Processing of Personal Data will be organized in a way so that the necessary checks are made to ensure that no inaccurate or misleading Personal Data are processed.
4. gther will only access Personal Data using a secure and controlled IT system, which includes confidential passwords which prevents unauthorized access to the Personal Data. Such password must be changed at least every three (3) months or when special conditions mandate this.
5. Removable storage media including security copies will be securely stored under lock and in a way preventing unauthorized access to Personal Data.
6. When transmitting Personal Data via the Internet or other external networks, gther is responsible for implementing the necessary security measures to prevent unauthorized access. As a minimum, Personal Data will be encrypted during the transmission. Transmission of sensitive Personal Data requires an encryption algorithm based on at least 256 bit key and complying with the specifications for the encryption standard AES. When using internal networks, un-authorized access must be prevented.
7. Manual material such as print outs, error- and control lists etc. and other material, which direct or indirectly may refer to a specific Data Subject, will be securely stored, locked away, preventing unauthorized access.
8. Deletion of Personal Data from electronic media must be done in a way preventing data recovery.