Terms and conditions Apix Messaging Oy’s general terms and conditions for customer agreements 9/2022 1 BACKGROUND 1.1 These General Terms and Conditions of Agreement (“Terms and Conditions”) apply to the delivery and use of the software (“Software”) provided by Apix Messaging Oy (Business ID 2332748-7, “Supplier”) as described in greater detail in the Service Description with regard to each contractual relationship. Unless otherwise agreed in the Service Description, the Software is delivered via a data network connection in accordance with these Terms and Conditions. 2 SPECIFICATIONS 2.1 Within these Terms and Conditions, a User refers to a natural person who uses the Software. 2.2 Within these Terms and Conditions, a Customer refers to a natural or a legal person who has ordered the user rights to the Software by registering or using an Order or another customer agreement, or who is represented by a User of the Software. 2.3 Within these Terms and Conditions, Software refers to a software package provided by the Supplier and specified in the selected Service Description. 2.4 Within these Terms and Conditions, a Price List refers to the Supplier’s currently valid price list or price lists which specify the prices of the Software or services to be delivered. 2.5 Within these Terms and Conditions, a Service Description refers to the description or descriptions of the functionalities, content, service level, or purpose of use of the Software or service that is included in the agreement as an appendix. 2.6 Within these Terms and Conditions, Information refers to data and files saved by the Customer in the Software. User information refers to information saved by the Software specifying the use of the Software by the User and Customer. Hereinafter, User information and Information are jointly referred to as “Information”. 2.7 Within these Terms and Conditions, Sanctions refer to the sanction laws and regulations adopted by the United Kingdom, the European Union, Finland and the United States, prohibiting business transactions with the persons or communities specified in the provision. 3 SOFTWARE CONTENT AND SERVICE LEVEL 3.1 The content of the Software is determined by the selected Service Description. 3.2 The instructions and use environment requirements of the Software and up-to-date contact information of customer support are available on the Supplier’s website, in the Software or from the Supplier on request, depending on the Software’s product version. 3.3 The Software may change as the Supplier develops the Software further. The Supplier can make a change in the Software that (a) is targeted at the production environment of the Software and does not reduce the content or the service level of the Software, (b) is necessary for the prevention of a data security threat targeted at the Software, (c) results from legislation or a regulation by an authority, or (d) has been notified to the Customer well in advance. 3.4 The Supplier may prevent access to the Software without consulting the User or the Customer if the Supplier suspects that there is inappropriate Information stored in the Software, access to the Software by other users may be risked by the stored Information or if these Terms and Conditions are violated. 3.5 The Supplier will aim to make the Software available at all times, but it may suspend the use or change the content of the Software whenever this is considered necessary. Unless otherwise agreed in the Service Description concerning service levels, the Supplier does not commit itself to specific service levels in the Software or assume responsibility for any deterioration of service level or its consequences. The Supplier has the right to interrupt the availability of the Software due to, for example, installation, revision or maintenance work or due to a security threat, or legislation, requirement or regulation by an authority. 3.6 The Supplier cannot guarantee the availability of the Software without interruptions or the production of services by a party that offers communications services or a network connection or another third party that affects the use of the service. The Supplier attempts to notify the Customer well in advance of any service or maintenance breaks. 3.7 The Software can enable the transfer of information through API or SFTP interfaces (“Interface”). The Supplier may change or limit the use of the Interface on the same grounds as the rest of the Software. If the services of third party providers are connected to the Software through the Interface, the Customer must make separate agreements with the service providers in questions to specify the terms and conditions and data protection procedures. The Supplier is not responsible for the use of these services or their compatibility with the Software. 4 TERMS AND CONDITIONS OF DATA PROTECTION 4.1 The Customer acts as the data controller within the meaning of the applicable data protection legislation (“Data Controller” or “Customer”) with regard to the personal data of the Customer’s customers or employees or other persons that is processed by the Supplier (“Data Processor” or “Processor”)in the service to implement it (“Customer’s Personal Data”). The Data Controller is responsible for the Customer’s Personal Data and for ensuring that it is legally processed pursuant to the applicable data protection legislation. The Data Controller is responsible for all required measures and for acquiring, securing and maintaining all rights, agreements and authorizations that the Data Processor needs in order to implement the service in accordance with this section 4. Terms and Conditions of Data Protection without breaching any laws or third-party rights. The Customer’s Personal Data and the processing details are specified in the Data Processing Policy documents, which are available, depending on the product version of the Software, on the Supplier’s website or customer service page, the Software or, upon request, from the Supplier. 4.2 The Data Processor must ensure that it will process the Customer’s Personal Data on behalf of the Data Controller pursuant to the applicable data protection legislation and as required in order to provide the service and in compliance with this section 4 Terms and Conditions of Data Protection. The Customer’s Personal Data is processed according to the Data Controller’s reasonable written instructions. The Data Controller ensures that the instructions are described in detail in this section 4 Terms and Conditions of Data Protection. If the Data Controller provides the Data Processor with additional instructions on the processing of the Customer’s Personal Data, the Processor has the right to charge for the resulting additional costs and work that are required in order to comply with the instructions. If the Data Processor is not able to comply with the instructions provided, the Data Processor will immediately notify the Data Controller of this and the parties will attempt to solve the issue together in an appropriate manner. If the issue cannot be solved within one (1) month, each party has the right to cancel the service agreement to which the instructions on the processing of Personal Data relates with a notice period of two (2) months. The Data Processor informs the Data Controller without delay if it considers that the provided instructions violate the applicable data protection legislation. 4.3 Notwithstanding the above, the Supplier and its affiliates have the right, to the extent permitted by legislation, to use the data created in connection with the service provided and the processing of the Customer’s Personal Data in accordance with the Data Processing Policy document for the development (for example, automating functions), analysis and assessment of the provided service and the operations related to it as well as for statistical purposes, provided that individual natural persons cannot be identified from the end result and that the Supplier’s confidentiality obligations are complied with. 4.4 The Data Processor keeps the Customer’s Personal Data confidential and ensures that the persons authorized to process the Customer’s Personal Data are committed to confidentiality or subject to an applicable statutory confidentiality obligation. 4.4 Taking into account latest technology and implementation costs, the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller and the Data Processor must implement appropriate technical and organizational measures to ensure a level of security that corresponds to the risk. 4.5 The Processor must inform the Data Controller of any data protection breaches of the Customer’s Personal Data without delay. The Data Processor provides the Data Controller with the data that is required to meet the Data Controller’s duty to notify. The data is provided to the extent that is available and known to the Processor. The Data Processor seeks to remedy and limit the effects of the breach. 4.6 Upon request and subject to commercially acceptable terms and conditions, the Data Processor helps the Data Controller to implement the rights of a data subject and to meet the obligations set out in the applicable data protection legislation, taking into account the nature of the processing and the information available to the Data Processor. 4.7 Upon request, the Data Processor provides a required report on the compliance with the applicable data protection legislation. The Supplier is entitled to invoice for the assistance provided in accordance with this section 4 Terms and Conditions of Data Protection. 4.8 When the processing of the Customer’s Personal Data is no longer necessary, the Data Processor returns the Customer’s Personal Data to the Data Controller upon a written requests or removes the data, including any copies. When it is no longer necessary to process the Customer’s Personal Data in accordance with this agreement, the Customer has the right to make a copy of the Customer’s Personal Data stored in the service independently. Upon the Customer’s request, the Supplier must destroy the Customer’s Personal Data and notify the Customer of the destruction of the data unless the Personal Data need to be stored due to legislation. Notwithstanding the above, the Supplier has the right to store the Customer’s Personal Data in order to comply with the applicable legislation and secure its legitimate interest, for example, to demonstrate that the service has been provided as agreed between the parties. 4.9 The Customer accepts and agrees that the Data Controller’s group companies may process the Customer’s Personal Data in order to provide the service and that the Data Processor and its group companies have the right to use sub-processors for the processing of the Customer’s Personal Data. A written agreement must be made with each sub-processor, containing the obligations to protect the Customer’s Personal Data specified in this section 4 Terms and Conditions of Data Protection to the applicable extent. The sub-processors are described in the Data Processing Policy document. The Data Processor informs the Customer of new sub-processors before starting the processing. The Data Controller has the right to object to the use of a new sub-processor in writing on justified grounds pertaining to data protection within two (2) weeks of receiving the notification. In this case, the Data Processor continues the processing subject to the agreed terms and conditions until (i) both parties have agreed to end the processing and to return the Customer’s Personal Data to the Data Controller or to transfer it to a new service provider, or (ii) both parties have agreed on a way to continue the processing and the related costs. 4.10 The Data Controller accepts that the Customer’s Personal Data may be processed by sub-processors that are located outside of the Data Controller’s home country. If the Customer’s Personal Data is transferred outside of the EU or the EEA, the Data Processor must, on behalf of the Data Controller, carry out the proper protective measures to guarantee and secure the data subjects’ rights and privileges in accordance with the requirements of the applicable data protection legislation. For instance, the Data Processor may, on behalf of the Data Controller, make an agreement in accordance with the standard data protection clauses approved by the European Commission on the processing of personal data in order to meet the requirements of the applicable data protection legislation. 4.11 The parties specifically state that the Supplier, acting as the Data Controller in relation to providing the service, processes Personal Data related to the Customer’s employees and decision-makers (for example, the Customer’s contact persons or Software users) or other persons (for example, persons presented in the Software Information). This data is processed for the purpose of maintaining the service and for error diagnostics, customer service, invoicing, communication and marketing, developing and providing new services and for other similar purposes (“Supplier’s Personal Data”). The Supplier’s Personal Data is collected from different sources. It can be generate in connection with using the service (for example, login data or invoice processing data) or be included in the Information processed in the Software (for example, accounting receipt data). The Supplier is responsible for ensuring the lawfulness of the processing. The parties are aware that the processing may result in obligations both for the Customer and the Supplier, such as the obligation to notify the persons to whom the Supplier’s Personal Data refer of the processing. Further information on the processing of the Supplier’s Personal Data is available on our website. 4.12 Pursuant to the data protection legislation, a data subject has the right to access the data (inspection rights), to request the correction or removal of data or to limit the processing of the data. The Supplier does not directly respond to queries or requests by data subjects in relation to the Customer’s Personal Data. The Supplier provides the Customer with a service that makes it possible to implement the inspection right. The service may be subject to a service charge. 4.13 The Data Controller and the supervisory authority have the right, in accordance with the applicable data protection legislation, to carry out inspections to ensure that the Processor complies with its contractual obligations in the processing of the Customer’s Personal Data. The Data Controller may carry out such an inspection once a year. The inspection may also be carried out by an external inspector, provided that the inspector is committed to confidentiality obligations that can be reasonably accepted by the Data Processor. The parties agree on the time, scope, duration and other details of the inspection well in advance. The inspection must be carried out in a manner that does not disturb the Data Processor’s business or breach the Processor’s obligations to third parties (including but not limited to the Processor’s other customers, partners and suppliers). The Data Controller must compensate for the inspection costs, as agreed. 5 IDENTIFICATION DATA 5.1 The Customer must ensure that the Customer and all of the assigned Users store their usernames, passwords, and variable passwords in a secure location separate from each other. The Customer must ensure that the identification data described above are not disclosed to third parties. If the identification data is disclosed to third parties, or the Customer suspects that it may have been disclosed to third parties, the Customer must notify the Supplier of this without delay in order to prevent unauthorized use of the Software. The Supplier is entitled to interrupt the use of the Software after the Customer has notified the Supplier of a possible disclosure of identification data to third parties until new identification data have been implemented. 5.2 The Customer is responsible for commitments and other operations made using their identification data until the Supplier has received the notification of the disclosure of identification data to third parties and the Supplier has had a reasonable amount of time to prevent the use of the Software. 5.3 Identification data correspond to a Customer’s signature when entered in the manner required by the Software. 5.4 If a User has handled their identification data carelessly or otherwise contributed to the disclosure of the identification data to a third party, the Customer is responsible for all of the expenses caused to the Supplier or a third party due to the User’s actions. 6 GENERAL RIGHTS AND OBLIGATIONS OF THE SUPPLIER 6.1 The Supplier provides the Software professionally and carefully, in accordance with the Terms and Conditions. The Supplier has the right to include open source code software in the Software. 6.2 The Supplier must notify the Customer without delay of any issues that could prevent the use of the Software as specified in the Terms and Conditions or endanger the privacy of the Customer’s Information. 7 GENERAL RIGHTS AND OBLIGATIONS OF THE CUSTOMER 7.1 The Customer is entitled to use the Software in its internal operation as specified in the Terms and Conditions. 7.2 The Customer or the User is not entitled to resell or otherwise distribute the Software to third parties 7.3 The Customer is responsible for the acquisition and condition of equipment, connections, software, and operating environment required for using the Software. The Customer is responsible for the protection of their data system, their communications costs and other similar costs related to the use of the Software. The Customer must ensure that the equipment, connections, software and data systems meet the operating environment requirements submitted by the Supplier and that the Software is suitable for the Customer’s purposes. 7.4 Unless otherwise agreed, the Software is located on a server maintained by the Supplier or a third party. The Customer must ensure that the Customer or Users assigned by the Customer do not try to copy the Software from a server, examine, alter or copy the source code of the Software, otherwise disturb the operation of the Software, or access in an unauthorized manner the database, customer information or information saved by other customers. 7.5 The Customer must not allow the use of the Software in a country that opposes any legal restrictions concerning technology export or where the use of the Software would be illegal or require a permit or insurance, or cause the Supplier a more extensive responsibility or obligation that deviates from this agreement or Finnish laws. 7.6 The Customer is responsible for the use of the Software, the content of the Information and the exchange of information performed using the Software. 7.7 The Customer assures that the Customer, its direct and indirect shareholders or associates, and senior managers are not subject to Sanctions. The Customer agrees to notify the Supplier without delay should these circumstances change during the contract period in a way that would make the assurance given herein untrue. Irrespective of what has been agreed on the limitation of liability, the Customer is liable for all losses, damages and costs incurred by Accountor Group companies because the assurance given by the Customer herein is untrue or the Customer has neglected its duty to notify. 8 GENERAL RIGHTS AND OBLIGATIONS OF THE USER 8.1. By using the Software, the User agrees to comply with these Terms and Conditions in the role of the User. The Software may only be used by a legally competent adult authorized by the Customer and the use must be in compliance with these Terms and Conditions. 8.2 The User must keep the username and password in a secure place and not disclose them to any third parties. The User is responsible for the use of the Software with his or her username and password. The User will notify the Supplier without delay of the disclosure of a password to a third party or a suspected unauthorized use of a username or password. At the request of the Supplier, the User must change the password necessary for the use of the Software, if it is considered necessary due to a data security threat targeted at the Service. 8.3 In order to ensure the data security and usability of the Software, the Supplier may terminate a User’s network connection to the Software if the User is not using the Software. 9 PRICE AND PAYMENT TERMS OF THE SOFTWARE 9.1 The price and payment terms of the Software are described in the Supplier’s currently valid Price list included in the selected Service Description. The Supplier may revise the price by notifying the Customer of the revision at least thirty (30) days before the change enters into force. 9.2 Prices include currently valid public fees regulated by authorities apart from value added tax. Value added tax is added to prices according to current regulations. If the amount or charging grounds of public fees regulated by authorities change due to a change in provisions or taxation practices, prices will be changed accordingly. 9.3 Any notifications concerning invoices must be made within ten (10) days of the invoice date. 9.4 If an invoice is not paid by the due date, penalty interest will be accumulated on the overdue sum according to the current Interest Act until the Supplier has received the total overdue payment, including the penalty interest. The penalty interest will be calculated for each day after the due date. In addition to the penalty interest, the Supplier may prevent the use of the Software until the Customer has paid all overdue payments to the Supplier. 9.5 The Customer must also pay reasonable reminder and collection charges in connection with overdue payments. In case of a dispute concerning an invoice, the undisputed part of the invoice must be paid by the due date. 10 INTELLECTUAL PROPERTY RIGHTS AND CUSTOMER’S DATA 10.1 The Software is the sole property of the Supplier and/or a third party, and it may be protected by a copyright or another intellectual property right. The User will not be granted any rights to the Software, technology or content other than the user rights to the Software as specified in these Terms and Conditions. On the basis of these Terms and Conditions, no rights will be granted to use the Supplier’s or the Software’s business names, logos, domain names or other brand names or identifiers. The Supplier can freely use, without compensation, suggestions, comments or proposals that it has received. 10.2 The ownership and intellectual property rights to Information saved in the Software belong to the Customer or a third party. 10.3 The Customer will be responsible for the Information saved by Users in the Software and for having the right to use the Information without violating the rights of third parties or currently valid legislation. 10.4 The Customer is responsible for all of the costs and claims and requirements presented to the Supplier or its group companies that are either directly or indirectly due to Information or the Customer’s violation of these Terms and Conditions. The Supplier has the right to defend itself against the claims mentioned above. 10.5 Unless otherwise provided by the Terms and Conditions of Data Protection in section 4, the Supplier is entitled to use the Information as follows: a) The Supplier may freely compile and disclose Information to group companies or third parties for the purposes of preparing statistics reports, improving the Software, producing information services, and other similar purposes, provided that the individual Customer, User or other natural person the information concerns cannot be identified, recognized or traced either directly or indirectly from the statistics, reports or information services produced. b) The Supplier may use the Information to target its own services or the services of third parties to individual Users or Customers within the Software. In this case, the Information may be disclosed to the party that provides the service based on the targeting, with the Customer’s specific consent. However, the Customer may forbid the targeting of services in the Software. b) The Supplier may use the access information for issuing invoices related to the use of the Software and for targeted marketing. The Supplier may share this access information with subcontractors and partners. c) The Customer’s specific consent is required for using the Customer’s own information in the production of information services concerning the financial situation of the Customer and disclosing the Customer’s Information, except in cases where these activities are included in the Software according to the Service Description. d) The Supplier may process and disclose information to third parties provided that individual persons can be identified from the Information only as instructed by the Customer and in compliance with data protection legislation. 11 LIMITATION OF LIABILITY 11.1 In addition to the assurances specifically stated in these Terms and Conditions, the Supplier will not grant any other assurances on the applicability of the Software for a specific purpose, the quality of the Software, integrity of third parties’ rights, or other issues. 11.2 The Supplier is not responsible for any indirect losses to the Customer. The Supplier’s maximum amount of compensation in any case is the total price paid by the Customer to the Supplier for the use of the Software excluding value added tax for two (2) months prior to the damage and a maximum of ten thousand (10,000) euros during this contracting relationship. 12 CONFIDENTIALITY 12.1 The parties or their employees or group companies may not use or express the confidential information of another party to a third party other than as specified in these Terms and Conditions. The parties must handle the confidential information of another party at least with the same diligence as they would their own confidential information provided that the confidential information is always handled at least with reasonable diligence. 12.2 The Supplier is entitled to include the Customer in a reference list. 13 FORCE MAJEURE 13.1 The Supplier may postpone the delivery date, cancel the agreement or change the Software without causing implications to the Supplier if it cannot continue its business operations due to a reason that it has had no reason to consider when making the agreement and of which the Supplier is independent. Such events may include war, rebellion, civil unrest, requisition or confiscation for public use performed by an authority, import or export prohibition, natural disaster, interruption of public transport or energy supply, labor dispute or fire, disturbance in communications network or other online communication independent of the Supplier, or other significant reason in terms of its impacts independent of the Supplier. If the reason for the delay continues for more than three (3) months, the Customer is entitled to terminate the agreement in writing. 14 VALIDITY AND TERMINATION 14.1 This agreement includes the following documents as inseparable parts listed in the order in which they are applied: 1) Customer agreement or an order or registration form or partnership agreement, 2) Service Description, 3) Special Terms of the Service Description, 4) Price list, 5) Data Processing Policy documents, and 6) these Terms and Conditions. 14.2 The Supplier may change these Terms and Conditions and other currently valid agreement terms on the basis of changes in legislation, contractual usage in the field, or the content of the Software, or for another reason related to the Software. By using the Software, the User approves the currently valid version. The Customer and the Accounting office must be notified of changes to the terms thirty (30) days before they enter into force at the latest either in connection with the Software or with a separate message. If the Customer does not approve the changes to the terms, they can terminate the agreement with a notice period of no more than six (6) months, and the changed terms will not enter into force during the notice period. 14.3 Unless otherwise agreed upon between the parties, this agreement remains in force for an indefinite term and the Customer or the Supplier may terminate this agreement subject to three (3) months’ notice . A fixed-term Software user right is valid until the end of the agreed period. 14.4 A party may terminate the agreement in writing immediately if (i) the other party is declared bankrupt or placed into liquidation, or if it becomes permanently insolvent, performs transfers or actions that favor creditors, or (ii) if the other party is in significant breach of its contractual obligations and has not rectified the violation within thirty (30) days after receiving a notification from the other party on the matter. 14.5 The Supplier has the right to cancel the contract or limit its contractual obligations for a justified reason that is related to Sanctions. The Supplier is not liable for losses caused by such cancelling or limiting. 14.6. If the Customer does not use Software that is offered to the Customer free of charge, the non-use of the Software, as specified in the Service Description, is regarded as the termination of the agreement. The Customer’s right to use the Software ends at the end of the notice period. 15 GENERAL TERMS 15.1 A party has no right to transfer the agreement or any part thereof without the other party’s written consent. However, the Supplier may transfer the agreement to its group company at any time or to a third party in connection with a company reorganization or a business transaction, or at the sale of a significant part of the Supplier’s assets that the Agreement concerns. The Supplier may transfer any contractual overdue payments to a third party by notifying the Customer of the transfer in writing. The Supplier may use Subcontractors for the provision of the service subject to the terms and conditions of data protection in accordance with section 4. 15.2 If a specific condition is considered illegal, invalid or such that it cannot be entered into force, it will not affect the validity, legitimacy, or implementation of other terms or the whole agreement. 15.3 If a party does not use a right that is based on this agreement, it will not limit the party’s right to refer to the agreement terms later in a similar case. 15.4 This agreement does not form a joint company, employment or franchise, agency or other consortium between the parties and entitle a party to represent or make any commitments, agreements or assurances on behalf of the other party. 15.5 All of the information and notifications related to this agreement addressed to the other party must be delivered in writing (i) as a registered letter in which case the notification is considered to have been received by the other party within seven (7) days after it has been posted, (ii) as an express letter in which case the notification is considered to have been received by the other party within two (2) days after it has been posted, (iii) by email in which case the notification is considered to have been received by the other party at the time it has been sent, or (iv) by including a notification in connection with the Software. Notifications must be addressed to an official registered address or another recorded address. 15.6 Finnish law applies to these Terms and Conditions, apart from the conflict of law rules. All disputes that arise from these Terms are resolved finally by one arbitrator according to the regulations of the Arbitration Institute of the Finland Chamber of Commerce. The arbitration location is Helsinki, and the arbitration language is Finnish. The arbitrator’s verdict is final, binding to both parties and it can be entered into force by any competent court. The other party can apply for a temporary precautionary procedure. At the request of the Supplier, any claims concerning outstanding accounts will be resolved at the general court of the defendant’s domicile.