Tabesto - Terms and Conditions

These General Terms of Service (“Terms”) are effective when accepted by Client (by checking the acceptance box, signing  a quote  or by any other means of acceptance) (“Effective Date”), and are entered into by Customer and Tabesto SAS, a company incorporated under the laws of France, with company number 817 490 899, with a registered office at 112 AVENUE DE PARIS 94300 VINCENNES  (“Tabesto”) owned by Deliverect NV, with a registered office at Foreestelaan 82, 9000 Ghent, Belgium (“Deliverect”), and if applicable, with Affiliates of Tabesto. These Terms shall govern Client’s access to and use of Services, Platform and the Solution. By using  Services, Platform or the Solution, Client agrees to be bound by these Terms. If you are accepting these Terms on behalf of a third party, you represent and warrant that: (a) you have full legal authority and capacity to bind such third party under these Terms; (b) you have read and understood these Terms; and (c) you agree, on behalf of such third party, to these Terms. If you do not have the legal authority to bind such a third party, you must refrain from accepting these Terms on its behalf. Customer acknowledges and agrees that the English version of the Terms takes precedence and control over any translated version of these Terms that may be made available by Tabesto.

Whereas:

1. Tabesto provides support to restaurateurs in the context of the management of orders and has constructed a platform allowing restaurateurs’ customers to submit orders (the “Platform”) with the assistance of hardware configured for such purpose.

The Tabesto service is operated remotely in SaaS (“Software as a Service”) mode and is accessed through the Internet.

2. On the basis of this offering the Client wants to use the Platform and use of the Platform is subject to the terms and conditions set out here (“Terms”)

The parties have agreed as follows: 

DEFINITIONS

For the purposes of the application of these Terms, terms beginning with a capital letter used hereinafter which are not defined in the main body of these Terms have the meaning given thereto below:

Client Administrator means any person authorised by the Client to have access to the Administrator Space.

Data means any data used in the context of the provision of the Service. Data shall be transmitted by the Client to Tabesto or through the Platform for the purposes of the provision of the Service.

Protected Components means the Solution and more generally all the procedures, instructions, programmes, customisations, processes and electronic forms, as well as all the information, documentation and analyses made available to the Client by Tabesto in connection with the Terms.

Administrator Space means the space dedicated to the Client to which Data are uploaded and where such Data are held and shared, where applicable, and which may be administered and consulted by Client Administrators throughout the term of these Terms.

Establishment means the restaurant establishments managed by the Client and listed in the Terms.

Equipment means any equipment provided by Tabesto to the Client in accordance with the Order.

Client Option means the set-up of the configuration desired by the Client and approved by Tabesto.

Platform means the order management platform defined in paragraph 1 of the Recitals.

Client Reversibility means the procedure by which Data is returned to the Client in the context of the Service.

Service means the modular Tabesto services provided to the Client by Tabesto hereunder, including access to the platform allowing consumers to submit orders, receipt of orders at check-out and the publication of menus and prices.

Solution means all the programmes and models enabling the provision of the Service and made available by Tabesto for the purposes of the provision of the Service.

In the main body of these Terms, unless provided otherwise, any reference to a Clause or Schedule shall be a reference to a Clause or Schedule of these Terms.

Clause I. Purpose and term of these Terms

1.1 Purpose

The purpose of these Terms is to set out the terms and conditions in accordance with which Tabesto shall grant to the Client a personal, non-exclusive and non-assignable licence to access and use the Solution in SaaS mode, as described in further detail in Schedule 1, for its personnel and customers.

The Service shall be provided and the Solution shall be made available remotely through the Administrator Space for Client Administrators.

The Service shall be provided and the Solution shall be made available by way of remote access for customers of the Client without the Administrator Space acting as intermediary.

It is specified that online access to the Solution requires that the Client have access to a telecommunications network. No such service is included in the Terms. The Client shall be solely responsible for ensuring access to a telecommunications network.

On the signature of these Terms, Tabesto shall provide the Client with a single username and password allowing the Client the log into its account on the Platform.

1.2 Term 

The Terms shall enter into force on the date the Service is commissioned.

In the context of these Terms, the initial contractual term shall be mentioned explicitly on the quote that the Client receives from Tabesto for the use of its products  The Terms shall then be renewed tacitly and in its entirety for successive terms of twelve (12) months.

In case the Client pays cash for the Equipment, the license to the Solution will commence at the latest thirty (30) days from the date of delivery of the Equipment at the premises of the Customer.

In the event of entry into a tripartite financial lease agreement for the Equipment, the initial term shall be that stipulated by the financial lease agreement signed in conjunction with these Terms. On the expiry of the initial term as stipulated by the financial lease agreement, these Terms shall be renewed tacitly and in its entirety for successive terms of twelve (12) months.

The Party who does not wish to tacitly renew these Terms must notify its decision to the other Party by registered letter with recorded delivery three (3) months prior to the expiry of its term.

Clause II. Grant of access to the solution and delivery of Equipment

2.1 Grant of access on the Terms’s entry into force

Tabesto undertakes to deliver the Equipment and to make the Solution available to the Client on the first day of  the ’s term.

In consideration of the delivery of the Equipment, the Client shall pay to Tabesto an amount corresponding to the quote issued by Tabesto.

2.2 Transfer of title to the Equipment on delivery

In the event the client pays cash for the Equipment, and upon full payment, full and unrestricted title to the Equipment is transferred to the Client on the day the Equipment is delivered to the Client.

In consideration thereof, the amount paid to Tabesto shall be definitively and irrevocably encashed by Tabesto as the sale price of the Equipment.

Upon Delivery of the Equipment Client is required to sign the delivery note to account for the delivery, unless the Equipment is visibly damaged or the incorrect quantities are delivered.

In the event of a Finance Lease Agreement, no option to own the Equipment is granted to the Client or the Beneficiary Members.

At the end of the Finance Lease Agreement : 

• ownership of the Equipment is transferred free of charges to the Client only if the Client undertakes to renew its subscription to the Solution for at least 1 (one) year,

• on the contrary, i.e. if the Client wishes to terminate its subscription to the Solution, the Client undertakes to send the Equipment back to the logistics platform indicated by Tabesto, in accordance with the terms and conditions of Finance Lease Agreement

With regard to the Equipment, Tabesto warrants that the Equipment shall be compatible with its documentation for a period of twelve (12) months.

For the avoidance of doubt, only the Equipment can be the subject of a Financial Lease Agreement.

2.3. Equipment Transactional Fee. 

Tabesto can provide the Equipment to Client without an upfront hardware fee. This option is only made available to Clients that sign up for a thirty-six (36) month subscription term during which Tabesto retains full legal title to the Equipment. Transfer of ownership to Client of the equipment shall take place at the end of the thirty-six month term upon full payment of the invoiced Equipment Transactional Fee. Client acknowledges that shipping, setup, and installation costs are excluded from the financing and invoiced separately. Client agrees to pay the fixed fee per order processed through the Equipment as set forth in the quote (the "Equipment Transactional Fee "). The Equipment Transactional Fee covers the purchase price of the Equipment which is fixed at the price mentioned in the quote provided by Tabesto, connected software and technology components, the operational risk and other related costs of Tabesto which will amount to the Equipment Transactional Fee paid by Client that exceeds the Equipment purchase price mentioned in the quote. This transactional fee shall be invoiced monthly. If the average monthly order volume per digital terminal falls below the "Minimum Order Threshold " defined in the quote after the first six (6) months of the subscription, Tabesto reserves the right to adjust the Equipment Transactional Fee or terminate the subscription and/or reclaim the Equipment. In the event of termination within the first twelve (12) months, Client shall be liable for a fee equal to the difference between the Equipment Transactional Fees actually paid and the fees payable had the Minimum Order Threshold been met.

Clause III. Tabesto’s obligations

3.1 Nature of Tabesto’s undertakings 

Tabesto undertakes to provide the Service and to ensure the continuity thereof with all reasonably possible care and diligence in accordance with best practice and the applicable regulations.

As the Solution is not installed on the Client’s hardware, no delivery of the Solution media shall take place, with the Solution being made available by opening a connection to the Administrator Space and the delivery of usernames to the Client Administrators.

As far as all the services and obligations referred to in the Terms are concerned, Tabesto shall be bound by a mere obligation of means, it being specified that certain obligations of means are detailed further in Schedule 3.

Tabesto shall not be responsible for the integration of the Solution with the point-of-sale software used by the Client and shall not therefore be liable for the absence or inaccurate transmission of orders submitted through the Solution to the system/point-of-sale software used by the Client.

3.2 Warranties and limitations of Tabesto’s liability

3.2.1 Corrective and upgrading maintenance – Service level

Tabesto shall be solely responsible for corrective and upgrading maintenance on the applications permitting the provision of the Service. 

The Client shall have access to the Platform 24 hours per day, seven days per week, apart from during back-up or maintenance work or on the occurrence of an event of force majeure.

(i) Scheduled maintenance
Any disruption of the Service, including inter alia in the event of the modification of any component of Tabesto’s information system, must be notified by e-mail or letter at least 48 hours in advance of the scheduled maintenance, which shall take place at the time of day least prejudicial to the Client (and in any event not between 11 a.m. until 10 p.m. CET).
The Platform may be temporarily inaccessible during maintenance.

(ii) Corrective maintenance
Tabesto is unable to guarantee the continuous, uninterrupted operation of the Service free of errors and bugs. However, Tabesto shall correct or remedy at its own expense any anomaly in the Service. Any corrections or services which are necessary for a reason that is not attributable to Tabesto may be invoiced separately.

(iii) Upgrading maintenance
Tabesto reserves the right to carry out updates to the Solution and the Service, including inter alia in terms of its layout, organisation, graphics and upgrades of a technological, regulatory or legislative nature, and shall ensure to the extent required the upward compatibility of different versions thereof with the Client’s information system. The terms and conditions of these Terms shall apply automatically and in full to any such update of the Service.
In the case of any new version of the Service comprising new features, Tabesto reserves the right to provide the Client with such new version in the context of these Terms. However, these Terms may where necessary be amended to incorporate any new terms and conditions of use, technical and use-related recommendations and applicable new pricing terms.

(iv) Service level

Schedule 3 defines the service level guaranteed by Tabesto in the context of the provision of the Service.

3.2.2 Limitation of Tabesto’s liability

Tabesto’s liability for any damage resulting directly from the non-performance or defective performance of these Terms shall be expressly limited to an aggregate amount per calendar year equal to the price paid by the Client to Tabesto for the provision of the Service over the three months preceding the Client’s claim, irrespective of the legal basis for the claim and the proceedings instigated to bring such claim.

In any event, Tabesto shall not be liable on any basis whatsoever for any indirect loss of any nature whatsoever resulting from the provision of the Service, including inter alia any non-financial loss, loss of turnover, lost profit, loss of customers or market-share or reputational damage suffered by the Client and/or its customers.

On the other hand, Tabesto shall have no liability in any circumstances for the non-provision or defective provision of the Service resulting from any breach by the Client of the obligations incumbent upon it. In particular, Tabesto shall have no liability for any use of the Service made by the Client or the Client’s customers.

Tabesto shall not have any general obligation to monitor the Data transmitted or stored through the Service.
The only obligations inherent to its capacity as a data host are related to the illegality of certain content, such as justifications of crimes against humanity, incitement to racial hatred, child pornography, incitement to violence, affronts to human dignity and retention of the Client’s log-in data.

Accordingly, Tabesto shall be entitled to remove any Data which is clearly illegal, insofar as it is aware thereof and without any prior consultation of the Client.

In addition, Tabesto shall in no circumstances have any joint and several liability with the Client in the event of unlawful data-processing. Tabesto nonetheless undertakes to inform the Client immediately, should it deem that any instruction received by it amounts to a breach of the data protection regulations.

Clause IV. Client’s rights and obligations 

4.1 Nature and scope of the Client’s undertaking

The Client undertakes for the entire term of these Terms to entrust Tabesto with the provision of the Service and to comply with the rules governing use of the Service and the customised solution, as set out in the associated documentation delivered by Tabesto.

The 22-inch FOX tablets are designed exclusively for use with Tabesto’s applications and may not be put to any other software-related or payment use.

In the event the Customer pays cash for the equipment, the Customer expressly accepts that subscription to the Solution will commence no later than thirty (30) days following delivery of the equipment to the Establishment. The Customer therefore undertakes to begin paying for the subscription to the Solution no later than this date.

4.2 Obligation of oversight

The Client receiving the Service shall retain responsibility for its personnel and on such basis shall not be released from its obligations of oversight in that regard.
Any use of the usernames and passwords of Client Administrators shall be irrefutably deemed a use of the Service by the Client, which the latter hereby expressly acknowledges.
The Client shall be solely responsible for inter alia:

· the Data, including in particular the compliance thereof with the laws and regulations in force. More generally, the Client shall be solely responsible for the content of any information placed by it in the Administrator Space or distributed or retained on its behalf in the context of the Service;
· any fraudulent use of its user name and password and any theft of the identity of a Client Administrator;
· any malfunctions of its system resulting in inaccuracies in the data transmitted to Tabesto on the Platform;
· the placing of Data in the Administrator Space;
· ensuring that the Client Administrators have the knowledge required to use the Service; and
· notifying to Tabesto any change affecting it which is capable of affecting the functioning of the Service.

The Client releases Tabesto from any liability in connection with stored content and Data and/or shall indemnify Tabesto for any remedies which may be exercised against it on such basis.

The Client shall indemnify Tabesto for all costs, expenses and indemnities which the latter may be required to incur or pay as a result of any claim or legal proceedings brought by a third party as a result of any use of the Service in breach of domestic or foreign regulations, third-party rights or any provision of these Terms.

Clause V. Financial terms & conditions

5.1 Price

The price of the Service and the Client Options, as well as the terms and conditions applicable to invoicing and price reviews, are set out in the quote provided by Tabesto.

All listed prices exclude VAT and do not cover any documentation and miscellaneous items unspecified by these Terms, and such prices shall by increased by in particular any amount of VAT payable in accordance with the tax laws in force. The Service does not include any telecommunications costs associated with information uploads or the cost of the Client’s internet access.

Each instalment of the price that has accrued shall be payable in full, and any amount paid by the Client shall be irrevocably paid to Tabesto and shall not be refundable.

Any additional service provided shall constitute the subject-matter of a quote which must be accepted by the Client. Additional services shall be invoiced on the delivery of such services, on the basis of the price-list of Tabesto in force on the date of the service request.

5.2 Price review

The price of the Service shall be reviewed in January of each year by applying the following formula:

R1=R0*(S1/S0):
R0 stands for the price applicable pre-review
R1 stands for the new price applicable post-review
S0 stands for the most recently published SYNTEC index on the date of the previous review (in the case of the first review, the index used shall be that applicable on the signing date of these Terms).
S1 stands for the most recent index published prior to the review date

Should this index no longer be published and if the Parties fail to reach an amicable agreement on a replacement index after discussions, such replacement index shall be determined by the Presiding Judge of the Commercial Court of Paris adjudicating on an interlocutory basis without any appeal being possible, pursuant to the initiative of the more diligent Party, which index must be as proximate as possible to the index no longer published and reflect the spirit of that which the Parties sought to achieve in selecting the original index.

All invoices shall be payable by direct debit in accordance with the direct debit instructions referred to in Schedule 5.2.

5.3. Terms of payment 

The payment shall be made, at the Client’s option when the Terms is entered into, using the following methods:

• directly to Deliverect in accordance with the quote sent by Tabesto; payment for all the Equipment is then made by bank transfer  before installation, and the licences to use the Software are then invoiced monthly and payable by direct debit duly authorised by the Client; or

• directly to the lessor in accordance with the tripartite Finance Lease Agreement, in which case payment for the Equipment will be made in accordance with the due dates specified in the Finance Lease Agreement. The licenses to use the Software will remain invoiced by and payable monthly by direct debit duly authorised by the Client to Deliverect directly.

All invoices are due on the 1st of each month and must be paid by direct debit in accordance with the mandate given no later than the day the Terms comes into force.

In the event of non-payment of an invoice by the Client, unless a deferment has been explicitly agreed between the Parties, and without prejudice to any other rights available to Tabesto – including the right to suspend the Service – any payment delay will incur late payment interest at three (3) times the statutory rate, calculated daily from the original due date of the unpaid invoice to the actual payment date. Additionally, any payment delay will incur a fixed compensation charge of forty euros (€40) for collection costs

It is expressly agreed between the Parties that the debt for the Service Price is portable and not querable [i.e. the debtor must bring payment to the creditor’s location and that the creditor cannot be required to go to the debtor to collect payment].

Parties expressly agree that Deliverect shall provide the invoices for the Equipment and Services as well as collect the payment of the invoices on behalf of Tabesto.

Clause VI. Regulatory compliance – Personal data protection

Client is the controller (as defined by the GDPR) of personal data of Client’s customers that is shared with Tabesto in connection with the Solution (“Customer Personal Data”) and Tabesto is the processor (as defined by GDPR). Client is required to incorporate a link to its cookie policy and privacy notice on the the Solution interface, and to comply with all the obligations of the GDPR or the applicable data protection laws. Customer Personal Data will be processed under the Data Processing Terms in Schedule 2. Client represents and warrants that Client has appropriate legal basis, as required by the applicable data protection laws, to send communications to its customers , and to use their personal data for marketing, sales, and loyalty purposes. The communications that are sent in this context by Client , and the content of the same, shall comply with any applicable laws at all times.

Clause VII. Intellectual property

7.1 Ownership of intellectual property rights

These Terms involves no transfer of intellectual property rights from Tabesto to the Client or vice versa.

Tabesto shall remain the sole holder of all rights of use, representation, exploitation, reproduction, adaptation, correction of errors and more generally all intellectual property rights for the entire world and for the entire term of the protection extended to intellectual property rights, in all programmes, customisations and adaptations, including in particular in the source code and the original graphics produced by it in the context of the Service.

The proprietary rights in the creations generated by Tabesto in the context of the provision of the Service (hereinafter the “Creations”) are and shall remain the exclusive property of Tabesto or its licensors, as applicable, and are protected by in particular the French Intellectual Property Code. The Client undertakes not to infringe such proprietary rights. 

The Client acknowledges that Tabesto is the holder of the rights in the Service, the Platform and the Creations and undertakes not to infringe such rights in any manner, either directly or indirectly.

The Client undertakes to provide Tabesto in good time with the information which it wishes to be used on the Platform and all the information required by Tabesto to enable it to provide the Service in the agreed form, for the agreed uses and within the agreed period.

All rights held by the Client and used in the generation of the Creations (photographs, logos) and the Data shall remain the exclusive property of the Client or its licensors, as applicable. 

Tabesto shall however have a personal and non-exclusive right to access, use and adapt such rights, which shall be limited to the term of these Terms and to the purposes of these Terms alone.

Under these Terms the Client shall hold for its own benefit a personal, non-exclusive, non-assignable and inalienable right to remotely access and use the features of the Solution, which shall be limited to the term of these Terms and shall principally be accessed by means of remote access from the Administrator Space.

The Client undertakes not to use the Protected Components outside the perimeters set by these Terms and not to use the Protected Components in the context of any business capable of competing with Tabesto’s business.

The Client shall have no right of access or use or other right in the Protected Components with effect from the date of the end of these Terms for any reason whatsoever.

The Client may not make copies of any programme delivered to it by Tabesto. The Client must in addition ensure the security and non-disclosure of the Protected Components and comply with any copyright, brand and logo notices which these may contain.

The Client shall for its part remain the owner of all the Data and other information transmitted to Tabesto in the context of the performance of these Terms.

7.2 Perimeter of the software licence

The licences granted by Tabesto include a right to install and use the Solution for those Establishments for which a Licence is purchased and a right of reproduction for the purposes of generating back-ups, with such licences being granted to the Client on a non-exclusive and non-assignable basis for the entire world and for the term of these Terms.

7.3 Licence to use

Tabesto grants for the term of these Terms a licence for each of the Establishments listed in the Terms.

Any updates or new versions of the Solution made available to the Client by Tabesto in the context of maintenance shall be incorporated into the perimeter of the licence granted on the date on which such update or new version is made available.

In consideration of the grant of the licence, the Client undertakes to pay the licence fee agreed upon by the Parties in these Terms.

Provided that these Terms is in force on the date of the addition of an Establishment, each licence shall be granted to the Client for the Establishment in question for the term stipulated by these Terms.

In consideration of the grant of a licence for an Establishment, the Client undertakes to pay the licence fee in respect of such Establishment agreed upon by the Parties in these Terms, on the basis of the financial terms and conditions set out in a Schedule hereto.

7.4 Use of the Client’s trademarks, logos and other distinctive marks

The Client grants to Tabesto free of charge and for the purposes of the performance of these Terms a right to use its trademarks, logos and distinctive marks throughout the term of these Terms. Such permitted use includes a restricted right to reproduce such trademarks, logos and distinctive marks for the purposes of the provision of the Service, including inter alia for use of the Equipment by the Client’s customers. All sub-licensing and sale rights taking any form whatsoever are expressly excluded.

It is expressly agreed that all photographs and other documents provided on whatever medium by the Client in the context of the use of the Solution shall remain the Client’s exclusive property. 

7.5 Announcements and publicity

The Client consents to appearing on the list of Tabesto’s referees, and Tabesto is accordingly hereby authorised to make use of the Client’s company name, trading name, trademark and logo as a commercial referee solely for the term of these Terms and a period of twelve (12) months from the end of these Terms. Any written communication from Tabesto containing more than the Client’s names, trademarks and logo shall require the Client’s prior written consent.

Clause VIII. Confidentiality

All information, data and documents of any nature and irrespective of format exchanged by the Parties in the context of these Terms or generated in connection with these Terms shall constitute Confidential Information.

The Protected Components, the contents of these Terms and its financial terms and conditions shall in particular constitute Confidential Information.

Confidential Information does not include information which:
· is already in the public domain at the time of its disclosure to the other Party; and/or
· is known to the other Party prior to its disclosure; and/or
· enters the public domain after its disclosure to the other Party without any breach of these Terms by the other Party; and/or
· is disclosed to the other Party by a third party who is at liberty to disclose such information.

In the absence of the express prior consent of the disclosing Party thereto, each Party undertakes not to copy, reproduce or distribute to any natural or legal person whomsoever all or any part of the Confidential Information which is not owned by it and which is disclosed to it by the other Party in the context of these Terms.

Each Party may only disclose Confidential Information to the members of its personnel and/or its sub-contractors or consultants who require such Confidential Information for the purposes of the performance of these Terms.

Should a Party deem it necessary solely for the purposes of the performance of these Terms to disclose Confidential Information to a third party, such disclosure may only be made if such third party is bound by the confidentiality obligations set out above and with the prior written consent of the other Party.

Each Party undertakes not to use Confidential Information for any purpose which is not covered by these Terms.

Each Party shall be liable to the other Party for all the consequences of any breach of the confidentiality undertaking hereunder which is attributable to it or any one of its agents.

The confidentiality undertaking imposed by this Clause shall remain valid once these Terms comes to an end, notwithstanding any early termination of these Terms, for a period of five (5) years from the end of these Terms.

Clause IX. Sub-contracting

Tabesto represents that those of its employees involved in the performance of these Terms are lawfully employed by it. Tabesto shall at the Client’s request provide it with the necessary documentary evidence stipulated by Article D.8222-5 of the French Labour Code.

Tabesto reserves the right to sub-contract the provision of any part of the Service, without this provision releasing Tabesto in any manner from the responsibilities assumed by it in respect of the performance of these Terms.

Clause X. Non-solicitation of personnel

Neither Party shall solicit any employee of the other Party with a view to itself engaging such employee without the prior written consent of the other Party, even if the original solicitation originates with the employee. These provisions shall apply for a period of twelve (12) months from the end of these Terms.

Any breach of this obligation shall result in the defaulting Party being required to immediately pay to the other Party a fixed indemnity corresponding to the salary paid to the poached employee over the twelve (12) months preceding the poaching of such employee, including both employer and employee social security contributions. The injured Party may in addition seek compensation for any actual loss suffered by it, should such loss exceed its salary costs alone.

Clause XI. Miscellaneous

11.1 Prescription

A Party may only allege the liability of the other Party as a result of a breach of these Terms within two (2) years of the occurrence of such breach, which the Client hereby expressly acknowledges and accepts, in the absence of a gross or intentional breach on the part of the defaulting Party. 

11.2 Notices

Each written notice under these Terms must be sent to the address appearing at the beginning of these Terms (and each Party shall inform the other Party of any change to such address for the purposes of notices) or to the email address associated with the Customer Account and/or the email address that was provided by Customer for billing purposes.

11.3 Entire agreement

these Terms and its Schedules comprise the entire agreement of the Parties relating to its subject-matter. It shall cancel and replace all other verbal or written understandings of any nature whatsoever which may have been entered into previously by them and having the same subject-matter. No provision of the general terms and conditions of the Client shall be enforceable against Tabesto, should the latter not have expressly accepted such provision in advance. 

The Parties agree that in the event of any conflict between these Terms and its Schedules, the provisions of these Terms shall prevail.

Tabesto reserves the right to modify these Terms, for any reason, by posting an updated version on www.tabesto.com or by providing written notice to Customer to the email address associated with the Customer Account and/or the email address that was provided by Customer for billing purposes. Tabesto will inform Customer of any changes that are made to the Terms, which in Tabesto’s discretion will have a material impact on Customer. Material changes to the Terms (as defined by Tabesto) will become effective 30 days after notice is provided, except for when those changes are required by an administrative or judicial order, to comply with any applicable law or regulation, or to respond or react to a security-related issues, in which case those changes will be effective immediately.

11.4 Assignment

Tabesto reserves the right to assign these Terms without complying with any specific formality in the event of a sale of all or any part of its business or in the event of its merger. In the event of an assignment of these Terms, the assignee undertaking shall be substituted for Tabesto with effect from the assignment date. The Client expressly acknowledges that the assignee undertaking will become its contractual counterparty.

Should control over Tabesto change within the meaning of the first paragraph of Article L.233-3 of the French Commercial Code, the Client agrees that these Terms shall continue to be performed without compliance with any specific formality being necessary. 

11.5 No waiver of recourse

The non-exercise by a Party of its rights resulting from any breach of these Terms by the other Party may not be construed as a definitive waiver of its entitlement to assert such rights thereafter.

11.6 Partial invalidity

Should any provision of these Terms be held to be invalid or unenforceable by any competent court, such provision shall be excised from the Terms without the validity or enforceability of its other provisions being affected. The Parties shall endeavour to replace the affected provision with a new and equivalent provision, or with a provision whose effects approximate the effects sought at the time of the signing of these Terms.

11.7 Insurance 

Each Party represents that it holds insurance for its civil liability and professional civil liability sufficient to cover the financial consequences of liability claims against it.

11.8 Balance of the Terms

Should the balance of these Terms change over the period of its performance following a legislative change and/or a technological change or enhancement which significantly upsets the economic balance of these Terms and results in Tabesto being required to commit new technical resources and incur additional costs out of all proportion to the balance of these Terms, the Parties agree to renegotiate these Terms. The Parties may thus adapt and modify the Terms having regard to price, the nature of the services to be provided and the term hereof, in order to make it possible to continue to perform these Terms to the fullest extent possible. The Parties must act in good faith, failing which they shall be liable. If the Parties are unable to reach agreement, these Terms may be terminated at the initiative of either Party without any costs, indemnity or damages being payable.

11.9 Data Access Agreement

The Parties acknowledge that certain data generated through the use of the Equipment and the Solution, Services and Platform may fall within the scope of Regulation (EU) 2023/2854 (“EU Data Act”). The conditions under which such data may be accessed, used, shared, or requested by Client are governed by the Data Access Agreement attached to these Terms as Schedule 3 (“Data Access Agreement”). The Data Access Agreement forms an integral and binding part of these Terms. In the event of any conflict between the provisions of the Terms and the Data Access Agreement, the terms of the Data Access Agreement shall prevail with respect to any matter relating to data access, sharing, or use. By entering into a contract with Tabesto, Client confirms that it has received, read, and accepted the Data Access Agreement prior to contract conclusion.

Clause XII. Termination of these Terms

12.1 Termination for breach

In the event of one Party’s material non-performance of an obligation incumbent upon it hereunder, these Terms may be terminated as of right and without complying with any formality sixty (60) calendar days following the despatch of a notice to remedy sent by registered letter with recorded delivery pursuant to which no remedial action or insufficient remedial action has been taken on the expiry of such period. Without prejudice to the foregoing, these Terms shall remain in force to the extent required until the completion of the Client Reversibility phase.

12.2 Termination in the event of force majeure

Each Party may terminate the Terms as of right and without complying with any formality by registered letter with recorded delivery, should the performance of these Terms be suspended for more than thirty (30) days due to the occurrence of an event of force majeure within the meaning of Article 1218 of the French Civil Code.

Inhibitions and/or malfunctions affecting telecoms operators and telecommunications and more generally electricity and IT networks shall also be deemed to constitute events of force majeure, insofar as such malfunctions are not attributable to the technical resources implemented by Tabesto or the Client or do not fall under their responsibility.

The effective date of termination shall be the date of the other Party’s receipt of such registered letter.

Clause XIII. Reversibility

Tabesto shall make available a Client Reversibility mechanism over the term of these Terms and for a period of one month from the end of these Terms for any reason whatsoever. Each file placed on the Platform will be returned in file form (including inter alia by way of the grant of access to all files through the Platform). 

The Client Reversibility process shall be completed at the Client’s sole expense. Accordingly, Tabesto shall issue an invoice to the Client, including in particular if the Client Reversibility process requires that Tabesto allocate more than one employee day thereto.

All files shall be returned on a medium which complies with the standards in force at the time of their return, depending on the volume thereof. All copy files shall be destroyed by Tabesto within thirty (30) days of the return of the original files, which destruction shall be confirmed by a report recording receipt signed by the Client.

After the date on which these Terms comes to an end, Reversibility shall mean that the Client has no right of access or use or any other right in the Solution.

Clause XIV. Cookies and other trackers

Tabesto represents that it is in compliance with the statutory provisions applicable in terms of “cookies and other trackers”.

Tabesto hereby informs the Client (who consents hereto) that, as a result of the Client’s use of the Platform, Tabesto may deploy cookies with a view to (i) ensuring an optimal user experience on the Platform and/or (ii) proposing suitable services and making suitable offers to the Client. 

Tabesto shall make available to the Client connection tracks to Data processed by the authorised personnel of the Parties and, where applicable, data subjects, within the limits imposed by law. 

Tabesto shall promptly inform the Client of any anomaly which it may detect in these connection tracks.

SCHEDULE 1

DATA PROCESSING AGREEMENT 

The terms of this schedule shall govern the processing of Personal Data (as defined by General Data Protection Regime (EU) 2016/679 (“GDPR”)) that Client transfers to Tabesto including its Affiliates (collectively “Tabesto”) for the provision of the Solution (“Customer Personal Data”). All undefined, capitalized terms will have the meaning given to them in the FA. The terms, “Third Country”, “Member State”, "Controller", "Data Subject", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in GDPR. References to “Franchisees” in this exhibit are only applicable to the extent that Client has Franchisees.

• Scope. Client and Franchisee instructed Tabesto to Process Customer Personal Data, to the extent that such processing is done in and required for the performance of the Terms or the provision of the Solution hired by Client under the Terms. Tabesto acknowledges that Customer Personal Data cannot be used by Tabesto outside of the scope of this data processing agreement. 

• Roles of the Parties. Tabesto is the Processor of Customer Personal Data processed in connection with Client (as set forth above), and Client and/or Franchisees (as the case may be) are the Controller of such Customer Personal Data.

• Tabesto’s Privacy & Cookie Policy. Client and Franchisees agree to the terms of Tabesto Privacy and Cookie Policy available at https://www.deliverect.com/en/privacy-and-cookie-notice.

• Data Protection Laws. Client, Franchisees, and Tabesto shall comply with the GDPR and/or the applicable data protection laws in the performance of the FA. Client and Franchisee warrant and guarantee that the terms and instructions given to Tabesto regarding the processing of Customer Personal Data are not contrary to GDPR or any data protection laws, or to the legal rights of Data Subjects and that all Customer Personal Data transferred by Client or Franchisees to Tabesto is lawfully collected and transmitted and may lawfully be used, processed, stored and transferred for the purpose of the performance of the FA and the provision of Client. Tabesto shall inform Client if, in Tabesto’s opinion, the Processing instructions from the Client infringe GDPR. 

• Representations and Warranties.

  • Of Client and Franchisees: Client and Franchisee represent and warrant that they have appropriate legal basis to collect, process, and share Customer Personal Data with Tabesto. 

  • Of Tabesto: Tabesto warrants and guarantees that (a) it shall refrain from processing Customer Personal Data other than on Client’s or Franchisee’s documented instructions, (b) it shall not use Customer Personal Data for any other purpose other than for the performance of the FA and the provision of Client, and (c) except for the Affiliates insofar as Tabesto deems this necessary or useful to fulfill its Processing obligations or to perform the FA or provide Client, shall not transfer Customer Personal Data to a Third Country or an international organization, unless required to do so by Union or Member State Law to which Tabesto is subject and provided Tabesto informs Client or Franchisees upfront of that legal requirement, unless that law prohibits such information on important grounds of public interest. If Customer Personal Data processed under the FA is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the Personal Data is adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.

• Technical and Organizational Measures. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Tabesto warrants that it shall, in relation to Customer Personal Data, implement appropriate technical and organizational measures to ensure a level of security reasonably appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. Tabesto shall implement appropriate security measures (technical, logical and organizational), and confirms that, to its best knowledge, these measures provide an appropriate security level, taking into account the state of the art and the security threats that are known or should reasonably be known by Tabesto. Tabesto shall ensure that persons authorized to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

• Sub-Processors. Client and Franchisees hereby gives a general authorization to Tabesto to engage (or disclose any Customer Personal Data to) any Sub-Processor, insofar as Tabesto deems this necessary or useful to fulfill its Processing obligations or to perform its obligations under the FA, being understood that Tabesto shall remain liable towards Client for the performance of each Sub-Processor. Tabesto shall ensure that each Sub-Processor performs all the obligations under the FA, as they apply to Processing of Customer Personal Data carried out by that Sub-Processor, as they apply to Tabesto. 

• Processes to Comply with Rights of Data Subject Rights. Taking into account the nature of the Processing, Tabesto shall assist Client and/or Franchisees by implementing appropriate technical and organizational measures for the fulfillment of Client's obligations to respond to requests to exercise Data Subject rights under Data Protection Laws (including right of access to its personal data and a right to request corrections). 

• Data Breach. Tabesto shall notify Client and Franchisees (if applicable) within forty-eight (48) hours upon discovery, of any unauthorized access to, acquisition or disclosure of Customer Personal Data, or a breach of security or confidentiality with respect to Customer Personal Data in Delivererect’s control or possession (“Data Security Incident ''). Tabesto shall cooperate with Client and Franchisees (if applicable) and assist in the investigation, mitigation and remediation of each Data Security Incident, taking into account the information and technical means available to Tabesto. Client and Franchisee will reasonably reimburse Tabesto for any expenses specifically made upon Client’s and/or Franchisee’s request, if the Data Security Incident is not attributable to Tabesto. 

• Data Protection Impact Assessments. Tabesto shall provide reasonable assistance to Client and Franchisees with any data protection impact assessments and prior consultations with Supervisory Authorities or other competent data privacy authorities, which Client reasonably considers to be required by Article 35 or 36 of the GDPR, in each case solely in relation to the Processing of Customer Personal Data by, and taking into account the nature of the Processing and information available to Tabesto. 

• Deletion of Customer Personal Data. Tabesto shall, at the request of Client or Franchisee, return or delete and procure the deletion of all copies of Customer Personal Data. Tabesto may however retain certain Customer Personal Data to the extent required by Data Protection Laws, EU or Member State Laws, and for such period as required under Data Protection Laws, EU or Member State Laws. 

• Audits. Tabesto shall make available to Client and Franchisees on request all information reasonably necessary to demonstrate compliance with Article 28 of the GDPR and shall allow for and contribute to audits, including inspections, by Client, Franchisee, or an auditor mandated by Client or Franchisee in relation to the Processing of Customer Personal Data by Tabesto. The cost of any such audits or inspections shall be borne by Client and/or Franchisee respectively.  

• Description of Data Processing. 

  • Categories of Data Subjects: Tabesto will process data from end users and customers of Client and/or Franchisees. 

  • Types / Categories of Personal Data: Name, email address, phone number, order details, last four digits of payment card.

  • Subject matter, nature and purpose of the Processing: To provide the Solution for the benefit of Client.

  • Duration of the Processing: The duration of the Terms or as otherwise required under applicable law.

SCHEDULE 2

SERVICE LEVEL AGREEMENT (SLA)

A. Management of Anomalies

The priority level depends on the seriousness of the Anomaly, it being understood that:

- “Inhibiting Anomaly” means any operational Anomaly making use of the Platform impossible;
- “Major Anomaly” means any operational Anomaly allowing certain of the features of the Platform to be used;
- “Minor Anomaly” means any operational Anomaly which does not prevent use of any of the features of the Platform, even where such use is only possible thanks to a workaround.

Remedy periods and periods for the delivery of a workaround solution and correction vary depending on the anomaly designation (Minor Anomaly, Major Anomaly or Inhibiting Anomaly) and are defined in the table below:

Tabesto will provide technical support to Clients. Support can be accessed by Clients through the different channels specified at www.deliverect.com or www.tabesto.com. Tabesto reserves the right to suspend the provision of technical and operational support, or to change the scope of support services, including but not limited to when Client is in arrears. Tabesto may introduce different support tiers to access technical and operational support, which may be subject to additional terms and fees.

B. Availability of the Services

Tabesto cannot warrant 100% performance to the Client for the following reasons in particular: first, dependence on the state of the internet network and, second, dependence on the configuration and performance of the Client’s workstation. 

On this basis, Tabesto undertakes to carry out the application maintenance and to monitor the optimal operation of the technical equipment (software and hardware) necessary to ensure the optimal operation of the Platform used in the Tabesto Service. Should Tabesto identify the source of a malfunction or shutdown of the Service attributable to its performance, it undertakes to inform the Client of any unavailability of the Service without delay by displaying a page in French notifying the relevant malfunction or shutdown of the Service.

Notwithstanding the provisions of this clause and those relating to maintenance and the management of Anomalies, Tabesto is unable to warrant an availability rate of 100% but will ensure an availability rate of 99.5% (calculated on a monthly basis) in terms of access to the Platform and an order transmission rate of 99.5% (calculated on a monthly basis).

Should these targets not be reached, Tabesto shall indemnify the Partner in accordance with the following conditions:

Definitions 

The reference period (RPT) is seven days per week and 24 hours per day outside of scheduled maintenance periods. UR stands for the period of any unavailability linked to a disruption.
The availability rate (AR) is calculated on a monthly basis:

AR = (RPT – sum of UR) / RPT * 100 [%]

All monthly invoices are payable by direct debit in accordance with the direct debit instructions referred to in Schedule 5.2 no later than the effective date of these Terms.

In the event of the non-payment of an invoice by the Client, and is the deferment of such payment is not explicitly agreed by the Parties, and without prejudice to any other rights held by Tabesto, including inter alia the right to suspend its provision of the Service, any delay in payment shall result in the accrual of default interest at a rate three (3) times the statutory rate of interest, calculated per day of delay from the initial due date of the unpaid invoice until the date of effective payment. In addition to the penalties payable in respect of delay, each delay in payment shall require the payment of a fixed indemnity of forty Euros (€40) in respect of recovery costs.

It is expressly agreed by the Parties that the receivable represented by the Price of the Service shall be transferable and non-contestable.

SCHEDULE 3

DATA ACCESS AGREEMENT (DATA HOLDER TO USER)

This Data Access Agreement (“DAA”) is executed between Deliverect NV and its Affiliate Tabesto SAS (“Data Holder”) and Customer (“User”) referred collectively as the “Parties”, and independently as a “Party”, to meet the requirements of Regulation (EU) 2023/2854 (“Data Act”). Capitalized terms that are not defined in this DAA shall have the meaning provided to them in the framework services agreement (if User signed a standalone contract), Terms (if User only signed a quote), or the Data Act (as the case may be). 

1.Product / Related Services. This DAA is made with regard to:

1.1. The following connected product (the “Product”): Kiosk Terminal (Hardware/Equipment);

1.2. The following related services (the “Related Services”): Kiosk Software as a service solution (Solution) that enables Kiosk Terminal (Hardware) to receive and process orders placed by end users; 

The User declares that they are either the owner of the Product or contractually entitled to use the Product under a rent, lease or similar contract and/or to receive the Related Service(s) under the framework service agreement or the Terms.

2. Data Covered by the DAA. 

The data covered by this contract consist of any readily available Product Data or Related Service(s) Data within the meaning of the Data Act (the “Data”). The Data consist of the Data listed in Appendix 1, with a description of the type or nature, estimated volume, collection frequency, storage location and duration of retention of the Data. If, during this DAA, new data are made available to the User, Appendix 1 will be amended accordingly.

3. Data use and sharing by the Data Holder.

3.1 Agreed use of non-personal Data by the Data Holder.

3.1.1. The Data Holder undertakes to use the Data that are non-personal Data only for the purposes agreed with the User as follows: (a) performing any agreement with the User or activities related to such agreement (e.g. enabling placement of orders through the Kiosk Terminal, initiating payment with integrated payment partners, generating receipts (printed or digital), enabling loyalty features, syncing menu items and prices, providing sales/performance analytics); (b) providing support, warranty, guarantee or similar services or to assess User’s, Data Holder’s or third party’s claims (e.g. regarding malfunctions of the Product) related to the Product or Related Service; (c) monitoring and maintaining the functioning, safety and security of the Product or Related Service and ensuring quality control; (d) improving the functioning of any product or related service offered by the Data Holder; (e) developing new products or services, including artificial intelligence (AI) solutions, by the Data Holder, by third parties acting on behalf of the Data Holder (i.e. where the Data Holder decides which tasks will be entrusted to such parties and benefits therefrom), in collaboration with other parties or through special purpose companies (such as joint ventures); (f) aggregating these Data with other data or creating derived data, for any lawful purpose, including with the aim of selling or otherwise making available such aggregated or derived data to third parties, provided such data do not allow specific data transmitted to the Data Holder from the connected product to be identified or allow a third party to derive those data from the dataset.

3.1.2. The Data Holder undertakes not to use the Data to derive insights about the economic situation, assets and production methods of the User, or about the use of the Product or Related Service by the User in any other manner that could undermine the commercial position of the User on the markets in which the User is active. None of the Data uses agreed to under clause 3.1.1 may be interpreted as including such Data use, and the Data Holder undertakes to ensure, by appropriate organisational and technical means, that no third party, within or outside the Data Holder’s organisation, engages in such Data use.

3.2. Sharing of non-personal data with third parties and use of processing services. 

3.2.1. The Data Holder may share with third parties the Data which is non-personal data, if: (a) the Data is used by the third party exclusively for the following purposes: i) assisting the Data Holder in achieving the purposes permitted under clause 3.1.1; ii) achieving, in collaboration with the Data Holder or through special purpose companies, the purposes permitted under clause 3.1.1; and (b) the Data Holder contractually binds the third party: i) not to use the Data for any purposes or in any way going beyond the use that is permissible in accordance with previous clause 3.2.1 (a); ii) to comply with clause 3.1.2; iii) to apply the protective measures required under clause 3.4.1; and iv) not to share these Data further unless the User grants general or specific agreement for such further transfer, or unless such Data sharing is required, in the interest of the User, to fulfil this Contract or any contract between the third party and the User. If the User agrees to the further transfer, the Data Holder should oblige the third party with whom they share Data to include the clauses corresponding to points (i) to (iv) in their contracts with recipients.

3.2.2. The Data Holder may always use processing services, e.g. cloud computing services (including infrastructure as a service, platform as a service and software as a service), hosting services, or similar services to achieve the agreed purposes under clause 3.1. The third parties may also use such services to achieve the agreed purposes under clause 3.2.1 (a).

3.3. Use and Sharing of Personal Data by the Data Holder. 

The Data Holder may use, share with third parties or otherwise process any Data that is personal data, under a legal basis provided for and under the conditions permitted under Regulation (EU) 2016/679 (GDPR) and, where relevant, Directive 2002/58/EC (Directive on privacy and electronic communications).

3.4. Protection Measures. 

3.4.1. The Data Holder undertakes to apply the protective measures for the Data that are reasonable in the circumstances, considering the state of science and technology, potential harm suffered by the User as a result of Data loss or disclosure of Data to unauthorised third parties and the costs associated with the protective measures.

3.4.2. The Data Holder may also apply other appropriate technical protection measures to prevent unauthorised access to Data and to ensure compliance with this contract.

3.4.3. The User agrees not to alter or remove such technical protection measures unless agreed by the Data Holder in advance and in writing.

4. Data access by the User upon request.

4.1. Obligation to make Data available. The provisions set forth in this section shall apply if Data cannot be directly accessed from the Product or the Related Service. 

4.1.1. The Data, together with the relevant metadata necessary to interpret and use those Data must be made accessible to the User by the Data Holder, at the request of the User or a party acting on their behalf. The request can be made using the form specified in Appendix 2, sent to the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/ .

4.1.2. The Data Holder shall make the Data which is personal data available to the User, when the User is not the data subject, only when there is a valid legal basis for making personal data available under Article 6 of Regulation (EU) 2016/679 (GDPR) and only, where relevant, the conditions set out in Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC (Directive on privacy and electronic communications) are met. In that respect, when the User is not the data subject, the User must indicate to the Data Holder, in each request presented under the previous clause, the legal basis for processing under Article 6 of Regulation (EU) 2016/679 (and, where relevant, the applicable derogation under Article 9 of that Regulation and Article 5(3) of Directive (EU)2002/58) upon which the making available of personal data is requested.

4.2. Data characteristics and access arrangements.

4.2.1. The Data Holder must make the Data available to the User, free of charge for the User, with at least the same quality as it becomes available to the Data Holder, and in any case in a comprehensive, structured, commonly used and machine-readable format as well as the relevant metadata necessary to interpret and use those Data. The Data Holder must specify the Data characteristics and inform the User of these specifications in Appendix 1.

4.2.2. The Data Holder and User may use the services of a third party (including a third-party providing Data Intermediation Services as defined by Article 2 of Regulation (EU) 2022/868) to allow the exercise of the User’s rights under clause 4.1 of this contract. Such third party will not be considered a Data Recipient under the Data Act, unless they process the Data for its own business purposes. The party requiring the use of such a third party must notify the other party in advance.

4.2.3. The User must receive access to the Data: (a) easily and securely by the Data being transmitted, or by access to the Data where it is stored (as the case may be); (b) without undue delay after the Data becomes available to the Data Holder; and (c) Continuously and in real-time, or with appropriate frequency (as applicable). The Data Holder must specify these access arrangements and inform the User of these specifications in Appendix 1.

4.2.4. The Data Holder must provide to the User, at no additional cost, the means and information strictly necessary for accessing the Data in accordance with article 4 of the Data Act. This includes, in particular, the provision of information readily available to the Data Holder regarding the origin of the Data and any rights which third parties might have with regard to the Data, such as rights of data subjects arising under Regulation (EU) 2016/679 (GDPR), or facts that may give rise to such rights. In order to meet these requirements, the Parties agree on the specifications set out in Appendix 1, which forms an integral part of this Contract.

4.3. Feedback Loops. 

If the User identifies an incident related to clause 2 on the Data covered by the Contract, to the requirements of clauses 4.2.1 or 4.2.3 or of Appendix 1 on the Data quality and access arrangements and if the User notifies the Data Holder with a detailed description of the incident, the Data Holder and the User must cooperate in good faith to identify the reason of the incident. If the incident was caused by a failure of the Data Holder to comply with their obligations, they must remedy the breach within a reasonable period of time. If the Data Holder does not do so, it is considered as a fundamental breach and the User may invoke clause 12 of this DAA (remedies for non-performance). If the User considers their access right under Article 4 (1) of the Data Act to be infringed, the User is also entitled to lodge a complaint with the competent authority, designated in accordance with Article 37(5), point (b) of the Data Act

4.4. Unilateral changes by the Data Holder. 

The Data Holder may, in good faith, unilaterally change the specifications of the Data or the access arrangements stated in Appendix 1, if this is objectively justified by the general conduct of business of the Data Holder– for example by a technical modification due to an immediate security vulnerability in the line of the products or related services or a change in the Data Holder’s infrastructure. The Data Holder must in this case give notice of the change to the User without undue delay after deciding on the change. Where the change may negatively affect Data access and use by the User more than just to a small extent, the Data Holder must give notice to the User at least 30 days  before the change takes effect. A shorter notice period may only suffice where such notice would be impossible or unreasonable in the circumstances, such as where immediate changes are required because of a security vulnerability that has just been detected.

4.5. Information on the User’s access.

The Data Holder undertakes not to keep any information on the User’s access to the requested data beyond what is necessary for: (a) the sound execution of (i) the User’s access request and (ii) this contract; (b) the security and maintenance of the data infrastructure; and (iii) compliance with legal obligations on the Data Holder to keep such information. 

5. Protection of trade secrets. 

5.1. Applicability of trade secret arrangements.

5.1.1. The protective measures agreed on in clauses 5.2. and 5.3 of this DAA, as well as the related rights agreed in clauses 5.4, apply exclusively to Data or metadata included in the Data to be made available by the Data Holder to the User, which are protected as trade secrets (as defined in the Trade Secrets Directive (EU) 2016/943), held by the Data Holder or another Trade Secret Holder (as defined in said Directive).

5.1.2. The Data protected as trade secrets (hereafter referred to as ‘Identified Trade Secrets’) and the identity of the Trade Secret Holder(s) are set out in Appendix 4, which forms an integral part of this Contract. 

5.1.3. The Data Holder hereby declares to the User that they have all relevant authorisations and other rights from the third party Identified Trade Secrets Holder to enter into this Contract regarding the applicable Identified Trade Secrets and all of the related rights and obligations under this Contract.

5.1.4. If, during this DAA, new data are made available to the User that is protected as trade secrets as set forth in clause 5.1.1, at the request of the Data Holder, Appendix 4 will be amended accordingly. Until the Trade Secret Appendix has been amended and agreed between the Parties, the Data Holder may temporarily suspend the sharing of the specific newly Identified Trade Secret(s) by giving notice to the User and the competent authority designated under Article 37 of the Data Act, with a copy of this sent to the User.

5.1.5. The obligations set out in clauses 5.2 and 5.3 remain in effect after any termination of the Contract, unless otherwise agreed by the parties.

5.2. Protective measures taken by the User.

5.2.1. The User must apply the protective measures set out Appendix 4 (hereinafter: ‘Identified Trade Secrets U Measures’).

5.2.2. If the User is permitted to make Data protected as Trade secrets available to a third party, the User must inform the Data Holder of the fact that Identified Trade Secrets have been or will be made available to a third party, specify the Data in question, and give the Data Holder the identity and contact details of the third party.

5.2.3. In order to verify if and to what extent the User has implemented and is maintaining the Identified Trade Secrets U Measures, the User agrees to either (i) annually obtain, at User’s expense, a security conformity assessment audit report from an independent third party chosen by the User, or (ii) to annually allow, at Data Holder’s expense, a security conformity assessment audit from an independent third party chosen by the Data Holder, subject to such independent third party having signed a confidentiality agreement as provided by the User. Such security audit report must demonstrate User’s compliance with availability, integrity, confidentiality principles as further described in the Trade Secrets Appendix as applicable at that time. The results of the audit reports will be submitted to both Parties without undue delay. The User may choose between (i) and (ii). If the User opts for a security audit from an independent third party at Data Holder’s expense as set forth above, it retains the right to obtain security audit report from an independent third party at User’s expense if it deems the security audit report from an independent third party at Data Holder’s expense is not correct. If this right is exercised, both independent third-party auditors, together with Parties, will discuss any difference between those two reports and aim to resolve any pending materials matters while observing good faith.

5.3. Protective measures taken by the Data Holder.

5.3.1. The Data Holder may apply any appropriate technical and organisational protection measures set out in detail Appendix 4 to preserve the confidentiality of the shared and otherwise disclosed Identified Trade Secrets (hereinafter: ‘Identified Trade Secrets DH Measures’).

5.3.2. The Data Holder may also add unilaterally appropriate technical and organisational protection measures, if they do not negatively affect the access and use of the Data by the User under this contract.

5.3.3. The User undertakes not to alter or remove such Identified Trade Secrets DH Measures, unless otherwise agreed by the Parties.

5.4. Obligation to share and right to refuse, withhold or terminate. 

5.4.1. The Data Holder must share the Data, including Identified Trade Secrets, in accordance with this DAA, and may not refuse, withhold or terminate the sharing of any Identified Trade Secrets, except as explicitly set forth in the clauses 5.4.2, 5.4.3 and 5.4.4.

5.4.2. Where the Identified Trade Secrets U Measures and the Identified Trade Secrets DH Measures do not materially suffice to adequately protect a particular Identified Trade Secret, the Data Holder may, by giving notice to the user with a detailed description of the inadequacy of the measures: (a) unilaterally increase the protection measures regarding the specific Identified Trade Secret in question, provided this increase is compatible with its obligations under this Contract and does not negatively affect the User, or; (b) request that additional protection measures be agreed. If there is no agreement on the necessary additional measures after a reasonable period of time and if the need of such measures is duly substantiated, e.g. in a security audit report, the Data Holder may suspend the sharing of the specific Identified Trade Secret by giving notice to the User and to the competent authority designated pursuant to Article 37 of the Data Act, with copy of this sent to the User. The Data Holder must continue to share any Identified Trade Secrets other than these specific Identified Trade Secrets.

5.4.3. If, in exceptional circumstances, the Data Holder is highly likely to suffer serious economic damage from disclosure of a particular Identified Trade Secret to the User despite the Identified Trade Secrets U Measures and the Identified Trade Secrets DH Measures having been implemented, the Data Holder may stop sharing the specific Identified Trade Secret in question. They may do this only if they give a duly substantiated notice to the User and to the competent authority designated pursuant to Article 37 of the Data Act, with a copy being sent to the User. However, the Data Holder must continue to share any Identified Trade Secrets other than those specific Identified Trade Secrets.

5.4.4. If the User fails to implement and maintain their Identified Trade Secrets U Measures and if this failure is duly substantiated by the Data Holder, e.g. in a security audit report from an independent third party, the Data Holder is entitled to withhold or suspend the sharing of the specific Identified Trade Secrets, until the User has resolved the incident or other issue as described in the following two paragraphs. In this case, the Data Holder must, without undue delay, give duly substantiated notice to the User and to the competent authority designated pursuant to Article 37 of the Data Act, with a copy sent to the User. On receiving this notice, the User must address the incident/issue without undue delay (i.e., they must (i) assign the appropriate priority level to the incident/issue based on its potential detrimental impact and (ii) resolve the issue in consultation with the Data Holder and otherwise in accordance with the applicable proceedings as set out in Appendix 4).

5.4.5. Clause 5.4.2 does not entitle the Data Holder to terminate this contract. Clauses 5.4.3 or 5.4.4 entitle the Data Holder to terminate his contract only with regard to the specific Identified Trade Secrets, and if: (i) all the conditions of clause 5.4.3 or clause 5.4.4 have been met; (ii) no resolution has been found by Parties after (insert a reasonable period of time), despite an attempt to find an amicable solution, including after intervention by the competent authority designated under Article 37 of the Data Act; and (iii) the User has not been awarded by a competent court with court decision obliging the Data Holder to make the Data available and there is no pending court proceedings for such a decision. 

5.5. End of production and destruction of infringing goods. 

Without prejudice to other remedies available to the Data Holder in accordance with this contract or applicable law, if the User alters or removes technical protection measures applied by the Data Holder or does not maintain the technical and organisational measures taken by them in agreement with the Data Holder in accordance with clauses 5.2 and 5.3, the Data Holder may request the User: (a) to erase the data made available by the Data Holder or any copies thereof; and/or (b) end the production, offering or placing on the market or use of goods, derivative data or services produced on the basis of knowledge obtained through the Identified Trade Secrets, or the importation, export or storage of infringing goods for those purposes, and destroy any infringing goods, where there is a serious risk that the unlawful use of those data will cause significant harm to the Data Holder or the Trade Secret Holder or where such a measure would not be disproportionate in light of the interests of the Data Holder or the Trade Secret Holder; and/or (c) compensate a party suffering from the misuse or disclosure of such unlawfully accessed or used data. 

5.6. Retention of Data protected as Identified Trade Secrets.

5.6.1. Where under clauses 5.4.2, 5.4.3 and 5.4.4 the Data Holder exercises the right to withhold, suspend or in any other way end or refuse the data sharing to the User, it will need to ensure that the particular Data that is the subject matter of the exercising of such right is retained, so that said Data will be made available to the User: (a) once the appropriate protections are agreed and implemented, or (b) a binding decision by a competent authority or court is issued requiring the Data Holder to provide the Data to the User. Above retention obligation ends where a competent authority or court in a binding decision allows the deletion of such retained data or where the contract terminates.

5.6.2. The Data Holder will bear the necessary costs for retaining the data under clause 5.6.1. However, the User will cover such costs in part or in full where and to the extent the withholding, suspension or refusal to provide data was caused by the User acting in bad faith.

6. Data Use by the User. 

6.1. Permissible use and sharing of Data.

The User may use the Data made available by the Data Holder upon their request for any lawful purpose and/or share the Data freely subject to the limitations below.

6.2. Unauthorized use and sharing of Data. 

6.2.1. The User undertakes not to engage in the following: (a) use the Data to develop a connected product or related service that competes with the Product or Related Service, nor share the Data with a third party with that intent; (b) use such Data to derive insights about the economic situation, assets and production methods of the manufacturer or, where applicable the Data Holder; (c) use coercive means to obtain access to Data or, for that purpose, abuse gaps in the Data Holder’s technical infrastructure which is designed to protect the Data; (d) share the Data with a third-party considered as a gatekeeper under article 3 of Regulation (EU) 2022/1925; (e) use the Data they receive for any purposes that infringe EU law or applicable national law. 

7Data sharing upon the User’s request with a Data Recipient. 

7.1. Making Data available to a Data Recipient. 

7.1.1. The ​​Data, together with the relevant metadata necessary to interpret and use those Data, must be made available to a Data Recipient by the Data Holder, free of charge for the User, upon request presented by the User or a party acting on its behalf. The request can be made using the form specified in Appendix 3, sent to the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/.

7.1.2. The Data Holder shall make the Data which is personal data available to a third party following a request of the User, when the User is not the data subject, only when there is a valid legal basis for making personal data available under Article 6 of Regulation (EU) 2016/679 (GDPR) and only, where relevant, the conditions set out in Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC (Directive on privacy and electronic communications) are met. In that respect, when the User is not the data subject, the User must indicate to the Data Holder, in each request presented under the previous clause, the legal basis for processing under Article 6 of Regulation (EU) 2016/679 (and, where relevant, the applicable derogation under Article 9 of that Regulation and Article 5(3) of Directive (EU)2002/58) upon which the making available of personal data is requested. 

7.1.3. The Data Holder must make the Data available to a Data Recipient with at least the same quality as they become available to the Data Holder, and in any case in a comprehensive, structured, commonly used and machine-readable format, easily and securely.

7.1.4. Where the User submits such a request, the Data Holder will agree with the Data Recipient the arrangements for making the Data available under fair, reasonable and non-discriminatory terms and in a transparent manner in accordance with Chapter III and Chapter IV of the Data Act.

7.1.5. The User acknowledges that a request under clause 7.1 cannot benefit a third party considered as a gatekeeper under Article 3 of Regulation (EU) 2022/1925 and cannot be made in the context of the testing of new connected products, substances or processes that are not yet placed on the market.

8. Transfer of use. 

8.1. Transfer of use.

8.1.1. Where the User contractually transfers (i) ownership of the Product, or (ii) their temporary rights to use the Product, and/or (ii) their rights to receive Related Services to a subsequent natural or legal person (‘Subsequent User’) and loses the status of a user after the transfer to a Subsequent User, the Parties undertake to comply with the requirements set out in this clause.

8.1.2. The User must: (a) ensure that the Subsequent User cannot use the initial User’s account; (b) notify the Data Holder of the transfer. 

8.1.3. The rights of the Data Holder to use Product Data or Related Services Data generated prior to the transfer will not be affected by a transfer i.e. the rights and obligations relating to the Data transferred under the DAA before the transfer will continue after the transfer.

9. Date of application and duration of the DAA and termination. 

9.1. Date of application and duration. This DAA is effective as of the Effective Date, and will remain in place until the FSA/Terms are terminated, or if terminated pursuant to the following clause.

9.2. Termination. Irrespective of the contract period agreed under the previous clause, this DAA terminates: (a) upon the destruction of the Product or permanent discontinuation of the Related Service, or when the Product or Related Service is otherwise put out of service or loses its capacity to generate the Data in an irreversible manner; or (b) upon the User losing ownership of the Product or when the User’s rights with regard to the Product under a rental, lease or similar agreement or the user’s rights with regard to the Related Service come to an end; or (c) when both Parties so agree, with or without replacing this DAA by a new contract. Points (b) and (c) shall be without prejudice to the DAA remaining in force between the Data Holder and any Subsequent or Additional User.

9.3. Effect of expiry or termination. 

9.3.1. Expiry of the contract period or termination of this DAA releases both Parties from their obligation to effect and to receive future performance but does not affect the rights and liabilities that have accrued up to the time of termination. Expiry or termination does not affect any provision in this contract which is to operate even after the contract has come to an end.

9.3.2. The termination or expiry of the DAA will have the following effects: (a) the Data Holder shall immediately cease to retrieve the Data generated or recorded as of the date of termination or expiry; (b) the Data Holder remains entitled to use and share the Data generated or recorded before the date of termination or expiry as specified in this DAA.

Appendix 1

Details of the data covered by this DAA and access arrangements

1. Product/Service Covered 

Kiosk Terminal (e.g., FOX/Oslo/Rio models) (the “Connected Product”) and the Kiosk SaaS Solution refers to the Software as a service solution that enables the Connected Product to receive and process orders placed by end users (the “Related Service”).

2. Data categories generated by the Connected Product / Related Services

Connected Product: Hardware diagnostics, operational metadata, network connection logs, terminal event logs (e.g., touch screen input, payment terminal connection status), and device usage statistics.

Related Services: Specific order details (e.g., items selected, modifiers, transaction values, payment status, sign in to loyalty feature, cancellation, receipt request), menu configuration data (e.g., dynamic pricing rules, stock-out status), and aggregated performance metrics (e.g. time between screen interactions)

Data formats/standards: json; csv; mysql

3. Estimated volume and frequency

Volume varies significantly based on usage frequency but is generated as continuous usage logs. The Kiosk terminal is designed to generate operational data, event logs, and status updates continuously and in real-time. 

4. Storage locations and retention

On‑device: For 30 days limited, transient, encrypted operational logs may be stored temporarily on-device to ensure continuity before transmission.

Deliverect/Tabesto servers: Product Data (as defined under the Act) is stored for 30 days; Related Services Data (as defined under the Act) is stored indefinitely or for any period of time later communicated by Deliverect/Tabesto.

Retention: The retention period of the collected data depends on the type of data and the purpose of the use case. Data is anonymised and kept indefinitely.

5. How Users access, retrieve,and erase data

Direct Access (where technically feasible): access to relevant data via Related Service exportable through the Front-end account of User.

On Request: Deliverect/Tabesto will make Readily Available Data (as defined under the Act) accessible to the User without undue delay, free of charge and in a commonly used, structured, machine‑readable format, upon User request via the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/.

Erasure: Users may request deletion via the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/. Deleted data is not recoverable.

6. Deliverect/Tabesto’s use of readily available data

Deliverect/Tabesto uses the data to provide the contracted services, (e.g.) enabling consumers to place orders through the Connected Product (Kiosk Terminal), initiating payment with integrated payment partners, generating receipts (printed or digital), enabling loyalty features, syncing menu items/prices, providing sales/performance analytics), maintenance and diagnostics (e.g. monitoring system performance, identifying faults and troubleshooting, applying updates, patches, and security enhancements)  improving the functioning of the Connected Product/service, developing new products or services, including artificial intelligence (AI) solutions and fulfilling legal obligations (e.g., warranty, compliance, and statutory retention). This use of non-personal data is based on the contract with the User.

7. Sharing with third parties at the User’s request 

In line with the Act, Deliverect/Tabesto enables Users to request that Readily Available Data be shared with a third party of their choice at no cost for the User.

Sharing will be provided in a structured, commonly used, machine-readable format, using secure transfer methods. Sharing will be done in an automated way where technically feasible.

Users can initiate and revoke sharing via a request to the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/ Sharing is subject to technical feasibility and security requirements.

Deliverect/Tabesto are not responsible for the third party’s use of the data; Users should review the third party’s terms & conditions and privacy policies.

8. Security and trade secrets

Deliverect/Tabesto reserves the right to identify specific data (e.g., complex algorithms or underlying proprietary software data) as trade secrets. To the extent applicable, disclosure of any identified trade secret data will only occur if the User (or the requested Third Party) agrees to and implements all necessary proportionate technical and organizational safeguards to preserve confidentiality as determined by Deliverect/Tabesto. Deliverect/Tabesto reserves the right to not make certain data available if they are considered to be trade secrets and no appropriate security measures have been agreed upon and implemented.

9. Right to lodge a complaint

The User has the right to lodge a complaint with the national competent authority or the data coordinator in the member state of establishment/residence regarding alleged infringements of the Act.

10. Updates to This Notice

This notice may be updated to reflect changes in the law, modifications to Delivrerect/Tabesto’s products or related services, or technical updates affecting data processing.

Appendix 2

Form for an access request by the User

Appendix 3

Form for an access request by the User to make data available to a third party

SCHEDULE 5.2

DIRECT DEBIT INSTRUCTIONS
Direct debit instructions to be annexed to these Terms following its signature.