Provision of services agreement

1. Introduction

These GTC form an integral part of the Contract entered into by LINK and the Client for the supply of LINK Products to the Client. Each Service Annex sets out the conditions applicable to the specific Products requested by the Client in accordance with this contract.

The Contract sets out the terms governing LINK’s supply of the Products and the Client’s use thereof. In case of any discrepancy between the provisions of the Contract, the order of precedence shall be as follows:

• Service Agreement.
• The Service Orders, of which the most recent shall take precedence.
• The GTC (this document), available at https://en.360nrs.com/legal/general-conditions
• The Data Processing Agreement (DPA), available at https://en.360nrs.com/legal/data-processing
• Other documents in the order in which they appear in the Service Agreement.

In the event of a conflict between the Data Processing Agreement and other parts of the Contract, the Data Processing Agreement shall prevail for the purposes of LINK’s processing of Personal Data on behalf of the Customer.

2. Purpose

Subject to the conditions and payment of the price stipulated in the Contract, LINK grants the Client a non-exclusive, non-transferable, revocable and limited right to use and access the Products requested in the Service Orders in accordance with this contract.

The Services may be provided by LINK or by a Linked Entity of LINK.

Unless otherwise agreed, the Client will use the Services solely on its own behalf, from its own Account and for its own benefit. Subject to payment of the applicable fee, a Services Annex may include access rights for one or more of the Client's Affiliated Entities.

All infrastructure and equipment required to access and use the Services, including hardware, internet access, etc., must be obtained by the Client at its own expense and risk.

If the Client relies on third-party products to use the Services, it is the Client’s responsibility to enter into the necessary agreements related to such third-party products, and the Client shall be solely responsible for their use.

3. Definitions

• By “Account”means the tool to access the Platform made available to the Client for its use of the Services. Users may access an Account through credentials, if the Client has authorized access to such Account.
• By “Affiliated Entity”means, with respect to either Party, another party that directly or indirectly controls, is controlled by, or is under common control with such Party. For the purposes of the foregoing, “control” means the holding of 1) more than 50% of the voting rights to elect the company’s directors, or 2) ownership of more than 50% of the company’s capital.
• By “Contract”means the Service Agreement, these GTC, all annexes listed in the Service Agreement, the Service Annexes, and any supplements or modifications.
• By “Channel”means the communication channel chosen by the Client to transmit Content, such as SMS, RCS, email, OTT, or others.
• By “Confidential Information”means any stipulation of the Contract, any oral or written information that one Party communicates, before or after the signing of this contract.
• By “Content”means any information, including executable code or any multimedia message comprising text, audio or video clips, numerals, symbols...
• By “Customer”means the legal entity that, together with LINK, has entered into the Agreement.
• By “Direct Access via the Web”means access to a Product through the Web, without using the Portal.
• By “Effective Date”means the date of the last signature affixed to the Contract.
• By “Electronic Communications Networks”means the transmission systems that allow the transmission of signals by cable, radio, optical media...
• By “Electronic Communications Services”means the transmission of content using electronic communications networks...
• By “End User”means the recipient or sender of a Message with whom the Client communicates through the Products.
• By “Message”means a message composed of numbers, and/or text, and/or audio, and/or video, and/or other Content...
• By “Operator”means a Channels provider; herein, any provider of Electronic Communications Networks or Electronic Communications Services.
• By “Party”means the LINK entity signing this document (hereinafter, “LINK”) and the Client.
• By “Platform” or “LINK Platform”means the technological infrastructure that enables the implementation, operation, and management of the Products.
• By “Product”means the one specified in the applicable Service Annex and includes one or more Services.
• By “Portal”means a web-based user interface that provides direct access to the Services.
• By “Service Annex”means the description of the Product(s) chosen by the Client with the agreed economic conditions.
• By “Services”means those described in the Service Annex and may include one or more of the following...
• By “Transmission” (or “To Transmit”)means the process in which Content moves between the sender and the receiver.
• By “User”means a person who has been authorized by the Client to access the Account and use the Products on behalf of the Client.

4. Permitted Use

The Client agrees and acknowledges that any use of the Products (and the respective Services included) shall be subject to the following conditions:

• a) The Customer shall use the Products in accordance with the terms of the Contract, and the Content distributed, displayed, communicated, or made available through the Customer’s use shall at all times comply with applicable law.
• b) In relation to LINK, the Customer shall be considered solely responsible for initiating the Transmission, designing the Messages, and selecting the End User through the use of the Customer Account.
• c) The Client is solely responsible for the selection of the End User and for providing LINK with the correct contact information of the End User, namely the mobile phone numbers, email address, etc., depending on the Channel chosen by the Client. Any costs incurred as a result of the End User being incorrect, the End User’s contact information being incorrect or the sending of Messages under this contract to non-existent or incorrect recipients, shall be borne by the Client. The Client’s relationship with third parties is managed by the Client outside the scope of this contract.
• d) The Customer shall ensure that all rights, authorizations, licenses, consents, and permissions required under applicable law have been obtained or granted.
• e) The Customer may not use the Products to send Messages that violate applicable law or Operator policies, such as fraudulent or unsolicited Messages. Such Messages may be subject to fines, agreed penalties, or other sanctions.
• f) The Customer shall use the Products in accordance with each Operator's policies, as well as with the usage instructions and other policies and guidelines provided by LINK.
• g) The Customer shall not permit any use related to communication via unregulated channels (such as P2P).
• h) The Customer is responsible for all activities carried out under the Customer Account, regardless of whether such activities are authorized by the Customer or are carried out by the Customer, its employees, or a third party (including contractors, agents, or End Users). The Customer is responsible for properly configuring and using any Product and for taking appropriate steps to secure, protect, and back up its Account and Content in a manner that ensures appropriate security and protection, which may include using encryption to protect Content from unauthorized access and routinely archiving Content. The Customer shall ensure that Account information is retained and treated as Confidential Information. If Account information is made available to third parties, or the Customer becomes aware of any other issue that may compromise the security and integrity of the Products, the Customer shall immediately change the Account information and notify LINK.
• i) Both LINK and the Customer warrant that they comply with all applicable due diligence requirements under law, pursuant to the EU Corporate Sustainability Reporting Directive, and will provide information related to the management or outcome of such due diligence to the other party to the extent such information is required by applicable law.
• j) Both LINK and the Customer warrant that neither they nor any natural or legal person having direct or indirect control over them, as defined in applicable law, are subject to any economic, commercial, or financial sanction, export control, or other restrictions administered or enforced by the United Nations, the European Union, the United States of America, or any other relevant jurisdiction (the “Sanctions”). If, at any time, LINK, the Customer, or any person having direct or indirect control over them becomes subject to any Sanction that prohibits or restricts the performance of the Agreement by either party, or if performance of the Agreement poses a risk of any Sanction, both parties may suspend or terminate the Agreement with immediate effect.

The Client agrees and understands that any costs or losses incurred due to the Client’s failure to meet the requirements of this clause shall be borne entirely by the Client. Such costs or losses shall be invoiced to the Client in accordance with LINK's usual billing procedures.

5. Temporary Suspension

LINK may, without prior notice and with immediate effect, suspend the Client’s access to or use of the Products if a) LINK has reasonable grounds to suspect that the Client’s use of the Products violates the Contract or applicable law, b) the Products or LINK’s technical infrastructure may be at risk, or c) LINK receives a court order or similar request from a third party, such as an Operator or public authority, requiring such action or suspension.

In the event of non-payment, LINK reserves the right to suspend the Customer’s access to and use of any Product if the outstanding payments are not settled within five (5) days (excluding weekends and public holidays) from receipt of LINK’s notification to that effect. LINK shall notify the Customer as soon as possible of the suspension, the reason for it, its likely duration, and any other information the Customer reasonably requests. Suspension for the reason set forth in this clause does not release the Customer from its obligation to pay all amounts owed under the Agreement for the remainder of its term.

6. Delivery Timeframe

The Client will receive credentials that will allow access to the Products, including username and password. If the Client does not notify in writing any defects within 14 days, the Product, along with the respective Services, shall be deemed delivered and accepted by the Client.

7. Service Levels

LINK shall employ sufficient and necessary expertise to ensure its compliance with this contract and shall provide the Services with the appropriate knowledge and due diligence.

Unless otherwise agreed in a Service Level Agreement, Service Availability shall be 98% based on the preceding twelve (12) months. The Client is not entitled to any compensation or indemnity due to a reduction in Service Availability. If Service Availability falls below 98% over the preceding twelve (12) months, the Client shall have the right to terminate the Agreement with immediate effect. However, the Client shall not be exempt from fully paying for all usage up to that point.

8. Payment and Billing

Consideration

The Parties have agreed to the payment of the consideration for the Products as specified in the Service Annex or in any other annex to the Contract.

Amounts payable under the Contract in respect of the Products shall not include VAT or any other applicable tax or duty on such amounts, and the Client agrees to pay LINK the amount corresponding to any VAT or other indirect tax or fee properly chargeable to the Client by LINK as set forth in the relevant invoice.

If withholding tax is required under the legislation of the country of origin on amounts payable to LINK under this contract, the Client shall gross up the amounts paid to LINK so that LINK receives, after the withholding or tax deduction, the full amount it would have received had such withholding or deduction not been made.

Billing

Unless otherwise agreed, the following shall apply:

• If applicable, a service setup fee will be invoiced upon signing this contract.
• User-based charges (traffic fees), other recurring charges, and compensation for related Services shall be invoiced monthly.
• Invoices shall be paid within 14 days from the date of the relevant invoice issued by LINK, unless otherwise agreed.
• If possible, depending on local regulations, invoices will be issued to the Client in the applicable electronic format. Otherwise, invoices will be sent by email or regular mail.
• LINK reserves the right to add an invoice fee in accordance with the applicable price list.

Deposit

As a guarantee of payment of outstanding amounts to LINK in connection with the Agreement (e.g., user-related charges), the Client shall pay a deposit.

This deposit will typically amount to three (3) months of estimated use of the Services, although the amount will depend on the type of client, their creditworthiness, and the intended usage.

The deposit is exempt from VAT, but if the deposit is used to settle any outstanding payment, the applicable VAT will be charged.

Upon termination of the Agreement, the deposit will be returned to the Client provided that LINK has received full payment of all amounts due.

The deposit will be paid into LINK’s regular bank account, and the Customer will not receive any interest on such deposit.

Billing Rules

• The Client will be billed based on the number of Messages sent to or from the Client’s Account.
• SMS messages longer than 160 characters, or 70 characters if special characters requiring Unicode are used, will be split into multiple partial messages.
• The Client will be charged the full unit price for each partial Message.
• In the event of Operator downtime, Messages will be routed through an alternative path whenever possible.
• If such routing change occurs, LINK shall be entitled to charge the Client an additional cost per Message for the change in routing.

Price adjustments

LINK may make price adjustments as a result of increases in prices applied by Operators, charges from national regulatory authorities, or variations in foreign exchange rates, with prior notification of up to 30 (thirty) days.

Prices shall be subject to annual adjustments equivalent to the increase in the Consumer Price Index (CPI) or another national index applicable in LINK’s country.

The applicable index is available at https://www.linkmobility.com/legal/terms-and-conditions and forms an integral part of the Agreement.

Other price adjustments will be notified in writing to the Client at least thirty 30 (thirty) days before the price adjustment is made.

In the event of any other increase, the Client may terminate the Agreement upon giving thirty (30) days' prior notice.

Late payment interest

Late payment of amounts owed under the Agreement will accrue default interest at the highest applicable rate under the legal rules on late payments.

Deadline for submitting claims

Claims must be submitted to LINK no later than two (2) months after the billing date.

If permitted by applicable law, no claim or action may be brought against LINK once that period has expired.

Billing Company

Invoicing may be carried out by LINK or by a Linked Entity of LINK.

For such cases, LINK confirms that the Customer’s payment of an invoice that references a specific contract will constitute proper payment in relation to the relevant Contract.

Prepaid mode

The customer may pay LINK the price, taxes, and all other amounts arising from the services provided by means of advance payment.

Fees will be calculated based on the price updates made available by LINK to the client from time to time.

All recurring and one-time fees may be deducted prior to service delivery, and all non-recurring fees may be deducted after the applicable service is provided.

Payments received from the client will be deposited in the currency selected during account creation with LINK’s assistance.

LINK may deduct or offset from the client's credit balance any amount owed to LINK, such as fees, taxes, penalties, compensations, and in the currency selected by the client and from the same credit balance.

The customer shall not earn interest on any credit balance held by LINK.

The customer shall forfeit any right to a credit balance (i) after 15 months from the date of payment or (ii) if the agreement has been terminated by LINK due to the customer's breach of contract.

If the client chooses to add funds to their account via credit card and use those funds to pay due fees, they are responsible for ensuring that the funds cover the charges.

If the Client’s credit card declines a charge for the due fees, LINK may suspend the provision of Services to all their accounts until the outstanding fees are paid in full.

The client is prohibited from creating new accounts until all outstanding fees are paid in full.

9. Marketing Activity and Trademarks

LINK may use the Client’s brand or other distinctive signs in connection with marketing activities only after obtaining, in each case, the Client’s written consent regarding the form, content, and platform of the marketing activity.

10. Intellectual Property Rights

Client's Intellectual Property Rights

All Intellectual Property Rights owned by the Client as of the Effective Date, and all rights to the Client's existing technology, products, and works, together with all associated materials accompanying them as of the Effective Date, shall remain the exclusive property of the Client or the Client’s licensor.

All rights to the Client Content shall remain with the Client or its licensor. Unless otherwise agreed for specific Services, the Client's uploading or otherwise providing Content through the use of the Products shall not constitute a transfer of such Client Content.

The Client grants LINK the right to use the Client's Content solely to the extent necessary to fulfill LINK’s obligations to the Client under the Agreement.

LINK's Intellectual Property Rights

All Intellectual Property Rights owned by LINK as of the Effective Date, and all rights to LINK's existing technology and works, together with all associated materials accompanying them as of the Effective Date, including, without limitation, rights to the Products, shall remain the exclusive property of LINK or LINK’s licensors.

All rights to the Intellectual Property Rights over the Product and any other material provided by LINK to the Client during the term of the Agreement shall remain the exclusive property of LINK or LINK’s licensors.

11. Liability and Disclaimer

Breach notification

The Client must notify LINK of any breach of Contract as soon as possible and, in any case, within a maximum period of seven (7) days from the occurrence of the incident alleged to constitute a breach.

Disclaimer of warranties

The Products and respective included Services are provided “as is.” To the extent permitted by law, LINK disclaims all warranties, whether express or implied, statutory or otherwise, including but not limited to warranties of functionality, fitness for a particular purpose, or non-infringement.

LINK does not guarantee that the Products are error-free, that their use will be uninterrupted or error-free, or that they are free of viruses. The Client acknowledges and confirms that Messages may not reach the intended recipient and that the Client assumes all risks related to the use of the Products.

For the avoidance of doubt, LINK states that it has no control over the performance of the Operators’ Electronic Communications Networks and makes no representations or warranties regarding the capacity of the Operators’ systems, message performance, response times, or delivery.

Limitation of Liability

The Responsible Party shall indemnify the Affected Party for economic losses caused by breach of the Contract, within the limits set forth in this clause.

LINK shall not be liable to the Client, Users, or any third party for errors or delays beyond LINK’s reasonable control, including general Internet or line delays, power outages, or failures or interruptions in any Operator’s equipment or networks.

Neither Party shall be liable to the other for any indirect, consequential, special, exemplary, or punitive damages (including damages for loss of data, revenue, or profits), whether or not foreseeable, arising in connection with this agreement, regardless of whether the liability is based on breach of contract, tort, warranty, or any other theory, and even if the Party was previously advised of the possibility of such damages.

The maximum total liability of either Party to the other shall in no case exceed the consideration paid by the Client during a period of 12 consecutive months prior to the date of the Claim, excluding the Operator’s fees for the Client’s Message transactions.

12. Indemnity Agreement

Indemnity Agreement by LINK

LINK shall, at its own expense, resolve or defend through legal or extrajudicial means and fully indemnify the Client against any cost, loss, damage, or liability claimed through any lawsuit, demand, or other legal proceeding filed against the Client alleging infringement of third-party Intellectual Property Rights, provided that (i) the Client promptly notifies LINK in writing of such claim, demand, action, or proceeding; and (ii) LINK is granted control over the legal defense or settlement and the Client cooperates in such defense or settlement.

If a claim, suit, action, or legal proceeding is brought for an alleged infringement against LINK, or LINK reasonably believes such a proceeding may be initiated, LINK may, at its own expense, choose to (i) modify the Product to avoid the infringement claim, while maintaining substantial compliance with the Agreement; (ii) obtain for the Client, at no cost, the right to continue using the Product under the Agreement free from liability or restriction; or (iii) if neither option is commercially feasible in LINK’s reasonable opinion, terminate the Agreement with immediate effect upon notice to the Client.

LINK shall not be liable for claims arising as a result of:

• a) modifications of the Product by the Customer or any third party.
• b) the combination or use of the Product with equipment or software of the Customer or third parties not provided by LINK, if such claim would not have occurred without such combination or use.
• c) modification of the Product by LINK in compliance with specifications provided in writing by the Customer.
• d) the use of any version of the Product other than the most recent one provided to the Customer by LINK, if the use of the latest version would have prevented the infringement.
• e) use outside the scope of the rights granted to the Customer in the Agreement; or
• f) a third party’s allegation that the Customer violates, misuses, or otherwise infringes any Intellectual Property Rights of such third party in relation to third-party technology or content included in the Product.

The provisions of this clause establish LINK’s sole liability and the only rights and remedies available to the Client in the event of a claim for infringement of third-party Intellectual Property Rights.

Indemnity Agreement by the Client

The Client shall indemnify and hold LINK harmless from all damages, costs, losses and expenses arising from (i) third-party claims that the Client’s use of any derivative work created through the use of the Products or Content infringes their Intellectual Property Rights, (ii) breaches by the Client of the provisions in clause 13 (Confidentiality), (iii) breaches of the Contract terms regarding Intellectual Property Rights, (iv) the Client’s use of the Products or Content contrary to the terms and conditions of third-party providers, or (v) the Client’s failure to comply with the permitted use requirements or warranties.

13. Confidentiality

The Parties may not use or disclose to any person, during or after the Term, any Confidential Information except for the purposes of administration and fulfilment of the rights or obligations acquired by the Parties under this contract or as required by law or regulation.

The Parties shall maintain, protect, and treat as confidential the Confidential Information belonging to the other Party with a level of care at least equivalent to that used to protect their own Confidential Information.

The following shall not be considered Confidential Information:

• a) that was already in the possession of the receiving Party without being subject to any confidentiality obligation;
• b) legitimately provided to the receiving Party by a third party other than a third party related to this contract, where there has been no breach of any independent confidentiality undertaking; or
• c) that was already public knowledge without any breach of the Agreement.

14. Term and Termination

Term

The Contract shall take effect on the Effective Date and remain in force for an initial period of 12 months. The initial term for each Service Annex shall be 12 months, unless a different term is agreed in the Service Annex. After the initial term, each Service Annex shall remain in effect until terminated by either Party with at least three (3) months' written notice or as specified in the Service Annex. The Contract shall remain in force as long as one or more related Service Orders remain valid.

Termination for justified cause

Either Party may terminate the Contract or a Service Annex if the other Party commits a material breach of the Contract or the applicable Service Annex and fails to remedy it within 30 (thirty) days after the other Party has notified the Defaulting Party of such breach. The Contract or a Service Annex may be terminated by LINK if the Client fails to make any payment due under this contract on its due date and fails to remedy such non-payment within 30 (thirty) days after being notified of such non-payment.

Either Party may terminate the Agreement by written notice to the other Party if such other Party is declared insolvent or unable to pay its debts when due, or is subject to a voluntary or compulsory liquidation procedure.

Obligations of the Parties in case of termination

Before termination of the Contract, the Client shall be given sufficient access to the data transferred to LINK’s systems during the Client’s use of the Products, so that they may retrieve such data before the termination date. If the Client requires additional access or transfer possibilities after termination, LINK may provide limited access to such data during the 30 (thirty) days following termination, upon request. After expiry of this period, LINK shall delete the Client’s data.

All charges related to Services provided prior to termination shall be paid in accordance with the provisions of the Agreement and the applicable Service Annex.

15. Independent Contracting Parties

The relationship between the Parties arising from the Contract shall not constitute or create any type of joint venture, partnership, employment or franchise relationship between them, and the Parties enter into this as independent parties in the execution of the Contract. This contract shall not be construed as limiting LINK’s marketing or distribution activities or LINK’s right to sell, license or supply the Products to any third party.

16. Changes to Products and Services

LINK reserves the right to make adjustments and changes to the Products and Services by notifying the Client with sufficient advance notice.

17. Assignment

LINK may assign, in whole or in part, its rights and obligations arising from the Contract to an Affiliated Entity without the need to obtain the Client’s prior written consent. To avoid any interpretive doubt, the Client accepts such assignment and no further declaration of consent from the Client shall be required.

No other transfer or assignment may be made without the prior written consent of the other Party, which shall not be unreasonably withheld.

Notwithstanding the foregoing, access to the Products may be agreed upon for the Client's affiliated entities in a Service Annex, provided that the Client remains fully responsible towards LINK.

18. Force Majeure

In no event shall either Party be liable to the other for any delay or failure to perform under this Agreement where such delay or failure results from causes beyond the reasonable control of such Party, including, without limitation, government restrictions, decisions of stock exchange or market regulators, strikes, sabotage, blockades, embargoes, riots, acts or orders of government, acts of terrorism, war, network outages by any Operator or Internet service provider, power failures, epidemics, floods, earthquakes, fires, or other natural disasters.

In any of these cases, the Parties agree to exercise the highest possible degree of commercial diligence to resolve the delay or non-compliance.

To invoke the provisions of this clause, the Party invoking a force majeure event must inform the other Party in writing within five (5) days of its occurrence.

If the force majeure event continues for a period exceeding two months, either Party may terminate this contract by giving the other Party prior written notice of fourteen (14) calendar days.

19. Notices

Notices, requests, or other communications under the Contract must be made in writing (including email) and shall be deemed duly given if delivered by hand, by postal mail, or by email to the address of the other Party specified in the Service Agreement.

In the event of a change in contact details, the relevant Party must notify the other Party in writing at least ten (10) calendar days prior to the effective date of the change.

If the respective Party has not notified the change as stipulated herein, all notices sent to the contact details indicated in the Service Agreement shall be deemed duly made.

20. Changes After Signing

The addition of Products or changes to Products contracted during the term of the contract shall require the formalisation in writing of a new Service Annex to be signed by the Parties and which may be subject to an additional fee. The Client may submit a change request to LINK, although no new Service Annex shall be binding on LINK until it has been signed by both Parties.

In addition to the price adjustments provided for in clause 8, LINK reserves the right to update or modify these GTC, after notifying the Client. The Client shall be deemed to have accepted the modifications if no objection is sent to LINK within 30 (thirty) days of the notification. If the Client objects to the change, LINK shall have the right to terminate the Contract as of the effective date of the changes.

21. Ethical Business Conduct

Each Party agrees and undertakes with the other Party to have and maintain adequate processes and procedures to ensure that neither it nor its Affiliated Entities engage in any illegal or ethically questionable business practice; and, in particular, undertakes not to accept or agree to accept, request, receive, offer or agree to offer, any gift or consideration of any kind or any other illegal expense related to political activity to/from any person as an incentive or reward for doing or refraining from doing or for having done or refused to do any act in relation to the performance of this contract and not to involve or cause the other Party to become involved in any action that is, or may be deemed to constitute, a bribe of public officials.

Each Party undertakes to ensure compliance with all applicable legislation, legal instruments and regulations relating to the fight against slavery or human trafficking and any similar or equivalent legislation in any jurisdiction relevant to the performance of this contract. Each of the Parties shall comply with all relevant local, national and international laws and regulations, standards, guidelines and best practices on sustainability issues, in particular, standards at least equivalent to those established by the United Nations Guiding Principles on Business and Human Rights: Implementation of the United Nations 'Protect, Respect and Remedy' Framework and the OECD Guidelines for Multinational Enterprises, as applicable.

Failure to comply with the agreements set forth in this Clause shall constitute a material breach of the Contract.

22. Waiver of ECS Rights

In accordance with the provisions of the EECC, if the Client is a microenterprise, a small business, or a non-profit organization, it hereby agrees to waive the right to:

• that the Agreement is made available to you on a durable medium;
• that a summary of the Agreement is provided to you; and
• to be notified when the use of the Services based on volume or time limits reaches the contracted usage limits, if applicable in accordance with the Service Annex.

Furthermore, the Client may establish a commitment period. If this period exceeds the maximum legal term, the Client hereby waives the right to a shorter commitment period.

23. Right of Withdrawal for Non-professional Clients

A customer who is a consumer (a natural person acting for purposes outside their commercial, industrial, craft, liberal professional or agricultural activity) has a right of withdrawal of 14 calendar days from the date of subscription to one of the Services.

To exercise this right, the Customer must notify their decision to withdraw through an unequivocal statement, by registered mail with acknowledgment of receipt, sent to the following address: Net Real Solutions S.L.U. Avda. Arcadi García Sanz, 19 - 1ºA, Vila-real, Castellón, 12540, Spain.

It is expressly specified that, even in the case of a purchase upon entering into the Contract, the purchase of prepaid messages is not subject to a right of withdrawal for the amount of messages consumed by the Consumer before NRS receives the certified letter notifying the Client’s withdrawal.

24. Applicable Law and Jurisdiction

The Contract shall be governed by and construed in accordance with the laws of the country where LINK has its registered office (excluding conflict of law rules).

Disputes, conflicts, or claims arising in connection with the Contract shall be resolved, where possible, through good-faith negotiations.

If the dispute is not resolved amicably between the respective contacts of the Parties as set out in the Service Agreement – or other representatives appointed by each Party – within fifteen (15) days, the Parties shall submit the dispute, conflict, or claim to their senior representatives (e.g., CEO, managing director, or equivalent).

If the respective senior representatives of the Parties are unable to resolve the dispute within twenty (20) days, the dispute, conflict, or claim shall be submitted to the jurisdiction of the competent court at LINK’s registered office.

Nothing in this Section shall be deemed to limit or restrict the right of either Party to seek injunctive relief or other equitable remedies for breach of any provision set forth in this contract.

1. Introduction

This Data Processing Agreement (“DPA”) is entered into by and between LINK and the Client. This DPA is an integral part of the Service Agreement entered into between the parties (“Agreement”), together with the Scope Appendix, the Security Appendix, and any other appendix agreed upon.

"Data Protection Legislation" refers to the EU General Data Protection Regulation 2016/679 ("GDPR") and the EU Directive on data protection and electronic communications (ePrivacy Directive), as well as the national provisions on privacy protection of the country where the Controller or the Processor is established, in their version in force at any time, including laws that apply or supplement the GDPR and the ePrivacy Directive.

The terms used in this document shall have the same meaning as assigned to them in Article 4 of the GDPR.

2. Scope and Commitment

The Parties agree and acknowledge that in the provision of services by LINK under the Contract, personal data will be processed on behalf of the Client. Accordingly, the Client appoints LINK as processor and this DPA sets out the terms and conditions governing the processing of data. LINK guarantees that it will implement appropriate technical and organisational measures so that the processing carried out by LINK complies with the requirements of the Data Protection Legislation and ensures the protection of the Data Subject’s rights.

This DPA governs the processing of personal data by LINK on behalf of the Customer as the data processor (Article 28.3 of the GDPR) or, when the Customer itself acts as a processor, as a sub-processor (Article 28.4 of the GDPR).

For the purposes of this DPA, the Client shall assume the obligations of the Data Controller and shall be fully liable to any controller on whose behalf it processes Personal Data using LINK's services. Any reference herein to the “Controller” shall therefore be understood as referring to the Client.

LINK, as processor, its Sub-processors and other persons acting under LINK’s authority who have access to Personal Data shall process such data only on behalf of the Controller and in accordance with the Contract and the Controller’s written instructions, as well as in compliance with the DPA, unless otherwise provided by the Data Protection Legislation.

LINK must inform the Controller if, in LINK’s opinion, an instruction breaches the Data Protection Legislation.

Information about the personal data processing carried out by LINK as data controller can be found in the privacy notice available at the following link: Privacy Policy | 360NRS

3. Obligations of the Data Controller

The Controller guarantees that the Personal Data will be processed lawfully and for objective, specific, and legitimate purposes and that the Controller will not instruct LINK to process more Personal Data than necessary to fulfill those purposes.

The Controller must ensure that there is a valid legal basis for the processing as defined in the Data Protection Legislation (see Article 6.1 of the GDPR) at the time of transferring the Personal Data to LINK. If the legal basis is consent (see Article 6.1(a) of the GDPR), the Controller guarantees that the consent has been given explicitly, freely, unequivocally and in an informed manner.

Likewise, the Controller guarantees that the Data Subjects to whom the personal data belong have been provided with the information required by the Data Protection Legislation (see Articles 13 and 14 of the GDPR) regarding the processing of their Personal Data.

All instructions concerning the processing of Personal Data carried out under this DPA shall be addressed primarily to LINK. In the event that the Controller gives instructions directly to a Sub-processor appointed under clause 10, the Controller shall immediately inform LINK thereof. LINK shall in no way be held liable for the processing carried out by the Sub-processor as a result of the instructions received directly from the Controller which cause a breach of this DPA, the Contract or the Data Protection Legislation.

4. Confidentiality

LINK shall take the necessary measures to ensure that its employees, Sub-processors, and other persons authorized by LINK to process personal data are bound by a duty of confidentiality or are subject to an appropriate statutory confidentiality obligation.

The Controller is subject to the duty of confidentiality with respect to any documentation and information received from LINK relating to the security measures, both technical and organisational, implemented by LINK and its Sub-processors or information that LINK’s Sub-processors have defined as confidential. However, the Controller may at any time share such information with supervisory authorities if necessary for compliance with its obligations under the Data Protection Legislation or other legal obligations.

5. Security

The security requirements applicable to the processing of Personal Data by LINK are governed by the Security Appendix of the DPA.

6. Access to Personal Data and Fulfillment of Data Subject Rights

Unless otherwise agreed or otherwise required by applicable law, the Data Controller shall have the right to request access to the Personal Data that LINK is processing on its behalf.

If LINK or a Sub-processor receives a request from a Data Subject regarding the processing of Personal Data carried out on behalf of the Controller, LINK shall forward the request to the Controller for handling, unless otherwise provided by legal provisions.

Taking into account the nature of the processing, LINK shall assist the Controller by implementing appropriate technical and organisational measures, where possible, in fulfilling the Controller’s obligation to respond to Data Subjects’ requests to exercise their rights, as provided in the Data Protection Legislation, including the rights of Data Subjects to (i) access their Personal Data; (ii) rectify inaccurate Personal Data; (iii) erase their Personal Data; (iv) restrict or object to the processing of their Personal Data; and (v) the right to receive their Personal Data in a structured, commonly used and machine-readable format (data portability). In the event that the Client’s requests for assistance exceed the obligations of processors under the GDPR, LINK shall receive compensation for such assistance in accordance with LINK’s current rates.

7. Other Assistance to the Controller

If LINK or a Sub-processor receives a request for access or information from the relevant supervisory authority regarding the registered Personal Data or processing activities subject to this DPA, LINK shall notify the Controller so that they may handle it, unless LINK is entitled to handle such request directly.

If the Controller is required to carry out a Data Protection Impact Assessment or a prior consultation with the supervisory authority regarding the processing of Personal Data subject to this DPA, LINK shall assist the Controller, taking into account the nature of the processing and the information available to LINK. If the Client requests assistance beyond the obligations established under the GDPR for processors, the Client shall bear all costs incurred by LINK in providing such assistance.

8. Notification of a Personal Data Security Breach

LINK must immediately notify the Controller if it becomes aware that a Personal Data Security Breach has occurred. The Controller shall be responsible for notifying such Breach to the relevant supervisory authority in accordance with Article 33 of the GDPR.

The notification to the Controller must be sent to the email address indicated in this DPA and must describe at least (i) the nature of the Personal Data Security Breach, including, where possible, the categories and approximate number of Data Subjects affected, and the categories and approximate number of records of Personal Data concerned; (ii) the possible consequences of the Personal Data Security Breach; (iii) the measures taken or proposed by LINK to remedy the Breach, including, where applicable, measures to mitigate its possible adverse effects.

In the event that the Controller is obliged to communicate a Personal Data Security Breach to the Data Subjects, LINK shall assist the Controller in identifying the affected Data Subjects, taking into account the nature of the processing and the information available to LINK. The Controller shall bear all costs related to such communication to the Data Subjects.

9. Transfer to Third Countries

The transfer of Personal Data to countries located outside the European Union (EU) or the European Economic Area (EEA) by means of communication or access granting may only occur in accordance with the written instructions of the Controller.

Regarding the transfer to sub-processors, the written instructions are described in clause 10 below and are subject to the EU Standard Contractual Clauses between the Controller and the relevant organization at such location, or other legal bases for the Transfer as described in Chapter V of the GDPR.

The Client agrees and understands that transfers to operators in third countries, which are necessary to transmit messages to recipients located in those countries, are not covered by the requirements set forth herein.

10. Use of Sub-processors

The Controller accepts that LINK may appoint another processor (hereinafter, Sub-processor) to assist in the provision of services and the processing of Personal Data under the Contract, provided that LINK ensures that the data protection obligations set out in this DPA and in the Data Protection Legislation are imposed on the Sub-processor through a written agreement and that the appointed Sub-processor offers sufficient guarantees for the implementation of appropriate technical and organisational measures to comply with the Data Protection Legislation and this DPA and provides the Controller and the relevant supervisory authorities with the necessary access and information to verify such compliance.

LINK shall remain fully liable to the Controller for the acts of any Sub-processor.

The appointed Sub-processors are specified in the Security Appendix. LINK may update this list to reflect any new addition or replacement of Sub-processors and will notify the Client at least three (3) months before such Sub-processor begins processing Personal Data. Any objection to such changes must be notified to LINK within 3 weeks of receiving such notice or publication on the website. In case of objection by the Client regarding the addition or replacement of a Sub-processor, LINK may terminate the Contract and this DPA with one (1) month’s notice.

By entering into this DPA, the Client authorizes LINK to enter, on its behalf, into EU Standard Contractual Clauses or to seek other legal grounds for the Transfer to Third Countries for any approved Sub-processors, in accordance with the procedure described above. If the Client is not itself the controller, it shall ensure that such authorization is granted by the acting controller. Upon request, LINK shall provide the Controller with a copy of such Standard Contractual Clauses or a description of such other legal grounds for the Transfer.

LINK shall provide all reasonable assistance and documentation to enable the Controller to conduct its independent risk assessment in relation to the use of Sub-processors or the transfer of personal data to a third country.

11. Audits

When required, LINK shall provide the Client with documentation of the technical and organisational measures applied to ensure an appropriate level of security, as well as any other information necessary to demonstrate that LINK complies with its obligations under the DPA and the relevant Data Protection Legislation.

The Controller and the supervisory authority under the Data Protection Legislation shall have the right to carry out audits, including on-site inspections and evaluations of the Personal Data processed, the systems and equipment used for that purpose, the technical and organisational measures implemented, including security policies and the like, and the Sub-processors. The Controller will not be granted access to information concerning other LINK clients or to information subject to confidentiality obligations.

The Controller shall have the right to carry out such audits once a year, each lasting one (1) day, with at least two (2) weeks’ prior notice. If the Controller engages an external auditor to perform the audits, such external auditor shall be subject to the duty of confidentiality. The Controller shall bear all costs of the audits initiated by it or arising in connection with its audits, including the compensation payable to LINK if the Controller requires a level of assistance beyond the obligations set out in the GDPR. However, such costs shall be borne by LINK if an audit reveals non-compliance with this DPA or the Data Protection Legislation.

12. Term and Termination

This DPA shall remain in effect for as long as LINK processes Personal Data on behalf of the Controller.

In the event of a breach of the DPA or a violation of Data Protection Legislation by LINK, the Controller may (i) order LINK to cease processing the Personal Data with immediate effect or (ii) terminate the DPA with immediate effect.

13. Effects of Termination

At the choice of the Controller, LINK shall delete or return all Personal Data to the Controller upon termination of the DPA, unless otherwise required by applicable law. The Client agrees and understands that it may access the Personal Data until termination, should it require copies of such data prior to deletion.

At the Client's request, LINK shall confirm in writing to the Controller that such deletion has been carried out in accordance with the DPA.

14. Breach of the DPA and Limitation of Liability

Each party’s non-compliance with the requirements set forth in this DPA shall be deemed a breach of contract by that party, and the party must take the necessary steps to remedy such breach without delay. The breaching party shall keep the other party informed of the measures taken to address the non-compliance. Neither party shall be liable to the other for errors caused by that other party’s systems or actions, negligence or omissions, or for delays caused by the Internet or line failures, power outages, or other errors beyond the parties’ reasonable control.

The liability limitations set forth in the Service Agreement signed between the parties shall apply to the liability under this DPA.

15. Notices and Amendments

All notices relating to the DPA shall be submitted in writing to the email address stated on the first page of the DPA.

In the event that a change in the Data Protection Legislation or a ruling or opinion from another authority results in a different interpretation of the Data Protection Legislation, or that a change in the services stipulated in the Contract requires a change in this DPA, LINK shall propose the application of those changes to the DPA.

Any change or modification to this DPA shall only be effective if agreed in writing and signed by both parties.

16. Governing Law and Jurisdiction

The provisions of the Service Agreement relating to applicable law, method of dispute resolution, and jurisdiction shall apply if the place of performance of the DPA is within the EU or the EEA. Otherwise, Norwegian law shall apply and jurisdiction shall be with the courts of Oslo.

Information security requirements

LINK, which processes Personal Data on behalf of the Controller under the Agreement, shall implement appropriate technical and organizational measures as stipulated by Data Protection Law and/or the measures imposed by the relevant supervisory authority in accordance with Data Protection Law or any other applicable statutory law to ensure an adequate level of security.

LINK will assess the appropriate level of security and consider the risks related to the processing in connection with the services under the Agreement, including the risk of destruction, loss, alteration, unauthorized disclosure of, or accidental or unlawful access to personal data transmitted, stored, or otherwise processed.

All transmissions of Personal Data between LINK and the Controller or between LINK and any third party shall be carried out with a sufficient level of security, or otherwise as agreed between the Parties.

This Appendix contains a general description of the technical and organizational measures that LINK must implement to ensure an adequate level of security.

To the extent that LINK has access to such information, LINK shall provide the Controller with general descriptions of the technical and organizational measures implemented by its Sub-processors to ensure an appropriate level of security.

Technical and organizational measures

Physical access control

LINK must take appropriate measures to prevent unauthorized physical access to LINK’s facilities containing Personal Data.

Measures must include:

• Physical and/or procedural access control systems.
• Door locks or other electronic access control measures.
• Alarm system, video/CCTV monitor or other surveillance facilities.
• Logging of facility entries/exits.
• ID, key or other access requirements.
• Procedures for visitors.

System access control

LINK must take appropriate measures to prevent unauthorized access to systems containing Personal Data. The measures must include:

• Password procedures, including requirements for:
  • Length,
  • Use of special characters, alphanumeric characters, uppercase and lowercase letters,
  • Frequent forced password change,
  • Multifactor authentication,
  • Use of unique passwords,
  • Resistance to dictionary attacks.
• Access to the systems is subject to the approval of the system owner.
• There is no system access for guest users or anonymous accounts.
• Centralized system access management.
• Remote access procedures, including requirements for:
  • Use secure protocols for remote access,
  • Use strong user authentication,
  • Ensure user accountability,
  • Termination of remote access sessions after a fixed period of time.
• Privileged access rights procedures, including requirements for:
  • Approval from the asset owner for granting privileged access rights,
  • Separate standard user accounts from privileged access accounts,
  • Manual lock routines when workstations are left unattended, and automatic lock within a maximum of 5 minutes.
  • Restrictions on the use of removable media, such as memory cards, CD/DVDs or portable hard drives, and encryption requirements.

Data access control

LINK must take appropriate measures to prevent unauthorized users from accessing data beyond their authorized access rights, and to prevent unauthorized access to or deletion, modification, or disclosure of Personal Data. The measures must include:

• Differentiated access rights defined by roles.
• Automated logging of user access via IT systems.
• Data encryption and masking.
• Grant access on a need-to-know basis.
• Performing access rights reviews.

Input data control

LINK must take appropriate measures to verify and determine whether Personal Data has been entered, modified, or deleted in the systems, and by whom. The measures shall include:

• Differentiated access rights based on roles.
• Automated logging of user access, and frequent review of security logs to identify and track any potential incident.
• Ensure that it is possible to verify and determine to which entities the Personal Data has been or may be transmitted or made available using data communication equipment.
• Ensure that it is possible to verify and determine which Personal Data has been entered into the data processing systems, modified, or deleted, and when and by whom the Personal Data was entered, modified, or deleted.

Disclosure control

LINK will take proportionate measures to prevent unauthorized access, alteration, or deletion of Personal Data during the transfer of such data. Measures must include:

• Use of state-of-the-art encryption in all electronic transfers of personal data
• Encryption via VPN or HTTPS for remote access, transfer, and communication of personal data
• Audit trail of all data transfers

Availability control

LINK will take proportionate measures to ensure that Personal Data is protected against accidental destruction or loss. Measures must include:

• Frequent backup of personal data
• Remote storage
• Use of antivirus/firewall protection.
• System monitoring for the purpose of detecting viruses, etc.
• Ensure that stored personal data cannot be corrupted through a system malfunction.
• Ensure that, in the event of an interruption, the installed systems can be restored.
• Uninterruptible Power Supply system (UPS).
• Business continuity procedures.

Separation control

LINK must take appropriate measures to ensure that Personal Data collected for different purposes is processed separately. The measures shall include:

• Restrictions on access to stored Personal Data for different purposes based on roles.
• Segregation of the company’s IT systems.

Control of works/subcontractors

LINK must implement measures to ensure that, in the case of commissioned processing of Personal Data, the Personal Data is processed strictly in accordance with the Controller’s instructions. The measures shall include:

• Unambiguous drafting of contractual instructions.
• Monitoring of contract performance.

Training and awareness

LINK must ensure that all employees are aware of security and confidentiality routines through:

• Clear rules in employment contracts regarding confidentiality, security and compliance with internal routines.
• Internal routines and training courses on Personal Data processing requirements to raise awareness.

Scope of processing

The DPA refers to the processing of personal data by LINK on behalf of the Data Controller in connection with the provision of messaging services, as well as services related to the web experience of end users.

Messaging Services include the Controller’s access to LINK’s solutions for managing messaging to end users (recipients or senders) selected by the Controller, including services related to the web user experience, for the purposes and frequency chosen by the Controller through use of the service.

The Contract will provide further details regarding the specific type of messaging services to be provided to the Controller under the Contract.

Categories of Data Subjects

The categories of Data Subjects whose personal data may be processed under this DPA are defined by the Data Controller.

The processing involves the processing of Personal Data relating to the end users of the Controller (recipients and/or senders of messages depending on the use of the services by the Controller under the main contract).

Types of personal data

The Processing refers to the following types of Personal Data, subject to the specific use of the services by the Data Controller:

• Basic personal data, such as name, contact data such as email address, phone number, etc.
• Location data such as GPS, Wi-Fi location data, and location data derived from the LINK network (other than traffic data as defined below).
• Traffic data: personal data processed in connection with the transmission of communications through an electronic communications network or the billing thereof.
• Personal data included in the content of the communication, such as emails, voice messages, SMS/MMS, RCS, OTT messages, browsing data, etc.
• Special categories of Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or health data, shall not be processed under this DPA unless otherwise agreed in writing.

Purpose of the processing

The purpose of the processing of personal data by LINK on behalf of the Client is the provision of services to the Client that require the processing of personal data.

Personal data shall be subject to the processing activities specified in the main contract.

Processing of opt-out messages

• (i) The Client is solely responsible for handling opt-out messages, particularly the updating of its contact databases to stop sending messages to Users who have requested to opt out of communications via LINK Platforms.
• (ii) LINK will only forward to the Client (or to the provider designated by the Client for this purpose) the opt-out Messages it receives via LINK Platforms. LINK will not filter or block any list of end Users who have opted out of communications (phone numbers, email addresses, etc.).
• (iii) Notwithstanding paragraph (ii) above, when the Client uses the 360NRS and/or WAUSMS Platforms, and unless otherwise agreed in writing between the Parties, LINK will collect and store opt-out Messages received from end Users in lists categorized by channel and by Client. LINK will provide these opt-out Message lists in campaign reports available to the Client in the Client's dedicated area of the 360NRS and/or WAUSMS Platforms.

Monitoring

LINK is authorised by the Controller to open any Message transmitted under the terms of this Contract if necessary to verify the existence of a possible fraud or to investigate any complaint filed by an End User, an Operator or a Regulatory Body in relation to a Message, as well as to forward to the Controller any unsubscribe message or request from Data Subjects relating to the rights set out in the GDPR.

Duration of processing

The processing will continue for the duration of the agreement between the Customer and LINK.

LINK will retain Personal Data for as long as necessary to fulfill the purposes of the processing, subject to applicable compliance control laws governing traffic data.

Nature of the processing

Personal data will be processed by the Client by entering the data into the LINK platform, either via SaaS access or through an API.

Full campaign

LINK will only process Personal Data collected by the Client and sent to Operators if the Client subscribes to this service and signs a Service Order delegating to LINK the delivery of the Messages designated by the Client to the end users selected by the Client.

LINK will receive all necessary information (including Personal Data) directly from the Client using a secure File Transfer Protocol (FTP) for delivery to end users.

The Client must use the secure protocol recommended by LINK, which allows the encryption of the data contained in the file and, under no circumstances, may transfer the data by email.

Additional services

Hosting of landing pages sent to end users through LINK platforms

Purpose of the processing

The purpose of engaging LINK to process personal data on behalf of the Client is to enable the Client to fulfil its communication obligations towards end users.

Sub-processors

The approved Sub-processors under this DPA can be found in the list available at LINK Mobility sub-processors list - LINK Mobility International

This DPA is understood as an order by the Client for the transfer of Personal Data to the sub-processors listed.

Artificially Inflated Traffic (AIT)

The Client will only send and request Messages or offer products or services that are not related to or the result of any fraudulent activity, including but not limited to Artificially Inflated Traffic (AIT).

Artificially Inflated Traffic refers to a flow of Messages under the Services resulting from any activity by the Client or on its behalf that is disproportionate to the Message flow expected from a good-faith business practice and the specific use of the Service.

If LINK reports a possible fraudulent activity originating from the Customer’s Account that results in a large volume of Messages sent and/or delivered to the Customer's numbers, LINK shall have the right to vary the price charged for the fraudulent Messages and invoice the Customer for the total purchase cost of these Messages borne by LINK.

Product name: NIA (content generator)

Product description

The Client is provided access to the NRS Platform, which includes a solution for creating messages automatically, using AI functionality for all channels.

Specific conditions of the product

The following conditions shall govern the use of the NIA solution. In case of conflict with the General Terms and Conditions (GTC), the conditions set forth herein shall prevail.

AI functionalities

NIA includes features that allow the customer to use AI technology to create messages. These features, when enabled by the customer, can generate new content (“Output”) based on any data or other information provided for processing (“Input”) through an AI functionality.

Regarding the use of any AI functionality in NIA, the Client agrees to:

• NOT to use the Product in any way that may be related to high-risk and/or prohibited activities, as defined in Title 2, Article 6 (and respective annexes) and, respectively, in Title 2, Article 5 of the Regulation of the European Parliament and Council laying down harmonised rules on artificial intelligence (“EU AI Act”)
• Ensure that end users are clearly and distinctly informed, no later than at the time of the first interaction, that they are interacting with an AI-powered content generator and, accordingly, DO NOT mislead anyone by indicating that any result generated by the AI functionality in the content generator was exclusively generated by humans.
• Moreover, with regard to results generated through AI functionalities, the Client acknowledges that such results may contain material inaccuracies and may not reflect accurate, current, or complete information. Due to the nature of artificial intelligence technology, LINK makes no warranty or representation regarding any result and does not guarantee the generation or uniqueness of any result by any AI functionality.
• The Client is fully responsible for training their own content generator created through NIA and for the validity of the data provided for training (training data).
• LINK may limit or suspend the Client’s use of any NIA functionality if it considers that such use may violate the Agreement or negatively affect the security, operability, or integrity of any LINK Product and/or Platform, or otherwise impose liability on LINK.
• For the avoidance of doubt, any information or data provided for training the NIA functionality shall be considered Content as defined in the General Terms and Conditions.

Product name: LINK360 RCS

Product description

LINK360 RCS is a product that allows the Client to communicate with End Users via RCS (Rich Communication Services), a GSMA standard, with a failover system implemented via SMS.

Main functionalities

• Rich media support: Sending images, videos and audios.
• Interactive messaging: Quick reply buttons, carousels, and actionable links.
• Read receipts and typing indicators: Allows you to know when Messages have been read and when someone is typing.
• Verified sender identification: Displays the Client’s name, logo, and other brand identifiers in the message thread.

There are integrations with other LINK products, depending on the products chosen by the Client.

Specific Product Conditions

The use of the Product described in these Additional Terms shall be governed by the terms specified below. In the event of a conflict with the General Conditions, the provisions set forth in this Annex shall prevail.

RCS Limitations

The use of RCS depends on meeting certain requirements: i) available only to recipients with Android devices version 12 or higher or iPhone iOS 18 or higher, ii) each individual recipient must have accepted RCS as a Channel on their device, and iii) each recipient must have access to their own carrier’s network at the time the message is received.

The Client agrees and understands that if the requirements are not met, RCS messaging will not be possible.

If the Client has chosen LINK360 RCS as the product, and the requirements are not met, the messages will be sent to the recipient(s) as standard SMS. In such case, the applicable SMS API Service Order terms (including fees and billing) will apply.

Brand approval

LINK will assist the Client in the process of obtaining the necessary brand approval (RCS Agent declaration) from the Applicable Operator and Google LLC or the respective affiliates.

However, obtaining such approvals is the Customer’s sole responsibility and at their own risk.

RCS MaaP Providers

To enable RCS, Operators rely on RCS MaaP providers. RCS MaaP providers deliver the core infrastructure to support the capabilities, message sending, and configuration of RCS Business Messaging, and are selected by mobile network operators to ensure the required quality of service for such messaging.

The Client agrees and acknowledges that the policies and conditions related to RCS MaaP providers, referenced in the GTC, form an integral part of the Operator's terms and that the Client must comply with all conditions to use RCS as a messaging channel.

Furthermore, the Client accepts and acknowledges that LINK assumes no liability and offers no warranties with respect to RCS MaaP providers.

Third-party conditions

The Client agrees and understands that by choosing to use RCS services involving Google, Apple or any other mobile operating system provider or third party (hereinafter, the "Third Party"), the Client's relationship with the relevant Third Party shall be solely with that Third Party and subject to the terms, conditions, privacy policies, warranties or representations associated with that relationship.

The use by the Customer of any Third-Party products or services shall be at the Customer's sole discretion and risk.

LINK makes no representation or warranty regarding any service provided by or through Third Parties, nor regarding Third Parties’ compliance with any laws or regulations, including data protection legislation.

Specific conditions for Jibe

In the event that the MaaP provider selected by the Operator is Jibe Mobile Inc., a wholly-owned subsidiary of Google LLC, the Client agrees and acknowledges that the specific terms of this section shall apply to the use of RCS as a channel by the Client.

The Client has opted to use RCS as the communication channel under this Contract and agrees that the terms of this Service Order, the RCS Business Messaging Service Terms (available at this link), the Google API Terms of Service (available at this link), the Google Controller-Controller Data Protection Terms (available at Google Controller-Controller Data Protection Terms), the Google API Services User Data Policy (available at this link), the Jibe Service Level Agreement (available at this link) and all other applicable terms and policies incorporated by reference (collectively, the “Jibe Terms”) form an integral part of the Agreement for the Client’s use of RCS with Jibe as the RCS MaaP provider.

The Client acknowledges and agrees that it is the Client's responsibility to ensure compliance with this Service Order and with the Jibe Terms and Conditions.

If actions or omissions by the Client are identified that result in a breach of this Service Order or Jibe's conditions, the Client may be prohibited from using RCS at any time.

Product name: MyLINK Connect

Product description

The Client is provided access to a solution for creating and deploying chatbot conversations across multiple Channels. Through the chatbot, End Users can communicate with the Client via their preferred Channel automatically, as well as with human assistance.

Main functionalities

• Chatbot creation – tool to design the bot according to the Client’s use cases and needs using Drag and Drop blocks.
• Broadcast module – tool that allows the Client to automatically send a large number of Messages to Users (Message campaign).
• Conversation – an omnichannel conversation console that enables communication with End Users.
• Reports
• AI (Artificial Intelligence) / NLP (Natural Language Processing) module – allows the Customer to configure AI-based Content in the chatbot, creating so-called intents and expressions to train and enhance the chatbot’s knowledge level
• Database – access to a database that can be quickly accessed by the chatbots created by the Client and that will be shared for each conversation.
• Agent – allows the chatbot to transfer conversations to a human agent designated by the Client to provide direct assistance to the End User.
• Integrations – allows implementations of third-party products and services.
• Chatbot design – can help the Client design conversational flows that best suit a specific use case.
• Messages – functionality used as a means to count how much the Product is used. For the avoidance of doubt, this functionality does not include any Channel connectivity or sending of Messages as defined in the GTC.

The availability of some features may depend on the payment of additional fees (see the specific plan in the Fees clause of the MyLINK Connect Service Order).

Supported Channels: The Product can be integrated for communication through the following Channels: WhatsApp for Business, Telegram, Facebook Messenger, Live Chat, SMS, Slack, Microsoft Teams, Discord, Voice, Alexa, Google Assistant, or custom Channels or Apps. The availability of Channels may require the Client to have separate agreements and to pay fees in addition to those set out in this annex.

The full product description is available at the following link: docs.mylinkconnect.com. Although the information contained in the link has been compiled with due care, LINK does not guarantee that it is free of errors or omissions. LINK may make periodic changes to the information in the link if the Product is updated or improved.

Specific Product Conditions

The use of the Product described in these Additional Terms shall be governed by the terms specified below. In the event of a conflict with the General Conditions, the provisions set forth in this Annex shall prevail:

AI functionalities

MyLINK Connect may include features that allow the Customer to use AI technology to create their chatbot. These features, when enabled by the Customer, can generate new content (“Outputs”) based on any data or other information provided for processing (“Inputs”) through the AI functionality.

With regard to the use of any AI functionality in MyLINK Connect, the Client agrees to:

• NOT to use the Product in any way that may be related to High-Risk Activities or Prohibited Activities, as defined in Article 6 of Title 2 (and the respective Annexes) and, respectively, in Article 6 of Title 2 of the Regulation of the European Parliament and Council laying down harmonised rules on artificial intelligence (the “AI Act”)
• Ensure that End Users are clearly and distinctly informed, no later than at the first interaction, that they are interacting with the AI-powered chatbot and, accordingly, not mislead anyone into believing that any result generated by the AI functionality in the Chatbot was produced exclusively by humans.

Furthermore, regarding the Results generated through AI functionalities, the Client acknowledges that such Results may contain significant inaccuracies and may not reflect correct, up-to-date, or complete information. Due to the nature of artificial intelligence technology, LINK makes no warranties or representations regarding any Result and does not guarantee the generation or uniqueness of any Result by any AI functionality.

The Client is fully responsible for training their own chatbot created through MyLINK Connect and for the validity of the data provided for training (training data).

LINK may limit or suspend the Client’s use of any AI functionality if it considers that such use may constitute a breach of the Contract or adversely affect the security, operability, or integrity of any Product, or otherwise impose liability on LINK.

For the avoidance of doubt, any information or data provided to train the AI functionality shall be considered Content as defined in the GTC.

Channels and Integrations

The Client is responsible for ensuring the existence of one or more Channels to use the product. The Client accepts and acknowledges that each of the Channels requires a separate agreement with a third party or with LINK. The conditions of such Channel shall be established in a separate Annex, in a standalone Service Order, or in an agreement with third parties, as applicable.

To the extent that one or more features of the product can be integrated with third-party products or services (including, without limitation, where the Client uses third-party providers for Channel connectivity), the Client acknowledges and agrees that LINK assumes no responsibility and makes no warranties regarding the security, suitability, reliability, or usability of such third-party products or services.

The Client agrees and acknowledges that each of these providers may have terms of use that the Client must agree to comply with, and it is the Client’s responsibility to ensure the correct terms of each provider are applied and followed.

Product name: MyLINK WhatsApp API

Product description

MyLINK WhatsApp API is a product that allows the Customer to communicate with End Users through the WhatsApp Business Solution, provided by WhatsApp Ireland Limited (hereinafter, “WhatsApp”) and distributed by Meta Platforms Ireland Limited (hereinafter, “Meta”).

Main functionalities

• Two-way communication: Allows the Client to send and receive WhatsApp Messages to and from its End Users and facilitates interactive conversations and personalized communication.
• Rich media support: Allows the sending of multimedia Messages such as images, videos, and documents, and sharing location, enhancing the experience and engagement with the End User.
• Interactive messaging: Quick reply buttons, carousels, and actionable links.
• Read receipts and typing indicators: Allows you to know when Messages have been read and when someone is typing.
• Verified sender identification: Displays the Client’s name, logo, and other brand identifiers in the message thread.

There are integrations with other LINK products, depending on the products chosen by the Client.

Specific Product Conditions

The use of the Product described in these Additional Terms shall be governed by the terms specified below. In the event of a conflict with the General Conditions, the provisions set forth in this Annex shall prevail.

The Client has opted to use the WhatsApp Business solution as the Message Transmission Channel. The terms set out in this Annex form an integral part of the service Contract entered into by the Client and LINK and include the specific conditions for the Client’s use of WhatsApp as a communication Channel.

Verified WABA

The Client agrees and acknowledges that to use MyLINK WhatsApp API, the Client must have a verified WhatsApp Business Manager account (WABA) and a phone number. LINK Mobility will provide support and assistance to the Client with the process of obtaining the necessary approval. However, obtaining such approval is the Client’s responsibility and at the Client’s own risk.

Third-party conditions

The Client agrees and acknowledges that by choosing to send Messages through OTT messaging app providers, particularly WhatsApp, the Client’s relationship with the relevant OTT messaging app providers shall be exclusively with them and subject to the terms, conditions, privacy policies, warranties or representations associated with that relationship.

The use by the Customer of WhatsApp services shall be at the Customer’s sole discretion and risk. LINK makes no representations or warranties regarding any service provided by OTT messaging app providers or regarding their compliance with any laws or regulations, including data protection laws.

In accordance with the above, the Parties agree that the use of WhatsApp as a Transmission Channel by the Client falls outside the scope of the Data Processing Agreement binding the Parties. The Client agrees and acknowledges that any processing of personal data using WhatsApp as a channel is governed by WhatsApp’s data processing terms (available at https://www.whatsapp.com/legal/business-data-processing-terms ) and the other applicable terms and conditions incorporated by reference.

Information about the provision of electronic communications services by WhatsApp, as required by the European Electronic Communications Code, is available at https://www.whatsapp.com/legal/eecc-notice-eea.

Compliance with WhatsApp terms

The Client acknowledges and agrees that it is the Client's responsibility to ensure compliance with this Annex and with the WhatsApp Terms and Conditions.

WhatsApp’s terms include:

• WhatsApp Business Service Terms
• Meta Conditions regarding WhatsApp Business
• Terms of the WhatsApp Business Solution
• WhatsApp Business Messaging Policy

Information about the provision of electronic communications services by WhatsApp is available at https://www.whatsapp.com/legal/eecc-notice-eea.

The WhatsApp transparency report under the EU Digital Services Act (DSA) is available at este enlace.

The Client acknowledges and agrees that LINK will provide Meta with reports related to the Client’s use of the WhatsApp Business Solution, when requested by WhatsApp.

The Client acknowledges and agrees that the conditions of this Annex do not in any way grant the Client the right to (a) resell the WhatsApp Business Solution or allow third parties to integrate, access or use it, or (b) use any Meta or WhatsApp trademarks or trade names in any way.

The Client agrees and acknowledges that all personal data processing using WhatsApp as a Channel is governed by WhatsApp’s data processing terms (available at https://www.whatsapp.com/legal/business-data-processing-terms ) and the other applicable terms and policies incorporated by reference.

If actions or omissions by the Client are identified that result in a breach of this Annex or WhatsApp's conditions, the Client may be prohibited from using MyLINK WhatsApp API at any time.

Prices and price adjustment

The use of the MyLINK WhatsApp API by Customers is subject to WhatsApp’s Pricing Rules, which are available at https://developers.facebook.com/docs/whatsapp/pricing/conversationpricing. Meta may change prices at any time.

Late payment or overdue payments will accrue a service charge equivalent to 1.5% per month of the outstanding amount.

All prices are expressed in euros unless explicitly stated otherwise.

Specific hosting conditions for WhatsApp for WhatsApp Business Client

In the event that the WhatsApp Business Client is hosted by WhatsApp, the Client agrees and acknowledges that they are required to comply with the Cloud API Hosting Terms available at https://www.facebook.com/legal/Meta-Hosting-Terms-Cloud-API.

Audits

With prior reasonable notice to the Customer, the Customer shall provide LINK or WhatsApp and their auditors with access, assistance, and any reasonably requested information regarding the Customer’s compliance with WhatsApp’s terms.

If an audit finds that the Client does not comply with WhatsApp's conditions, the Client must remedy the non-compliance within 72 hours of notification and shall reimburse the reasonable costs of the audit.

Specific conditions for product data processing

The following conditions are important for Data Processing related to the use of the Product described in this Annex. In the event of a conflict with the Data Processing Agreement, the conditions set forth in this Annex shall prevail.

Specific conditions for product data processing

The following conditions are important for Data Processing related to the use of the Product described in this Annex. In the event of a conflict with the Data Processing Agreement, the conditions set forth in this Annex shall prevail.

Annex on the Scope of the Data Processing Agreement

The Parties agree that this Scope Annex replaces the Scope Annex of the Data Processing Agreement signed by LINK and the Client.

Scope of processing

The DPA relates to the processing of Personal Data by LINK on behalf of the Data Controller in connection with the provision of Messaging Services. The Messaging Services include the Data Controller's access to LINK's solutions to manage the sending of messages to recipients selected by the Data Controller, for the purposes and at the frequency chosen by the Data Controller through the use of the service.

LINK Mobility provides various Services under its Service Agreement, many of which include the processing of personal data. All services provided by LINK Mobility as a data processor on behalf of the client are governed by a Data Processing Agreement (DPA), as required by the EU General Data Protection Regulation (GDPR).

The DPA is an agreement as defined in Article 28 of the GDPR, under which a controller and a processor (or a processor and a sub-processor) enter into an agreement to ensure that the processing carried out by the processor (or sub-processor) complies with the requirements of the GDPR. Therefore, the DPA is relevant to the relationship between LINK, as a processor or sub-processor, and its client.

Not all processing of personal data as part of the Services provided to another entity constitutes processing by a Processor on behalf of a Controller, as defined under the GDPR. LINK Mobility’s Services include the transmission of messages from the LINK Mobility environment to the recipient chosen by the Customer and through a messaging Channel selected by the Customer.

The Channel type may include various types of Messages using different protocols and communication standards, such as SMS, MMS, RCS, and other OTT (Over the Top) messaging services, as well as other channels such as email and voice messages.

The process of transmitting such messages is considered an Electronic Communications Service (ECS) and is subject to the requirements of Directive (EU) 2018/1972 establishing the European Electronic Communications Code (EECC).

The processing of personal data required for an ECS is a process in which, in practice, it is not possible for a customer to give instructions or exercise control if effective transmission to the final recipient is to be achieved. This means that LINK will determine the purposes and means of such processing (Article 4(7) of the GDPR), and the GDPR therefore defines LINK as the Controller of such processing.

As an ECS provider, LINK Mobility and other ECS providers are considered data controllers under the GDPR and are therefore obliged to process data in accordance with the GDPR and the obligations imposed on data controllers. Consequently, the Data Processing Agreement shall not apply to the transmission of messages.

In accordance with the above, the Parties agree that the use of the OTT messaging provider WhatsApp as a Transmission Channel by the Client is outside the scope of data processing under the Agreement.

The Client agrees and acknowledges that all personal data processing when using WhatsApp as a channel is governed by WhatsApp’s data processing terms (available at https://www.whatsapp.com/legal/business-data-processing-terms ) and the other applicable terms and policies incorporated by reference.

Information about the provision of electronic communications services by WhatsApp, as required by the European Electronic Communications Code, is available at https://www.whatsapp.com/legal/eecc-notice-eea.

Categories of Data Subjects

The Data Controller defines the categories of Data Subjects whose personal data may be processed. The processing involves the processing of Personal Data related to the End Users of the Controller (the recipients or senders of the Messages, depending on the Controller’s use of the Services under the Contract).

Types of Personal Data

The processing relates to the following types of Personal Data, subject to the specific use of the Services by the Data Controller:

• Basic Personal Data (such as name), contact data (such as email address, phone number, etc.).
• Location data such as GPS, Wi-Fi location data, and those derived from the LINK network (which do not constitute traffic data as defined below).
• Traffic data: personal data processed for the transmission of a communication through an electronic communications network or for its billing purposes.
• Data related to the content of communications, such as emails, voice messages, SMS/MMS, browsing data, etc.

Special categories of Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or medical or health information, shall be processed in accordance with this DPA if the Client uses the services to process such data.

Purpose of the processing

The purpose of LINK’s processing of personal data on behalf of the Customer is the provision of services to the Customer that require the processing of personal data.

LINK Professional Email Service

Service Description, Specific Conditions and Audits

LINK’s Professional Email service allows the customer to connect from their systems to the LINK platform to send and receive emails via technical interfaces or the LINK360 portal.

The service includes the following functionalities:

• Newsletter designer (dynamic drag-and-drop editor, custom HTML imports, dynamic URLs, mobile-optimized templates)
• Automatic opt-out system (optional)
• Web display system with automatic removal option for the “View in Web” link once it is online
• Addition of headers required by Google and Yahoo (and other providers, as implemented)
• Option to track clicks and opens (by default) or disable tracking
• Sender domain customization
• Advanced statistics by campaign
• Advanced daily statistics
• Scheduling capability (delivery time)
• Encrypted databases in transit to ensure maximum security
• Security through ISO27001 Certified System

Usage limits

The customer specifically agrees not to exceed the following limits:

METRIC	ACCEPTABLE	EXPLANATION
Hard bounces (recent)	≤ 2%	In relation to the number of bounced messages over the past 15 days.
Hard bounces (total)	≤ 10%	In relation to the total number of contacts.
Voluntary unsubscribes	≤ 1.4%	People who click on the unsubscribe button in the message.
Suspicious contacts	≤ 10%	E.g. known bounces, role-based email addresses, addresses with correct syntax but non-existent or never used in subscriptions.
Spam complaints	≤ 0.08%	For more than 1000 delivered messages (however, the number of daily complaints may never be greater than 50).
Opened message complaints	≤ 1.00%	In relation to how many messages sent have been opened over the past 5 days.
Spam traps and complaints without the Customer's justification	≤ 1	A spam trap is an email address specifically created to identify illegal databases.

Availability

The availability of stored statistical data will, by default, be maintained for a period not exceeding 12 months. Viewing of sent emails will be available for up to 1 month.

LINK 360 Call Service

Service Description, Specific Conditions and Audits

LINK’s 360 calling service allows the customer to connect from their systems to the LINK platform to send calls via API technical interfaces or the LINK 360NRS portal.

The service includes the following functionalities:

• Designer of simple or interactive voice campaigns, through keypad option selection (IVR, interactive voice response)
• Possibility to attach audio files
• Possibility to create audio based on text (T2S, text to speech)
• Caller number customization
• Advanced statistics by campaign
• Advanced daily statistics
• Scheduling capability (delivery time)
• Ability to limit sending schedules
• Call retry scheduling
• Encrypted databases in transit to ensure maximum security
• Security through ISO27001 Certified System

Availability

The availability of stored statistical data will, by default, be maintained for a period not exceeding 12 months. Playback of sent audio will be available for up to 3 months.

LINK guarantees the technical availability of the service as long as its operation depends directly on LINK’s infrastructure. This includes:

• 360NRS quality assurance and its associated API
• Availability guarantee to the extent within LINK's control.
• Technical support in case failures are attributable to LINK.
• Campaign results report
• LINK grants the Client a non-exclusive license to use the service in accordance with the provisions of this document. The parties agree that the license includes, in particular, all updates, adaptations, and modifications to the service that have been developed, produced, and implemented by LINK during the term of the contract.

Responsibility

In order to provide its calling services, LINK will contract third-party services (telephony/telecommunications providers) without which this service could not function.

LINK offers no guarantee that third-party services will be uninterrupted, timely, secure, error-free, or that defects will be corrected.

Service continuity may be affected by network or infrastructure maintenance. If LINK or its external providers carry out maintenance that interrupts the platform, LINK will notify the Client as soon as it becomes aware of it. However, LINK is not responsible for service interruptions due to third-party maintenance.

Likewise, LINK shall not be liable for the absence of results when due to (i) a coverage failure in the call area or (ii) users not answering the call.

Furthermore, under no circumstances shall LINK be liable for damages, including consequential damages and loss of profit, arising from this agreement, including but not limited to damages caused by loss of earnings, data loss, phone bills, communication line charges, loss of privacy, or damages to third parties, even if the providers have been informed of the possibility of such damages.

In this regard, LINK is not obligated to monitor the content of the calls made by the Client. However, LINK may report any detected illegal activities to the competent authorities.

LINK reserves the right to cooperate, in accordance with the Law, with the authorities, who may carry out inspections related to the campaigns.

Nonetheless, LINK reserves the right to suspend services at its discretion, without prior notice and for reasons including, but not limited to, receipt of claims or complaints from third parties or authorities.

LINK shall not be considered in any way a representative of the Client and therefore may not act or commit on its behalf.

Contents

The following content is prohibited on the service:

• Illegal activities: Content that constitutes, promotes, or facilitates illegal activities, or contains obscene or defamatory sounds or voices.
• Tobacco: Content promoting tobacco or tobacco-related products.
• Drugs: Content that promotes or facilitates the sale or use of illegal drugs.
• Firearms: Content that promotes firearms, ammunition, or explosives.
• Adult content: Including sounds, voices, sexually suggestive activities or situations, prostitution, or pornographic dating sites.
• Violence: Content that describes or promotes violence or aggression, including but not limited to sexual assault and harm to humans or animals.
• Speech that incites hatred and harassment: Content that is insulting, harassing, intimidating, threatening, degrading or otherwise promotes violence against a specific person, organization or group. This includes, without limitation, individuals or groups identified by race, gender, creed, age, color, origin, religion, marital status, gender identity, language, sexual orientation, or disability.
• Counterfeit products: Sale of imitation or counterfeit products.
• Gambling: games or activities in which the participant risks money or valuables in order to win money.
• Any type of service or product aimed at children or young people under 18 years of age.

This list is not exhaustive.

LINK reserves the right to access, read, preserve, and disclose any information it reasonably deems necessary for (i) compliance with the law, legal proceedings, or judicial or administrative requests, (ii) enforcement of this service agreement, including the investigation of possible violations, (iii) detection, prevention, or resolution of issues related to fraud, security, or technical problems, and (iv) to protect the rights, property, and safety of LINK or third parties.