DATA PROCESSING AGREEMENT

By executing the OutSystems Master Subscription Agreement (the "Agreement"), Customer enters into this this Data Processing Addendum ("Addendum"), on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of its Authorized Affiliates, if and to the extent OutSystems Processes Personal Data for which such Authorized Affiliates qualify as the Controller. For the purposes of this Addendum only, and except where indicated otherwise, the term "Customer" shall include Customer and Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement.

1. DEFINITIONS

Capitalized terms shall have the meanings set out below. Any capitalized terms not defined below or elsewhere in this Addendum shall have the meanings ascribed to them in the Master Subscription Agreement:

"Adequate Country" means a country or territory outside the EU/EEA that is recognized for the purposes of Data Protection Laws by virtue of a decision of the European Commission as providing an adequate level of protection for Personal Data.
"Anonymized Data" means any Personal Data which has been anonymized such that the Data Subject to whom it relates cannot be identified, directly or indirectly, by OutSystems or any other party reasonably likely to receive or access that Personal Data.
"Authorized Affiliate" means any of Customer's Affiliate(s) which (a) is subject to the data protection laws and regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Services pursuant to the Agreement between Customer and OutSystems but has not signed its own Order with OutSystems and is not a "Customer" as defined under the Agreement.
"Breach Event" means an event reasonably considered to be a "data breach" or otherwise involving the unauthorized and/or unlawful Processing of Personal Data whether in electronic, hard copy or other form including but not limited to malicious interference with information system operations by third parties; provided, however that trivial attempts to penetrate Processor's networks or systems that occur on a daily basis, such as scans, and "pings," will not be considered a Breach Event.
"Controller" means Customer and/or Authorized Affiliates.
"Data Subject" means the individual to whom the Personal Data belongs according to the Data Protection Laws.
"Data Protection Laws" means all national, state, regional and/or local laws applicable to data privacy and the Processing of "Personal Data" (defined below) including but not limited to, as applicable, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the EU e-Privacy Directive (2002/58/EC) as may be amended by the proposed Regulation on Privacy and Electronic Communications, in each case as implemented into local laws applicable to the relevant Data Controller and/or Data Processor(s) with respect to the Personal Data (as relevant), any legislation that, in respect of a member state of EU, converts into domestic law the GDPR, the proposed Regulation on Privacy and Electronic Communications, or any other law relating to data protection, the processing of personal data and privacy. The term Data Protection Laws shall be deemed to include any successor legislation or replacements for any of the laws referenced in this definition and includes all replacement laws and any similar laws governing the parties' activities in the European Union or any other applicable jurisdiction.
"EU/EEA" means European Economic Area.
"GDPR" means the EU General Data Protection Regulation 2016/679 and to the extent the GDPR is no longer applicable in the United Kingdom, any implementing legislation or legislation having equivalent effect in the United Kingdom. References to "Articles" or "Chapters" of the GDPR shall be construed accordingly.
"Personal Data" means "Personally Identifiable Information" or as that term is defined in the applicable Data Protection Laws and shall include, without limitation, any data or information (regardless of the medium in which it is contained and whether alone or in combination) which may be supplied to or Processed by or on behalf of Processor in connection with the provision of the Services, that relates to an identified or identifiable person ("Data Subject") including, without limitation, name, postal address, email address, telephone number and information about the Data Subject's opinions (in each case, as relevant to the particular Services), more particularly referred to in Exhibit A.
"Personnel" means employees, consultants and/or contractors.
"Process" means, with respect to the description of Processing stated in Exhibit A, the meaning set out in the applicable Data Protection Laws and includes any operation which is performed upon Personal Data, whether or not by automatic means, including but not limited to the access, acquisition, collection, recording, organization, storage, alteration, retrieval, consultation, use, disclosure, combination, "Transfer" (defined below), blocking, return or destruction of Personal Data. "Processed" or "Processing" shall be construed accordingly.
"Processor" means OutSystems.
"Services" means the Software provided on cloud (platform as a service) and the Support and Updates jointly provided through a Subscription and/or the Professional Services provided by OutSystems.
"Standard Contractual Clauses" means the means the European Commission's Standard Contractual Clauses available at https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.
"Sub-Processors" means an entity engaged by Processor for the processing activities to be carried out as part of the Services.
"Third Country" means a country or territory outside the EU/EEA that is not an Adequate Country.
"Transfer" means the transfer of Personal Data to a Third Country. "Transferred" or "Transferring" shall be construed accordingly.
"User" means an individual authorized by Customer to use the Services.

2. PROCESSING OF PERSONAL DATA

2.1 Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, OutSystems is the Processor and that OutSystems and its Affiliates will engage Sub-Processors pursuant to the requirements set forth in Section 6 "Sub-Pocessors" below.

2.2 Customer's Processing of Personal Data. Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws. For the avoidance of doubt, Customer's instructions for the Processing of Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.

2.3 OutSystems' Processing of Personal Data. Outsystems shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with the Data Protection Laws and with Customer's documented instructions for the following purposes, as are more particularly referred to in Exhibit A: (i) Processing in accordance with the Agreement and applicable Order(s); (ii) Processing initiated by Users in their use of the Services; (iv) Processing in order to provide the Services; and (iv) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.

2.4 Details of the Processing. The subject-matter of Processing of Personal Data by OutSystems is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this Addendum are further specified in Exhibit A to this Addendum.

2.5 Confidentiality. Personal Data is considered Confidential Information under the Agreement. OutSystems shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data and have received appropriate training on their responsibilities.

3. SECURITY

OutSystems uses appropriate technical, organizational and administrative security measures to protect the Personal Data supplied and controlled by Customer against loss, misuse, unauthorized access, disclosure, alteration, and destruction. OutSystems' security measures are continually improved in line with technological developments. OutSystems has been certified and attested to confirm compliance with ISO 27001, ISO 22301 and SOC 2 Type II standards, by independent auditors, as available at https://www.outsystems.com/trust/.

4. OUTSYSTEMS PERSONNEL

OutSystems shall take reasonable steps to ensure the reliability of any OutSystems' Personnel who may Process Personal Data, ensuring:

(a) that access is strictly limited to those individuals who need to know or access the relevant Customer's Personal Data for the purposes described in this Addendum; and

(b) that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

5. COOPERATION

5.1 Cooperation with Customer. OutSystems shall cooperate fully with, and assist, Customer in relation to any notifications or prior approvals that Customer may be required to effect or obtain from a regulator, in connection with the Personal Data, including without limitation the preparation of supporting documentation to be submitted to the relevant regulator and provision of supporting documentation sufficient to evidence that Customer is legally bound by the terms of this Addendum. In addition, OutSystems will provide Customer with all assistance and cooperation in the event of the need for Remediation Efforts, including prior consultation with Customer regarding any public notification or government mandated breach notification in connection with a Breach Event. OutSystems shall and shall procure that the Sub-Contractors shall promptly provide to Customer on request all information in its possession or control in relation to the Processing of the Personal Data under this Addendum and with all assistance and cooperation as may reasonably be required in order for Customer to assess whether its Processing of the Personal Data is in accordance with this Addendum.

5.2 Data Subject Requests. OutSystems shall, to the extent legally permitted, promptly notify Customer if OutSystems receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure ("right to be forgotten"), data portability, object to the Processing, or its right not to be subject to an automated individual decision making ("Data Subject Request"). Taking into account the nature of the Processing, OutSystems shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer's obligation to respond to a Data Subject Request under Data Protection Laws. In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, OutSystems shall upon Customer's request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent OutSystems is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations.

5.3 Authority Requests. OutSystems shall and shall procure that the Sub-Contractors shall promptly and in any event within undue delay notify Customer, including by providing copies, if it should receive any communication, correspondence or request for information (whether written or oral) from any regulatory authority relating directly or indirectly to the Personal Data, including in connection with any enforcement action or investigation under the Data Protection Laws ("Authority Request").

5.4 Data Quality. OutSystems shall and shall procure that the Sub-Contractors shall preserve the accuracy and integrity of Personal Data. OutSystems shall update, amend, correct or delete Personal Data that is inaccurate or incomplete at the request of Customer, consistent with the provisions set forth in this Addendum or under the Data Protection Laws. OutSystems shall at all times promptly and fully cooperate with Customer's efforts to respond to any Data Subject inquiry or breach response action requiring access to information stored or processed by OutSystems on behalf of Customer.

5.5 Deletion, Destruction or Return of Personal Data. To the extent not otherwise prohibited by applicable Data Protection Laws, the Agreement or this Addendum, notwithstanding any failure of Customer to provide written instructions, OutSystems shall and shall procure that the Sub-Processors shall delete or destroy upon termination of Agreement, all Personal Data stored, collected or processed on behalf of Customer. Following expiry or termination of the Agreement, and at any other time upon Customer's request, OutSystems shall and shall procure that all Su-Processors shall immediately and permanently delete all electronic copies of the Personal Data from its/their computer systems (including without limitation servers, hardware and mobile devices) and from digital media in its/their possession or control); and in respect of hard copies of the Personal Data, securely destroy all originals and copies of Personal Data in its, or its Sub-Processors, possession, custody, or control. Upon request, OutSystems shall provide a certification confirming that all Personal Data Processed under the Agreement has been securely destroyed.

5.6 Breach Notification. Outsystems shall promptly and with undue delay notify Customer of any actual or suspected Breach Event; including the nature of the Breach Event, the categories and approximate number of Data Subjects and Personal Data records concerned and any measure proposed to be taken to address the Security Incident and to mitigate its possible adverse effects, and promptly provide OutSystems with all other information in its possession or control concerning the Breach Event and with all assistance and cooperation as may be required in order for Customer and/or (as relevant) its Authorized Affiliates who is/are Controller(s) of the Personal Data to seek to mitigate the effects of the Breach Event, comply with the Data Protection Laws and adhere to guidance issued by relevant data privacy regulator with regard to security breach management and reporting; where and in so far as it is not possible to provide all the relevant information at the same time the information may be provided in phases without undue delay. Further, OutSystems shall fully and promptly cooperate with Customer in satisfying its obligations with respect to a Breach Event, as determined by Customer in its sole discretion, under any applicable Data Protection Laws.

5.7 Data Protection Officer. OutSystems has appointed a Data Protection Officer who may be reached at dpo@outsystems.com.

6. SUB-PROCESSORS

6.1 Consent. OutSystems shall be entitled to engage Sub-Processors to fulfil OutSystems' obligations defined in the Agreement only with Customer's consent. For these purposes, Customer consents to the engagement as Sub-Processors of OutSystems' Affiliates mentioned in the list referenced in Section 12 below, as well as the third parties listed in Exhibit B. For the avoidance of doubt, the above authorization constitutes Customer's prior written consent to the sub Processing by OutSystems for purposes of article 28/2 of GDPR and Clause 11 of the Standard Contractual Clauses.

6.2 Engagement of Sub-Processors. With respect to each Sub-Processor, OutSystems shall: a) before the Sub-Processor first Processes Customer's Personal Data, carry out adequate due diligence to ensure that the Sub-Processor is capable of providing the level of protection for Customer's Personal Data required by this Addendum and Data Protection Laws; and b) ensure that the arrangement between OutSystems and any prospective Sub-Processor is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum, and that such terms meet the requirements of Article 28(3) of the GDPR. If OutSystems intends to instruct Sub-Processors other than the companies listed in Exhibit 2, the OutSystems will notify the Customer thereof in writing (email to the email address(es) on record in OutSystems's account information for Customer is sufficient) and will give the Customer the opportunity to object to the engagement of the new Sub-Processors within 30 days after being notified. If the OutSystems and Customer are unable to resolve such objection, either party may terminate the Agreement by providing written notice to the other party. Where the Sub-Processor fails to fulfil its data protection obligations, OutSystems will remain liable to the Customer for the performance of such Sub-Processors obligations.

7. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

OutSystems shall provide reasonable assistance to Customer, at Customer's cost, with any data protection impact assessments, and prior consultations with supervisory authorities, which Customer reasonably considers to be required of Customer by Article 35 or 36 of the GDPR, in each case solely in relation to Processing of Customer Personal Data by and considering the nature of the Processing and information available to, OutSystems.

8. AUDIT RIGHTS

8.1 OutSystems shall make available to Customer on request information reasonably necessary to demonstrate compliance with this Addendum.

8.2 Subject to Paragraphs 8.3 and 8.4, in the event that Customer (acting reasonably) is able to provide documentary evidence that the information made available by OutSystems pursuant to Section 8.1 is insufficient to demonstrate OutSystems's compliance with this Addendum, OutSystems shall allow for and contribute to audits, including on-premise inspections, by Customer or an auditor mandated by Customer in relation to the Processing of the Customer's Personal Data by OutSystems.

8.3 Customer shall give OutSystems reasonable notice of any audit or inspection to be conducted under Section 8.2 (which shall in no event be less than thirty (30) days' notice unless required by a supervisory authority pursuant to Section 8.4(f)(ii)) and shall use its best efforts (and ensure that each of its mandated auditors uses its best efforts) to avoid causing, and hereby indemnifies OutSystems in respect of, any damage, injury or disruption to OutSystems's premises, equipment, Personnel, data, and business (including any interference with the confidentiality or security of the data of OutSystems's other customers or the availability of OutSystems's Services to such other customers) while its Personnel and/or its auditor's Personnel (if applicable) are on those premises in the course any on-premise inspection.

8.4 OutSystems needs not give access to its premises for the purposes of such an audit or inspection:

(a) to any individual unless he or she produces reasonable evidence of identity and authority;
(b) to any auditor whom OutSystems has not given its prior written approval (not to be unreasonably withheld);
(c) unless the auditor enters into a non-disclosure agreement with OutSystems on terms acceptable to OutSystems;
(d) where, and to the extent that, OutSystems considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of OutSystems's other customers or the availability of OutSystems's services to such other customers;
(e) outside normal business hours at those premises; or
(f) on more than one (1) occasion in each period of twelve (12) months during the Subscription Term (or where the term of the Subscription Term is less than (12) months, on more than one (1) occasion during such shorter term), except for any additional audits or inspections which:
(i) Customer reasonably considers necessary because of a Breach Event; or
(ii) Customer is required to carry out by Data Protection Law or a supervisory authority, where Customer has identified the Breach Eventor the relevant requirement in its notice to OutSystems of the audit or inspection.

8.5 The Parties shall discuss and agree the costs of any inspection or audit to be carried out by or on behalf of Customer pursuant to this Section 8 in advance of such inspection or audit and, unless otherwise agreed in writing between the Parties, Customer shall bear any third party costs in connection with such inspection or audit and reimburse OutSystems for all costs incurred by OutSystems and time spent by OutSystems (at OutSystems's applicable professional services rates) in connection with any such inspection or audit.

9. RESTRICTED TRANSFERS

OutSystems agrees that no Customer's Personal Data shall be Processed by any Sub-Processor outside the EU/EEA in a Third Country otherwise than in accordance with Chapter V of the GDPR and OutSystems shall ensure that a legal mechanism to achieve adequacy in respect of that Processing is in place, such as Sub-Processors' EU-U.S. and Swiss-U.S. Privacy Shield Framework certifications (if any) or Standard Contractual Clauses. Without limiting the other mechanisms available to achieve adequacy that may be available to OutSystems under Chapter V of the GDPR in respect of Transfers to Sub-Processors located in a Third Country, Customer hereby confers a specific mandate to OutSystems to enter into and undersign the Standard Contractual Clauses as agent for Customer, as the 'data exporter' with such Sub-Processors as the 'data importer'.

10. ANONYMOUS DATA

Advertiser acknowledges and agrees that OutSystems shall be freely able to use and disclose Anonymized Data for OutSystems' own business purposes, namely, but not limited to, the improvement of the Services.

11. LIMITATION OF LIABILITY

OutSystems and all its Affiliates' liability, taken together in the aggregate, arising out of or related to the infringement of the Data Protection Laws or the non-compliance with their obligations towards the Processing of Personal Data in relation with this Addendum, whether in contract, tort or under any other theory of liability, is limited to proven direct damages caused by OutSystems and/or any of its Affiliates in an amount not to exceed €500.000,00 (five hundred thousand Euros). The provisions of this section allocate risks under this Addendum between the parties hereunder. For the avoidance of doubt, OutSystems' and its Affiliates' total liability for all claims from the Customer and all of its Authorized Affiliates arising out of or related to the infringement of the Data Protection Laws or the non-compliance with their obligations towards the Processing of Personal Data in relation with this Addendum shall apply in the aggregate for all claims under both the Agreement and all Addendums established under this Agreement, including by Customer and all Authorized Affiliates, and, in particular, shall not be understood to apply individually and severally to Customer and/or to any Authorized Affiliate that is a contractual party to any such Addendum.

12. GOVERNING LAW AND JURISDICTION

Except where the Processing of the Personal Data is governed by specific Data Protection Laws, in such case such laws shall apply, this Addendum shall be governed by, and construed and enforced in accordance with the laws defined at www.outsystems.com/legal/governing-law-jurisdiction, excluding its rules regarding the conflict of laws.

13. HOW THIS ADDENDUM APPLIES

The parties acknowledge and agree that, by executing the Agreement, OutSystems enters into this Addendum on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate Addendum between OutSystems and each such Authorized Affiliate subject to the provisions of the Agreement and this Section. Each Authorized Affiliate agrees to be bound by the obligations under this Addendum and, to the extent applicable, the Agreement.

If the Customer entity signing this Addendum is a party to the Agreement, this Adendum is an addendum to and forms part of the Agreement. In such case, the OutSystems entity that is party to the Agreement is party to this Addendum.

If the Customer entity signing this Addendum has executed an Order with OutSystems or its Affiliate pursuant to the Agreement, but is not itself a party to the Agreement, this Addendum is an addendum to that Order and the OutSystems entity that is party to such Order is party to this Addnedum.

If the Customer entity signing the Addendum is not a party to an nor to a Master Subscription Agreement directly with OutSystems, but is instead a customer indirectly via an authorized reseller Partner of OutSystems, this Addnedum is not valid and is not legally binding. Such entity should contact the authorized reseller Partner to discuss whether any amendment to its agreement with that reseller may be required.

EXHIBIT A
PROCESSING ACTIVITIES

Description of Processing Activities
Except upon written instructions of Controller amending these instructions, Processing shall only be conducted with respect to the following:
Nature and Purpose of Processing
Processor will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the applicable Order, and as further instructed by Controller in its use of the Services.
Duration of Processing
Processor will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Categories of Data Subjects
Controller may submit Personal Data related to the Services, the extent of which is determined and controlled by Controller in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
● Customers, business partners and vendors of Controller (who are natural persons).
● Employees or contact persons of Controller's customers, business partners and vendors.
● Employees, agents, advisors, contractors of Controller (who are natural persons).
● Controller's Users authorized by Controller to use the Services.
Type of Personal Data
Controller may submit Personal Data to the Services, the extent of which is determined and controlled by Controller in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
● First and last name ● Title ● Position ● Employer ● Contact information (company, email, phone, physical business address) ● ID data ● Professional life data ● Personal life data ● Connection data ● Localisation data

EXHIBIT B
PERMITTED THIRD PARTY SUB-PROCESSORS

OUTSYSTEMS PURCHASE ORDER TERMS AND CONDITIONS

Updated: May 2, 2025

This OutSystems Purchase Order Terms and Conditions (this "Agreement") is entered into as of the last signature below ("Effective Date") by and between OutSystems and Supplier (each, a "Party", and together, the "Parties"). This Agreement sets forth the terms and conditions that apply to all purchases of goods, services, and/or deliverables by OutSystems from the Supplier by means of a Purchase Order (a "PO") issued by OutSystems to the Supplier. Such PO is effective upon Supplier's commencement of performance or the date of Supplier's signature, whichever is earlier.

NO TERMS OTHER THAN THIS AGREEMENT WILL APPLY TO SUPPLIER'S PROVISION OF GOODS, SERVICES AND/OR DELIVERABLES, EXCEPT IF THE PARTIES HAVE EXECUTED A SEPARATE WRITTEN AGREEMENT GOVERNING GOODS, SERVICES AND/OR DELIVERABLES IN WHICH CASE THIS LATTER AGREEMENT WILL PREVAIL.

1. DEFINITIONS

"Affiliate" means an entity that controls, is controlled by or shares common control with OutSystems or Supplier, where such control arises from either (a) a direct or indirect ownership interest of more than 50% or (b) the power to direct or cause the direction of the management and policies, whether through the ownership of voting stock, by contract, or otherwise, equal to that provided by a direct or indirect ownership of more than 50%.

"Confidential Information" refers to non-public information that either Party may obtain from the other or have access to by virtue of this Agreement, including, but not limited to, each Party's data and each Party's proprietary software and computer operations, code, inventions, algorithms, business concepts, workflow, marketing, financial, business and technical information, the terms and pricing under this Agreement, Personal Data, and all information either clearly identified as confidential or that is of a nature that a reasonable person would understand to be confidential.

"Deliverables" means all goods, records, reports, documents, papers, other materials and deliverables (whether in documentary, electronic or other form) produced by, or on behalf of, Supplier for OutSystems, provided they are identified as such in the applicable PO or Supplier Documents.

"Fees" means the amount to be paid for the Goods, Services, and/or Deliverables as detailed in the applicable PO.

"Goods" means the goods to be provided by the Supplier to OutSystems as described in the applicable PO or Supplier Documents.

"Intellectual Property" means any patents, patent rights, design rights, copyrights, database rights, trade secrets, know-how, trademarks, trade names, service marks and other intellectual property embodied in the foregoing, and all applications and rights to apply for registration or protection rights pertaining thereto, in existence at the date hereof or created in the future. Rights regarding Intellectual Property shall be referred to as "Intellectual Property Rights".

"OutSystems" means the Party agreeing to the terms of this Agreement as OutSystems as indicated in the signature block below.

"Personal Data" has the meaning as described in the applicable data protection laws and shall include, without limitation, any data or information (regardless of the medium in which it is contained and whether alone or in combination) that relates to an identified or identifiable natural person.

"Personnel" means Supplier or its Affiliate's directors, officers, employees, non-employee workers, agents, auditors, consultants, contractors, subcontractors and any other person providing the Goods or performing the Services and/or Deliverables on behalf of Supplier.

"Purchase Order" or "PO" means the document separately executed by the Parties that references this Agreement and foresees the Goods, Services, and/or Deliverables to be provided by the Supplier, including any associated Fees. A PO is effective upon Supplier's commencement of the performance or the date of Supplier's signature, whichever is earlier.

"Services" means the services to be provided by the Supplier to OutSystems on a time and materials or fixed price basis as described in the applicable PO or Supplier Documents.

"Supplier" means the Party agreeing to the terms of this Agreement as Supplier as indicated in the signature block below.

"Supplier Documents" means any document shared by the Supplier that details the Goods, Services, and/or Deliverables to be provided by the Supplier to OutSystems, and that has been signed by an authorized representative of OutSystems, which can be, for example, an order, quote, proposal, or statement of work.

2. GOODS, SERVICES AND DELIVERABLES

2.1Supplier agrees to provide the Goods and/or Deliverables and/or perform the Services in accordance with the terms and conditions set forth in this Agreement, on the PO, and in any Supplier Documents, incorporated herein by reference.

2.2A PO does not constitute a firm offer and may be revoked at any time prior to acceptance. Upon acceptance of a PO, shipment of Goods or commencement of Services and/or Deliverables, Supplier shall be bound by the provisions of this Agreement.

2.3OutSystems hereby reserves the right to reschedule any delivery or cancel any PO issued at any time prior to shipment of Goods or prior to commencement of any Services and/or Deliverables. OutSystems shall not be subject to any charges or other fees as a result of such reschedule or cancellation.

3. DELIVERY OF GOODS

3.1Unless otherwise specified in the PO, Supplier will deliver Goods DDP (Incoterms 2010), with title and risk of loss transferring from Supplier to OutSystems at the delivery destination.

3.2When the Supplier is responsible for exporting or importing Goods, Supplier will obtain all authorizations and permits necessary to fulfil all applicable requirements, including compliance with applicable laws and regulations related to export control and trade sanctions compliance, for the Goods shipment.

3.3Upon OutSystems request, Supplier will provide OutSystems with any information OutSystems reasonably requests regarding the importation of Goods.

3.4OutSystems reserves the right to refuse any delivery made more than 5 days before the delivery date and Supplier will re-deliver the Goods on the correct date at the Supplier's expense. In addition, OutSystems may return to the Supplier, at Supplier's expense, any quantity of Goods exceeding those specified in the PO.

3.5If a Goods shipment (or part of a shipment) is likely to be delayed, Supplier will: (i) promptly notify OutSystems in writing and immediately propose a new delivery date, (ii) use best efforts to expedite delayed Goods at Supplier's expense, and (iii) issue OutSystems a discount or refund on the purchase price for the Goods delivered late, unless otherwise agreed by the Parties. In addition to other remedies applicable, OutSystems may (iv) cancel without liability the applicable PO or portions of the PO for the late Goods not yet delivered, or (v) cover for the late Goods by sourcing products from another supplier, at Supplier's reasonable expense.

4. FEES AND PAYMENT TERMS

4.1Fees. OutSystems will pay to Supplier the Fees set forth in the applicable PO. Supplier will invoice OutSystems upon OutSystems acceptance of the Goods, Services and/or Deliverables by submitting invoices to OutSystems.

4.2Payment. Except when specifically stated in the PO, Supplier will be responsible for all costs it incurs in connection with providing the Goods, Services and/or Deliverables, including Personnel's expenses. OutSystems will pay any undisputed portion of an invoice for accepted Goods, Services, and/or Deliverables within 60 business days following the later of: (1) delivery of the Goods or completion of Services and/or Deliverables, or (2) receipt of a correct invoice by OutSystems accounts payable department. Correct invoices must include PO number, complete bill-to address, good part numbers and quantities, description of Goods, Services, and/or Deliverables, unit prices, applicable tax or other charges, and extended totals. Supplier will receive no royalty or other remuneration on the production or distribution of any products developed by OutSystems or Supplier in connection with or based on the Goods, Services, and/or Deliverables provided. OutSystems is not obligated to pay any invoice submitted 180 days or more after Goods are shipped or Services and/or Deliverables are completed. In addition to other rights and remedies OutSystems may have, OutSystems may offset any payment obligations to Supplier that OutSystems may incur under the Agreement against any Fees owed to OutSystems, and not yet paid by Supplier under the Agreement or any other agreement between Supplier and OutSystems. If OutSystems initiates an invoice dispute, OutSystems will include a written description of the disputed portion of the invoice. Upon OutSystems' request, Supplier will issue separate invoices for undisputed and disputed amounts. Payment of undisputed amounts will not limit OutSystems' right to object and refuse payment of disputed amounts.

4.3Payment records. Supplier shall maintain written or electronic records reflecting the basis for any charges billed in connection with a PO for at least 3 (three) years after Supplier's receipt of OutSystems' final payment with respect to the PO.

5. TAXES

5.1Except as otherwise provided in this Agreement, the amounts to be paid by OutSystems to Supplier do not include taxes. OutSystems is not liable for any taxes that Supplier is legally obligated to pay, including but not limited to net income or gross receipts taxes, franchise taxes, and property taxes.

5.2OutSystems will pay Supplier any sales, use or value added taxes it owes under this Agreement, and which the law requires Supplier to collect from OutSystems. If OutSystems provides Supplier a valid exemption certificate, Supplier will not collect the taxes covered by such certificate. Supplier will indemnify and hold OutSystems harmless from any claims, costs (including reasonable attorneys' fees) and liabilities related to Supplier's taxes.

5.3If the law requires OutSystems to withhold taxes from payments to Supplier, OutSystems may withhold those taxes and pay them to the appropriate taxing authority. OutSystems will deliver to Supplier an official receipt for such taxes. OutSystems will use reasonable efforts to minimize any taxes withheld to the extent allowed by law.

6. INSPECTION

OutSystems shall have a reasonable time after the receipt of Goods, Services and/or Deliverables and before payment, to inspect them for conformity to the Agreement and/or PO, any applicable specifications, and Supplier Documents (hereinafter, "Inspection"). Goods, Services and/or Deliverables received prior to Inspection shall not be deemed accepted until OutSystems has run adequate tests to determine whether the Goods, Services and/or Deliverables conform thereto. Use of a portion of the Goods, part of the Services and/or Deliverables for the purpose of testing shall not constitute an acceptance of the Goods, Services and/or Deliverables. If Goods, Services and/or Deliverables provided do not wholly conform with the provisions hereof, OutSystems shall have the right to reject such Goods, Services and/or Deliverables. Nonconforming Goods will be returned to Supplier freight collect and risk of loss will pass to Supplier upon OutSystems' delivery to the common carrier. Nonconforming Services and/or Deliverables will, at OutSystems discretion, either be redone or rejected with full refund within 10 (ten) days.

7. SUBCONTRACTORS

Supplier shall not subcontract, delegate or assign its obligations under this Agreement without OutSystems' prior written consent. If Supplier proposes to subcontract the delivery of the Goods or the provision of the Services and/or Deliverables, it shall submit to OutSystems the name of each proposed subcontractor and a description of the corresponding proposed Goods, Services, and/or Deliverables. OutSystems shall have the right to reject any subcontractor, or revoke its prior approval of a permitted subcontractor, which it, at its own discretion, considers unable or unsuitable to satisfactorily perform the Goods, Services and/or Deliverables. Supplier shall include in the agreements with its subcontractors provisions substantially similar to the provisions of this Agreement relating to Personnel requirements, Intellectual Property Rights, Confidential Information and Personal Data and warranties. Supplier shall require all permitted subcontractors to carry insurance at levels customary and appropriate for the types and volumes of Goods, Services, and/or Deliverables being provided by such subcontractors. Supplier shall remain responsible for obligations, services and functions performed by permitted subcontractors to the same extent as if these obligations, services and functions were performed by Personnel. Supplier shall be OutSystems' sole point of contact. Supplier shall promptly pay for all services, materials, equipment and labor used by Supplier in providing the Goods, Services, and/or Deliverables, and Supplier shall keep OutSystems' premises free of all encumbrances. Supplier shall not enter into any cost-reimbursable contract with any proposed subcontractor without OutSystems' prior written authorization. All cost-reimbursable subcontracts shall ensure that cost-reimbursable contract will have the right to inspect subcontractor's facilities to ensure the progress of the work hereunder and to audit subcontractor's records and books of account to ensure the applicability, validity and reasonableness of such costs, if such a subcontract is authorized by cost-reimbursable contract.

8. INTELLECTUAL PROPERTY RIGHTS

8.1Intellectual Property Rights. All Intellectual Property Rights in the Deliverables are owned by OutSystems upon creation, free of all liens. In case the Deliverables contain any Intellectual Property Rights of Supplier, Supplier hereby grants OutSystems a worldwide, royalty-free, non-exclusive, perpetual license to use, copy, modify and distribute such Intellectual Property as part of the Deliverables. Supplier agrees to cooperate with and assist OutSystems to acquire and perfect its ownership rights in the Deliverables which may include applying for, and executing any applications and/or assignments reasonably necessary to obtain, any patent, copyright, trademark or other statutory protection for the Deliverables in OutSystems' name, as OutSystems deems appropriate.

8.2Attribution. Supplier may not use OutSystems' name and logo nor indicate that OutSystems is a client of Supplier on its website, in any public filings and through its marketing materials, including but not limited to press releases, case studies, white papers and webinars unless OutSystems has provided express written authorization. If OutSystems has provided authorization, any such attribution will be consistent with OutSystems' style guidelines or requirements as communicated to Supplier from time to time.

9. CONFIDENTIAL INFORMATION AND PERSONAL DATA

9.1Use and Disclosure. Supplier and Personnel (who have a need to know and who are subject to confidentiality obligations at least as restrictive as those in this Agreement) will hold in confidence and not use for any purposes unrelated to this Agreement or disclose to any third party any Confidential Information of OutSystems. Supplier agrees to take all reasonable steps to ensure that the Confidential Information is not disclosed or distributed by its Personnel in violation of the terms of this Agreement.

9.2Permitted Disclosures. Supplier may disclose Confidential Information of OutSystems: (i) in response to a valid order or request by a court or other governmental or regulatory body, (ii) as otherwise required by law, or (iii) as necessary to establish the rights of either Party under this Agreement. Supplier will promptly give notice to OutSystems of the disclose of such Confidential Information and allow OutSystems to object or to seek a protective order, to the extent permitted by the applicable law.

9.3Non-Confidential Information. Supplier shall not be obligated under this Section 9 with respect to Confidential Information that: (i) is or becomes a part of the public domain through no act or omission of Supplier; (ii) was in Supplier's lawful possession without restriction prior to the disclosure and had not been obtained by the Supplier either directly or indirectly from OutSystems; (iii) is lawfully disclosed to the Supplier by a third party without restriction on the disclosure; or (iv) is independently developed by the Supplier without access to the Confidential Information.

9.4Destruction or Return. Except as otherwise authorized or required in furtherance of the purposes of this Agreement, promptly upon a request by OutSystems, Supplier will at its option either destroy, and certify destruction in writing, or return to OutSystems all Confidential Information and all documents or media containing any such Confidential Information and all copies or extracts thereof provided that Supplier shall be permitted to retain copies of any computer records and files containing any Confidential Information which have been created pursuant to automatic archiving and back-up procedures, or retain a back-up copy of such Confidential Information as required by law, rule, regulation or internal compliance policies, in which cases such Confidential Information shall continue to be subject to confidentiality obligations even after termination of this Agreement.

9.5Personal Data. If Supplier Processes any Personal Data or Confidential Information as part of performing the Services and/or Deliverables, as well as or providing Goods, Supplier agrees to comply with the following requirements, as applicable:

(a) Processor Requirements. The Supplier, in its capacity as a Processor of Personal Data will comply with the most current Supplier data protection requirements and abide by the Data Protection Agreement available at www.outsystems.com/legal/po-terms-and-conditions/services-provider-data-processing-agreement/, and

(b) Sub-Processor requirements. The Supplier, in its capacity as a Sub-Processor of Personal Data will comply with the most current Sub-Processor data protection requirements and abide by the Data Protection Agreement available at https://drive.google.com/file/d/1Bf_-YkONu0SUShSMecHuYzq18nSkzSIh/view?usp=drive_link

(c) Independent Controller Requirements. If Supplier is a Controller of Personal Data that is collected, exchanged, or otherwise Processed in connection with Supplier's performance of this Agreement, and Supplier's purpose and means of Processing that Personal Data is independent from OutSystems' (or any of its Affiliate's) Processing of the same Personal Data, then: (i) the Supplier is independently responsible for compliance with the applicable Data Protection Laws, namely responsible for identifying a lawful basis of Processing, for complying with all necessary transparency and lawfulness obligations for the collection, Processing and use of the Personal Data as well as responding to data subjects' requests to exercise their rights; (ii) the Parties shall cooperate in order to enable one another to fulfill legal obligations arising under applicable Data Protection Laws within the scope of this Agreement.

Regardless of the classification of the Parties, Supplier warrants that any Personal Data provided by Supplier to OutSystems, was collected in line with Data Protection Laws and guidelines applicable to the Processing by OutSystems of said Personal Data. Furthermore, Supplier acknowledges that, regardless of its classification as Controller, Processor, Sub-Processor or other equivalent roles imposed by the applicable Data Protection Laws, it shall only provide to OutSystems contact and identification information of data subjects, in order to enrich OutSystems' databases, in case Supplier has obtained the necessary consents or holds another lawful basis to allow OutSystems to send marketing communications to said data subjects, in accordance with the applicable Data Protections Laws. Furthermore, upon request, Supplier must send the adequate proof of consent collection to OutSystems.

9.6Security Requirements. Supplier shall take all appropriate legal, organizational and technical measures to protect against unlawful and unauthorized processing of Personal Data or OutSystems Confidential Information, such as: (i) Supplier shall maintain appropriate operating standards and security procedures, and shall use its best efforts to secure Confidential Information through the use of appropriate physical and logical security measures including, but not limited to, appropriate network security and encryption technologies, and the use of reasonable user identification or password control requirements, including multiple-factor authentication, strong passwords, session time-outs, and other security procedures; (ii) if requested by OutSystems at any time during the term of this Agreement, Supplier shall provide OutSystems with a copy of Supplier's then current security policy, as well as any security compliance certifications or audit reports, such as SOC 2 or ISO 27001; and (iii) Supplier shall notify OutSystems within 36 hours in the event that Supplier learns or has reason to believe that any person or entity has breached or attempted to breach Supplier's security measures, or gained unauthorized access to Confidential Data (hereinafter, "Information Security Breach") within 36 hours of becoming aware of the breach or upon written notification by OutSystems, within a shorter period. Upon any such discovery, Supplier will (a) investigate, remediate, and mitigate the effects of the Information Security Breach, and (b) provide OutSystems with assurances reasonably satisfactory to OutSystems that such Information Security Breach will not recur. If OutSystems determines that notices (whether in OutSystems or Supplier's name) or other remedial measures (including notice, credit monitoring services, fraud insurance and the establishment of a call center to respond to customer inquiries) are warranted following an Information Security Breach, Supplier will, at OutSystems request and at Supplier's cost and expense, undertake the aforementioned remedial actions.

10. INSURANCE

Supplier shall be solely responsible for maintaining adequate general liability, professional liability, auto, workers' compensation, umbrella, and other applicable insurance coverages, as required by law and in accordance with common practice in Supplier's industry. Upon request, Supplier shall provide OutSystems with certificates of insurance or evidence of coverage before commencing performance under this Agreement, naming OutSystems as a Certificate Holder or Additional Insured where permitted by the applicable policy. Supplier shall provide adequate coverage for any OutSystems property under the care, custody or control of Supplier or Supplier's Affiliates. The purchase of such insurance shall not satisfy, modify or limit Supplier's obligations or liability hereunder.

11. TERM AND TERMINATION

11.1Term of Agreement. Unless earlier terminated pursuant to 11.2 ("Termination for Cause") or 11.3 ("Termination for Insolvency"), this Agreement commences on the Effective Date and continues in force until all POs executed in accordance with this Agreement have expired or been terminated.

11.2Termination for Cause.

11.2.1By OutSystems. OutSystems may terminate this Agreement and/or any ongoing PO immediately upon written notice to Supplier at any time if Supplier fails to perform its obligations or otherwise breaches any term of this Agreement.

11.2.2By Supplier. Supplier may terminate this Agreement upon written notice to OutSystems if OutSystems fails to pay Supplier within sixty (60) days after Supplier notifies OutSystems in writing that payment is past due.

11.3Termination for Insolvency. Either Party may terminate the Agreement immediately if the other Party: (i) is dissolved or liquidated or takes any corporate action for such purposes; (ii) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (iii) files or has filed against it a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (iv) makes or seeks to make a general assignment for the benefit of its creditors; or (v) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court or competent jurisdiction to take charge of or sell any material portion of its property or business.

11.4Effect of Termination. (i) Fees. If OutSystems terminates this Agreement pursuant to Sections 11.2 ("Termination for Cause") or 11.3 ("Termination for Insolvency"), OutSystems shall pay Supplier for the portion of the conforming Goods delivered to OutSystems and/or Services or Deliverables satisfactorily performed until the date of termination, with the appropriate offsets, including any additional costs to be incurred by Supplier in completing the Services or Deliverables, except if such Termination for Cause is due to Supplier's breach of Section 15.5 or Section 15.6, in which case, this Section 11.4 shall not apply and no such payment will be made to Supplier; (ii) Obligations. Each Party will be released from all obligations to the other Party arising after the date of expiration or termination, except for those which by their nature survive such termination or expiration; (iii) Confidential Information and Deliverables. Supplier will promptly notify OutSystems of all OutSystems' Confidential Information or any Deliverables in Supplier's possession and, at the expense of Supplier and in accordance with OutSystems' instructions, Supplier will promptly deliver to OutSystems all such OutSystems' Confidential Information or Deliverables. (iv) Other Remedies. Termination or expiration is not an exclusive remedy, and all other remedies will be available whether or not termination occurs.

12. WARRANTIES

12.1Services and Deliverables Warranties. Supplier represents and warrants that: (i) Services and Deliverables will be performed in a professional, workmanlike manner, with the degree of skill and care that is required by current, good, and sound professional procedures and industry standards; (ii) Services and Deliverables shall be completed in accordance with applicable specifications and any Supplier Documents and shall be correct and appropriate for the purposes stated therein; and (iii) the performance of Services and Deliverables under this Agreement and/or the PO will not conflict with, or be prohibited in any way by, any other agreement or statutory restriction to which Supplier is bound.

12.2Goods Warranties. Supplier warrants that: (i) it has valid and transferable title to the Goods and that all Goods provided will be new and will not be used or refurbished, unless otherwise agreed in writing by the Parties; (ii) all Goods delivered shall be free from all defects and shall conform to all applicable specifications and any Supplier Documents for a period of twenty-four (24) months from the date of delivery to OutSystems or for the period provided in Supplier's standard warranty covering the Goods, whichever is longer. Supplier hereby agrees that it will make spare or compatible parts available to OutSystems for a period of five (5) years from the date of shipment at Supplier's then current price, less applicable discounts. Additionally, Goods purchased shall be subject to all written and oral express warranties made by Supplier's Personnel, and to all warranties provided for by applicable laws. All warranties shall be construed as conditions as well as warranties and shall not be exclusive. Supplier shall furnish to OutSystems its standard warranty and service guarantee applicable to the Goods. All warranties shall run both to OutSystems and to its customers. In case OutSystems determines that the Goods do not meet the agreed-upon specifications or requirements, or if OutSystems no longer requires the Goods for any reason, OutSystems reserves the right to either return the Goods to the Supplier at the Supplier's expense or, at OutSystems' discretion, process or dispose of the Goods in any other manner deemed appropriate by OutSystems. The Supplier shall refund the full purchase price of the returned Goods within 30 days of receipt of the returned Goods or reimburse OutSystems for any costs incurred in the alternative processing or disposal of the Goods. Within five (5) business days of receipt of the returned Goods, Supplier shall, at OutSystems' option, either repair or replace such Goods, or credit OutSystems' account for the same. Any replacement or repaired Goods shall be warranted for the remainder of the warranty period or six (6) months, whichever is longer.

13. INDEMNIFICATION

SUPPLIER WILL AT ITS OWN EXPENSE DEFEND, INDEMNIFY AND HOLD HARMLESS OUTSYSTEMS AGAINST ALL CLAIMS, DEMANDS, LOSSES, COSTS, DAMAGES, AND ACTIONS, AND TO REIMBURSE OUTSYSTEMS FOR ALL SUCH LOSSES AND DAMAGES AS THEY MAY BE INCURRED, ARISING OUT OF OR RELATED TO: (I) ANY ACTUAL OR ALLEGED INFRINGEMENTS OF ANY THIRD PARTY INTELLECTUAL PROPERTY OR OTHER PROPRIETARY RIGHTS, WHICH ARISE IN CONNECTION WITH THE PROVISION OF THE GOODS, SERVICES AND/OR DELIVERABLES UNDER THIS AGREEMENT AND/OR THE PO; (II) ANY CLAIM THAT, WOULD CONSTITUTE A BREACH OF PERSONAL DATA OR ANY SUPPLIER WARRANTY CONTAINED HEREIN; (III) ANY ACT OR OMISSION OF OR FAILURE TO COMPLY WITH APPLICABLE LAWS, RULES OR REGULATIONS BY SUPPLIER OR PERSONNEL; (IV) ANY BREACH OF CONFIDENTIALITY OBLIGATIONS; (V) THE NEGLIGENT OR WILFUL ACTS OR OMISSIONS OF SUPPLIER, PERSONNEL, WHICH RESULTS IN ANY BODILY INJURY OR DEATH TO ANY PERSON OR LOSS, DISAPPEARANCE OR DAMAGE TO TANGIBLE OR INTANGIBLE PROPERTY; (VI) ANY CLAIMS OF PERSONNEL, SUPPLIER'S AFFILIATES, INCLUDING, BUT NOT LIMITED TO, THE PAYMENT OF SETTLEMENTS, JUDGMENTS, AND REASONABLE ATTORNEYS' FEES. THE FOREGOING OBLIGATIONS ARE CONDITIONED ON THE SUPPLIER NOTIFYING OUTSYSTEMS PROMPTLY IN WRITING OF SUCH ACTIONS.

14. LIMITATION OF LIABILITY

14.1MUTUAL EXCLUSION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY LOSS OF USE, LOSS OF DATA, INTERRUPTION OF BUSINESS, OR ANY INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, GOODWILL OR MARKET CAPITALIZATION) ARISING FROM THIS AGREEMENT, WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.

14.2OUTSYSTEMS' TOTAL AGGREGATE LIABILITY. OUTSYSTEMS' TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT AND SUPPLIER'S SOLE AND EXCLUSIVE REMEDY FOR ANY CLAIM OF ANY TYPE WHATSOEVER SHALL BE LIMITED TO PROVEN DIRECT DAMAGES CAUSED BY OUTSYSTEMS' NEGLIGENCE IN AN AMOUNT NOT TO EXCEED THE AMOUNTS PAID UNDER THIS AGREEMENT AND/OR APPLICABLE PO DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE DATE OF THE CLAIM.

14.3EXCLUSIONS. THE LIMITATIONS OF LIABILITY SET FORTH IN SECTION 14.2 WILL NOT APPLY TO DIRECT DAMAGES DUE AS A RESULT OF OUTSYSTEMS' FRAUD, GROSS NEGLIGENCE, OR WILLFUL MISCONDUCT.

14.4FORCE MAJEURE. No Party shall be liable for, or considered to be in breach of this Agreement on account of, any failure or delay in performance of any of its obligations under this Agreement if such failure or delay is due to acts of God, fires, flood, storm, explosions, earthquakes, acts of war or terrorism, riots, insurrection, pandemic, intervention of any government or authority or any other reason where the failure to perform is beyond the reasonable control of and not caused by the negligence or intentional acts or omissions of the non-performing Party.

15. GENERAL PROVISIONS

15.1Entire Agreement. This Agreement, including all addenda (if any) and all POs, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes and replaces all prior or contemporaneous understandings or agreements, written or oral, regarding such subject matter. No amendment to, supplement or modification of this Agreement will be binding unless in writing and signed by duly authorized representatives of both Parties, except that OutSystems reserves the right at any time to update any terms and conditions referenced in this Agreement by means of a hyperlink, to reasonably reflect the forward evolution of its operating processes to remain in line with industry standards. The Supplier acknowledges and agrees that it has had the opportunity to review all the documents contained in a URL prior to executing this Agreement, which it can print for its internal records. Any terms or conditions contained in any acknowledgment, invoice, or other communication of Supplier which are inconsistent with the terms and conditions of this Agreement and/or set forth on the PO are hereby rejected. In case of conflicts, discrepancies, errors or omissions among the Agreement, any addenda, and any PO, the documents and amendments to them shall take precedence and govern in the following order: (a) any PO; (b) any Supplier Documents; (c) addenda (if any); and (d) this Agreement.

15.2Headings. The caption and the headings to clauses, sections, parts, paragraphs, and PO are inserted for convenience only and shall be ignored in interpreting this Agreement.

15.3Contracting OutSystems Company, Governing Law and Jurisdiction. The webpage available at www.outsystems.com/legal/governing-law-jurisdiction sets forth, based on where Supplier is domiciled: (a) the OutSystems entity with which Supplier is contracting under this Agreement and to which Supplier shall direct notices pursuant to Section 15.7 of this Agreement; (b) the governing law applicable to this Agreement, including any lawsuit or disputes arising out of or in connection with it, without giving effect to any choice or conflict of law provision or rule; and (c) which courts can adjudicate any such lawsuit. The Parties agree that neither the Uniform Computer Information Transaction Act nor the United Nations Convention for the International Sale of Goods will apply to this Agreement.

15.4Supplier Code of Conduct. Supplier agrees to observe and comply with the OutSystems Supplier Code of Conduct ("Code") which sets forth the responsible business practices and high standards of conduct expected of OutSystems' suppliers and third parties. This Code emphasizes OutSystems ongoing commitment to ethics, integrity, sustainability and compliance with laws and regulations including prohibitions against human trafficking, bribery, and corruption. OutSystems Supplier Code of Conduct can be found at https://www.outsystems.com/legal/supplier-code-of-conduct/.

15.5Compliance with Laws. The Parties agree that, in connection with the performance of this Agreement, each Party and its Personnel shall comply with all laws applicable to such Party's respective performance under this Agreement, including without limitation all applicable anti-corruption laws, including the U.S. Foreign Corrupt Practices Act ("FCPA") and the UK Bribery Act 2010, anti-money laundering laws, antitrust laws, economic sanctions laws, export control laws, data protection and data privacy laws, and modern slavery and human trafficking laws. Notwithstanding Section 11.2 ("Termination for Cause") above, OutSystems shall have the right to terminate this Agreement, without notice and without liability, for any breach or reasonable belief that there has been a breach of this clause.

15.6Export and Sanctions Laws. Supplier, its Personnel, and Supplier Affiliates agree that Supplier's Goods, Services, and/or Deliverables, and the delivery and provision of such Goods, Services, and/or Deliverables will comply with all applicable export control and trade sanctions laws, rules and regulations, including the regulations promulgated by the U.S. Department of Commerce's Bureau of Industry and Security ("BIS") and the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC") (collectively, "Export Laws"). Supplier represents and warrants that Supplier is not: (i) located or resident in a country or territory that is subject to comprehensive U.S. trade sanctions or other significant trade restrictions (including, without limitation, Cuba, Iran, North Korea, Syria, and the Crimea region, Donetsk People's Republic region, and Luhansk People's Republic region of Ukraine) (collectively, the "Sanctioned Countries"); or (ii) identified on any U.S. government restricted party lists (including without limitation the Specially Designated Nationals and Blocked Persons List, Foreign Sanctions Evaders List, and Sectoral Sanctions Identifications List, administered by OFAC, and the Denied Party List, Entity List and Unverified List, administered by BIS) (collectively, the "Restricted Party Lists"). Supplier further certifies that Supplier will not, directly or indirectly, export, re-export, transfer the Goods, Services, and/or Deliverables in violation of the Export Laws, or with any purpose prohibited by the same Export Laws, in any Sanctioned Country, to any person or entity on a Restricted Party List, or for any nuclear, chemical, missile or biological weapons related end uses. Notwithstanding Section 11.2 ("Termination for Cause") above, OutSystems shall have the right to terminate this Agreement, without notice and without liability, for any breach of this clause.

15.7Notices. Any notice, consent, approval, or other communication intended to have legal effect to be given under this Agreement ("Notices") must be in writing and will be delivered (as elected by the Party giving such notice): (i) if provided to OutSystems, by email to legal@outsystems.com, or if provided to Supplier, to the email address of the Supplier provided in the Purchase Order; (ii) by registered mail; or (iii) by overnight courier with proof of signature upon delivery. Unless otherwise provided in this Agreement, all Notices will be deemed effective on the date of receipt (or if delivery is refused, the date of such refusal) if delivered by registered mail and at 9.00 am of the next business day after the date of the transmission by email. Notices under this Agreement will be sent to the contact and addresses set forth in the signature sections of this Agreement and/or in the applicable PO. Either Party may change the address to which Notices shall be sent by giving Notice to the other Party in the manner provided in this Section 15.7. Notices shall be written in the English language.

15.8Relationship of Parties. The Parties are independent contractors, not agents, employees or joint ventures of one another, and do not have any authority to bind the other Party, by contract or otherwise, to any obligation. Neither Party will represent to the contrary, either expressly, implicitly, by appearance or otherwise.

15.9Assignment. This Agreement is not assignable or transferable by either Party without the prior written consent of the other Party, which shall not be unreasonably withheld, except that OutSystems may freely assign or transfer this Agreement, related POs or any part thereof to any company that is an Affiliate or as a result of a merger or a sale of all or a substantial part of its assets or share capital. Any attempt by either Party to assign or transfer this Agreement in violation of this Section 15.9 shall be void.

15.10Severability. If for any reason a court of competent jurisdiction finds any provision of this Agreement (including all POs and addenda, if applicable), or portion thereof, to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible so as to affect the intent of the Parties, and the remainder of this Agreement or of the provision will continue in full force and effect, except to the extent such invalid provision or part of provision relates to essential aspects of the Agreement. The Parties agree that such provision or portion thereof shall be substituted by a provision with an equivalent legal and economic effect.

15.11Waivers of Rights. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in writing signed by a duly authorized representative on behalf of the Party claimed to have waived. No provision of any order or other form employed or provided by Supplier will supersede the terms and conditions of this Agreement and any PO executed with Supplier, and any such document relating to this Agreement and any PO shall be for administrative purposes only and shall have no legal effect other than to evidence Supplier's acceptance of any PO.

15.12Survival. Clauses and/or Sections 8 ("Intellectual Property Rights"), 9 ("Confidential Information and Personal Data"), 11.4 ("Effect of Termination"), 13 ("Indemnification"), 14 ("Limitation of Liability"), and 15 ("General Provisions") of this Agreement shall survive termination, without prejudice to other obligations that, pursuant to the applicable law or to this Agreement, shall also remain in force after termination date.

15.13Counterparts and Electronic Signatures. This Agreement may be executed in one or more counterparts, each of which will be deemed to be an original copy of this Agreement and all of which, when taken together, will be deemed to constitute one and the same Agreement, notwithstanding the fact that all Parties are not signatories to the original or the same counterpart. The Parties agree that this Agreement may be delivered by electronic signature (e.g., DocuSign, in portable data format – PDF – or in any other digital mean of identifying that party's identity and approval of the counterpart) by any or both Parties, in which case all Parties agree to rely on the receipt of such document so executed and delivered by electronic means as if the original had been received. The Parties warrant and represent that such electronic signature is valid and legally binding in jurisdictions they may respectively be subject to, and they waive any potential right or claim against the validity of this Agreement on the basis of its electronic signature.

THE UNDERSIGNED REPRESENT AND WARRANT THAT THEY HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THE PERSON, ENTITY OR CORPORATION LISTED ABOVE THEIR NAME.