SMARTCERT

Aramid Technologies, Inc., creator of SmartCert, including any current or future affiliates and subsidiaries (collectively, “SmartCert”), helps companies automate the exchange of quality documentation in global supply chains. We provide our services through the use of our software and proprietary platform currently located at www.getsmartcert.com (the “Platform”), as well as our website located at www.smartcert.tech (the “Site”, and each of the Platform, the Site, and any other SmartCert-provided technology or service shall be the “Services”). These Terms of Service (the “Terms”, “Terms of Service”, or the “Agreement”) along with the Privacy Policy (accessible at https://www.smartcert.tech/privacy-policy), govern your use of and any access to the Services effective as of January 24th, 2026 (the “Effective Date”).

In these Terms, any use of the words “you,” “yours,” or similar expressions refers to users of our Site and our Services (each, a “Subscriber”). References to “we,” “us,” “our” or similar expressions refer to SmartCert. By accessing or using our Services or Site, you are acknowledging that you have read, understood, and accept these Terms of Service and the Privacy Policy. By continuing to use such Services as of the Effective Date, you consent to the most recent terms herein.

1. General

a. Subscriber must agree to and execute a Service Agreement, or a subscription to the platform. Once a Service Agreement or subscription is agreed to by Subscriber and accepted by SmartCert, Subscriber will have access solely to the Service(s) covered by such Service Agreement(s) and no others.

b. As a condition to use SmartCert and the Services, Subscriber also agrees to the terms of SmartCert’s Privacy Policy, Terms of Access, International Rider (if applicable), and any mutually agreed riders provided either directly to you or provided on the Platform or Site (“Additional Riders”).

In the event of a conflict between any of SmartCert’s documents, the following order of precedence shall apply:

1.  Additional Riders (if any)
2.  The applicable Service Agreement
3.  The International Rider (if applicable)
4.  These Terms
5.  The Privacy Policy

Services are not subject to any terms and conditions other than those explicitly included in the Additional Riders (if any), applicable Service Agreements, the International Rider (if applicable), these Terms of Service, and the Privacy Policy.

2. Definitions

Unless the context otherwise requires or as otherwise defined herein, capitalized terms used herein shall have the meanings set forth in Schedule 1 attached hereto.

4. Account Access

a. SmartCert will provide Subscriber with an organization identification code (“Org ID”), user identifications (“User IDs”), and passwords or other secured means of access to the Services, which SmartCert may modify from time to time.

b. Subscriber’s organization may have multiple Org IDs, and, subject to the terms of this Agreement and the applicable Service Agreements, Subscriber may create additional User IDs and passwords for Authorized Users.

c. Subscriber agrees to the terms of SmartCert’s Account and Password Policy attached hereto as Schedule 2, including but not limited to responsibilities related to password management, account protection, and the activities performed under Subscriber’s accounts, all of which are incorporated herein by reference.

d. Subscriber is solely responsible for:

• maintaining the confidentiality and security of all Org IDs, User IDs, and passwords;
• ensuring that only Authorized Users access SmartCert using Subscriber-issued credentials; and
• all activities conducted under its account(s), regardless of whether such access or activities were authorized.

e. If Subscriber suspects or becomes aware that an unauthorized person may have obtained access credentials, Subscriber must immediately notify SmartCert in writing, and SmartCert may then take such actions as it deems appropriate to secure Subscriber’s account(s). SmartCert shall have no liability arising from Subscriber’s failure to provide such prompt notice. If SmartCert should reasonably believe that the security of an Org ID or User ID has been breached, SmartCert may take any steps necessary to mitigate damages, take preventive measures, or reestablish security, including but not limited to revoking access from such Org ID or User ID. In the event such Org ID or User ID is blocked or has access revoked, a replacement Org ID and/or User ID shall be provided as soon as practicable.

5. SmartCert Network Is An Exchange Platform

a. Subscriber agrees that SmartCert may use third-party suppliers, contractors, or service providers (collectively, “Third Party Suppliers”) to provide all or part of the Services delivered through SmartCert, in SmartCert’s sole discretion.

b. Subscriber has sole responsibility for:

1. evaluating and determining the Customers with which Subscriber may transact business or otherwise interact through SmartCert.
2. determining which Suppliers are authorized to do business with Subscriber; and.
3. assessing the terms, risks, and results of Subscriber’s interactions with any Customer, Supplier, or third party.

c. Subscriber understands and agrees that, as a venue, neither SmartCert nor its Third Party Suppliers control, endorse, or make any representations or warranties regarding any offerings, transactions, communications, or conduct of Subscribers or other third parties. Nothing in these General Terms and Conditions is intended to alter or impact the relationships, obligations, or agreements between Subscriber and any Customer or Supplier, all of which remain solely between Subscriber and such Customer or Supplier.

THERE ARE RISKS OF DEALING ACROSS STATE OR NATIONAL BORDERS AND WITH PERSONS ACTING UNDER FALSE PRETENSES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SMARTCERT SHALL NOT BE RESPONSIBLE OR LIABLE FOR ANY LOSS OR DAMAGE ARISING FROM SUBSCRIBER’S DEALINGS WITH ANY THIRD PARTY.

If Subscriber has a problem with any purchase, sale, order, or other transaction facilitated through SmartCert, Subscriber agrees to direct all comments or questions exclusively to the Customer or Supplier involved, and acknowledges that SmartCert is not a party to, and has no obligation to mediate or resolve, any such dispute.

d. SmartCert reserves the right, but has no obligation, to investigate and cooperate with law enforcement authorities regarding any fraudulent, illegal, or unauthorized activity involving SmartCert. SmartCert may disclose any information reasonably necessary for such purposes, without notice to Subscriber, to the extent permitted by applicable law.

e. Except as otherwise provided in a Service Agreement, SmartCert may, in its sole discretion, refuse, suspend, or restrict any person’s access to SmartCert at any time to prevent, or as a result of, a Service-Affecting Event.

6. Suscriber’s Ownership Rights

a. Ownership of Subscriber Informational Content. SmartCert does not claim ownership of any Subscriber Informational Content. However, by providing, posting, uploading, submitting, inputting, or otherwise transmitting Subscriber Informational Content to SmartCert, Subscriber grants SmartCert and its necessary sublicensees a worldwide, royalty-free, non-exclusive, sublicensable license to use the Subscriber Informational Content solely as reasonably necessary to provide Subscriber with access to SmartCert and the Services and to perform SmartCert’s obligations under this Agreement.

This includes the right to:

• use, reproduce, store, distribute, display, and transmit the Subscriber Informational Content as necessary to provide, maintain, secure, and improve the Services;
• reformat and reorganize Subscriber Informational Content as necessary to meet SmartCert’s technical requirements; and
• process the content through automated tools (including analytics and artificial intelligence features) solely for the purpose of delivering and improving the Services.

Subscriber retains all right, title, and interest, including all copyrights and other intellectual property rights, in and to the Subscriber Informational Content.

b. Ownership of Subscriber Technology. SmartCert also does not claim ownership of Subscriber Technology; Subscriber shall retain all of its right, title, and interest, including all copyrights and other intellectual property rights, in and to Subscriber Technology.

c. Subscriber Trademarks. Subscriber retains all right, title, and interest in and to all Subscriber Marks.

Subscriber grants SmartCert a non-exclusive, worldwide, royalty-free right to use Subscriber Marks in accordance with the “Policy on Using Trademarks” (Schedule 3).

Subscriber authorizes SmartCert and its affiliates to use Subscriber’s name and/or logo in marketing materials or press releases.

7. SmartCert Ownership Rights.

a. Ownership of SmartCert Materials. All SmartCert Materials are the sole and exclusive property of SmartCert and its licensors or service providers. This includes, without limitation:

• SmartCert,
• The Services, including the Site and Platform
• the informational content within SmartCert,
• all pages, graphics, code, software, databases, and features,
• the compilation and arrangement of content,
• the “look and feel” of SmartCert,
• all enhancements, updates, modifications, and derivative works thereof.

Nothing in this Agreement grants or transfers to Subscriber any ownership rights in or to any SmartCert Materials. All rights not expressly granted are reserved.

b. SmartCert Marks. SmartCert retains all right, title, and interest in and to the SmartCert Marks, including all trademarks, logos, service marks, and trade names.

Subscriber’s use of SmartCert Marks is permitted only in accordance with the “Policy on Using Trademarks” (Schedule 3) and with SmartCert’s prior written approval (email is sufficient), and is:

• non-exclusive,
• revocable,
• non-transferable, and
• solely for the limited purposes expressly described in this Agreement.

c. No Additional Rights Granted. Except for the limited licenses expressly granted in this Agreement:

• Subscriber receives no rights,
• no implied license is created by implication, estoppel, or otherwise,
• and Subscriber is prohibited from copying, modifying, distributing, transmitting, displaying, or using any SmartCert Materials or Marks except as expressly authorized.

8. Confidentiality

a. Obligation. Each Party acknowledges that the other Party treats its Confidential Information as valuable proprietary property. Subscriber and SmartCert each agree to keep confidential the other Party’s Confidential Information in a manner consistent with maintaining the other Party’s (and its licensors’) rights thereto, using at all times at least commercially reasonable efforts and, in any event, no less than the efforts it uses to protect its own similar information. These obligations apply to each Party’s and its affiliates’ employees, contractors, and other representatives.

Each Party agrees not to disclose or otherwise make available the other Party’s Confidential Information to any third party without obtaining the other Party’s prior written consent. Subscriber and SmartCert both agree to use the Confidential Information of the other only for the purpose of performing this Agreement and as expressly authorized by this Agreement. In the event of termination of this Agreement, and Subscriber’s subscription and membership in SmartCert, both Parties agree to promptly discontinue use of any Confidential Information of the other, except as may be required by law or necessary to provide any applicable transition services to Subscriber.

b. Compliance with Law or Government Order. Notwithstanding the foregoing, either Party may use Confidential Information of the other Party if necessary to comply with any applicable law or regulation, including export control laws or regulations. In addition, either Party may disclose the other Party’s Confidential Information to the extent required by an order of a court or other governmental entity, so long as the Party subject to such requirement (to the extent legally permitted) notifies the other Party as promptly as practicable so that the other Party may seek to prevent or limit such disclosure, and cooperates (at the other Party’s expense) with any such efforts. The disclosing Party shall disclose only that portion of the Confidential Information that it is legally required to disclose.

9. Warranties and Disclaimer

a. Authority. Each Party warrants and represents to the other that, to the best of such Party’s knowledge, such Party has secured all necessary licenses, consents and authorizations required to fulfill its obligations under this Agreement.

b. No Infringement. Subscriber warrants and represents that, to the best of Subscriber’s knowledge, no Subscriber Informational Content or other materials provided by or on behalf of Subscriber infringe upon the patents, copyrights, trade secrets, or other intellectual property rights of any third party.

SmartCert warrants and represents that, to the best of its knowledge, SmartCert’s contributions to SmartCert do not infringe upon the U.S. patent rights, copyrights, or trade secrets of any third party.

However, SmartCert’s warranty does not extend to:

• any software, data, content, or materials originating with a third party;
• any activities of any third party using SmartCert or Services; or
• any co-mingling or combination of SmartCert’s materials with any third-party materials.

c. Compliance with Laws and Regulations. Each Party represents and warrants to the other that, to the best of its knowledge, it has complied and will continue to comply with:

• all applicable export control laws,
• economic sanctions laws,
• government contracting rules,
• and any other applicable laws and regulations of the United States and other relevant jurisdictions.

Limitations:

1. SmartCert’s warranty applies only to SmartCert and its actions.
2. Subscriber’s warranty applies only to Subscriber and its actions.
3. SmartCert makes no warranty regarding the conduct of any third party.

Subscriber further agrees to the additional warranties contained in the Export and Regulatory Policy in Schedule 4, which are incorporated herein by reference.

d. User IDs and Access Control. SmartCert warrants and represents that the User ID(s) provided to Subscriber for access to the Services are unique to Subscriber, and SmartCert will maintain the confidentiality of any User IDs and password(s) given to Subscriber to access SmartCert, consistent with its standard business practices. e. Disclaimer. Except for the express written warranties made by SmartCert in this Agreement, all warranties are disclaimed to the maximum extent permitted by law. SmartCert, on behalf of SmartCert and its Third Party Suppliers, expressly disclaims all other warranties, whether express, implied, statutory, or arising from course of dealing or trade usage, including without limitation, any warranties of merchantability, fitness for a particular purpose, title, or non-infringement, to the fullest extent permitted by applicable law.

SmartCert further does not warrant that:

• SmartCert or any Services will be uninterrupted or error-free;
• SmartCert or Services will be fully functional or secure at all times;
• defects or problems will be corrected;
• Third-party content or systems accessed through SmartCert are accurate, secure, or reliable, and SmartCert shall have no responsibility or liability for such third-party content or systems.

10. Liability Limits

a. Exclusion of Indirect Damages. To the maximum extent permitted by applicable law, neither Party, SmartCert (including its Third Party Suppliers) nor Subscriber, shall be liable for any indirect, special, incidental, consequential, punitive, or exemplary damages, including but not limited to:

• lost profits,
• lost data,
• business interruption,
• loss of business reputation or goodwill,
• or the cost of procuring substitute goods or services,

arising out of or related to this Agreement or the use of SmartCert or Services, even if the Party was advised of, knew of, or should have known of the possibility of such damages.

b. Maximum Liability. In no event shall the aggregate liability of:

• Subscriber to SmartCert, or
• SmartCert (including its Third Party Suppliers) to Subscriber,

exceed, in the aggregate, the lesser of:

1. USD $50,000, or
2. the total amount paid by Subscriber to SmartCert under this Agreement (including payments made on Subscriber’s behalf) during the twelve (12) months immediately preceding the date on which the events giving rise to liability occurred, up to a maximum of USD $100,000.

This limitation applies regardless of the form of action, whether in contract, tort, strict liability, or otherwise.

c. Exclusions and Application. The foregoing exclusions and limitations of liability shall not apply to damages or liabilities arising out of or related to: (1) Subscriber’s payment of amounts due to SmartCert. For the avoidance of doubt, the limitations and exclusions in this Section 10 shall apply to all indemnification obligations hereunder and to all obligations under, or breach of, the Export Control and Regulatory Policy (Schedule 4), to the maximum extent permitted by applicable law.

11. Indemnification By SmartCert

a. Indemnification. SmartCert agrees to indemnify, defend and hold harmless Subscriber and Subscriber’s directors, officers, employees, agents, consultants, distributors and sublicensees from and against all Actions, and SmartCert shall pay all Liabilities, to the extent arising out of or related to a claim that software incorporated in SmartCert infringes upon the U.S. patent rights or copyrights of a third party. Furthermore, SmartCert agrees to pass through to Subscriber, to the extent possible, any corresponding indemnity received by SmartCert (if any) from a Third Party Supplier.

b. Claims. If such a claim is made or appears likely to be made, Subscriber agrees to permit SmartCert to enable Subscriber to continue to use the affected materials, or to have them modified to make them non-infringing, or to have them replaced with a substantially functional equivalent. If SmartCert determines that none of these options is reasonably available or feasible, then SmartCert may terminate this Agreement in whole or with respect to the affected Service or materials, and Subscriber may be entitled to a credit equal to the price paid for use of the affected materials as Subscriber’s sole and exclusive remedy. This Section 11 states SmartCert’s entire obligation and liability regarding infringement or claims of infringement. SmartCert shall have no obligation or liability for any Subscriber Matters.

12. Indemnification By Subscriber.

Subscriber agrees to indemnify, defend, and hold harmless SmartCert and its directors, officers, employees, agents, consultants, distributors, sublicensees, and Third Party Suppliers (in their capacities as such) from and against all Actions (claims, suits, or government proceedings by unaffiliated third parties) and all resulting Liabilities (costs, damages, attorneys’ fees, settlements), to the extent arising out of or related to any of the following:

1. Subscriber’s Breach. Any breach or alleged breach by Subscriber of any representation, warranty, or covenant contained in this Agreement.
2. Subscriber’s Interactions with Third Parties. Any interactions between Subscriber and Customers, Suppliers, or any third parties (other than Third Party Suppliers acting solely as required to support the Services), including disputes, transactions, communications, or conduct.
3. Violations of Customs, Import, or Export Laws. Any violations or alleged violations by Subscriber of U.S. customs or import laws, U.S. Export Control Laws (as defined in Schedule 4), or applicable customs and export control laws of any other jurisdiction.
4. Subscriber’s Failure to Comply with Applicable Laws. Subscriber’s failure to comply with any applicable law or regulation, or any requirement to obtain licenses or approvals necessary to purchase or sell goods or services using SmartCert or otherwise participate in SmartCert.

Subscriber shall have no indemnification obligation hereunder to the extent of any claim, action, liability, loss, expense, damage, or cost incurred due solely to Subscriber’s compliance with specific written instructions or requirements of SmartCert, where Subscriber had no reasonable alternative to such compliance.

13. Other Indemnifications.

Unless otherwise agreed in writing on a case-by-case basis, neither SmartCert nor Subscriber is authorized to make any representations or warranties on behalf of the other Party with respect to the other Party’s products or services. SmartCert and Subscriber each agree to indemnify, defend and hold harmless the other Party and the other Party’s directors, officers, employees, agents, consultants, distributors and sublicensees from and against all Actions, and the indemnifying Party shall pay all Liabilities, to the extent arising out of or related to any unauthorized warranties or representations made by the indemnifying Party to any third person regarding the other Party’s products or services. This applies regardless of whether such statements were made verbally, in writing, via electronic communication, on marketing channels, or through any other medium.

14. Indemnification Procedure.

A Party seeking indemnification under this Agreement must take all reasonable steps, to the extent commercially practicable, to mitigate any potential expenses and damages, and must promptly provide the Party obligated to provide indemnification with: (1) written notice of any third-party claim or action, or the possibility of a third-party claim or action (but the failure to provide such notice promptly will not relieve the indemnifying Party of its obligations, unless the indemnifying Party is materially prejudiced by such failure); (2) sole control and authority over the defense or settlement of such claim or action (although the Party seeking indemnification may retain its own counsel, at its own expense, to participate in such claim or action); and (3) proper and full information and assistance to settle and/or defend any such claim or action.

Neither Party shall settle any claim in a manner that does not result in the unconditional release of the indemnified Party without the indemnified Party’s written consent, which shall not be unreasonably withheld, conditioned, or delayed. An indemnifying Party shall not be liable for any settlement entered into without its written consent.

15. Termination, Modification, Suspension or Discontinuance

a. Action by Subscriber. Subscriber may terminate this Agreement or any Service Agreement at the end of the applicable Subscription Period, by providing any notice required in the Service Agreement, complying with any applicable termination procedures specified therein, and after paying all amounts owed to SmartCert. Termination will be effective upon SmartCert’s written confirmation or as otherwise stated in the applicable Service Agreement. Termination by Subscriber does not entitle Subscriber to any refund of prepaid fees unless otherwise specified in a Service Agreement.

b. Action by SmartCert. SmartCert may, in its discretion, terminate this Agreement or any Service Agreement if: Subscriber fails to pay Fees when due; Subscriber violates any material term of this Agreement; Subscriber misuses SmartCert; Subscriber engages in activities that harm or threaten the stability, security, or integrity of SmartCert; Subscriber becomes insolvent or files for bankruptcy; or SmartCert determines that Subscriber is no longer eligible for the Services under the Export Control and Regulatory Policy (Schedule 4). SmartCert may provide notice and an opportunity to cure, where appropriate, but is not required to do so where security, fraud, legal risk, or Service integrity is at stake.

c. Suspension or Restriction of Service. SmartCert may suspend, restrict, or limit Subscriber’s access to SmartCert or any Service if: necessary to address a Service-Affecting Event, Subscriber’s use threatens the security, stability, or performance of SmartCert, Subscriber fails to comply with applicable laws or regulations, Subscriber’s account is delinquent, or Subscriber engages in activities prohibited by this Agreement. Suspension may be immediate if required to protect SmartCert.

d. Modification or Discontinuance. SmartCert may, at any time and without liability: modify features, update functionality, enhance or improve performance, discontinue Services or components, or replace Services with substantially equivalent offerings.

If SmartCert discontinues a material Service, Subscriber will receive reasonable notice, and a prorated credit for any prepaid fees applicable to the discontinued portion of the Service.

e. Effect of Termination. Upon termination or expiration of this Agreement or any Service Agreement: Subscriber’s access to SmartCert and related Services will cease; Subscriber must immediately discontinue all use of SmartCert assets, including any SmartCert Materials or Marks; Subscriber remains liable for all Fees accrued prior to the termination date; each Party must handle Confidential Information in accordance with Section 8; and access to Subscriber’s data will transition according to Section 16 (Transition Services)

f. Survival. The following sections survive termination of this Agreement:

• Section 6 (Subscriber’s Ownership Rights)
• Section 7 (SmartCert’s Ownership Rights)
• Section 8 (Confidentiality)
• Section 9(e) (Disclaimer)
• Section 10 (Liability Limits)
• Sections 11–14 (Indemnification Provisions)
• Section 15(e) (Effect of Termination)
• Section 16 (Transition Assistance)
• Section 17 (Dispute Resolution)
• Section 18 (Miscellaneous)
• Schedules 1–8

16. Transition Assistance.

a. Transition Services. Upon termination or expiration of this Agreement or any applicable Service Agreement, and upon Subscriber’s written request, SmartCert will provide Subscriber with transition assistance services (“Transition Services”) as reasonably necessary to:

• enable Subscriber to retrieve its Subscriber Informational Content, and
• facilitate an orderly transition off of SmartCert.

Transition Services are provided at SmartCert’s then-current professional services rates, unless otherwise required under a specific Service Agreement, and may be subject to a separate statement of work or order form.

b. Retrieval of Subscriber Informational Content. During the Transition Period, Subscriber may export, download, or request delivery of Subscriber Informational Content maintained within SmartCert as of the effective date of termination, subject to: Subscriber’s payment of all outstanding Fees, and Subscriber’s compliance with all confidentiality and security requirements.

SmartCert will provide Subscriber access to data in a commercially reasonable format, such as:

• CSV,
• PDF,
• JSON, or
• other industry-standard export formats supported by SmartCert at the time of transition.

SmartCert is not required to create custom extraction tools or bespoke formats unless mutually agreed in writing.

c. Duration of Transition Period. The Transition Period begins upon the effective date of termination or expiration, and continues for thirty (30) days, unless otherwise stated in the applicable Service Agreement or agreed in writing by the Parties. SmartCert may limit or restrict Subscriber’s access solely to data retrieval functions during the Transition Period. If Subscriber requests an extension, SmartCert may grant one in its sole discretion, subject to additional fees, prepayment requirements, and terms.

d. Deletion of Subscriber Data. After the Transition Period concludes, SmartCert will delete or anonymize Subscriber Informational Content from SmartCert, except to the extent SmartCert is required by:

• law,
• regulation,
• litigation hold,
• accounting requirements, or
• internal archival policies to retain certain information.

SmartCert has no obligation to retain Subscriber data beyond the Transition Period unless legally required.

e. Continuing Obligations. Subscriber remains responsible for: all Fees incurred prior to or during the Transition Period; returning or destroying SmartCert’s Confidential Information in accordance with Section 8; discontinuing use of all SmartCert Marks and Materials; and ensuring its Authorized Users cease all access to SmartCert after the Transition Period.

17. Dispute Resolution

a. Notice of Dispute; Informal Resolution. If a dispute arises out of or relates to this Agreement, either Party (the “Noticing Party”) must provide written notice to the other Party, in accordance with Section 18(g), describing:

1. the nature of the dispute (“Dispute”), and
2. the desired resolution.

The receiving Party has thirty (30) days (“Objection Period”) to review and raise any objections (“Objection”). Both Parties must then attempt to resolve the matter through good-faith discussions and informal negotiation.

b. Escalation. If the Parties are unable to resolve the Dispute within thirty (30) days after the end of the Objection Period, the Parties agree to escalate the Dispute to executive-level representatives of each Party for further good-faith discussions. The escalated negotiation period will last an additional thirty (30) days unless extended by mutual written agreement.

c. Formal Action; Venue and Governing Law. If the Dispute is not resolved through informal negotiation and executive escalation, either Party may pursue formal legal action.

All litigation relating to this Agreement must be brought exclusively in:

• the state courts of Brown County, Wisconsin, or
• the federal courts located in the Eastern District of Wisconsin,

and the Parties irrevocably consent to the exclusive jurisdiction and venue of these courts.

This Agreement is governed by and construed in accordance with the laws of the State of Delaware, without regard to conflict-of-laws principles.

d. Time Limit for Claims. No action—regardless of form—arising out of or relating to this Agreement may be brought by either Party more than one (1) year after the cause of action accrues. This limitation does not apply to: claims involving unpaid Fees, breach of confidentiality, or indemnification obligations.

e. Equitable Relief. Notwithstanding anything to the contrary, either Party may seek injunctive or equitable relief (including temporary restraining orders or preliminary injunctions) in a court of competent jurisdiction:

• to prevent unauthorized use or disclosure of its Confidential Information,
• to protect its intellectual property rights,
• or to prevent material harm to SmartCert.

Seeking equitable relief does not waive any requirement for subsequent dispute resolution under this Section.

18. Miscellaneous Provisions.

a. Governing Law. This Agreement will be governed by and interpreted in accordance with the laws of the State of Delaware, without regard to conflict-of-law principles. Subscriber agrees to comply with all local, state, federal, national, and international laws applicable to Subscriber’s use of SmartCert. If Subscriber is incorporated or primarily operating outside the United States, Subscriber’s use of SmartCert is subject to the International Rider (Schedule 6), incorporated herein by reference.

b. Independent Contractors. The relationship between Subscriber and SmartCert established by this Agreement is that of independent contractors, and nothing contained in this Agreement will be construed to constitute the Parties as partners, joint venturers, co-owners or otherwise as participants in a joint or common undertaking.

c. No Waiver; Section Headings. No waiver of any breach or default, or any failure to exercise any right hereunder, shall be construed as a waiver of any subsequent breach or default or relinquishment of any future right to exercise such right. The headings in this Agreement are for convenience only and shall not be used in interpreting this Agreement.

d. Severability. If any provision of this Agreement is held to be invalid by a court of competent jurisdiction, the remaining provisions will nevertheless remain in full force and effect. The Parties agree to negotiate in good faith a valid substitute provision that reflects the original intent, to the extent permitted by law.

e. Force Majeure. Neither Party will be liable for failure or delay in performing obligations (other than payment obligations) due to causes beyond its reasonable control, including:

• natural disasters,
• war, terrorism, civil unrest,
• acts of government,
• failure of telecommunications or internet infrastructure,
• labor disputes,
• or other events of similar magnitude.

SmartCert and its service providers have no liability for service interruptions caused by third-party systems or general Internet issues.

f. Assignment. Subscriber may not assign or transfer this Agreement without prior written consent from SmartCert. SmartCert may assign this Agreement to an affiliate or to a successor in interest (e.g., via merger, acquisition, or sale of assets), provided the assignee assumes its obligations.

g. Notices. All required notices must be in writing.

To Subscriber:

Delivered according to the contact information provided in Subscriber’s registration.

To SmartCert:

Aramid Technologies, Inc. 1025 Lombardi Ave Green Bay, WI 54304 Attn: Legal / Contracts Email: legal@smartcert.tech

Notices are effective the next business day after sending, except certified mail, which is effective:

• on the third business day if both Parties are within the U.S.,
• on the fifth business day if international.

Either Party may update notice information by providing notice to the other.

h. Notice and Procedure for Making Claims of Copyright Infringement. SmartCert complies with the Digital Millennium Copyright Act. Claims must follow the procedure in Schedule 7.

i. Entire Agreement; Survival.

This Agreement—including all incorporated schedules, policies, and Service Agreements—constitutes the entire agreement between the Parties regarding SmartCert.

The following provisions survive termination of this Agreement:

• Sections 5 through 15,
• Section 18,
• all confidentiality obligations,
• all ownership rights,
• all disclaimers,
• all limitations of liability,
• all restrictions on use of SmartCert.

j. California Privacy Notice (CCPA/CPRA) SmartCert processes personal information in compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights

Act (CPRA). SmartCert does not sell or share personal information as defined under CCPA. If Subscriber or any Authorized User is a California resident, the collection, use, retention, and disclosure of personal information through SmartCert is governed by the SmartCert Privacy Policy and the CCPA rights described therein, including: the right to know, the right to access, the right to correction, the right to deletion, the right to limit use of sensitive personal information, and the right to non-discrimination. SmartCert acts solely as a Service Provider with respect to Personal Information processed on behalf of Subscriber and will not retain, use, or disclose Personal Information for any purpose other than providing the Services or as otherwise permitted under CCPA. Subscriber remains responsible for ensuring Subscriber’s own compliance obligations under CCPA and any other applicable privacy laws.

k. EU Data Transfer. To the extent Subscriber qualifies as a data exporter under the GDPR or UK GDPR, Schedule 8 applies and is incorporated by reference. The terms “controller” and “processor” (as defined by Directive 95/46/EC of the European Parliament), shall mean the Subscriber and SmartCert, respectively, as defined by the relevant Service Agreement, and “data exporter” and “data importer” shall be designated as Subscriber and SmartCert, respectively. The signatory of the applicable service agreement is deemed to be the signatory of this Schedule.

l. Non-Solicitation of Employees. For one (1) year following termination of this Agreement, neither Party may solicit or hire the other Party’s employees, except where the individual applies independently without solicitation, or through general solicitations not targeted at the other Party’s employees.

m. Non-disparagement. Subscriber agrees not to directly or indirectly disparage, criticize, or defame SmartCert, its affiliates, directors, officers, employees, contractors, or agents publicly or to unrelated third parties.

Schedule 1 – Definitions

a. Capitalized terms used herein shall have the meanings set forth below:

Unless otherwise required by context, the following definitions apply:

1. “Action” means claims, actions, suits, and proceedings brought by unaffiliated third parties, including governmental authorities.
2. “Additional Riders” means any documents that modify or supplement this Agreement or any Service Agreement.
3. “Agreement” means these General Terms and Conditions; the Privacy Policy; the Terms of Access; the International Rider (if applicable); any Additional Riders; and all applicable Service Agreements—as amended in accordance with this Agreement.
4. “Amendment” means any written modification to the Agreement.
5. “Authorized Users” means individuals (employees, agents, or representatives) that Subscriber authorizes to use SmartCert under Subscriber’s subscription.
6. “Business Unit Executive” means the designated senior business leader at each Party.
7. “Confidential Information” means any information, technical data or know-how (whether disclosed before or after the date of this Agreement), including, but not limited to, information relating to business and product or service plans, financial projections, customer lists, business forecasts, sales and merchandising, human resources, patents, patent applications, computer object or source code, research, inventions, processes, designs, drawings, engineering, marketing or financial data, to be confidential or proprietary or which information would, under the circumstances, appear to a reasonable person to be confidential or proprietary. Confidential information does not include (i) information that becomes public knowledge other than as a result of a party’s acts or omissions to act; (ii) information that was known by or in possession of the party prior to being disclosed pursuant to this Agreement or through the party’s relationship with the other party; or (iii) information required by court order or governmental agency to be disclosed, provided that the party shall give prompt notice of such demand and cooperate with the other party (at the other party’s expense) to limit or oppose such order or request for Confidential Information, and if required to disclose any Confidential Information, the party shall disclose no more than that portion of Confidential Information, which upon advice of legal counsel, is required to be disclosed. Notwithstanding the foregoing, the party may disclose Confidential Information with prior written approval of the other party or as required by law. Notwithstanding the foregoing nondisclosure obligations, pursuant to 18 U.S.C. Section 1833(b), the party will not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret that is made: (1) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney, and solely for the purpose of reporting or investigating a suspected violation of law; or (2) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.
8. “Contract Administrator” means the individual identified by Subscriber as the administrative point of contact.
9. “Customer” means, depending on context: If Subscriber is a supplier: any entity using SmartCert to buy goods or services from Subscriber. If Subscriber is a buyer: any entity using SmartCert to sell goods or services to Subscriber. If Subscriber uses SmartCert for collaboration: any authorized collaborator. This term may also include other Subscribers.
10. “Descriptive Information” means materials and information describing Subscriber’s goods and services.
11. “SmartCert” means the SmartCert–operated digital platform for documentation management, digital certification exchange, collaboration, and related services available at www.getsmartcert.com and other domains designated by SmartCert.
12. “SmartCert Marks” means trademarks, service marks, tradenames, or logos of SmartCert, including SmartCert.
13. “SmartCert Materials” means SmartCert; its content, design, code, software, data structures; and all associated intellectual property.
14. “Liabilities” means damages, costs, losses, and reasonable attorneys’ fees legally awarded or agreed in settlement.
15. “Privacy Policy” means the SmartCert Privacy Policy as amended.
16. “Service-Affecting Event” means any event described in Section 15 that permits modification, suspension, or termination of Services.
17. “Service Agreement” means the written agreement governing Subscriber’s access to a specific SmartCert Service.
18. “Services” means SmartCert platform services delivered by SmartCert under a Service Agreement.
19. “Subscriber Informational Content” means any informational content or materials provided by Subscriber or its Authorized Users to SmartCert.
20. “Subscriber Marks” means Subscriber’s trademarks, logos, or trade names.
21. “Subscriber Matters” means misuse of software, combining SmartCert with non-Aramid systems, modifications not authorized by Aramid, or any claim in which Subscriber has a material interest.
22. “Subscriber Technology” means technology independently developed by Subscriber to interface with SmartCert.
23. “Subscription Period” means the period of access defined in the applicable Service Agreement.
24. “Terms of Access” means the SmartCert rules governing access and use of the platform.
25. Additional terms noted in the original schedule, such as:

• License
• Local Law
• Org ID
• User IDs
• U.S. Export Control Laws remain unchanged except for platform/company updates.

Schedule 2 – Account and Password Policy

a. Subscriber may permit only Authorized Users to access SmartCert.

b. Subscriber must maintain confidentiality of all Org IDs, User IDs, and passwords. Unauthorized access must be immediately reported to SmartCert.

c. Subscriber is responsible for all actions taken under its accounts, including informational content submitted, transactions made, and usage charges incurred.

d. Any breach of this Agreement under Subscriber’s account is considered a breach by Subscriber.

Schedule 3 – Policy on Using Trademarks

a. SmartCert User Directory. Subject to Subscriber supplying information for inclusion, Subscriber agrees to be listed in SmartCert user directory. Such listing generally will include Subscriber’s company name and such other details as SmartCert includes in the user directory generally, and as are supplied by Subscriber. (The failure of Subscriber to supply the necessary information will result in Subscriber not being listed in any such directory or being listed with incorrect/incomplete information.) Subscriber shall supply only current and accurate information for the user directory. If the user directory includes any of Subscriber’s trademarks, SmartCert shall have the right to use the Subscriber Marks for such purpose.

b. Subscriber’s Trademark Usage Guidelines. SmartCert understands that any use of Subscriber Marks must conform with Subscriber’s trademark guidelines that Subscriber provides in writing to SmartCert. SmartCert further understands that it must immediately discontinue the use and display of Subscriber Marks upon written notice from Subscriber that SmartCert is not using Subscriber Marks in a manner consistent with Subscriber’s guidelines, unless SmartCert takes the steps necessary to conform to Subscriber’s guidelines. All uses by SmartCert of Subscriber Marks and the goodwill associated therewith shall inure to Subscriber’s benefit.

c. Use of SmartCert Marks. Subject to the terms and conditions of this Agreement, SmartCert grants Subscriber a nonexclusive, revocable, non-transferable worldwide license during the term of this Agreement to use and reproduce the SmartCert trademark and the SmartCert logo, and to provide a hyperlink to the SmartCert website on Subscriber’s websites (should Subscriber choose to do so), only in accordance with the trademark guidelines that SmartCert specifies to Subscriber (if any). All of Subscriber’s use of SmartCert’s Marks and the goodwill associated therewith shall inure to the benefit of SmartCert.

Schedule 4 – Export Control, Import, Customs, and Regulatory Policy

a. Additional Definitions

1. Other Lists” means the Entity List, the Denied Persons List, the Debarred Parties List, and any other list by any U.S. or non-U.S. regulatory or governmental authority that restricts trade or business dealings with identified persons or entities, to the extent such restriction is consistent with U.S. law.
2. “SDN List” means the list of Specially Designated Nationals and Blocked Persons (which includes Specially Designated Terrorists, Specially Designated Global Terrorists, Foreign Terrorist Organizations, Specially Designated Narcotics Traffickers, Specially Designated Narcotics Kingpins, proliferators of weapons of mass destruction, and other persons or entities designated by law).
3. “U.S. Export Control Laws” means all U.S. export control laws and regulations, including but not limited to the International Traffic in Arms Regulations, the regulations administered by the Office of Foreign Assets Control, and the U.S. Export Administration Regulations.

b. Subscriber’s Independent Obligations. Subscriber acknowledges that Subscriber has an independent obligation under applicable law to comply with the customs, import, export control and economic sanctions requirements of any applicable jurisdiction – including the customs and import laws of the United States and U.S. Export Control Laws – and to conduct each sale in accordance with all applicable laws (including export, import and customs laws and regulations). Subscriber agrees not to export or import any controlled item, data, technology, or services to any foreign person (including those foreign persons employed by, associated with or under contract with Subscriber or Subscriber’s lower-tier suppliers) without the authority of an applicable license or an applicable license exception. Subscriber agrees that nothing in this Agreement affects, modifies, or changes Subscriber’s ultimate responsibility for customs, import, export control and economic sanctions compliance, and Subscriber specifically acknowledges that SmartCert is not responsible for discharging Subscriber’s obligations in this regard.

c. Subscriber’s Responsibility. Subscriber acknowledges and agrees that Subscriber remains responsible for obtaining any license or authorization required to permit the lawful import or export by Subscriber of any controlled item, technical data, technology, or software that is made available through Subscriber’s use of SmartCert. (The preceding sentence is not intended to impose import or export control licensing requirements on Subscriber in circumstances in which another party or entity is the real party in interest for import/export control purposes.)

d. Assurance. Subscriber agrees that, to the extent Subscriber engages in transactions with Subscriber’s Customers using SmartCert Services, Subscriber will undertake reasonable steps to ensure that such Customers are not listed on the SDN List or Other Lists and are not prohibited from engaging in such transactions under U.S. law (including U.S. Export Control Laws) or under the applicable customs, import or export control law of any other country that has jurisdiction over a transaction and which do not conflict with U.S. law.

e. Notice. Subscriber agrees to immediately notify SmartCert – and further agrees that it will be subject to termination from SmartCert – if Subscriber becomes listed on any denied parties list or if Subscriber’s import or export privileges are otherwise denied, suspended or revoked in whole or in part by any government entity or agency.

f. Additional Warranties Regarding Regulatory Compliance. Subscriber warrants and represents that neither Subscriber nor any of Subscriber’s subsidiaries or affiliated companies, officers, directors or controlling shareholders (a) is located in, a resident of, or acting directly or indirectly for the government of, any country or territory which is the subject of a trade embargo administered by the U.S. Office of Foreign Assets Control (“OFAC”); (b) is named on the SDN List or Other Lists; or (c) is located in, or acting directly or indirectly for the government of, any country or territory which is identified as an embargoed country by the U.S. Office of Defense Trade Controls or is otherwise prohibited from defense trade under the International Traffic in Arms Regulations.

g. Additional Subscriber Termination Rights. Subscriber will immediately notify SmartCert and the appropriate governmental agency and agrees to be subject to termination from SmartCert in the event that Subscriber, Subscriber’s subsidiaries or affiliated companies, or any of Subscriber’s officers, directors or controlling shareholders: (a) becomes located in, becomes a resident of, or begins acting directly or indirectly for the government of, any country or territory which is the subject of any regulation administered by OFAC, or (b) is named on the SDN List or Other Lists.

h. Subscriber Informational Content. Subscriber Informational Content, unless licensed for import or export to the intended SmartCert Network user(s) or excepted from licensing, does not and will not contain any technical data controlled by U.S. import or customs laws or U.S. Export Control Laws. Only if any such controlled Subscriber Informational Content is licensed or otherwise authorized for export to the intended SmartCert Network user(s) may it be posted on SmartCert.

Schedule 5 – Dispute Resolution Policy

a. A dispute shall be submitted in writing to the Business Unit Executive of each Party, and the Business Unit Executives shall attempt to resolve the dispute within thirty (30) days after such submission.

b. If the Business Unit Executives are unable to resolve the dispute within thirty (30) days and any Party wishes to pursue the dispute, that Party shall submit the dispute in writing to the President (or equivalent officer) of each Party for resolution, and the Presidents shall attempt to resolve the dispute within thirty (30) days after such submission.

c. If the Presidents are unable to resolve the dispute within thirty (30) days (as provided in a and b above), the dispute shall be settled by binding arbitration in accordance with the commercial rules (or international rules, if Subscriber is a non-U.S. entity) of the American Arbitration Association then in effect. The arbitration panel shall consist of one (1) neutral arbitrator if the amount in controversy is less than $10,000; otherwise the panel shall consist of three (3) neutral arbitrators, each an attorney with five (5) or more years of experience in computer and technology law and/or the primary area of law to which the dispute relates. The arbitrator(s) shall never have been employed (as an employee or independent consultant) by either of the Parties or any parent, subsidiary, or affiliate thereof. The Parties shall have the right to take discovery of the other Party by any or all methods provided in the Federal Rules of Civil Procedure. The arbitrator(s) may, upon request, exclude from use in the arbitration proceeding any evidence not made available to the other Party pursuant to a proper discovery request. The arbitrator(s) shall apply the law of the State of Wisconsin, and the arbitration proceeding shall be held in Green Bay, Wisconsin, USA (or in such other location as is mutually agreed upon by the Parties). The cost of the arbitration shall be borne equally by the Parties unless the arbitrator(s) awards costs and attorneys’ fees to the prevailing Party. Notwithstanding the choice of law provision in this Agreement, the Federal Arbitration Act (except as modified herein) shall govern the interpretation and enforcement of this provision. All arbitration proceedings shall be conducted in English.

d. Notwithstanding the foregoing dispute resolution procedures, either Party may apply to any court having jurisdiction to: (i) enforce the agreement to arbitrate; (ii) seek provisional injunctive relief to maintain the status quo until the arbitration award is rendered or the dispute is otherwise resolved, or to prevent irreparable harm otherwise; (iii) avoid the expiration of any applicable limitation period; (iv) preserve a superior position with respect to creditors; or (v) challenge or vacate any final decision or award of the arbitration panel that does not comport with the express provisions of this Schedule 5.

Schedule 6 – International Rider

Severability (International Rider). In the event (i) any court of competent jurisdiction (other than a court of the State of Wisconsin) is entitled to exercise jurisdiction over the interpretation or enforcement of this Agreement, or (ii) the law of any other jurisdiction (“Local Law”) is held applicable to the interpretation or enforcement of this Agreement, then the Parties intend and agree that the following shall apply, in the order specified:

• To the maximum extent permitted by Local Law, the Parties intend that this Agreement shall be enforced in accordance with its terms (including, without limitation, in accordance with the Governing Law provision).
• Certain jurisdictions may prohibit, or may not enforce, an exclusion by a party from, or limitation by a party of, liability arising from the willful misconduct of such party. To the extent this Agreement is subject to Local Law that prohibits such exclusions or limitations, any provision in this Agreement which excludes or limits liability in respect of willful misconduct shall be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to willful misconduct.
• Certain jurisdictions may prohibit, or may not enforce, an exclusion by a party from, or limitation by a party of, liability arising from the gross negligence of such party. To the extent this Agreement is subject to Local Law that prohibits such exclusions or limitations, any provision in this Agreement which excludes or limits liability in respect of gross negligence shall be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to gross negligence.
• Certain jurisdictions may prohibit, or may not enforce, an exclusion by a party from, or limitation by a party of, liability relating to certain types of damages (such as personal injury or death). To the extent this Agreement is subject to Local Law that prohibits such exclusions or limitations, any provision in this Agreement which excludes or limits liability in respect of such damages shall be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to such damages.
• Certain jurisdictions may prohibit, or may not enforce, the disclaimer or exclusion of claims which a party may have against a third party (“Third Party Exclusion”). To the extent this Agreement is subject to Local Law that prohibits such exclusions or limitations, any provision in this Agreement which excludes or limits liability in respect of a Third Party Exclusion shall be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to any such Third Party Exclusion. In such an event, the Parties agree to enter into agreements with any relevant third-party licensors and service providers to provide such licensors and service providers with comparable protection as would have been provided by the applicable provisions of this Agreement prior to such amendment.
• Certain jurisdictions may prohibit, or may not enforce, the disclaimer or exclusion of certain types of damages or liability (collectively, an “Unlawful Exclusion”). To the extent this Agreement is subject to Local Law that prohibits such exclusions or limitations, any provision in this Agreement which excludes or limits liability in respect of an Unlawful Exclusion shall be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to any such Unlawful Exclusion.
• Certain jurisdictions may prohibit, or may not enforce, a limitation on a party’s aggregate liability in respect of certain types of liability (“Unlawful Limitation”). To the extent this Agreement is subject to Local Law that prohibits such exclusions or limitations, any provision in this Agreement which excludes or limits liability in respect of an Unlawful Limitation shall be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to any such Unlawful Limitation.
• Certain jurisdictions may prohibit, or may not enforce, the disclaimer or exclusion of certain warranties or conditions which may arise from Local Law or otherwise (“Unlawful Disclaimer”). To the extent this Agreement is subject to Local Law that prohibits such exclusions or limitations, any provision in this Agreement which excludes or limits liability in respect of an Unlawful Disclaimer shall, only to the minimum extent required by such Local Law and after giving full effect to all other terms of this Agreement, be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to any such Unlawful Disclaimer, and shall otherwise remain in full force and effect.
• Certain jurisdictions may prohibit, or may not enforce, an obligation by one party to indemnify another party for certain types of actions, failures, violations, or other conduct of the indemnified party (“Unlawful Indemnification”). To the extent this Agreement is subject to Local Law that prohibits such indemnification, any provision in this Agreement which requires such indemnification shall, only to the minimum extent required by such Local Law and after giving full effect to all other terms of this Agreement, be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to exclude any reference or application to any such Unlawful Indemnification, and shall otherwise remain in full force and effect.
• Certain jurisdictions may prohibit, or may not enforce, a limitation of remedies to an exclusive remedy specified in this Agreement. In such case, to the extent and only to the extent required by applicable Local Law, any exclusive remedy specified in this Agreement shall be deemed inapplicable, but the applicable party’s liability shall nevertheless be subject to all other exclusions, limitations, and disclaimers contained in this Agreement to the maximum extent permitted by Local Law.
• Certain jurisdictions may impose an obligation on a party to comply with certain Local Law. To the extent this Agreement is subject to Local Law that prohibits any attempt to exclude the obligation to comply with such Local Law, any provision in this Agreement which attempts to exclude such obligation shall, only to the minimum extent required by such Local Law and only for purposes of this Agreement, be deemed amended (as narrowly and specifically as possible, and only for purposes of this Agreement) to remove the exclusion of the obligation to comply with such Local Law (except to the extent U.S. laws or regulations require otherwise).
• If any provision of this Agreement is held to be contrary to Local Law, such provision shall, only to the minimum extent required to comply with such Local Law, be changed so as to conform to Local Law (except to the extent inconsistent with U.S. laws or regulations), and shall otherwise remain in effect to the fullest extent permitted.

Any amendment required to be made by the foregoing shall be made in a manner so as to best accomplish the objectives of the original provision to the fullest extent allowed by Local Law. The remaining provisions of this Agreement shall remain in full force and effect.

Schedule 7 – Policy on Submitting Copyright Infringement Claims

As provided in the General Terms and Conditions, SmartCert reserves the right, in its sole discretion, to terminate or suspend any user’s access to SmartCert or any of the Services, with or without notice, for violations of the Agreement, including use of the Services in a manner that infringes the intellectual property rights of others. In accordance with the Digital Millennium Copyright Act, it is SmartCert’s policy to terminate a Subscriber’s access, in appropriate circumstances, if the Subscriber repeatedly infringes the copyrights of others. These policies do not affect, limit, or waive any other rights or remedies SmartCert may have under law or contract. (Capitalized terms not otherwise defined in this document shall have the meanings set forth in the Terms and Conditions.)

UNDER FEDERAL LAW, IF A SUBSCRIBER KNOWINGLY MISREPRESENTS THAT ONLINE MATERIAL IS INFRINGING ON A COPYRIGHT, THE SUBSCRIBER WILL BE SUBJECT TO CIVIL PENALTIES, including monetary damages, court costs, and attorneys’ fees that any copyright owner (or the copyright owner’s licensee, or SmartCert) may incur as a result of reliance upon such misrepresentation. THE SUBSCRIBER MAY ALSO BE SUBJECT TO CRIMINAL PROSECUTION FOR PERJURY.

If you believe that material has been stored on SmartCert or any Service at the direction of a user in a manner that you, as the copyright owner (or the copyright owner’s agent), have not authorized, please notify SmartCert at:

Aramid Technologies, Inc. 1025 Lombardi Ave Green Bay, WI 54304 legal@smartcert.tech

(or such other address or contact details as SmartCert may designate from time to time in the Services or on its website)

When submitting such a notice, please include the following information (and any additional information reasonably requested by SmartCert to verify or process your claim):

1. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;

2. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site;

3. Identification of the material that is claimed to be infringing or to be the subject of infringing activity – and that is to be removed or access to which is to be disabled – and information reasonably sufficient to permit SmartCert to locate the material;

4. Information reasonably sufficient to permit SmartCert to contact the complaining party (such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted);

5. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and

6. A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Please do not send any inquiries unrelated to copyright infringement (e.g., requests for technical assistance or customer service, reports of email abuse, etc.) to the contact above. You will not receive a response if such inquiries are sent to that contact, and SmartCert may disregard any notice that does not substantially comply with the requirements of this Schedule

7. For all other inquiries, please use the support or contact channels identified in the Services or on SmartCert’s website.

Schedule 8 – Commission Decision Standard Contractual Clauses for Data Transfer

Standard Contractual Clauses for Transfer of Personal Data to Third Countries Under EU General Data Protection Regulation (GDPR) and UK GDPR (pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council)

Section I

Clause 1 – Purpose and scope

a. The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.

b. The Parties: (i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A (hereinafter each “data exporter”), and (ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each “data importer”), have agreed to these standard contractual clauses (hereinafter: “Clauses”).

c. These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

d. The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2 – Effect and invariability of the Clauses

a. These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or adding other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

b. These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3 – Third-party beneficiaries

a. Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions: (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7; (ii) Clause 8 – Clause 8.1(b), 8.9(a), (c), (d) and (e); (iii) Clause 9 – Clause 9(a), (c), (d) and (e); (iv) Clause 12 – Clause 12(a), (d) and (f); (v) Clause 13; (vi) Clause 15.1(c), (d) and (e); (vii) Clause 16(e); (viii) Clause 18 – Clause 18(a) and (b).

b. Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4 – Interpretation

a. Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.

b. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

c. These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5 – Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6 – Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Clause 7 – Docking clause

a. An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.

b. Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.

c. The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

Section II – Obligations Of The Parties

Clause 8 – Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organizational measures, to satisfy its obligations under these Clauses.

8.1 Instructions

a. The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.

b. The data importer shall immediately inform the data exporter if it is unable to follow those instructions.

8.2 Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.

8.3 Transparency

On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information (including the measures described in Annex II and personal data), the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy – but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause 8.3 is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

8.4 Accuracy

If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.

8.5 Duration of processing and erasure or return of data

Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses.

In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).

8.6 Security of processing

a. The data importer and, during transmission, also the data exporter shall implement appropriate technical and organizational measures to ensure the security of the data (including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the data – hereinafter a “personal data breach”). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, and the risks involved in the processing for the data subjects.

The Parties shall, in particular, consider having recourse to encryption or pseudonymization (including during transmission, where the purpose of processing can be fulfilled in that manner). In case of pseudonymization, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organizational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.

b. The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for implementing, managing, and monitoring of the contract. It shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

c. In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach (including measures to mitigate its adverse effects). The data importer shall also notify the data exporter without undue delay after becoming aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences, and the measures taken or proposed to address the breach (including, where appropriate, measures to mitigate its possible adverse effects). Where, and to the extent that, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall subsequently be provided without undue delay as it becomes available.

d. The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679 – in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.

8.7 Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data or biometric data for the purpose of uniquely identifying a natural person; data concerning health or a person’s sex life or sexual orientation; or data relating to criminal convictions or offenses (hereinafter “sensitive data”), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.

8.8 Onward transfers

The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter “onward transfer”) if the third party is or agrees to be bound by these Clauses (under the appropriate Module), or if: (i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer; (ii) the third party otherwise ensures appropriate safeguards pursuant to Article 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question; (iii) the onward transfer is necessary for the establishment, exercise or defense of legal claims in the context of specific administrative, regulatory or judicial proceedings; or (iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.

Any onward transfer is subject to compliance by the data importer with all other safeguards under these Clauses, in particular purpose limitation.

8.9 Documentation and compliance

a. The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to processing under these Clauses.

b. The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.

c. The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and, at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.

d. The data exporter may choose to conduct the audit itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and, where appropriate, shall be carried out with reasonable notice.

e. The Parties shall make the information referred to in paragraphs (b) and (c) (including the results of any audits) available to the competent supervisory authority on request.

Clause 9 – Use of sub-processors

a. Option 2: General written authorization. The data importer has the data exporter’s general authorization for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list (through the addition or replacement of sub-processors) at least thirty (30) days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.

b. Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses (including in terms of third-party beneficiary rights for data subjects). The Parties agree that, by complying with this Clause 9(b), the data importer fulfills its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.

c. The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information (including personal data), the data importer may redact the text of the agreement prior to sharing a copy.

d. The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfill its obligations under that contract.

e. The data importer shall agree to a third-party beneficiary clause with the sub-processor whereby – in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent – the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Clause 10 – Data subject rights

a. The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to such request itself unless authorized to do so by the data exporter.

b. The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organizational measures, taking into account the nature of the processing, by which such assistance shall be provided, as well as the scope and the extent of the assistance required. c. In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the data exporter’s instructions.

Clause 11 – Redress

a. The data importer shall inform data subjects in a transparent and easily accessible format (through individual notice or on its website) of a contact point authorized to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

b. In case of a dispute between a data subject and one of the Parties regarding compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.

c. Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to: (i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13; (ii) refer the dispute to the competent courts within the meaning of Clause 18.

d. The Parties accept that the data subject may be represented by a not-for-profit body, organization or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.

e. The data importer shall abide by a decision that is binding under applicable EU or Member State law.

f. The data importer agrees that the choice made by the data subject will not prejudice the data subject’s substantive or procedural rights to seek remedies in accordance with applicable laws.

Clause 12 – Liability

a. Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.

b. The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.

c. Notwithstanding paragraph (b), the data exporter shall be liable to the data subject (and the data subject shall be entitled to receive compensation) for any material or non-material damages the data exporter or the data importer (or its sub-processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and (where the data exporter is a processor acting on behalf of a controller) to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.

d. The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility

for the damage.

e. Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.

f. The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.

g. The data importer may not invoke the conduct of a sub-processor to avoid its own liability.

Clause 13 – Supervision

a. Where the data exporter is established in an EU Member State: The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer (as indicated in Annex I.C) shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established (as indicated in Annex I.C) shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with Article 3(2) without having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses (in relation to the offering of goods or services to them, or whose behavior is monitored) are located (as indicated in Annex I.C) shall act as competent supervisory authority.

b. The data importer agrees to submit itself to the jurisdiction of, and cooperate with, the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits, and comply with the measures adopted by the supervisory authority (including remedial and compensatory measures). It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

Setion III – Local Laws And Obligations In Case Of Access By Public Authorities

Clause 14 – Local laws and practices affecting compliance with the Clauses

a. The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination (including any requirements to disclose personal data or measures authorizing access by public authorities) applicable to the processing of personal data by the data importer prevent the data importer from fulfilling its obligations under these Clauses. (This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.)

b. The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements: (i) the specific circumstances of the transfer (including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; and the storage location of the data transferred); (ii) the laws and practices of the third country of destination (including those requiring the disclosure of data to public authorities or authorizing access by such authorities) relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards; (iii) any relevant contractual, technical or organizational safeguards put in place to supplement the safeguards under these Clauses (including measures applied during transmission and to the processing of personal data in the country of destination).

c. The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.

d. The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.

e. The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a) (including following a change in the laws of the third country or a measure, such as a disclosure request, indicating an application of such laws in practice not in line with the requirements in paragraph (a)). [For Module 3: The data exporter shall forward the notification to the controller.]

f. Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfill its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organizational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation [for Module 3: if appropriate, in consultation with the controller]. The data exporter shall suspend data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by [for Module 3: the controller or] the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract (insofar as it concerns processing of personal data under these Clauses). If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause 14(f), Clause 16(d) and (e) shall apply.

This refers in particular to internal records or other documentation drawn up on a continuous basis in accordance with due diligence and certified at the senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements. The Parties have to consider carefully whether these elements together carry sufficient weight (in terms of reliability and representativeness) to support such a conclusion. In particular, the Parties must take into account whether their practical experience is corroborated (and not contradicted) by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice (such as case law and reports by independent oversight bodies).

Clause 15 – Obligations of the data importer in case of access by public authorities

15.1 Notification

a. The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary, with the data exporter’s help) if it: (i) receives a legally binding request from a public authority (including judicial authority) under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses. (Such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request, and the response provided.); or (ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination (and such notification shall include all information available to the importer).

b. If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition to communicate as much information as possible – as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them upon request of the data exporter.

c. Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter (at regular intervals for the duration of the contract) with as much relevant information as possible on requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome).

d. The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and to make it available to the competent supervisory authority on request. e. Paragraphs (a) to (c) are without prejudice to the data importer’s obligation under Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

15.2 Review of legality and data minimization

a. The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law or principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. (When challenging a request, the data importer shall seek interim measures to suspend the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules.) These requirements are without prejudice to the data importer’s obligations under Clause 14(e).

b. The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, to make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.

c. The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

Section IV – Final Provisions

Clause 16 – Non-compliance with the Clauses and termination

a. The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses for whatever reason.

b. If the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured, or the contract is terminated. This is without prejudice to Clause 14(f).

c. The data exporter shall be entitled to terminate the contract (insofar as it concerns processing of personal data under these Clauses) where: (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time (in any event within one month of suspension); (ii) the data importer is in substantial or persistent breach of these Clauses; or (iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses. In these cases, the data exporter shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this termination right only with respect to the relevant Party, unless the Parties have agreed otherwise.

d. Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall, at the choice of the data exporter, immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety (including any copies). The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.

e. Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply, or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

Clause 17 – Governing law

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Ireland.

Clause 18 – Choice of forum and jurisdiction

a. Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.

b. The Parties agree that those shall be the courts of Ireland.

c. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.

d. The Parties agree to submit themselves to the jurisdiction of such courts.

Terms of Use Data and Use of AI Addendum

a. User Content – License and Data Use. By uploading or providing any “User Content” (such as documents, data, or other information) to SmartCert in connection with the Services, you grant SmartCert a non-exclusive, royalty-free, worldwide license to use, reproduce, modify, distribute, display, perform, and otherwise process your User Content solely as necessary to operate, provide, maintain, and improve the Services for you. This includes using your User Content as needed to operate the platform and its features, such as extracting data from your documents via automated tools (including AI algorithms) to eliminate manual data entry, checking compliance against standards, and generating certifications or reports on your behalf.

b. Enhancing SmartCert’s platform and AI capabilities. You agree that SmartCert may use your User Content and data derived from your usage of the Services to maintain, analyze, and improve our products and services. In doing so, SmartCert may utilize machine learning or artificial intelligence on your data to refine our algorithms. However, if we use any of your User Content to develop or train our AI models or to derive industry insights, we will first anonymize or aggregate the data so that it does not identify you, your organization, or any individual, nor reveal any of your confidential information. In other words, any AI training or analytics will be done on de-identified data combined with other sources.

c. Aggregating data for industry insights. SmartCert may compile aggregated statistics or benchmarks reflecting compliance rates, trends, or other metrics across our user base, and use or publish such information to provide industry insights, so long as no personal, sensitive, or company-identifying details are disclosed. All such aggregated data will be stripped of identifiers and will not contain any of your proprietary content in identifiable form. You agree that SmartCert owns all rights in the anonymized, aggregate data it creates from the Services (“Aggregated Data”), which may be used for any lawful purpose (for example, to improve our software, report on supply chain trends, or develop new features) without further notice or obligation to you.

d. Legal compliance and other purposes with consent. SmartCert may also process or disclose your User Content if required by law or valid legal process, to protect or enforce SmartCert’s legal rights, or as otherwise permitted by our Privacy Policy (for example, with your consent or at your direction).

Data Privacy and Non-Disclosure. SmartCert values the privacy and security of your data. In providing the Services, we will not sell your personal information to any third party. We will also not share your User Content with any third party except: (i) with our affiliates, service providers, or sub-processors as necessary to operate, provide, or support the Services you’ve requested (for example, cloud infrastructure or AI processing services), and in such cases those third parties are contractually bound to protect your data and use it only for our authorized purposes; or (ii) if we are required to disclose data to comply with a legal obligation or an order of a court, regulator, or other governmental authority (in which case we will, if lawful and practicable, notify you of the disclosure). Any handling of personal data will remain in accordance with our Privacy Policy. SmartCert implements appropriate technical and organizational measures (such as encryption and access controls) to safeguard your data. By using the platform, you acknowledge the terms of our Privacy Policy and affirm that SmartCert may handle your data as described therein (notably, SmartCert does not sell or rent personal data and does not share it publicly without consent).

AI Outputs – User Responsibility. You understand that SmartCert may employ AI tools to assist in processing and analyzing your certifications and other documents. While these AI-powered features are intended to increase accuracy and efficiency, no AI system is infallible. Any data, suggestions, or compliance indications provided by the AI (the “AI Output”) are for informational assistance only and are provided “as is”. SmartCert does not guarantee that AI-generated outputs will be 100% accurate, complete, or in compliance with all requirements. You are responsible for reviewing and verifying the accuracy and appropriateness of any AI Output or automated analysis before relying on it or using it in your operations. To the maximum extent permitted by applicable law, SmartCert disclaims liability for errors or omissions in AI Output, and you should not rely solely on AI-provided content without human review. By using the AI features, you acknowledge that any decisions based on AI Output are taken at your own risk, and you agree to use these features in accordance with our Terms and any usage guidelines we provide.

CCPA Service Provider Addendum

This CCPA Service Provider Addendum applies to the extent the Service Provider processes Personal Information that is subject to the California Consumer Privacy Act (CCPA), as amended by CPRA.

a. SmartCert acts solely as a Service Provider with respect to any Personal Information processed through SmartCert.

b. SmartCert shall not:

1. Sell or share Personal Information (as those terms are defined under the CCPA/CPRA).

2. Collect, retain, use, or disclose Personal Information for any purpose other than providing the Services or as otherwise permitted by the CCPA/CPRA.

3. Use Personal Information outside the direct business relationship with Subscriber, except as permitted by the CCPA/CPRA.

4. Use Personal Information for profiling, advertising, cross-context behavioral targeting, or any unrelated secondary use, in each case as restricted under the CCPA/CPRA.

c. SmartCert may process Personal Information only for:

· Providing, maintaining, securing, and improving the SmartCert Services.

· Detecting or preventing fraud or security incidents.

· Debugging or repairing intended functionality.

· Internal research and development.

· Compliance with legal obligations.

· Aggregation or de-identification consistent with CCPA requirements.

d. SmartCert certifies that it understands and will comply with all restrictions under this Addendum as required by Cal. Civ. Code §1798.100(d).

e. SmartCert may create de-identified or aggregated data for statistical, service improvement, or analytical purposes, provided it strictly complies with CCPA requirements for de-identification.

f. SmartCert will provide reasonable assistance to enable Subscriber to respond to consumer access, correction, or deletion requests, and to comply with obligations to limit or restrict the use of sensitive personal information, in each case to the extent required by the CCPA/CPRA and other applicable data protection laws.

SmartCert will direct California consumers to submit requests directly to the Subscriber, where Subscriber is the “business” (as defined under the CCPA/CPRA) with respect to the relevant Personal Information, where appropriate.

g. SmartCert will notify Subscriber without undue delay if it determines that it can no longer meet its obligations as a Service Provider under the CCPA/CPRA, to the extent such notification is permitted by applicable law.

h. Upon written request, Subscriber may take reasonable and appropriate steps to ensure Aramid’s compliance with this Addendum, including reviewing documentation or receiving appropriate certifications, provided that any such steps are subject to reasonable confidentiality, security, and burden limitations agreed by the Parties.

i. SmartCert will not combine Personal Information received from Subscriber with Personal Information obtained from external sources unless permitted by the CCPA/CPRA or other applicable law, or necessary to perform the contracted services in compliance with the CCPA/CPRA.