Last update on 2023-04-19

Terms and Conditions

Service AB Tasty – Service Flagship by AB Tasty – Service Epoq by AB Tasty

Whereas, AB Tasty (as defined below) is the owner, developer and provider of a marketing solution operating system platform and makes these solutions available for its customers to use on a Software-as-a-Service basis (“Service” or “Services”). “AB Tasty” is defined as the signatory Order Form (as defined in Section 2 “The Service”) along with any AB Tasty Affiliates (as defined below) as necessary for the provision of the Services; and

Whereas, Customer wishes to: (i) subscribe to, access and use the Service; and (ii) permit its employees (including its Affiliates’ (as defined below) employees) and/or other users to access and use the Service, in accordance with the terms of this Agreement (as defined below) (the “Users”). For the purpose of this Agreement, “Affiliate” means a current or future entity of a Party that controls, is controlled by, or is under common control with either Party, including its subsidiaries. As used in this definition, “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract or otherwise. For the avoidance of doubt, but not by way of limitation, the direct or indirect ownership of more than 50% of (i) the voting securities or (ii) an interest in the assets, profits, or earnings of an entity shall be deemed to constitute “control” of the entity. “Agreement” means these Terms and Conditions along with any and all annexes. 

Now, Therefore, in consideration of the mutual promises contained in this Agreement, the sufficiency of which is hereby acknowledged, the Parties hereby agree as follows:

1. Right to Use. Subject to the terms and conditions of this Agreement, AB Tasty hereby grants Customer a limited, non-exclusive, non-sublicensable, non-assignable and non-transferable right during the Subscription Term to (i) access and use the Service, via its Users, in Customer’s internal operations, on its websites or other connected tools; and (ii) as applicable, to create and edit Customer Data, and to access or edit Customer Data created, uploaded, posted, or published on Customer’s Account (as such capitalized terms are defined in Section 3 “Customer Account”). The foregoing right is subject to the access and use restrictions set forth in Section 5 “Restricted Use” below, which restrictions, for the avoidance of doubt, are in addition to, and without derogating from, any other access and use restrictions set forth herein.

2. The Service. The provision of the Services by AB Tasty shall be governed by the execution of an order form or by the press of clickwrap/clickthrough button (both an “Order Form”). AB Tasty provides the functionalities described under annex “Service Description”. AB Tasty may add other functionalities and/or modify and/or discontinue some of the functionalities in its own discretion and without further notice to the extent they shall not result in a degradation of the Service; if AB Tasty intends to make any material adverse change of the Service, then AB Tasty will notify Customer by posting an announcement on the company website and/or via the Service and/or by sending Customer an email. 

If Customer receives access to use the Service or any service features on a free or trial basis or as an alpha, beta or early access offering (“Proof of Concept and Betas”), use is permitted only for Customer’s internal evaluation during the period designated by AB Tasty (or if not designated, 30 days). Betas are optional and either party may terminate Proof of Concept and Betas at any time for any reason. Proof of Concept and Betas may be inoperable, incomplete or include features that AB Tasty may never release, and their features and performance information are AB Tasty’s Confidential Information. Subject to Sections 17 “Warranty Disclaimer” and 18 “Limitation of Liability” of this Agreement, AB Tasty provides Proof of Concept and Betas “AS IS” with no warranty, indemnity, SLA or support and its liability for Proof of Concept and Betas will not exceed the amount (if any) paid for such Proof of Concept and Betas.

3. Customer Account. A Customer account will be created by Customer (“Account”) and access to the Account may be provided by the Customer to each of its Users in connection with Customer’s use of the Service, subject to: (i) the User limitations and any other limitations or Restricted Use (as defined in Section 5 “Restricted Use”) set forth in this Agreement or the separate mutually agreed Order Form, (ii) the features and functionalities available to each User as determined by the Customer at its sole discretion; ((i) – (ii) above, collectively, the “Limitations”). Customer is solely responsible for the content and any activity that occurs in each Account, including without limitation, any activity performed in the Account by Customer’s Users and compliance by its Users with the AUP (as defined below). Customer shall: (a) not allow anyone other than Users to access and use the Account; (b) keep and ensure that Users keep all Account login details and passwords secure at all times; and (c) promptly notify AB Tasty in writing if Customer becomes aware of any unauthorized access or use of an Account.  Users possess all privileges in an Account and control over the use of the Service. Users are severally and jointly deemed to be Representatives (as defined in Section 7 “Confidentiality”) of the Customer, and any decision or action made by any User, is deemed as an authorized decision or action on behalf of Customer. “AUP” means the AB Tasty Acceptable Use Policy attached to this Agreement under annex “Acceptable Use Policy” as may be updated from time to time subject to prior written notification to Customer by posting an announcement on the company website and/or by sending Customer an email.

4. Technical Support and Committed Uptime. Customer shall be entitled to technical support and an uptime commitment, by AB Tasty, in accordance with the “Service Level Agreement” or “SLA” attached to this Agreement under annex “Service Levels”.

5. Restricted Use. Except as specifically permitted in this Agreement, Customer shall not, and shall not allow any User to: (i) give, sell, rent, lease, timeshare, sublicense, disclose, publish, assign, market, display, transmit, broadcast, transfer or distribute any portion of the Service to any third party, or use the Service in any service bureau arrangement; (ii) circumvent, disable or otherwise interfere with security-related features of the Service or features that prevent or restrict use or copying of any content or that enforce limitations on use of the Service; (iii) reverse engineer, decompile, disassemble, decrypt or attempt to derive the source code of, the Service, or any components thereof; (iv) copy, modify, translate, patch, improve, alter, change or create any derivative works of the Service, or any part thereof; (v) use any robot, spider, scraper, or other automated means to access or monitor the Service for any purpose; (vi) take any action that imposes or will likely impose an unreasonable or disproportionately large load on the AB Tasty infrastructure or infrastructure which supports the Service; (vii) use the Service in breach of the Limitations; (viii) interfere or attempt to interfere with the integrity or proper working of the Service, or any related activities; (ix) remove, deface, obscure, or alter AB Tasty’s or any third party’s identification, attribution, copyright notices, trademarks, or other proprietary rights affixed to or provided as part of the Service, or use or display logos of the Service without AB Tasty’s prior written approval; (x) use AB Tasty’s Materials (as defined in Section 12 “Intellectual Property Rights, Title and Ownership of the Service”) without AB Tasty’s prior written consent; (xi) use the Service to develop a competing service or product; (xii) use the Service to send unsolicited or unauthorized commercial communications; and/or (xiii) use the Service in any unlawful manner, for any harmful or inappropriate purpose, or in breach of this Agreement, any terms and conditions or agreements related to any third-party product or service Customer uses in connection with the Service. Without derogating from the above, Customer agrees to remain liable to AB Tasty for any act or omission of a User that would constitute a breach of this Agreement as if such acts or omissions were by Customer. 

6. Customer Data.

6.1. The Service allows Customer, via its Users, to create, upload, post, and publish certain content on its websites or other connected tools, such as (i) reporting, analysis, and submissions such as the results of marketing campaign or product use cases; (ii) images and/or text and/or videos used in creating content through the Service; (iii) images or videos retrieved from third parties in such content; and/or (iv) description, text and information processed through the Service or made through the use of the Service or any other data which is stored, or otherwise processed, by the Customer (“Customer Data”). Customer Data may include, as applicable, Customer personal data, Confidential Information (as defined under Section 7 “Confidentiality”) and content originating from the use of Third Party Services (as defined under Section 13 “Third Party Services”).

6.2. Customer hereby represents and warrants that

(i) it and/or its Users own or have the necessary rights and permissions to use and authorize AB Tasty to use all intellectual property rights in and to their Customer Data, and to enable inclusion in the Service and use thereof in the Service as contemplated by this Agreement; and 

(ii) the Customer Data it submits, its use of such Customer Data, and AB Tasty’s use of such Customer Data, as set forth in this Agreement, does not and shall not (a) infringe or violate any patents, copyrights, trademarks or other intellectual property, proprietary or privacy or publicity rights of any third party; (b) violate any applicable law, including data protection legislation and export control laws; (c) be offensive, threatening, pornographic, defamatory, libelous, harassing, hateful, or encourages conduct that would be considered a criminal offense, gives rise to civil liability, or is in any way inappropriate; and/or (d) be malicious or fraudulent; and (e) complies with the AUP.

(iii) the Service is not intended for any High-Risk Activities (as defined below) and to meet any legal obligations for these uses, including HIPAA requirements, and that AB Tasty is not a Business Associate as defined under HIPAA. Notwithstanding anything else in this Agreement, “High Risk Activities” means activities where use or failure of the Service could lead to death, personal injury or environmental damage, including life support systems, emergency services, nuclear facilities, autonomous vehicles or air traffic control.

6.3. Customer and its Users, as applicable, will retain all their ownership rights in their Customer Data. Customer and/or its Users hereby grant AB Tasty a worldwide, irrevocable (during the Subscription Term), non-exclusive, royalty-free, sub-licensable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the Customer Data only in connection with providing and operating the Service.

6.4. Other than AB Tasty’s security obligations expressly set forth in Section 11 “Security”, AB Tasty assumes no responsibility or liability for Customer Data, and Customer shall be solely responsible for Customer Data and the consequences of using, submitting, disclosing, storing, or transmitting it, including without limitation, for any errors or omissions therein, or for any infringement of third-party rights. It is hereby clarified that AB Tasty shall not monitor and/or moderate the Customer Data and there shall be no claim against AB Tasty of not acting so.

7. Confidentiality. All information disclosed by a Party (the “Disclosing Party”) to the other Party (the “Receiving Party”), during the Subscription Term of this Agreement, whether in writing, orally or which might reasonably be assumed to be confidential given its nature or circumstances of disclosure (“ConfidentialInformation”), shall be held in absolute confidence, and the Receiving Party shall take all reasonable and necessary safeguards (affording the Confidential Information at least the same level of protection that it affords its own information of similar importance) to prevent the disclosure of such Confidential Information to third parties. Confidential Information shall not include  information that (i) has become available to the public through no fault of the Recipient or its Representatives; or (ii) was available to or is already known by the Recipient on a non-confidential basis prior to disclosure by the Disclosing Party; or (iii) was, is or becomes available to the Recipient on a non-confidential basis from a third-party who, to the Recipient’s knowledge, is not bound by a confidentiality agreement with the Disclosing Party or otherwise prohibited from disclosing the information to the Recipient; or iv) is independently developed by or for the Recipient and/or its Representatives without access to the information disclosed by the Disclosing Party; or v) the Parties agree in writing is not confidential or may be disclosed. In addition, the Receiving Party will limit its disclosure of the Confidential Information to its Affiliates’ and its and their respective directors, officers, employees, agents, shareholders advisors, partners and consultants (collectively, “Representatives”) with a “need to know” basis, and further provided that such Representatives have a signed confidentiality agreement with the Receiving Party (or are bound by professional obligations of confidentiality) with terms and conditions no less protective of the Confidential Information than the terms under this Agreement, and that the Receiving Party shall remain responsible for any breach of the terms herein by any of its Representatives.. It is further agreed that the Receiving Party may disclose any information pursuant to applicable law or a court order or governmental request, provided the Receiving Party, to the extent legally permissible, notifies the Disclosing Party of such requirement and uses reasonable efforts to limit such disclosure to the maximum extent permitted and to obtain assurances that confidential treatment will be accorded to such Confidential Information to the extent such assurances are available.

8. Privacy. Subject to the definitions and terms and conditions of any Applicable Personal Data Protection Law (as defined in the DPA), Customer acknowledges and agrees that AB Tasty (acting as data processor) processes the personal data collected by the Customer (acting as data controller) as stated under the data processing agreement attached to this Agreement under annex “DPA”. The Customer acknowledges that no other personal data is needed by AB Tasty for the purposes of providing the Services and that AB Tasty shall have no liability whatsoever to the Customer except for the personal data described in the DPA.

9. Anonymous Information. AB Tasty may generate and use Anonymous Information (defined below) to provide, support and improve the Service. “Anonymous Information” means information of a behavioral nature about the use of the Service which does not enable identification of an individual (including any unique visitors or the Customer), such as aggregated and analytics information and technical logs about use of the Service, but excluding Customer Data. AB Tasty owns all Anonymous Information collected or obtained by AB Tasty.

10. Suggestions and Feedback. Customer and its Users, may, at their sole discretion, provide AB Tasty with suggestions, enhancement requests and/or comments with respect to the Service (“Feedback”). Customer represents that it is free to do so and that they shall not provide AB Tasty with Feedback that, to the Customer’s knowledge, infringes upon third parties’ intellectual property rights. Customer further acknowledges that AB Tasty fully owns the Feedback and may use the Feedback at its discretion, without limitation, and without being obliged to make any payment or give credit to the Customer and its Users.

11. Security. AB Tasty agrees during the Subscription Term to implement reasonable industry-standard, technical, and organizational security measures as applicable to AB Tasty designed to protect  the Services and Customer Data and will, at a minimum, utilize industry standard security procedures applicable to AB Tasty (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data  designed to protect the confidentiality and integrity of such Customer Data, as set forth in annex “Security Certificate”.

12. Intellectual Property Rights, Title and Ownership in the Service. All right, title and interest in and to the Service (excluding Customer Data), any enhancements or derivatives thereof, any and all related or underlying technology and modifications thereto, including associated intellectual property rights (including, without limitation, patents, copyrights, trade secrets, trademarks, etc.), evidenced by or embodied in and/or related to the Service, are the property of AB Tasty. Any rights not explicitly granted to Customer hereunder, are reserved to and shall remain solely and exclusively proprietary of AB Tasty (or its third-party providers). AB Tasty, the AB Tasty names, logos, trademarks and services marks and other materials, such as software, application programming interface, design, text, editorial materials, informational text (excluding Customer Data) (collectively, “AB Tasty Materials”) are the property of AB Tasty, its Affiliates and its licensors. As between Customer and AB Tasty, AB Tasty retains all right, title and interest, including all intellectual property rights, in and to the AB Tasty Materials. This Agreement does not convey to Customer an interest in or to the Service, but only a limited revocable right of use in accordance with the terms herein. Nothing in this Agreement constitutes a waiver of AB Tasty’s intellectual property rights under any law.

13. Third Party Services. Customer may elect to integrate or otherwise use in conjunction with the Service, any third-party services, products, apps, and tools, including, without limitation, third party applications and widgets offered via the Service (collectively, “Third-Party Products”). Additionally, the Service may contain links to third party websites, including third party tools that are not owned or controlled by AB Tasty (“Links” and collectively with Third Party Products, “Third-Party Services”). Customer’s use of such Third-Party Services, including without limitation, the collection, processing and use of Customer’s Data by such Third-Party Services, is subject to a separate contractual arrangement between Customer and the provider of such Third-Party Services. Notwithstanding anything in this Agreement to the contrary, AB Tasty bears no responsibility and/or liability for any Third-Party Services, including without limitation, such Third-Party Services’ operability or interoperability with the Service, security, accuracy, reliability, data protection and processing practices and the quality of its offerings, as well as any acts or omissions by third parties. Customer: (i) is solely responsible and liable for its use of the Third-Party Services and any content that it may send or post to such Third-Party Services; and (ii) expressly releases AB Tasty from any and all liability arising from its use of any Third-Party Services. Accordingly, AB Tasty encourages Customer to read the terms and conditions and privacy policy of each third-party website that it may choose to visit, and terms and conditions related to use of any Third-Party Services that it may use.

14. API Use. AB Tasty may offer an application programming interface that provides additional ways to access and use the Service (“API”). Customer may only access and use the API for Customer’s internal business purposes, in order to create interoperability and integration between the Service and other products, services or systems Customer uses. When using the API, Customer should follow and comply with the relevant developer guidelines available at http://developers.flagship.io/. AB Tasty reserves the right at any time to modify or discontinue, temporarily or permanently, Customer’s access to the API (or any part of it) with reasonable written notice. The API is subject to changes and modifications, and Customer is solely responsible to ensure that Customer’s use of the API is compatible with the current/new version.

15. Additional Services.

15.1. Professional Services. If specifically subscribed to in the Order Form, AB Tasty may perform professional services through qualified skilled and experienced employees or authorized subcontractors of AB Tasty in accordance with the terms and conditions of the Agreement and with Good Industry Practice (as defined below). AB Tasty shall act in a professional and diligent manner. AB Tasty shall not be accountable for any loss suffered by the Customer by reason of the Customer’s action or non-action on the basis of any advice, recommendation or approval of AB Tasty. Customer agrees to provide, at no cost to AB Tasty, timely and adequate assistance reasonably requested by AB Tasty and other resources to enable the performance of the professional services. AB Tasty will not be liable for any deficiency in the performance of such Professional Services to the extent it can justify that such deficiency results from Customer’s failure to provide timely and adequate assistance or resources. AB Tasty will control the method and manner of performing all work necessary for completion of professional services, including but not limited to the supervision and control of any personnel performing such services. AB Tasty will maintain such number of qualified, skilled, and experienced personnel and appropriate facilities and other resources sufficient to perform AB Tasty’s obligations in accordance with the terms and conditions of the Agreement. Good Industry Practice means the standards, practices, methods and procedures conforming to the law and the degree of skill and care, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced person or body engaged in a similar type of undertaking under the same or similar circumstances.

15.2. Training. Training sessions might be purchased by the Customer under conditions to be described in the Order Form. Except as otherwise agreed upon by the Parties, training are performed remotely. In the event that training  take place at the Customer’s premises, the Customer shall (i) provide to AB Tasty an access to its premises with working tools in order for the training to be carry out under normal conditions; (ii) AB Tasty will comply with any health and safety rules and procedures of the Client, provided that these rules and procedures have been provided to AB Tasty in advance by the Customer; and (iii) reimburse AB Tasty of any pre-approved  travel expenses.

15.3. AB Tasty may subcontract parts of its obligations under this Section, provided AB Tasty remains fully liable towards the Customer for any and all acts and omissions of such sub-contractors, and provided all subcontractors are subject to the same obligations hereunder as is AB Tasty.

16. Payments.

16.1. Subscription Fees. Customer’s access to the Services is subject to Customer’s payment of the subscription fees (the “Fees” or “Price”) set forth in the Order Form for the relevant Subscription Term (as defined in Section 20 “Term and Termination”). 

The Fees are based on the number of Unique Visitors (UV) or Monthly Active Users (MAU) (as defined below) declared by the Customer in the Order Form (“Declared Number”) in accordance with the  AUP. “Monthly Active Users” or “Unique Visitor” means each unique visitor of the website or of the connected tool of the Customer, identified by a visitor ID.  As applicable, the AUP states the quantity of Call or Request (as defined below) allowed by AB Tasty per MAU or UV and per service. “Request” or “Call”  means the message sent to a server asking the API to provide a service or information.

The Fees are fixed for the Initial Term as defined in Section 20 “Term and Termination”. Any exceptional discounts, rebates or reductions granted to the Customer are valid for the first year of the Initial Term.

At the anniversary date of the Effective Date, the Fees might be automatically updated in accordance with the Additional Threshold Pricing Table, if any, set forth in the Order Form based on the actual number of VU or MAU; by default the Fees shall be increased on a prorata basis.

16.2. Payment processing. Customer agrees to provide AB Tasty updated, accurate and complete billing information, and authorizes AB Tasty (either directly by AB Tasty or through its Affiliates) to charge, request and collect payment from Customer’s payment method or designated banking account for all applicable Subscription Fees and if paid via credit card to store its credit card information on AB Tasty servers and/or on third parties’ payment processing providers systems (additional terms may apply to such payments).

16.3. Payment Terms. Unless indicated otherwise in the Order Form, all amounts are stated and shall be paid in United States Dollars (USD) and are payable within thirty (30) days from the date of the invoice. Unless otherwise specified in the Order Form, the Fees shall be billed on an annual basis for the respective subscription term. Unless expressly set forth herein, the Fees are non-cancelable and non-refundable. In the event of non-payment or late payment of the Fees, the Customer will automatically be liable from the due date for (i) late penalties equal to the refinancing rate of the European Central Bank plus 10 points, until full payment; (ii) a lump-sum compensation as might be mandatory under applicable law; and (iii) the recovery costs for amounts greater than the amount of the fixed compensation mentioned above. The Customer may not invoke any compensation or deduction mechanisms or withhold any amount owing to AB Tasty under the Agreement.

16.4. Taxes. All Fees payable to AB Tasty are exclusive of applicable taxes (including without limitation VAT, withholdings or duties), and the Fees set forth in the Order Form are the net amounts which AB Tasty shall be paid by Customer. Customer shall be responsible for the payment of all taxes, withholdings and duties of any kind payable with respect to its subscription to the Service arising out of or in connection with this Agreement. In the event that Customer is required by applicable law to withhold taxes imposed upon Customer for any payment under this Agreement, the amounts due to AB Tasty shall be increased by the amount necessary so that AB Tasty receives an amount equal to the sum it would have received had Customer not made any withholding.

17. Warranty Disclaimer.

NOTWITHSTANDING ANYTHING IN THIS AGREEMENT OR ELSEWHERE TO THE CONTRARY AND TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW: 

17.1. EXCEPT AS EXPRESSLY SET FORTH HEREIN: (I) THE SERVICE IS PROVIDED ON AN “AS IS” “WITH ALL FAULTS” AND “AS AVAILABLE” BASIS AND MAY BE UPGRADED FROM TIME TO TIME; AND (II) AB TASTY DISCLAIMS, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ANY AND ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON INFRINGEMENT. AB TASTY WILL NOT BE LIABLE OR RESPONSIBLE FOR ANY: (A) TECHNICAL PROBLEMS OF THE INTERNET (INCLUDING WITHOUT LIMITATION SLOW INTERNET CONNECTIONS OR OUTAGES); AND/OR (B) ISSUE THAT IS ATTRIBUTABLE TO CUSTOMER’S HARDWARE OR WEBSITES OR SERVICE OR CUSTOMER’S INTERNET OR DATA SERVICES.

17.2. AB TASTY DOES NOT WARRANT THAT THE SERVICE OR ACCESS TO AND USE OF THE SERVICE WILL BE UNINTERRUPTED, TIMELY, ERROR FREE, THAT DATA WON’T BE LOST, THAT DEFECTS WILL BE CORRECTED OR THAT THE SITES AND/OR SERVICE ARE FREE FROM VIRUSES OR OTHER HARMFUL CODE.

17.3. EXCEPT AS EXPRESSLY SET FORTH HEREIN, AB TASTY DOES NOT WARRANT, AND EXPRESSLY DISCLAIMS ANY WARRANTY OR REPRESENTATION (I) THAT THE SERVICE (OR ANY PORTION THEREOF) IS COMPLETE, ACCURATE, OF ANY CERTAIN QUALITY, RELIABLE, SUITABLE FOR, OR COMPATIBLE WITH, ANY OF CUSTOMER’S CONTEMPLATED ACTIVITIES, DEVICES, OPERATING SYSTEMS, BROWSERS, SOFTWARE OR TOOLS (OR THAT IT WILL REMAIN AS SUCH AT ANY TIME), OR COMPLY WITH ANY LAWS APPLICABLE TO CUSTOMER; AND/OR (II) REGARDING ANY CONTENT, INFORMATION, REPORTS OR RESULTS THAT CUSTOMER OBTAINS THROUGH THE SERVICE AND/OR THE SITES.

18. Limitation of Liability.

18.1. EXCEPT TO THE EXTENT PROHIBITED BY APPLICABLE LAW, IN NO EVENT SHALL A PARTY, ITS AFFILIATES AND THIRD-PARTY PROVIDERS BE LIABLE FOR: (I) ANY INDIRECT, EXEMPLARY, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES; (II) ANY LOSS OF PROFITS, COSTS, BUSINESS, OR ANTICIPATED SAVINGS; (III) ANY LOSS OF, OR DAMAGE TO DATA, REPUTATION, REVENUE OR GOODWILL; (IV) THE FAILURE OF SECURITY MEASURES AND PROTECTIONS EXCEPT IF SUCH FAILURE RESULTS IN A BREACH OF A PARTY’S CONFIDENTIALITY OBLIGATION OR IN A BREACH BY A PARTY’S OBLIGATIONS UNDER THE DPA OR ANY APPLICABLE PERSONAL DATA PROTECTION LAW; AND/OR (V) THE COST OF PROCURING ANY SUBSTITUTE SERVICES.

18.2. NOTWITHSTANDING ANYTHING TO THE CONTRARY UNDER THIS AGREEMENT EXCEPT FOR PROOF OF CONCEPT AND BETAS  UNDER SECTION 2 “THE SERVICE” AND FOR CLAIMS  UNDER SECTION 18. 3, A PARTY’S TOTAL ENTIRE LIABILITY TO THE OTHER PARTY, FOR ALL DAMAGES AND LOSSES UNDER THIS AGREEMENT SHALL NOT UNDER ANY CIRCUMSTANCE EXCEED IN AGGREGATE THE AMOUNT OF THE FEES PAID OR PAYABLE BY CUSTOMER TO AB TASTY WITHIN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

18.3. “EXCLUDED CLAIMS” MEANS (I) EITHER PARTY’s PERFORMANCE OR USE OF THE SERVICE THAT RESULTS IN DEATH, PERSONAL INJURY OR DAMAGE TO TANGIBLE PROPERTY; (II) EITHER PARTY’S WILLFUL MISCONDUCT, MISREPRESENTATION OR GROSS NEGLIGENCE; (III) AMOUNTS PAYABLE TO THIRD PARTIES UNDER THE INDEMNIFYING PARTY’S OBLIGATIONS; (IV) BREACH BY A PARTY OF ITS OBLIGATIONS UNDER ANY APPLICABLE PROTECTION OF PERSONAL DATA LAW; OR (V) CLAIMS WHICH CANNOT BE EXCLUDED AS A MATTER OF LAW. UNLESS OTHERWISE DEFINED BY APPLICABLE LAW, “WILLFUL MISCONDUCT” MEANS ANY ACT OR FAILURE TO ACT WHICH WAS A DELIBERATE AND WRONGFUL ACT OR OMISSION AND WAS DONE OR OMITTED WITH THE MALICIOUS INTENT TO CAUSE HARM TO THE OTHER PARTY; AND “GROSS NEGLIGENCE” MEANS A  PARTY’S FAILURE TO  PERFORM A MANIFEST DUTY AT LAW (NOT BEING A CONTRACTUAL BREACH ALONE) WITH A WANTON AND RECKLESS DISREGARD OF THE CONSEQUENCES OF SUCH FAILURE TO THE LIFE OR PROPERTY OF THE OTHER PARTY.

18.4. THE EXCLUSIONS AND LIMITATIONS ON LIABILITY SET FORTH IN THIS SECTION ‎SHALL APPLY: (I) EVEN IF SUCH PARTY, ITS AFFILIATES OR THIRD-PARTY PROVIDERS, HAVE BEEN ADVISED, OR SHOULD HAVE BEEN AWARE, OF THE POSSIBILITY OF LOSSES OR DAMAGES; (II) EVEN IF ANY REMEDY IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE; AND (III) REGARDLESS OF THE THEORY OR BASIS OF LIABILITY (SUCH AS, BUT NOT LIMITED TO, BREACH OF CONTRACT OR TORT).

19. Indemnification.

19.1. By AB Tasty. AB Tasty hereby agrees to defend and indemnify Customer against any damages awarded against Customer by a court of competent jurisdiction, or paid in settlement, in connection with a third-party claim, suit or proceeding that Customer’s or its Users’ use of the Service within the scope of this Agreement infringes any copyright or trade secret of a third party. AB Tasty shall have no obligations or liability hereunder to the extent that the (i) alleged infringement is based on the Customer Data and any other content provided by Customer or its Users or to any events giving rise to Customer’s indemnity obligations (ii) the Service (or any portion thereof) was modified by Customer or any of its Users or any third party, but solely to the extent the claim would have been avoided by not doing such modification; (iii) if the Service is used in combination with any other service, device, software or products, including, without limitation, Third Party Services, but solely to the extent that such claim would have been avoided without such combination; and/or (iv) the Services are provided for “Proof of Concept and Betas” or other free or evaluation. Without derogating from the foregoing defense and indemnification obligation, if AB Tasty believes that the Service, or any part thereof, may so infringe, then AB Tasty may in its sole discretion: (a) obtain (at no additional cost to Customer) the right to continue to use the Service; (b) replace or modify the allegedly infringing part of the Service so that it becomes non-infringing while giving substantially equivalent functionality; or (c) if AB Tasty determines that the foregoing remedies are not reasonably available, then AB Tasty may require that use of the (allegedly) infringing Service (or part thereof) shall cease and in such an event Customer shall receive a prorated refund of any Subscription Fees paid for the unused and unexpired portion of the subscription period. This Section states AB Tasty’s entire liability and Customer’s exclusive remedy for infringement. 

19.2.By Customer. Customer hereby agrees to defend and indemnify AB Tasty against any damages awarded against AB Tasty by a court of competent jurisdiction, or paid in settlement, in connection with (i) a third-party claim, suit or proceeding that use of the Customer Data and any other content provided by Customer and/or its Users, infringes any intellectual property rights of a third party; or (ii) a claim by a User. 

19.3. General. The defense and indemnification obligations of the indemnifying Party under this Section are subject to: (i) the indemnified Party making every reasonable effort to mitigate its damages and losses; (ii) the indemnifying Party being given prompt written notice of the claim by the indemnified Party; (iii) the indemnifying Party being given immediate and complete control over the defense and/or settlement of the claim, provided that the indemnifying Party makes no admission of liability on behalf of the indemnified Party and does not compromise the ability of the indemnified Party to defend the claim and may not settle or compromise any infringement claim without the prior written consent of  the indemnified Party; and (iv) the indemnified Party providing cooperation and assistance, at the indemnifying Party’s expense, in the defense and/or settlement of such claim and not taking any action that prejudices the indemnifying Party’s defense of, or response to, such claim. To the fullest extent permitted by law, the sole obligation and entire liability in respect of the covered claims (as set out above) are limited to the indemnity.

20. Term and Termination.

20.1. Term. Access to the Service is provided on a subscription basis, effective upon the date mentioned on the Order Form (“Effective Date”) and by default upon its signature date, and for a duration that consists of the subscription term specified in the Order Form (the “Initial Term”). 

At the end of the Initial Term, the Agreement shall automatically renew following the Initial Term for periods equal to the duration of the Initial Term (each a “Renewal Term”, and together with the Initial Term, collectively, the “Subscription Term”), unless either Party gives the other, before the end of the relevant Subscription Term(s), a ninety (90) day prior written notice of non-renewal of all or part of the Agreement.

20.2. Termination for Cause. Either Party may terminate this Agreement with immediate effect if the other Party:

20.2.1. materially breaches this Agreement and such breach remains uncured (to the extent that the breach can be cured) thirty (30) days after having received written notice thereof; or

20.2.2. if either Party (a) announces a cessation of its entire business or becomes insolvent; (b) elects to dissolve and wind-up its business; (c) makes a general assignment for the benefit of  creditors; or (d) petitions for or appoints (or a third party causes to be appointed for itself) a receiver, custodian or trustee to take possession of  all or substantially all of that Party’s property; 

20.2.3. or in accordance with Section 21 “Force Majeure”.

20.2.4. Termination for cause under sections 20.2.1 and 20.2.3 shall only apply to the Service(s) affected by the breach or the force majeure event.

20.3. Suspension. If AB Tasty reasonably determines that Customer is using the Service in a manner that violates laws, rules or regulations, the AUP, or Section 5 “Restricted Use” of this Agreement, imposes a security risk, or takes any action that impairs or will likely impair AB Tasty’s ability to provide or support the Service, AB Tasty may suspend Customer’s access to and use of, the Service until such time as the issue has been resolved.

20.4. Effect of Termination.

20.4.1. Upon termination of this Agreement, the rights granted under Section 1 “Right to Use” will terminate and Customer shall, and shall cause its Users to immediately cease all access to and use of the Service.

20.4.2. Deletion of Customer Data and Confidential Information. Thirty (30) days upon termination or expiration of this Agreement, Customer’s access to its Account shall terminate. It is Customer’s responsibility to export or delete the Customer Data prior to such termination or expiration. AB Tasty shall not have any liability either to Customer, nor to any User or third party, in connection thereto. AB Tasty reserves the right to permanently delete any Customer Data that may be contained in Customer’s Account at any time following this thirty-day notice. Customer acknowledges that such deletion will be made in good faith, using commercially reasonable procedure and may not concern electronically stored information from sources that are not reasonably accessible because of undue burden or cost (in particular electronically stored information on back-ups made primarily for disaster recovery and maintained in the ordinary course of business will not be considered reasonably accessible)and it agrees to waive any legal or equitable rights or remedies it may have against AB Tasty with respect to such Customer Data or Confidential Information that had been deleted. 

Customer shall promptly destroy any and all AB Tasty Confidential Information, and, upon AB Tasty’s request, have an officer of Customer confirm the same in writing.

20.4.3. Obligation to Pay. Except as otherwise specifically set forth in the Agreement, termination or cancellation of this Agreement for any reason shall not relieve Customer from its obligation to pay any outstanding payments due under this Agreement and Customer’s obligation to pay the Subscription Fees throughout the end of the applicable Subscription Term shall remain in full force and effect, and except for termination for cause by Customer for material breach by AB Tasty in accordance with Section 20.2.1 above, Customer shall not be entitled to a refund for any pre-paid Subscription Fees.

21. Force Majeure. Each Party will be excused from liability in the event of a force majeure event, subject to the impacted Party taking all reasonable steps (including implementing commercially reasonable workarounds) to mitigate and/or minimize the scope and period of delay, to the extent that i) the force majeure event invoked by a Party is an unforeseeable event or circumstance ‘beyond such Party’s reasonable control; and ii) immediate notice of any force majeure event has been given by the impacted Party to the other. Subject to section 20.2.3, either Party may retain the right to terminate the Agreement if the force majeure event endures for a longer period than thirty (30) days following the aforementioned notice.

22. Injunctive Relief. Each Party agrees that the wrongful disclosure of Confidential Information may cause irreparable injury that is inadequately compensable by monetary damages. Accordingly, and notwithstanding Section 28 “Governing Law and Disputes”, either Party may seek injunctive relief in any court of competent jurisdiction for the breach or threatened breach of Section 7 “Confidentiality” in addition to any other remedies in law or equity.

23. Reference Customer. AB Tasty may use Customer’s name and logo on its website and in its promotional materials to state that Customer is a customer of AB Tasty and its Service. 

24. Independent Contractors. The Parties are independent contractors. Nothing in this Agreement shall create a partnership, joint venture, agency, or employment relationship between the Parties. Neither Party may make, or undertake, any commitments or obligations on behalf of the other.

25. Assignment. This Agreement and any rights or obligations hereunder may not be transferred or assigned by a Party without the prior written consent (which will not be unreasonably withheld) of the other Party but may be transferred or assigned by a Party without the other Party’s consent to a wholly owned affiliate, or to an acquirer in connection with any merger, consolidation, or sale of all or substantially all of the assigning Party’s assets, or in connection with any transaction or series of transactions resulting in a change of control of the assigning Party; provided, however, (i) that the assigning Party must ensure that the assignee agrees to be bound by the terms and conditions of this Agreement; (ii) that the assignee must not be a direct or indirect competitor of the assigned Party; and (iii) such transfer or assignment shall be notify in writing and  by the assigning Party to the assigned Party. Subject to the foregoing conditions, this Agreement shall be binding upon and benefit each Party and its respective assigns.

26. Notice. Except as otherwise stated in this Agreement, all notices or reports permitted or required under this Agreement shall be made by personal delivery, by express courier service (such as FedEx or UPS) that requires proof of delivery, certified or by registered mail, return receipt requested, or by, electronic mail, or through the Service in the case of notices by AB Tasty and shall be deemed effective (i) if mailed, five (5) business days after mailing; (ii) if made by personal delivery or sent by messenger or express courier service, upon delivery; and (iii) if sent via, electronic mail or through the Service in the case of notice by AB Tasty, upon transmission and the earlier of (a) electronic confirmation of receipt; or (b) on the first business day following transmission. Copy of the notice or report from Customer must be sent to legal@abtasty.com .

27. Amicable settlement. In the event of any claim, dispute, controversy, or other matter in question between the Parties arising out of or relating to this Agreement or the breach hereof (each, a “Dispute”), such Dispute shall be referred in the first instance to the Parties’ contract owner for discussion and resolution. If the Dispute is not resolved by the relevant contract owners within five (5) Business Days, the Dispute will be referred to higher levels of management for each Party who shall use good faith efforts to resolve the Dispute between them. If the Parties are unable to resolve the Dispute between them within such five (5) Business Days period, the Dispute shall be resolved in accordance with Section 28 (Governing Law and Disputes). 

28. Governing Law and Disputes. This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of the country where the AB Tasty entity signatory of this Agreement is registered. Each party irrevocably agrees that the courts of the city where such AB Tasty entity is registered, shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods does not apply to the Agreement.

29. Order of Precedence. In the event of any conflict or discrepancy by and among this Agreement, its Annexes and any other document referred to herein, such conflict or inconsistency shall be resolved by giving precedence in the following order, unless explicitly indicated otherwise in writing, by the Parties: 

i. The Order Form 

ii. This Agreement excluding its Annexes (if any)

iii. The Annexes under this Agreement, and

iv. Any other online document incorporated into this Agreement.

30. General.

30.1. The headings used in this Agreement are for convenience only and shall in no case be considered in construing this Agreement. 

30.2. Any Order Form entered into between the Parties shall be deemed to incorporate the terms of this Agreement. 

30.3. This Agreement: (i) comprises the entire agreement between the Parties regarding the subject matter hereof and supersedes and merges all prior understandings, oral and written, between the Parties relating to the subject matter of this Agreement; and (ii) may only be modified by a writing that is mutually signed by both Parties except as otherwise stated in this Agreement. 

30.4. If any part of this Agreement is held by a court of competent jurisdiction to be illegal or unenforceable, the validity or enforceability of the remainder of this Agreement shall not be affected and such provision shall be deemed modified to the minimum extent necessary to make such provision consistent with applicable law and, in its modified form, such provision shall then be enforceable and enforced.

30.5. No failure or delay in exercising any right hereunder by either Party shall operate as a waiver thereof, nor will any partial exercise of any right hereunder preclude further exercise. 

30.6. This Agreement may be executed: (a) in counterparts, both of which taken together shall constitute one single Agreement between the Parties; and (b) via facsimile or electronic copy, and a facsimile or electronic copy of either Party’s signature shall be deemed and be enforceable as an original thereof.

Data Processing Agreement (DPA)

This Data Processing Agreement (the “DPA”) is an integral part of the General Terms and Conditions of the SaaS service agreement between the Customer and AB Tasty (the “Agreement“).

1. Definitions and interpretation

Applicable Personal Data Protection Law means all applicable regulations and laws relating to the protection of data subjects’ personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR“) and the California Consumer Privacy Act (“CCPA“), in each case as subsequently amended, repealed, consolidated or replaced.

The terms used in the DPA are defined by the Applicable Personal Data Protection Law. 

Capitalized terms not defined in the DPA shall have the meaning ascribed to them in the Agreement.

In the event of any inconsistency between the DPA and the Agreement, the DPA shall prevail.

2. Data controller and Data processor

The Customer is the data controller and AB Tasty is the data processor.

3. Description of the processing subject to the processing

Categories of data subjects involved	Visitors to the Customer’s website or other connected tools
Categories of personal data	IP address
Nature of the processing	CollectionErasure
Purpose	Provision of AB Tasty Services in accordance with the Agreement
Storage Duration	Immediate erasure (no storage)
Processing Period	Duration of the Agreement

4. AB Tasty’s obligations

AB Tasty is committed to: 

i) process personal data only for the purpose defined in Article 3;

ii) process personal data in accordance with the Applicable Personal Data Protection Law, the Agreement, this DPA and reasonable and documented instructions from the Customer, provided that such requests are in accordance with the terms of the Agreement. If AB Tasty considers such an instruction to be a violation of the Applicable Personal Data Protection Law, AB Tasty shall immediately inform the Customer and may, without liability to the Customer, temporarily cease all processing of the personal data concerned. If the Parties do not agree on a resolution of the problem and associated costs, the Customer may, as a sole remedy, terminate the Agreement. 

iii) ensure the security of personal data, by ensuring that each member of its staff authorized to process personal data is subject to non-disclosure agreements or professional or legal obligations of confidentiality and is trained in the relevant data security and protection requirements.

In addition, if AB Tasty is required to transfer data to a third country or to an international organization under the law of the European Union or the law of the Member State to which it is subject, AB Tasty will inform the Customer of this legal obligation prior to processing, unless the law concerned prohibits such information on important public interest grounds. 

5. Information and rights of the data subjects

The Customer is responsible for, at the time of collection of the personal data referred to in Article 3, informing the data subjects of the two processing operations carried out by AB Tasty.

Given the nature of these two processes (collection and erasure), and in particular the lack of storage of the personal data referred to in Article 3:

i) the Customer is informed that the possibility of a data subject coming forward to AB Tasty to exercise his/her rights is almost non-existent,

ii) in any event, AB Tasty will assist the Customer in fulfilling its obligation to respond to requests for the exercise of rights by the persons involved. 

6. Security

AB Tasty shall immediately erase the personal data referred to in Article 3, which shall not be stored or further processed. 

AB Tasty is ISO 27001 certified and this certification is attached to the Agreement. 

AB Tasty implements the technical and organizational measures specified in Annex I. 

7. Violation of personal data 

AB Tasty shall notify the Customer, via the e-mail address provided by the Customer to AB Tasty, of any breach of personal data as soon as possible and no later than seventy-two (72) hours after becoming aware of it. 

Given the nature of the two processes (collection and erasure) carried out by AB Tasty, and in particular the fact that the personal data referred to in Article 3 is not stored, the Customer acknowledges that the possibility of such a breach is virtually non-existent, and that in any case AB Tasty would have little or no need to provide details in connection with such a notification.

8. Assistance

In any case, AB Tasty undertakes to actively collaborate with the Customer so that it is able to meet its regulatory and contractual obligations, at no additional cost to the Customer. 

9. Control and audit

9.1 Internal monitoring: AB Tasty undertakes to regularly test and monitor the security measures implemented in accordance with Article 6 above. The reports and results of these tests and evaluations are recorded in a register. 

If the Customer requires additional information to comply with its own obligations or a request from a supervisory authority, the Customer shall inform AB Tasty in writing.

9.2  Audit: AB Tasty undertakes to make available to the Customer the necessary and reasonable information to demonstrate compliance with the obligations under the Applicable Personal Data Protection Law and to allow audits to be carried out by the Customer or an auditor appointed by it, and to contribute to such audits, provided that: 

i) the auditor is not a direct competitor of AB Tasty and signs a confidentiality agreement.

ii) the scope of the audit is limited to AB Tasty’s facilities and systems used to process the Customer’s personal data.

iii) the number of audits is limited to one (1) time per year. 

(iv) a minimum of thirty (30) business days’ notice is given. 

(v) the conduct of the audits does not disrupt AB Tasty’s business, as the audits take place during AB Tasty’s working hours.

vi) the costs and expenses of such audits shall be incurred by the Customer; it being understood that if the findings of the audit indicate non-compliance of the AB Tasty Service with the Applicable Personal Data Protection Law and such findings are not contested by AB Tasty. AB Tasty undertakes to take all necessary corrective measures. The Customer is entitled, at its discretion, either to await compliance or to terminate the Agreement.

9.3. All the AB Tasty’s information collected during audit or control operations and disclosed to the Customer are confidential information; it may only be used for the purposes of the audit and the necessary corrective actions, to the exclusion of any other use by the Customer.

10. Subsequent processing

10.1 Authorized subsequent processors

A list of AB Tasty’s authorized subsequent processors is included in Annex II of the DPA. 

AB Tasty guarantees that its processors provide sufficient guarantees of compliance. A DPA will be signed with any subsequent processor, providing for obligations at least equivalent to this DPA. 

If the subsequent processor does not fulfill its obligations regarding personal data’s protection, AB Tasty remains fully responsible to the Customer for the subsequent Processor’s performance of its obligations.

10.2 Changes to the list of authorized subsequent processors. 

The Customer grants AB Tasty a general authorization to processing. 

In this context, AB Tasty will inform the Customer of any changes concerning the addition or replacement of other processors at least ten (10) working days prior to the change, in order to give the Customer the opportunity to object to such changes. This information will clearly indicate the outsourced processing activities and the identity and contact details of the subsequent processor. Customer will have ten (10) business days from the date of receipt of such information to file its objections. If the Customer has a legitimate objection to the addition of a processor and AB Tasty cannot reasonably find an alternative, it will notify the Customer. The parties will cooperate to find a satisfactory solution. If no solution is found, the Customer is entitled to terminate the services concerned. If the Customer does not object within the said period, the relevant processor may be commissioned to process the Customer’s personal data.

11. Transfer of personal data

No personal data of the Customer may be transferred by AB Tasty outside the European Economic Area to third countries that do not offer an adequate level of data protection under the adequacy decisions issued by the European Commission.

12. Obligations of the Customer

The Customer shall comply with the Applicable Personal Data Protection Law, both when using the Services and when instructing AB Tasty. In particular, the Customer shall:

i) establish and maintain all legal grounds required to authorize the processing of personal data by AB Tasty on its behalf;

(ii) informing data subjects of the processing of their personal data; 

(iii) obtain, where appropriate, the required consents from the data subjects;

iv) in the event that it generates ID Visitors, ensure that they do not contain any personal data in compliance with the principle of minimization of personal data.

13. Retention of personal data

AB Tasty does not retain the personal data referred to in Section 3, which are immediately erased.

14. Data Protection Officer 

The contact details of AB Tasty’s Data Protection Officer are as follows: dpo@abtasty.com. 

APPENDIX I

TECHNICAL AND ORGANISATIONAL MEASURES

, INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE DATA SECURITY

AB Tasty has put in place several measures to ensure the confidentiality, integrity, availability and resilience of systems and services related to the processing of personal data. These technical and organisational measures reduce the risk to a level that is consistent with best practices. AB Tasty conducts regular internal and external audits to ensure that all these concepts and rules are implemented and adhered to. The security processes referred to in this annex are continuously improved to be in line with best practices.

•   AB Tasty is ISO 27001 certified.
•   Regular security audits are carried out, both internally and externally.

1. Information security organisation

•   An Information Systems Security Policy (ISSP) is in place and approved by AB Tasty management.
•   This ISSP is communicated to all employees and relevant external parties.
•   Responsibilities for information security have been defined and assigned.
• An Information Systems Security Manager (ISSM) has been appointed.

2. Human resources

•   Each employee is subject to a confidentiality agreement, which is appended to their contract.
•   Training sessions in best IT security practices are regularly organised.
•   A charter for the proper use of IT resources is shared with all employees.
• Processes are put in place to manage entries, exits and movement within AB Tasty.

3. Authorisation management

• Access rights to resources are managed according to the following principles:
  • Need to access: each User may only access the resources needed to carry out their assignment;
  • Least privilege: each User has access to the resources with only the minimum privileges needed to carry out the actions required for their assignments.

•   Passwords are stored in a hashed and salted format, i.e. AB Tasty does not store the password in clear text.
•   Private keys linked to certificates are stored so that only authorised Users can access them.
• There are a number of ways for Users to verify their identity:
  • Simple authentication: The User verifies their identity with a login/password pair. The password must meet the following complexity requirements:
    • Include at least 12 characters;
    • Contain at least 1 upper case, 1 lower case, 1 number or special character
    • Be changed when first logging on;
  • Multi-factor authentication: In addition to the login/password pair, the User enters a code sent by SMS to log in;
  • Identity federation: The Services are SAML v2 compliant, which enables the Customer to use their own identity federation solution to authenticate their Users;

•   All privileged access given internally to AB Tasty employees is enforced by a two-factor authentication method.
•   Each access given to AB Tasty employees is created with a unique and random initial password. This password must be changed during the initial login.
•   All accesses granted to AB Tasty employees are nominative, so that each action can be assigned to a specific person.
• When creating User accounts, the Customer assigns access rights according to the RBAC (Role Based Access Control) authorisation model:
  • Admin: has full rights to the account;
  • User: can view and edit all campaigns but does not have access to account management settings;
  • Creator: can see all campaigns and can update non-sensitive information. However, this profile cannot play/pause a campaign or delete campaign data;
  • Viewer: can see all campaigns but cannot update them.

4. Physical Security

•   Access to offices is strictly limited to employees with an electronic name badge.
•   Physical access is regularly monitored.
•   No physical media (paper, removable drives, printouts) are stored in the offices.  
•   Alarms and firefighting equipment have been visibly implemented.
•   An anti-intrusion system is in place and a guard is present.
• The IT infrastructure (applications, network and storage) is hosted in a secure private cloud that meets ISO 27001 and SOC 2 certifications.

5. System operation

•   All systems, applications or new services rolled out are minimally exposed, allowing access only to the intended audience.
•   Operational documentation has been developed and is updated whenever significant changes are made.
• Basic security protections are in place for all equipment under AB Tasty’s responsibility:
  • An antivirus is active and up to date on all AB Tasty employees’ workstations;
  • The patches made available by the various suppliers are installed.

•   All workstations have a version of the operating system maintained by the publishers and are regularly updated,
•   All employee workstations are securely erased before being reassigned.
•   All flows over the Internet are encrypted (HTTPS TLS 1.2 and VPN IPSEC).
• Best practices, such as those of the Center for Information Security (CIS) are applied.

6. Availability and backup

•   Formal business continuity plans (BCP) and disaster recovery plans (DRP) are in place.
•   These plans are regularly reviewed and updated to ensure that systems and services remain available in the event of failure.
•   Regular tests are carried out annually to assess the effectiveness of these continuity and recovery plans.
•   The use of a distribution network (CDN) ensures that the script is replicated.
• Data is replicated and backed up to ensure availability in the event of a disaster.

7. Logging and monitoring

•   A logging system is in place within AB Tasty to ensure its monitoring.
•   Alerts are set up, along with a 24/7 on-call service to respond as quickly as possible in the event of a security incident.
• The various audit logs cannot be modified, even by AB Tasty administrators.

8. Management of technical vulnerabilities

•   A security watch is in place to identify the various security flaws in the system.
•   A vulnerability scanner is also in place.
• In the event of an emergency (virus attack, critical flaw or any remotely exploitable vulnerability), AB Tasty will provide:
  • a patch to be applied ; or
  • a temporary workaround.

9. Security of developments

•   The various environments are logically isolated (production and development/staging, etc).
•   A development policy and a secure development policy are in place within AB Tasty.
•   Code reviews are carried out for each new deployment.
• We provide our customers with a system for checking the integrity of the script (via API), thus avoiding script corruption.

10. Incident management

•   An incident management procedure is in place within AB Tasty to detect, classify and process security incidents.
•   This includes communicating major or critical incidents to our customers as soon as possible.
• All resolved incidents are analysed after the incident to determine their cause, to prevent symptoms from recurring and to strengthen security systems.

APPENDIX II

LIST OF AUTHORISED PROCESSORS

Subsequent processor	Place of processing	Storage location
Google Cloud Platform (GCP)	Belgium	N/A (no storage)

•  

Description of the Service

AB Tasty Service (Client Side)

1. Mode of operation

1.1 Installation of the AB Tasty JS Tag by the Customer

The AB Tasty Service is based on the installation by the Customer of a tag (“JavaScript Tag” or “JS Tag”) on its Website(s) or its connected tools and on the ability of said JS Tag to collect a certain amount of information on the behaviour and browsing mode of the Visitors to the website or the connected tools in question.

To activate the AB Tasty Service, the Customer must install the JS Tag on each of the tools where it wishes to conduct a marketing campaign.

Each time a Visitor visits one of the Customer’s connected tools, the JS Tag is activated, downloads a JavaScript (list of HTML modifications) generated by the Customer and hosted by AB Tasty, and allows for the remote collection of behavioural data.

Said installation must be done as follows:

• Synchronous placement of the Tag 
• Deposit of the Tag in the page header and insertion between the tags of the web page subjected to campaigns
• Placement of the tag before any other script
• Placement of the Tag directly in the source code of the web page (and not in a Tag Management System)

The Customer is responsible for adjusting the implementation according to its needs and specific requirements. Configuration by the Customer of the JS Tag, its weight, or its position in the HTML pages of the website(s) or the Customer’s other connected media may impact the download time of the JS Tag on the terminal used by the Visitor(s) and may possibly affect the visual quality of the test requested by the Customer. The JS Tag is about 40 kB in size: the number of tests launched simultaneously has a direct impact on the JS Tag (approximately 70 KB in total for 10 ongoing tests). The Customer acknowledges that it is aware that any implementation that deviates from the instructions given above may result in degraded performance once in production and non-application of the Service Quality Levels.

The Customer is forbidden from inserting any script aimed at spying, collecting, deleting or modifying data on the Visitor’s browser and device, and must not damage in any way other services or the Visitor’s browser and device during use of the AB Tasty Service.

The JS tag shall be installed throughout the entire duration of the Contract. 

The JS Tag i) may be uninstalled at any time by the Customer, rendering the AB Tasty Service inaccessible to any of the Customer’s connected media, and ii) must be uninstalled if the Customer suspects or becomes aware of a failure or major event likely to affect any connected media.

At the Contract end date, the JS Tag shall be disabled by AB Tasty.

1.2. Management of cookies by the Customer

The AB Tasty Service requires that two cookies be placed on the Visitor’s device by the Customer’s website(s) or other connected media.

These two cookies are issued by the URL of the Customer’s website:

a) AB Tasty Session Cookie

This cookie is used to identify a unique session, i.e., each ‘visit + the actions performed’ by the Visitor during the visit to the site. This cookie is used to recognise the browser via the IP address associated with it. 

The lifetime of this cookie is limited to the duration of the session.

b) AB Tasty Cookie

This cookie transmits all behavioural information required for preparation of the Campaign Results 

All the Campaign Results obtained are compiled and totally anonymous. They provide information on Visitors’ browsing and behaviour, including the number of Visitors, number of visits, number of pages viewed, information needed to measure the performance of each page version during a test (including URL, Visitor ID generated by AB Tasty, total number of sessions, number of pages viewed in the current session, referrer, 3 timestamps over the life of the session, Test ID pairs, active and past Variation IDs, etc.).  

The lifetime of this cookie is thirteen months.

The Customer is responsible for informing Visitors that these two cookies may be placed on their browser, for obtaining these Visitors’ consent for collecting information via these cookies, and for providing them with the information necessary for the placement of these cookies. 

In any event, the Customer may not activate the AB Tasty Service until the consent of Visitors has been duly obtained by the Customer by following the configuration instructions. Only Visitors who have accepted the cookies will be subjected to the tests proposed by the AB TASTY Service.

1.3 Management of Visitor IDs by the Customer

To activate the AB Tasty Service, the Customer may: 

• either ask AB Tasty to generate a unique ID for each user (“Visitor  ID”). AB Tasty warrants to the Customer that this Visitor ID is anonymous.
• or choose to generate the Visitor ID. The Customer acknowledges that AB Tasty has no way of checking the Visitor IDs generated by the Customer, which may choose, in particular, to associate said Visitor ID with a user context. The Customer is responsible for ensuring that all Visitor IDs generated in this manner are anonymous and do not contain any personal or sensitive data. The Customer hereby relieves AB Tasty from all prejudicial consequences likely to arise from non-compliance with this obligation, both with regard to the persons in question and to the supervisory authorities or any third parties.

1.4 Management of Customer accounts

There are 4 different levels of platform access and accreditation, all of which are at the sole discretion and responsibility of the Customer. They can be configured through the Customer’s AB Tasty account.

a) Viewer – this role allows the following actions:

• View the list of tests or customisations and organise them in folders without modifying or editing them,
• View test reports or customisations without modifying them or creating objectives,
• Access personal information and modify it through the Settings,

b) Creator – this role allows the following actions:

• Create and edit a test or a customisation and copy it without starting, pausing, or deleting it,
• Create and manage folders to organise tests and customisations,
• Assign a tag to, or delete a tag from, a test or a customisation,  
• Access reports and all available options for creating, modifying, or deleting (except for modifying/deleting an objective and deleting data),
• Access information and modify it; display and copy the 3 types of tags through the Settings.

c) User – this role allows the following actions:

• Create and manage tests or customisations (including copying, starting, pausing, deleting, and organising them in folders),
• Access reports and manage all available options,
• Access information and modify it; display and copy the 3 types of tags through the Settings.

d) Admin – this role grants all rights to

• Create and manage tests or customisations (including organising them in folders),
• Access reports and manage all available options,
• Access and manage all configuration options.

1.4 Password confidentiality

The Customer acknowledges that the passwords attributed to it are personal and confidential. The Customer is responsible for ensuring that passwords are kept confidential. AB Tasty can in no way be held liable for damage resulting from the loss or illicit or fraudulent use of a Customer’s passwords.

2. Description of Modules

The modules supplied to the Customer are those indicated on the Order Form according to the Package chosen by the Customer. The following list is provided for information purposes only.

a) Campaign Dashboard

Module for displaying the list and dashboard of campaigns in order to list, view, filter, organise, and archive the list of Campaign Results.

b) Web test campaigns

Module used to create and configure optimisation campaigns using various test methods including A/B tests, redirection tests, and multivariate tests.

c) Web customisation campaigns

Module for creating and configuring customisation campaigns in order to display digital content specific to a target audience as defined by the Customer.

d) Editor

Module for preparing modifications of the display of one or more pages through the AB Tasty Solution ‘Editor’ tool. Some modifications may be applied visually, and others will require the  development of code through AB Tasty, depending on the complexity of the Customer’s website or other connected media.

e) Targeting engine

Module for defining which portion of traffic must be allocated to a given marketing campaign and for segmenting the audience according to a certain number of attributes defined by the Customer.

f) Reporting

AB Tasty collects events triggered by Visitors on the Customer’s websites or other connected media for the purpose of analysing Campaign Results, according to objectives defined by the Customer; AB Tasty also enables its Customers to export each campaign from the platform in order to analyse or share its Campaign Results. The Customer can freely export the data visible in the reports, as well as all its raw data. This export can be performed by direct downloading from the interface or by email request via the user interface.

g) Third Party Tools

This feature can be used to link the Campaign Results generated by the AB Tasty Solution with other third party data belonging to the Customer, such as those from the Customer’s Data Management Platforms (DMPs). 

h) Custom Widgets

Custom Widgets are ‘turnkey’ modules that are fully customisable and dynamic, based on the automation capability of the test of the media provided, and are used i) to quickly add and optimise content on the pages and media of the Customer’s websites or other connected media; and ii) to define which variation performed the best with regard to the indicator defined by the Customer. All the Custom Widgets are made available to the Customer in a library that can be accessed through the platform on which they can be activated. Only Custom Widgets developed by AB Tasty benefit from ongoing and corrective maintenance and are subject to the Service Quality Levels.

Acceptable Use Policy

Service AB Tasty

1. To activate the AB Tasty Service, the Customer may either ask AB Tasty to generate a unique identifier for each Unique Visitor (“Visitor ID“) or choose to generate such Visitor ID. In this case, the Customer acknowledges that AB Tasty has no control over the Visitor IDs generated by the Customer, who may choose to associate this Visitor ID with a user context. It is the Customer’s responsibility to ensure that all Visitors IDs generated in this way are anonymous and do not contain any personal or sensitive data.
2. The Declared Number (as defined in the Terms and Conditions) is a good faith estimate done by the Customer with regards to a provisional use of the Services. Should the Declared Number be reached and unreasonably and excessively exceeded on a yearly basis, the Parties shall meet as soon as possible in order to discuss together the possible impact of this overage on the current Price. AB Tasty commits to alert the Customer as soon as possible, before the Customer reaches the Declared Number.

Service Levels

Definitions

AB Tasty APP (APP): interface allowing access to the AB Tasty Service.

Incident(s): incident declared by the Customer.

Service Credits : amount due by AB Tasty to the Customer in case of non-compliance with the Service Levels.

Percentage of Monthly Usable Time (PMUT): percentage of Service availability, calculated per 5-minute period, on a monthly basis, excluding scheduled maintenance.

Javascript Tag (JS Tag): tag deposited by the Customer on his website.

Response Time (RT): time elapsed between the declaration of the Incident by the Customer and the date of its resolution.

Call Response Time (CRT): time elapsed between the arrival of calls from the Visitor terminal and the sending of responses by AB Tasty’s infrastructure.

Universal Collect: API called by the Customer allowing AB Tasty’s infrastructure to collect raw behavioural data from the Client’s Visitors.

1. AB Tasty Service Levels

1.1 JS Tag

a) The PMUT is 99.99% which corresponds to :

• per day, 8s
• per week, 1mn
• per month, 4mn 22s
• per year, 52mn 35s

b) The CRT is calculated on the default basis of a 33.3kB JS Tag and with a base connection of the Visitor’s terminal as follows:

• Ping latency: 2 milliseconds
• Download speed: 30Mbps
• Upload speed: 15Mbps

For JS Tags up to 40kB,

• The average monthly CRT does not exceed 200 milliseconds
• The CRT may not exceed 500 milliseconds for more than 3% of calls.

For JS Tag between 41kB and 125kB, the average monthly CRT does not exceed 250 milliseconds. 

No CRT is guaranteed for JS Tag above 125kB.

1.2 APP

The PMUT is 99.90% which corresponds to :

• per day, 1 mn 26s
• per week, 10mn 4s
• per month, 43mn 49s
• per year, 8h 45mn 56s

1.3 Universal Collect

The PMUT is 99.95% which corresponds to:

• per day, 43s
• per week, 5m 2s
• per month, 21m 54
• per year, 4h 22m 58s

2. Incident Report – RT

In the event of an Incident, Customer should contact:

• The Customer Success Manager dedicated to the Customer (for customers who have one) or,
• AB Tasty support, by sending an email to the following address: support@abtasty.com

AB Tasty acknowledges receipt of the Customer’s Incident report by email. The correction period starts as soon as AB Tasty acknowledges receipt. A dedicated AB Tasty team is automatically informed of all Incidents that occur in the infrastructure and a DevOps is on call 24/7.

3. Service Credits

3.1 JS Tag

a) PMUT:

PMUT minimum Cumulative minutes / month	Maximum PMUT Cumulative minutes / month	Service Credits(% of service credits / month)
> 5 mins	<= 8 mins	5% of the licence fee of use/month
> 8 mins	<= 12 mins	10%
> 12 mins	<= 16 mins	15%
> 16 mins	<= 20 mins	20%
> 20 mins	<= 40 mins	25%
> 40 mins	<= 60 mins	30%
> 60 mins		35% maximum

b) CRT:

Minimum CRTTag AVG 40kB response time	Maximum CRTCumulative minutes / month	Service Credits(% of service credits / month)
> 200 ms	<= 225 ms	5% of the licence fee of use / month
> 225 ms	<= 250 ms	10%
> 250 ms	<= 275 ms	15%
> 275 ms	<= 300 ms	20%
> 300 ms		25% maximum

c) CRT if the 3% threshold referred to in clause 1.1.b) is exceeded:

Minimum % ofrequests exceeding 500ms	Maximum % of requests exceeding 500ms	Service Credits(% of service credits/ month)
> 3%	<= 4%	5% of the license fee of use / month
> 4%	<= 5%	10%
> 6%	<= 7%	15%
> 8%+		20% maximum

d) RT: 3 working days.

3.2 APP

a)PMUT:

PMUT minimum Cumulative minutes / month	Maximum PMUTCumulative minutes / month	Service Credits(% of service credits/ month)
> 45 mins	<= 90 mins	5% of the amount of theuser licence / month
> 90 mins	<= 120 mins	10%
> 120 mins	<= 240 mins	15%
> 240 mins		20% maximum

b) RT: 3 working days.

3.3 Universal Collect by AB Tasty

a) PMUT

PMUT minimum Cumulative minutes / month	Maximum PMUTCumulative minutes / month	Service Credits(% of service credits/ month)
> 22 mins	<= 30 mins	5% of the licence fee / month
> 30 mins	<= 60 mins	10%
> 60 mins	<= 120 mins	15%
> 120 mins	<= 240 mins	20%
> 240 mins		25% maximum

b) RT : 2 working days.

4. Conditions of application

a) The commitments made by AB Tasty under these Service Levels are result-based commitments.

b) These Service Levels have been established on an annual basis and must, where necessary, be prorated (e.g. in the event of monthly or half-yearly billing by the Customer).

c) In any given month, if more than one Service Credit is incurred, only the highest Service Credit will be due.

d) The Service Credit shall be the sole remedy available to Customer for failure to comply with these Service Levels, up to a maximum of ten percent (10%) of the total amount paid or payable by Customer under the Agreement; provided, however, that in the event of failure to comply with these Service Levels for a period of three (3) consecutive months, Customer shall have the right to either claim the Service Credits, or terminate the Agreement.

e) Scheduled maintenance is excluded from the calculation of Service Levels. The Customer will be notified seven (7) days prior to the Service interruption for scheduled maintenance.

f) These Service Levels are not applicable to Custom Widgets which are developed by Customer.