Terms of Conditions and Use

TERMS AND CONDITIONS OF USE

Last updated on : June 29, 2022

Cratoflow Inc, a Delaware Corporation

Welcome to our website. This site is maintained as a service to our customers. By using this site, you agree to comply with and be bound by the following terms and conditions of use. Please review these terms and conditions carefully. If you do not agree to these terms and conditions, you should not use this site.

IMPORTANT – READ CAREFULLY

THIS MASTER SUBSCRIPTION AGREEMENT (“MSA”) IS ENTERED BETWEEN “YOU” AS A CUSTOMER AND CRATOFLOW, AS SERVICE PROVIDER FOR CRATOFLOW’S HOSTED SERVICE. THE TERMS AND CONDITIONS OF THIS MSA WILL BE LEGALLY BINDING ON YOU UPON YOUR EXECUTION OF AN ORDER FORM. YOU AND CRATOFLOW ARE INDIVIDUALLY REFERRED TO AS A “PARTY” AND COLLECTIVELY AS THE “PARTIES”.

You represent and warrant that you have the authority to accept this Agreement on behalf of the legal entity you have registered at www.cratoflow.com (“you”, “your” throughout this Agreement) and to provide any information that you share with Cratoflow. By indicating your electronic acceptance of this Agreement and by executing an order form (“Order Form”) or other agreement that references this Agreement, you agree to be bound by this Agreement. If you do not accept this Agreement, you must not access or use the Cratoflow’s platform or use Cratoflow Services.

TERMS AND CONDITIONS

  • “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than fifty percent (50%) of the voting interests of the subject entity, or the right to direct the affairs of a subject entity.
  • “Agreement” means this MSA and its appendixes, any Order Forms signed by the parties and additional documents and materials incorporated by reference herein.
  • “Aggregated Data” means statistical information related to use of the Hosted Service for internal and customer reporting purposes, but only in an aggregated form that does not identify a customer, user or specific
  • “Cratoflow” means Cratoflow Inc, a Delaware corporation, having a principal place of business at 975 E Mason Ln Unit 108 Anaheim, CA 92805.
  • “Cratoflow Technology” means all Cratoflow proprietary technology (including software, products, processes, user interfaces, trade secrets, know-how, techniques, designs and other tangible or intangible technical material or information) which Cratoflow makes available to you from time to time in providing the Hosted
  • “Confidential Information” means any information disclosed by a party (the “Disclosing Party”) to the other party (the “Receiving Party”) in any form, that is designated confidential or that reasonably should be understood to be confidential given its nature and the circumstances surrounding the Confidential Information includes, but is not limited to, the Hosted Service, Content, Cratoflow Technology, Documentation, Cratoflow’s pricing and the terms and conditions of this MSA and Order Form. Notwithstanding the foregoing, Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach by the Receiving Party of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party; (iii) is received from a third party without an obligation of confidentiality; or (iv) was independently developed by the Receiving Party without use of the Disclosing Party’s Confidential Information.
  • “Content” means the information, documents, software, products and services contained or made available to you in the course of using the Hosted Service.
  • “Customer Data” means any data, information or material you provide, submit or upload to the Hosted
  • Data Protection Agreement” refers to the agreement attached as Appendix [_] hereto.
  • Data Protection Laws” shall mean with respect to the EU, the GDPR or the law of any such member country implementing the GDPR, and with respect to any other country, any applicable data protection or data privacy laws.
  • “Documentation” means the user instruction materials, as updated from time to time, describing the use and operation of the Hosted Service that are provided in the Hosted Service’s “Help” files.
  • “Downtime” means when you are unable to transmit and/or receive data from the Hosted Service, but does not include the effects of any Internet, Customer network or other connectivity issues which are not within Cratoflow’s control.
  • “Emergency Maintenance” means maintenance which may delay or interrupt your use of the Hosted Service, and the necessity of which is not known to Cratoflow in advance of its occurance.
  • “Effective Date” means the Contract Start Date set forth in your initial Order Form.
  • “Free Services” means Services that Cratoflow makes available to Customer free of Free Services exclude Services offered as a free trial and Purchased Services.
  • “Hosted Service” means Cratoflow’s online products and related services reflected on an Order Form accessed at a website designated by Cratoflow, or ancillary services rendered to you by Cratoflow, to which you are being granted access under the Agreement, including the Cratoflow Technology and content.
  • Initial Term” means the initial period that commences on the Effective Date for the period set forth in the initial Order Form.
  • “Intellectual Property Rights” means inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, know-how and trade secret rights, and all other intellectual property rights, derivatives thereof and all renewals thereto as well as other forms of protection of a similar nature anywhere in the world.
  • “System Administrator(s)” means the User(s) you designate who are authorized to purchase licenses by executing Order Form(s) and to create User accounts and otherwise administer your use of the Hosted Service.
  • “Non-Cratoflow Application” means a Web-based, mobile, offline or other software application functionality that interoperates with a Service, that is provided by you or a third party. Non-Cratoflow Applications, other than those obtained or provided by you, will be identified as such.
  • “Order Form” means a written form evidencing a subscription for the Hosted Service and any subsequent subscriptions and related services executed by both parties or an online form generated by Cratoflow and executed by you, specifying the number of Users, the products and services contracted for, and applicable fees, billing periods and other charges as agreed by the Each Order Form is incorporated by reference into this Agreement. By entering into an Order Form hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.
  • Purchased Services” means Services that are purchased by you under an Order Form or online purchasing portal, as distinguished from Free Services or those provided pursuant to a free trial.
  • Renewal Term” means a period, during which this Agreement is extended, the first of which periods, if any, begins upon expiration of the Initial Term as set forth in an Order Form and as further described in Section 7.1.
  • “Scheduled Maintenance” means maintenance which may delay or interrupt your use of the Hosted Service, and the necessity of which is known to Cratoflow in advance of its occurrence. Cratoflow will use all reasonable efforts to provide you with an advance notice prior to Scheduled Maintenance and shall schedule Scheduled Maintenance to the extent practicable during periods of non-peak usage among its customer base.
  • Term” means the Initial Term together with all Renewal Term(s).
  • “User” means an individual authorized by you to use the Hosted Service, and to whom you (or Cratoflow at your request) have supplied a user identification and password. Cratoflow incorporates "Accounting Users" and "Business Users" as base roles.
            Accounting user is an individual who uses Cratoflow to perform accounting tasks such as financial record-keeping, reporting, and data management. They typically have specialized accounting knowledge or experience and play a critical role in maintaining financial health and compliance for a company or organization. Accounting users may also be involved in configuring and customizing the software to meet the specific accounting needs of the organization. Accounting users include employees who work in the accounting team such as Controller, Accountant, CFO.
            Business user is an individual who uses Cratoflow as part of their job responsibilities within a company or organization. They utilize the software to perform tasks and make decisions, but are typically not a part of the accounting function or involved in the day to day accounting responsibilities that pertain to the specific accounting functions including but not limited to financial record-keeping, reporting, and data management. Business users may include employees who work in various divisions in the organization such as marketing, IT, HR.
  • “You”, “Your” or “Customer” means the entity executing an Order Form and entering into this MSA.

2.License Grant & Restrictions.

  • License Cratoflow hereby grants you a non-exclusive, non-transferable, worldwide right to use the Hosted Service, solely for your own internal business purposes, subject to the terms of this Agreement. All rights not expressly granted to you are reserved by Cratoflow. Individual User licenses may not be shared or used by more than one individual User but may be reassigned to new Users replacing former Users who no longer use the Hosted Service
  • You will not: (i) license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party the Hosted Service; (ii) modify or make derivative works based upon the Hosted Service or otherwise violate Cratoflow’s Intellectual Property Rights in the Hosted Service; (iii) create Internet “links” to the Hosted Service; (iv) reverse engineer or access the Hosted Service in order to: (a) build a competitive product or service; (b) build a product using similar ideas, features, functions or graphics of the Hosted Service; or (c) copy any ideas, features, functions or graphics of the Hosted Service; (v) send or store infringing, obscene, threatening, libelous or otherwise unlawful or tortious material to the Hosted Service; (vi) send or store material containing viruses, worms, Trojan horses, spam or other harmful computer code, files, scripts, agents or programs to or from the Hosted Service; (vii) interfere with or disrupt the integrity or performance of the Hosted Service or the data contained in it, including engaging in denial of service attacks; (viii) attempt to gain unauthorized access to the Hosted Service or its systems or networks; or (ix) use the Hosted Service in violation of applicable law.
  • Affiliates’ Rights. Your Affiliates may use the Hosted Service to the same extent you may use the Hosted Service, and may access the same without additional charge to you (subject to the limitations set forth herein); provided however, that you will be responsible for the compliance of all such Affiliates with the terms and conditions of this Agreement, as if such Affiliates were parties hereto. All rights granted to an Affiliate hereunder will automatically cease upon that Affiliate ceasing to be your Affiliate.
  • Suspension for Ongoing Cratoflow may with notice to you suspend your access to the Hosted Service if Cratoflow reasonably concludes that your instance of the Hosted Service is being used to engage in denial of service attacks, spamming, misappropriation of the third party rights or illegal activity, and/or that use of your instance of the Hosted Service is causing immediate, material and ongoing harm to Cratoflow or others. In the extraordinary event Cratoflow suspends your Hosted Service access, Cratoflow will use commercially reasonable efforts to limit the suspension to the offending portion of the Hosted Service and work with you to resolve the issues causing such suspension. You agree that Cratoflow shall not be liable for any suspension of the Hosted Service under the circumstances described in this Section.

3.Responsibilities.

Customer Responsibilities.

  • Use of the Hosted Customer will: (a) be responsible for all activity occurring under Customer’s User accounts; (b) use commercially reasonable efforts to prevent unauthorized access to or use of the Hosted Service, and notify Cratoflow promptly of any such unauthorized access or use; (c) use the Hosted Service only in accordance with the Documentation and applicable laws and government regulations; and (d) provide Cratoflow with all reasonably available information if you report a non-conformance in the Hosted Service so that Cratoflow may diagnose and remedy such non-conformance.
  • Bring Your Own Customer will be responsible for any Customer Data that is uploaded in the Hosted Service.
  • Customer Personnel. Customer will be responsible for the performance of its personnel (including employees and contractors) and their compliance with the obligations set forth in this Agreement.

3.2 Cratoflow’s Responsibilities.

3.2.1. Provision of Hosted Service. Cratoflow will: (a) make the Hosted Service available to you pursuant to this Agreement (including Appendix B) and the applicable Order Form(s); and (b) provide you with 24/7 support as set forth in Appendix A at no additional charge.

ANY DATA CUSTOMER ENTERS INTO THE SERVICES, AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY OR FOR CUSTOMER, DURING CUSTOMER’S FREE TRIAL WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE TRIAL, PURCHASES APPLICABLE UPGRADED SERVICES, OR EXPORTS SUCH DATA, BEFORE THE END OF THE TRIAL PERIOD. CUSTOMER CANNOT TRANSFER DATA ENTERED OR CUSTOMIZATIONS MADE DURING THE FREE TRIAL TO A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL (E.G., FROM ENTERPRISE EDITION TO PROFESSIONAL EDITION); THEREFORE, IF CUSTOMER PURCHASES A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL, CUSTOMER MUST EXPORT CUSTOMER DATA BEFORE THE END OF THE TRIAL PERIOD OR CUSTOMER DATA WILL BE PERMANENTLY LOST.

NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY CRATOFLOW” SECTION BELOW, DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND CRATOFLOW SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE SERVICES FOR THE FREE TRIAL PERIOD UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE CRATOFLOW’S LIABILITY WITH RESPECT TO THE SERVICES PROVIDED DURING THE FREE TRIAL SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, CRATOFLOW AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED DURING THE FREE TRIAL PERIOD WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO CRATOFLOW AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

CUSTOMER SHALL REVIEW THE APPLICABLE SERVICE’S DOCUMENTATION DURING THE TRIAL PERIOD TO BECOME FAMILIAR WITH THE FEATURES AND FUNCTIONS OF THE SERVICES BEFORE MAKING A PURCHASE.

3.2.4 Free Services. Cratoflow may make Free Services available to Customer. Use of Free Services is subject to the terms and conditions of this Agreement. In the event of a conflict between this section and any other portion of this Agreement, this section shall control. Free Services are provided to Customer without charge up to certain limits as described in the Documentation. Usage over these limits requires Customer’s purchase of additional resources or services. Customer agrees that CRATOFLOW, in its sole discretion and for any or no reason, may terminate Customer’s access to the Free Services or any part thereof. Customer agrees that any termination of Customer’s access to the Free Services may be without prior notice, and Customer agrees that CRATOFLOW will not be liable to Customer or any third party for such termination.

Customer is solely responsible for exporting Customer Data from the Free Services prior to termination of Customer’s access to the Free Services for any reason, provided that if CRATOFLOW terminates Customer’s account, except as required by law CRATOFLOW will provide Customer a reasonable opportunity to retrieve its Customer Data.

NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY CRATOFLOW” SECTION BELOW, THE FREE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND CRATOFLOW SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE FREE SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE CRATOFLOW’S LIABILITY WITH RESPECT TO THE FREE SERVICES SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, CRATOFLOW AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FREE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE FREE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE FREE SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY, IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO CRATOFLOW AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE SERVICES, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

4.Customer Data.

Customer Data will not be accessed, used or disclosed by Cratoflow except as explicitly set forth herein. You have sole responsibility for the entry, deletion, correction, accuracy, quality, integrity, legality, reliability, appropriateness and intellectual property ownership or right to use the Customer Data. Cratoflow will not be responsible for any destruction, damage, loss or failure to store any Customer Data beyond its reasonable control or resulting from a failure in data transmission or operation of the Hosted Service by you. If this Agreement is terminated, Cratoflow will make available to you a file of the Customer Data within thirty (30) days of termination if you so request at the time of termination. You agree and acknowledge that Cratoflow has no right or obligation to retain Customer Data more than thirty (30) days after termination or expiration and will destroy Customer Data in its possession or control thirty (30) days after termination or expiration of this Agreement, unless where a statutory obligation imposed Cratoflow to retain some of the Customer Data. In such circumstances, of which Customer shall inform Cratoflow of, Cratoflow will destroy these Customer Data as soon as such statutory obligation to retain them expires. The conditions on the handling by Cratoflow of Customer Data are set forth in greater detail in the Data Processing Agreement.

5.Ownership of Intellectual Property Rights.

Cratoflow owns all right, title and interest, including all related Intellectual Property Rights, in and to the Cratoflow Technology, Content, the Hosted Service, the Aggregated Data and any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by you relating to the Hosted Service. Cratoflow’s name and logo, and the product names associated with the Hosted Service are trademarks of Cratoflow, and no right or license is granted to use them under this Agreement.

6.Fees and Payments.

  • 6.1 Payment Obligations. Cratoflow charges and collects payment in advance for use of the Hosted Service. In accordance with the initial Order Form, you will pay all fees and charges in accordance with the terms contained in each Order Form. All payment obligations are non-cancelable and fees paid are non- refundable except as expressly set forth in Sections 7.4 and 9.1. You are responsible for paying for all User licenses specified in an Order Form, whether or not such User licenses are actively used. Your designated License Administrator(s) may add licenses by executing an additional Order Form online or in hardcopy form. Added licenses will be subject to the following: (i) added licenses will be coterminous with the then-current Term; and (ii) the license fee for the added licenses will be the same as the fee applicable to your then- existing Users, prorated for the remainder of the current billing Cratoflow reserves the right to modify its fees, effective as of the end of the then-current Term upon at least thirty (30) days prior notice to you, which notice may be provided by e-mail.
  • 6.2 Excess Data Storage Fees. The maximum disk storage space provided to you without additional charge is 2 GB per User license for Hosted Service Storage is measured in the aggregate across all Users. If your aggregate amount of storage exceeds these limits, you will be charged $15 per month for each additional 1 GB of Customer Data stored. Cratoflow will use commercially reasonable efforts to notify you when the average storage used per license reaches approximately 90% of the maximum.
  • 6.4 Payment Disputes. If you believe your bill is incorrect or wish to dispute any charges contained therein, you must notify Cratoflow in writing within sixty (60) days of the date of the invoice containing the amount in question to be eligible to receive an adjustment or credit.
  • 6.5 Late Payment and Suspension. Delinquent invoices are subject to interest of one percent (1%) per month on any outstanding balance, or the maximum permitted by law, whichever is greater, plus expenses of collection. If a payment is not disputed in good faith (and in addition to its other rights), Cratoflow reserves the right to terminate this Agreement or suspend your access to the Hosted Service if any delinquent payment is not received by Cratoflow within thirty (30) days after notice to you of such You will continue to be charged for User licenses during any period of suspension..
  • 6.6 Taxes.  Cratoflow’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction based on amounts paid or payable under the Agreement (collectively, “Taxes”). You are responsible for paying all Taxes associated with your use of the Hosted Service. If Cratoflow has the legal obligation to pay or collect Taxes for which you are responsible under this Section, Cratoflow will invoice you and you will pay that amount unless you provide Cratoflow with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Cratoflow is solely responsible for taxes assessable against Cratoflow based on its net income, property and employees.

7.Term and Termination.

  • 7.1 Term. This Agreement commences on the Effective Date and will continue for the Initial Term and all Renewal Terms.
  • 7.2 Renewal (i) Upon the expiration of the Initial Term and each subsequent Renewal Term, the Agreement will automatically renew for a Renewal Term and Cratoflow will issue you an invoice for such Renewal Term, unless (a) you have previously provided Cratoflow with at least thirty (30) days’ written notice prior to the end of the then current Term that you elect not to renew the Agreement, or (b) Cratoflow has provided you at least one hundred and eighty (180) days’ written notice prior to the end of the then current Term that Cratoflow has elected not to renew the Agreement. (ii) The renewal charge will be equal to the then-current number of User licenses times the license fee in effect during the prior Term, plus any other recurring fees set forth in a prior signed Order Form, unless (a) Cratoflow has given you prior notice of a fee increase as set forth in Section 6.1, which will be effective upon renewal, or (b) the parties have executed an Order Form effective upon the renewal date which describes a modified subscription for the Renewal Term. You may reduce the number of User licenses or cancel or reduce Cratoflow products effective only upon the expiration of the then current Term. (iii) Fees for other services will be charged on an as-quoted basis.
  • 7.3 Termination. Either party may terminate this Agreement for cause: (i) upon thirty (30) days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period; or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
  • 7.4 Refund or Payment on Termination. If you terminate this Agreement pursuant to Section 7.3, Cratoflow will issue you a prorated refund for payment previously received by Cratoflow corresponding to any period after the effective date of such termination. If Cratoflow terminates this Agreement pursuant to Section 3, you will pay any unpaid fees covering the remainder of the then current Term. In no event will any termination relieve you of the obligation to pay any fees payable to Cratoflow for the period prior to the effective date of termination.

8.Representations & Warranties.

  • 8.1 General. Each party represents and warrants that: (a) it has the power to enter into and perform this Agreement; (b) this Agreement’s execution has been duly authorized by all necessary corporate action of the party; (c) this Agreement constitutes a valid and binding obligation on it, enforceable in accordance with its terms; and (d) neither it nor its employees or agents has offered or will offer any illegal or improper bribe, kickback, payment, gift, or thing of value in connection with this Agreement.
  • 8.2 Cratoflow’s Warranties. Cratoflow warrants that, when used in accordance with the Documentation, the Hosted Service will perform substantially in accordance with the Documentation. If Cratoflow breaches the foregoing warranty, then Cratoflow shall use commercially reasonable efforts to remedy the non- conformance. If, despite its commercially reasonable efforts, Cratoflow is unable to remedy the non- conformance, then your sole remedy, and Cratoflow’s sole liability, will be the termination of this Agreement for cause in accordance with Section 7.3 and a refund payment in accordance with Section 7.4. Cratoflow reserves the right to change hosting providers, provided that any successor hosting provider conforms to Cratoflow’s facility, security and audit requirements related thereto.

9.  Mutual Indemnification.

  • 9.1 Cratoflow’s Indemnification of You. Cratoflow will indemnify, defend and hold you and your parents, subsidiaries, affiliates, officers, directors, employees, attorneys and agents harmless from and against any and all claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of or in connection with a claim by a third party alleging that the Hosted Service used in accordance with this Agreement infringes its Intellectual Property Rights. Cratoflow will have no indemnification obligation and you shall indemnify Cratoflow for claims arising from any infringement arising from the use of the Hosted Service in combination with technology or process(s) not provided by Cratoflow where such claim or infringement would not have occurred in the absence of such combination. If Cratoflow is required to indemnify you for infringement of a third party’s Intellectual Property Rights in accordance with this Section, or if Cratoflow reasonably believes the Hosted Service may infringe a third party’s Intellectual Property Rights, then Cratoflow may, in its sole discretion: (x) modify the Hosted Service so that it no longer infringes; (y) obtain a license for your continued use of the Hosted Service; and/or (z) remove the infringing component from the Hosted Service. If, despite its commercially reasonable efforts to do so, Cratoflow is unable to perform (x), (y) or (z), then Cratoflow may terminate your Agreement upon ninety (90) days advance written notice to you, in which case Cratoflow shall issue to you a prorated refund for any prepaid fees covering the remainder of the then-current term after the effective date of termination. The rights and remedies granted to you under this Section state Cratoflow’s entire liability, and your sole and exclusive remedy, with respect to an infringement by Cratoflow of a third party’s Intellectual Property Rights.
  • 9.2 Your Indemnification of Cratoflow. You will indemnify, defend and hold Cratoflow and its parents, subsidiaries, affiliates, officers, directors, employees, attorneys and agents harmless from and against any and all claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of or in connection with a claim by a third party alleging that the Customer Data infringes its Intellectual Property Rights or a violation of laws and/or regulations, including, but not limited to, Data Protection Laws or laws related to export controls. The rights and remedies granted to Cratoflow under this Section 9 state your entire liability, and Cratoflow’s sole and exclusive remedy, with respect to an infringement by you of a third party’s Intellectual Property Rights..
  • 9.3. Indemnification Procedures. In the event of an indemnity obligation under this Section 9, the indemnified party shall: (i) promptly notify the indemnifying party in writing of such claim; (ii) allow the indemnifying party sole control of its defense and settlement (provided that a party may not settle or defend a claim unless it unconditionally releases the other party of all liability to any third party); and (iii) provide the indemnifying party all available information and reasonable assistance at the indemnifying party’s cost. A party’s indemnification obligations are expressly conditioned upon the indemnified party’s compliance with this Section 9.3, provided that, the failure to provide notice of a claim will not limit the rights of an indemnified party hereunder except to the extent that such failure materially prejudices the ability of the indemnifying party to defend such claim.

10.Disclaimar.

THE EXPLICIT REPRESENTATIONS AND WARRANTIES IN SECTION 8 ARE THE PARTIES’ COMPLETE AND EXCLUSIVE REPRESENTATIONS AND WARRANTIES. CRATOFLOW DISCLAIMS ALL OTHER REPRESENTATIONS, WARRANTIES AND GUARANTIES OF ANY KIND,WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, TITLE, NON- INFRINGEMENT, OR FITNESS FOR A PARTICULAR USE OF THE HOSTED SERVICE MAY BE SUBJECT TO LIMITATIONS, DELAYS AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET WHICH ARE BEYOND CRATOFLOW’S CONTROL. CRATOFLOW IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.

11.Limitation of Liabilities.

  • 11.1 Limitation of Liabilities.  EXCEPT FOR CLAIMS ARISING UNDER A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS, AN INDEMNIFICATION OBLIGATION, OR YOUR BREACH OF SECTION 2, NEITHER PARTY’S AGGREGATE LIABILITY IN CONNECTION WITH THIS AGREEMENT WILL EXCEED THE AMOUNT ACTUALLY PAID BY AND/OR DUE FROM YOU IN THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT(S) GIVING RISE TO SUCH CLAIM.
  • 11.2 Exclusion of Consequential and Related Damages.  EXCEPT FOR CLAIMS ARISING UNDER A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS, AN INDEMNIFICATION OBLIGATION, OR YOUR BREACH OF SECTION 2, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY TYPE OR THE LIMITATIONS IN THIS SECTION AND IN SECTION 11.1 WILL APPLY WHETHER AN ACTION ARISES IN CONTRACT, WARRANTY OR TORT AND EVEN IF THE PARTY FROM WHICH DAMAGES ARE SOUGHT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • Exclusion of Payment   THE LIMITATIONS IN THIS SECTION 11 DO NOT APPLY TO YOUR OBLIGATIONS TO PAY FEES WHEN DUE AND PAYABLE.

12.Confidentiality.

The Receiving Party will use at least the same degree of care in protecting the Disclosing Party’s Confidential Information that it uses to protect its own Confidential Information, but in no event less than a reasonable standard of care. The Receiving Party shall: (i) not use the Disclosing Party’s Confidential Information except as permitted under this Agreement; and (ii) limit access to the Disclosing Party’s Confidential Information to its, and its Affiliates’, employees and contractors who need such access to perform their duties hereunder and who owe a duty of confidentiality to the Disclosing Party with protections no less stringent than those set forth in this Agreement. The Receiving Party may disclose the Disclosing Party’s Confidential Information to the extent compelled by law to do so, provided that the Receiving Party uses reasonable efforts to give the Disclosing Party prior notice of the compelled disclosure and reasonable assistance, at the Disclosing Party’s cost, in order to permit the Disclosing Party to contest or limit the disclosure. The foregoing confidentiality obligations shall survive termination of this Agreement, regardless of cause. If you become a paying customer of the Hosted Service, you agree that Cratoflow may disclose the fact that you are a customer of Cratoflow.

13.Notice.

Cratoflow may give notice regarding operational aspects of the Hosted Service by means of a general notice on the Hosted Service, electronic mail to your e-mail address on record with Cratoflow, or both. Any other notice by one party to the other hereunder will be by written communication sent by first class mail or reputable overnight delivery service and such notice will be deemed to have been given upon receipt (if sent by overnight delivery service), five (5) business days after mailing (if sent by first class mail) or twelve (12) hours after sending (if sent by e-mail). Notice to Cratoflow will be addressed to Cratoflow Inc 975 Mason Ln Unit 108 Anaheim CA 92805, attention: Legal Department. Notice to you will be addressed to your address on record in Cratoflow’s account information.

14.Assignment;
Change in Control

 This Agreement, and the rights and obligations hereunder, may not be assigned by either party, whether by operation of law or otherwise, without the prior written consent of the other party, which will not be unreasonably withheld. Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a competitor of the other party. In the event of an assignment as described in the preceding sentence, the assigning party shall provide the other party with written notice of the Neither party may assign this Agreement to a competitor of the other party without that other party’s consent. A party’s sole remedy for any purported assignment in breach of this Section shall be, at the non-assigning party’s election, termination of this Agreement upon written notice to the assigning party.

15.Data Protection.

  • 15.1 For the purposes of this Section, the terms “controller, “data subjects”, “processor” and “processing” shall have the meaning given to them by the applicable Data Protection Laws. Where Cratoflow provides the Hosted Service to you, it may process Personal Data as a processor on behalf of the Customer, who will be the controller. The processing of personal data will be carried out in accordance with the obligations and information set forth in the Data Processing Agreement.
  • Nothing in this Section shall prevent Cratoflow from complying with any legal obligation imposed by applicable law, regulatory authority or court.

16.Governing Law

This Agreement will be governed by California law and controlling United States federal law, without regard to the choice or conflicts of law provisions of any Any disputes, actions, claims or causes of action arising out of or in connection with this Agreement will be subject to the exclusive jurisdiction of the state and federal courts located in Los Angeles, California.

17.General Provisions.

  • 17.1 Entire Agreement. This Agreement comprises the entire agreement between you and Cratoflow and supersedes all prior or contemporaneous negotiations, discussions or agreements, whether written or oral, between the parties regarding the subject matter contained herein. Neither party has made any oral or written statements that are not included in this Agreement that in any way induced the other party into entering into this Agreement. No text or information set forth on any purchase order, preprinted form or document (other than an executed Order Form, if applicable) will add to or vary the terms and conditions of this Agreement, with the exception of the Appendices hereto which may be modified by Cratoflow in according with Section 18. No modification or amendment of this Agreement shall be effective unless in writing and signed by the parties.
  • 17.2 Severability. If any provision in this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision(s) will be construed, as nearly as possible, to reflect the intentions of the invalid or unenforceable provision(s), with all other provisions remaining in full force and effect.
  • 17.3 Relationship of the Parties. No joint venture, partnership, employment, or agency relationship exists between you and Cratoflow as a result of this Agreement.
  • 17.4 Waiver.The failure of either party to enforce any right or provision in this Agreement will not constitute a waiver of such right or provision unless acknowledged and agreed to by that party in writing.
  • 17.5 Future Functionality. You agree that your purchase of the Hosted Service is not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Cratoflow regarding any future functionality or feature.
  • 17.6   Resolution of Disputes. Except where a party is seeking a remedy related to claims of misappropriation or ownership of Intellectual Property Rights, each party agrees that before it brings any dispute, action, claim or cause of action, it shall provide written notice to the other party of the specific issue(s) in dispute. Within seven (7) days after such notice knowledgeable executives of the parties shall hold at least one meeting (in person or by video- or tele-conference) for the purpose of attempting in good faith to resolve such matter.
  • 17.7 Export Controls The Hosted Service may be subject to export laws and regulations of the U.S. and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. Customer will not permit Users to access or use the Hosted Service in a U.S.-embargoed country or in violation of any U.S. export law or regulation.
  • 17.8 Survival. The following Sections will survive the termination or expiration of the Agreement: 1 (Definitions), 2.2 (Restrictions), 5 (Ownership of Intellectual Property Rights), 6 (Fees and Payments), 7 (Term and Termination), 9 (Mutual Indemnification), 10 (Disclaimer), 11 (Limitation of Liabilities), 12 (Confidentiality), 13 (Notice), 16 (Governing Law) and this Section 17.8 (Survival).

18.Force Majeure.

Neither party shall be in breach of this Agreement for failure to fulfil its material obligations, except for payment obligations, under this Agreement if such failure is caused by acts of God, riots, acts of war, epidemics, pandemics, governmental regulations imposed after the facts, fire, communication line failure, power failure, earthquakes and other natural disasters. A party’s inability to pay cannot be invoked as an event of Force Majeure.

19.Additional

19.Additional Each of the following is hereby incorporated into this Agreement by reference. Cratoflow reserves the right to modify such documents in its reasonable discretion from time to time with notice to you.

  • Appendix A: Support Services Policy
  • Appendix B: Hosted Service Availability
  • Appendix C: Cratoflow’s Privacy Policy
  • Appendix D: Data Processing Agreement
  • Appendix E: Anti-fraud Policy of Cratoflow, Inc.

Appendix A – Support Services Policy

Cratoflow’s Support. Cratoflow provides application support for the Hosted Service during business hours 8 am PST to 6 pm PST, seven (7) days a week. Support cases may be conducted via email, telephone, and/or web meeting communication, as appropriate to the case.

Appendix B – Hosted Service Availability

Availability.

The Hosted Service will be available 100% of the time, except for: (i) Scheduled Maintenance; (ii) Emergency Maintenance; and (iii) any unavailability caused by circumstances beyond Cratoflow’s reasonable control, including, for example, acts of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Cratoflow’s employees), Internet service provider failure or delay. Downtime is measured from the time you open a trouble ticket. Upon receiving a report of Downtime, for each full hour of Downtime, Cratoflow will credit you two percent (2%) of your monthly fee, up to fifty percent (50%) of your monthly fee for the affected Hosted Service. You agree that the credit specified in this Appendix will be your sole and exclusive remedy for any Downtime.

Data Backup Cycles

Customer Data is routinely propagated via secure connection from Cratoflow’s primary data center to an alternate data center, with the objective of forwarding all updates to Customer Data within approximately one (1) hour after receipt at the primary data center. In the event of an outage at the primary data center which causes Downtime and is not expected to be remedied within four (4) consecutive hours, Customer’s production processing will be diverted to the alternate data center for continued operation.

Appendix C-Cratoflow Privacy Policy

This Privacy Policy describes how your personal information is collected, used, stored and shared when you visit or make a purchase from www.Cratoflow.com (the “Site”) and/or the associated mobile application (the “App”). This privacy policy is effective from July 24, 2020

PERSONAL INFORMATION WE COLLECT

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information”.

We collect Device Information using the following technologies:

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the

Additionally we may collect the following:

Name, phone number, email, date of birth, address, a utility bill to confirm your address, SSN/EIN, corporate documents for institutions and approximate yearly income.

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Purchase Information.

If a customer chooses to pay for their products via PayPal, you may see their privacy statement here:

https://www.paypal.com/us/webapps/mpp/ua/privacy-full

HOW DO WE USE YOUR PERSONAL INFORMATION?

We use the Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for transfers, and providing you with invoices and/or order confirmations) of platforms that we provide in the field of accounting. Credit cards that are used for payment go through Stripe but the credit card information is not stored.

Additionally, we use this Order Information to:

-Communicate with you;

-Screen our orders for potential risk or fraud;

-Email marketing;and

-When in line with the preferences you have shared with us, potentially provide you with information or advertising relating to our products or services.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

When you make a purchase via our platform you do not automatically receive marketing emails from us. If you wish to receive follow emails regarding offers and product updates you must check a box to receive these merchandising newsletter emails. You may opt out from these newsletters at any time.

When you sign up for our newsletters we are able to send you notifications of new product launches, special discount coupons, events hosted by us, and other information of special interest particularly related to cryptocurrencies and the blockchain.


HOW DO WE KEEP YOUR INFORMATION SAFE?

Here at Cratoflow we take your privacy very seriously. We have implemented processes and protocols of the most stringent in nature, to reduce the risk of any event that could compromise your personal information. Any customer data that we store on location in the United States is secured by encrypted data. We restrict access to customer data on our platform by only providing access to a limited number of employees who have been vetted for their secure privacy practices. These employees act on a need to know basis in order to provide you with a satisfactory customer experience. Lastly, NONE of your data or personal information is being sold to third parties.

DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your Personal Information with third parties to help us use your Personal Information, as described above. We may use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.


Finally, we reserve the right to share your Personal Information in compliance with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

BEHAVIORAL ADVERTISING

As described above, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by using the links below:

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATIONS

If you are a resident of the European Union or the European Economic Area, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a resident of the European Union of the European Economic Area we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States. Furthermore, should you desire to conduct an audit of our data retention processes either as an individual or via an authorized representative, please contact our Data Protection Officer via the contact information below.

CALIFORNIA PRIVACY RIGHTS

California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.

Cratoflow may share personal information as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates’ own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please contact our Data Protection Officer via the contact information below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that Cratoflow is not required to respond to requests made by means other than through the provided email address or mail address

Furthermore, if you are a California resident, the California Consumer Protection Act, CA Civil Code Section 1798.100, was enacted to afford you rights around your data privacy. You have the right to request access to our servers to ensure that we are keeping your personal information safe. If you are a California resident you may reach out to our Data Protection Officer with any inquiries.

Any California residents under the age of eighteen (18) who have registered to use the Cryptospace Online Services and posted content or information can request that such information be removed by contacting our Data Protection Officer. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.

CHANGES

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at admin@Cratoflow.com or by mail using the details provided below:


Cratoflow Inc.

Att: Data Protection Officer

975 E Mason Ln Unit 108

Anaheim CA 92805


Appendix D Data Processing Agreement

DATA PROCESSING AGREEMENT [EU GDPR]

This Data Processing Agreement (“Data Processing Agreement“) forms part of the Master Subscription Agreement between Cratoflow, Inc. and Customer, as defined therein, to which it is attached as an appendix.

The terms used in this Data Processing Agreement shall have the meanings set forth in this Data Processing Agreement. Terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.

The parties hereby agree that the terms and conditions set out below shall be added as to the Principal Agreement as an appendix.

  1. Definitions

In this Agreement, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

“Authorized Sub-processors” means any Sub-processors consented to in writing by Controller in accordance with Sub-processing section.

“Controller Personal Data”
means any Personal Data processed by Processor on behalf of the Controller pursuant to or in connection with the Principal Agreement.

“Data Protection Laws”
means EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”) as well as any local data protection laws.

“EEA”
means the European Economic Area.

“Erasure”
means the removal or destruction of Personal Data such that it cannot be recovered or reconstructed.

“Personal Data Breach”
means a breach of leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Controller Personal Data transmitted, stored or otherwise processed.

“Principal Agreement
means the Master Subscription Agreement between Cratoflow, Inc. and Customer, to which this Data Processing Agreement is attached as an appendix.

“Process/Processing/Processed”, “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Special Categories of Personal Data”
and any further definition not included under this Data Processing Agreement or the Principal Agreement shall have the same meaning as in EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”).

“Products” means the products to be supplied by the Processor to the Controller pursuant to the Principal Agreement.

“Third country
means any country outside EU/EEA, except where that country is the subject of a valid adequacy decision by the European Commission on the protection of Personal Data in Third Countries.

“Services”
means the services to be supplied by the Processor to the Controller pursuant to the Principal Agreement.

“Standard Contractual Clauses”
means the standard contractual clauses for the transfer of personal data to Processors established in third countries, as approved by the European Commission Decision 2010/87/EU, or any set of clauses approved by the European Commission which amends, replaces or supersedes these.

“Sub-processor”
means any Data Processor (including any third party) appointed by the Processor to process Controller Personal Data on behalf of the Controller..

2. Data Processing Terms

  • In the course of providing the Services and/or Products to the Controller pursuant to the Principal Agreement, the Processor may process Controller personal data on behalf of the Controller as per the terms of this Data Processing Agreement. The Processor agrees to comply with the following provisions with respect to any Controller personal data.
  • To the extent required by applicable Data Protection Laws, the Processor shall obtain and maintain all necessary licenses, authorizations and permits necessary to process personal data. The Processor shall maintain all the technical and organizational measures to comply with the requirements set forth in this Data Processing Agreement.

3.Processing of Controller Personal Data

  • The Processor shall only process Controller Personal Data for the purposes of the Principal Agreement. The Processor shall not process, transfer, modify, amend or alter the Controller Personal Data or disclose or permit the disclosure of the Controller personal data to any third party other than in accordance with Controller’s documented instructions, unless processing is required by EU or Member State law to which Processor is subject. The Processor shall, to the extent permitted by such law, inform the Controller of that legal requirement before processing the Personal Data and comply with the Controller’s instructions to minimize, as much as possible, the scope of the disclosure.

4. Reliability and Non–Disclosure

  • The Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who require access to the relevant Controller Personal Data.
  • The Processor must ensure that all individuals which have a duty to process Controller Personal Data:
  • Are informed of the confidential nature of the Controller Personal Data and are aware of Processor’s obligations under this Data Processing Agreement and the Principal Agreement in relation to the Controller Personal Data;
  • Have undertaken appropriate training/certifications in relation to the Data Protection Laws or any other training/certifications requested by Controller;
  • Are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; and
  • Are subject to user authentication and logon processes when accessing the Controller Personal Data in accordance with this Data Processing Agreement, the Principal Agreement and the applicable Data Protection Laws..

5. Personal Data Security

  • Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of Controller Personal Data security appropriate to the risk, including but not limited to:
  • Pseudonymization and encryption;
  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • The ability to restore the availability and access to Controller Personal Data in a timely manner in the event of a physical or technical incident; and
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.

5.2. In assessing the appropriate level of security, the Processor shall take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Personal Data transmitted, stored or otherwise processed.

6.Sub-Processing

  • As of the Effective Date of the Principal Agreement, the Controller hereby authorizes the Processor to engage those Sub-Processors as are set out in an Exhibit to this Data Processing Agreement or hereafter agreed to in writing up on by the Controller. The Processor shall not engage any Data Sub-Processors to Process Controller Personal Data other than with the prior written consent of Controller, which Controller may refuse with absolute discretion.
  • With respect to each Sub-processor, the Processor shall:
  • Provide the Controller with full details of the Processing to be undertaken by each Sub-Processors to Controller for its review.
  • Carry out adequate due diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organizational measures in such a manner that Processing will meet the requirements of GDPR, this Data Processing Agreement, the Principal Agreement and the applicable Data Protection Laws.
  • Include terms in the contract between the Processor and each Sub-processor which are the same as those set out in this Data Processing Agreement. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review.
  • Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the ‘Standard Contractual Clauses’ or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data.
  • Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data.

7. Data Subject Rights

  • Taking into account the nature of the Processing, the Processor shall assist the Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising Data Subject Rights as laid down in EU GDPR.
  • The Processor shall promptly notify the Controller if it receives a request from a Data Subject, the Supervisory Authority and/or other competent authority under any applicable Data Protection Laws with respect to Controller Personal Data.
  • The Processor shall cooperate as requested by the Controller to enable the Controller to comply with any exercise of rights by a Data Subject under any Data Protection Laws with respect to Controller Personal Data and comply with any assessment, enquiry, notice or investigation under any Data Protection Laws with respect to Controller Personal Data or this Agreement, which shall include:
  • The provision of all data requested by the Controller within any reasonable timescale specified by the Controller in each case, including full details and copies of the complaint, communication or request and any Controller Personal Data it holds in relation to a Data Subject.
  • Implementing any additional technical and organizational measures as may be reasonably required by the Controller to allow the Controller to respond effectively to relevant complaints, communications or requests.
  • Where applicable, providing such assistance as is reasonably requested by the Controller to enable the Controller to comply with the relevant request within the timescales prescribed by the Data Protection Laws

8. Personal Data Breach

  • The Processor shall notify the Controller without undue delay and, in any case, within twenty-four (24) hours upon becoming aware of or reasonably suspecting a Personal Data Breach. The Processor will provide the Controller with sufficient information to allow the Controller to meet any obligations to report a Personal Data Breach under the Data Protection Laws. Such notification shall as a minimum:
  • Describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned;
  • Describe the estimated risk and the likely consequences of the Personal Data Breach; and
  • Communicate the name and contact details of the Processor’s Data Protection Officer, Privacy Officer or other relevant contact from whom more information may be obtained;
  • Describe the measures taken or proposed to be taken to address the Personal Data
  • The Processor shall co-operate with the Controller and take such reasonable commercial steps as are directed by the Controller to assist in the investigation, mitigation and remediation of each Personal Data Breach.
  • In the event of a Personal Data Breach, the Processor shall not inform any third party without first obtaining the Controller’s prior written consent, unless notification is required by EU or Member State law to which the Processor is subject, in which case the Processor shall, to the extent permitted by such law, inform the Controller of that legal requirement, provide a copy of the proposed notification and consider any comments made by the Controller before notifying the Personal Data Breach.

9.Data Protection Impact Assessment and Prior Consultation

The Processor shall provide reasonable assistance to the Controller with any data protection impact assessments which are required under Article 35 of GDPR and with any prior consultations to any supervisory authority of the Controller which are required under Article 36 of GDPR, in each case solely in relation to Processing of Controller Personal Data by the Processor on behalf of the Controller and considering the nature of the processing and information available to the Processor

10.Erasure or return of Controller Personal Data

  • Processor shall promptly and, in any event, within ninety (90) calendar days of the earlier of: (i) cessation of Processing of Controller Personal Data by Processor; or (ii) termination of the Principal Agreement, at the choice of Controller (such choice to be notified to Processor in writing) either:
  • Return a complete copy of all Controller Personal Data to the Controller by secure file transfer in such format as notified by the Controller to the Processor and securely erase all other copies of Controller Personal Data Processed by the Processor or any Authorized Sub-processor; or
  • Securely wipe all copies of Controller Personal Data Processed by Processor or any Authorized Sub-processor, and in each case, provide a written certification to the Controller that it has complied fully with the requirements of section Erasure or Return of Controller Personal
  • Processor may retain Controller Personal Data to the extent required by Union or Member State law, and only to the extent and for such period as required by Union or Member State law, and always provided that Processor shall ensure the confidentiality of all such Controller Personal Data and shall ensure that such Controller Personal Data is only Processed as necessary for the purpose(s) specified in the Union or Member State law requiring its storage and for no other purpose.

11.Audit rights

Processor shall make available to the Controller, upon request, all information necessary to demonstrate compliance with this Data Processing Agreement and allow for, and contribute to audits, including inspections by the Controller or another auditor mandated by the Controller of any premises where the Processing of Controller Personal Data takes place. The Processor shall permit the Controller or another auditor mandated by the Controller to inspect, audit and copy any relevant records, processes and systems in order that the Controller may satisfy itself that the provisions of this Data Processing Agreement are being complied with. The Processor shall provide full cooperation to the Controller with respect to any such audit and shall, at the request of the Controller, provide the Controller with evidence of compliance with its obligations under this Data Processing Agreement. Processor shall immediately inform the Controller if, in its opinion, an instruction pursuant to this section Audit (Audit Rights) infringes the GDPR or other EU or Member State data protection provisions.  Notwithstanding anything herein to the contrary, such audits shall be limited to one (1) per calendar year, except upon showing by Controller of Processor non-compliance with this Data Processing Agreement.

12.International Transfers of Controller Personal Data

  • Processor shall not process Controller Personal Data nor permit any Authorized Sub-processor to process the Controller Personal Data in a Third Country, other than with respect to those recipients in Third Countries which have been authorized by Controller in advance, in writing.
  • When requested by Controller, Processor shall promptly enter into (or procure that any relevant Sub-processor of Processor enters into) an agreement with Controller ‘Standard Contractual Clauses’ and/or such variation as Data Protection Laws might require, in respect of any processing of Controller Personal Data in a Third Country, which terms shall take precedence over those in this Data Processing Agreement.

13.Codes of Conduct and Certification

At the request of the Controller, the Processor shall comply with any Code of Conduct approved pursuant to Article 40 of GDPR and obtain any certification approved by Article 42 of EU GDPR, to the extent that they relate to the processing of Controller Personal Data.

14.General Terms

  • Subject to this section, the parties agree that this Data Processing Agreement and the Standard Contractual Clauses shall terminate automatically upon termination of the Principal Agreement or expiry or termination of all service contracts entered into by the Processor with the Controller, pursuant to the Principal Agreement, whichever is later.
  • Any obligation imposed on the Processor under this Data Processing Agreement in relation to the Processing of Personal Data shall survive any termination or expiration of this Data Processing Agreement.
  • This Data Processing Agreement, excluding the Standard Contractual Clauses, shall be governed by the governing law of the Principal Agreement for so long as that governing law is the law of a Member State of the European Union.
  • Any breach of this Data Processing Agreement shall constitute a material breach of the Principal
  • With regard to the subject matter of this Data Processing Agreement, in the event of inconsistencies between the provisions of this Data Processing Agreement and any other agreements between the parties, including but not limited to the Principal Agreement, the provisions of this Data Processing Agreement shall prevail with regard to the parties’ data protection obligations for Personal Data of a Data Subject from a Member State of the European Union.
  • Should any provision of this Data Processing Agreement be invalid or unenforceable, then the remainder of this Data Processing Agreement shall remain valid and in The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

Appendix E Anti-fraud Policy of Cratoflow, Inc.

Anti-fraud Policy of Cratoflow, Inc.

(Implemented June 2022)

1.Objective

The objective of this Anti-fraud policy is to implement monetary and risk controls that will aid in the detection and prevention of fraud against Cratoflow, Inc. It is the intent of Cratoflow, Inc. to promote consistent organizational behavior and to uphold highest standards of moral and ethics while conducting business.

2.Scope and Applicability

This policy applies to all employees as well as shareholders, consultants, vendors, contractors and/or any other parties with a business relationship with Cratoflow, Inc. (such entities and individuals referenced herein as “Obligated Parties”).

This Anti-fraud policy is applicable to any and all act(s) or omission(s) that constitutes fraudulent or suspected fraudulent activity that includes, but not limited to, monetary items such as cash, funds, stock, proprietary information, intellectual properties, material of value, content, data, assets, properties, consumables, office articles and supplies, deals, contracts, bribes, gifts, favors, influencing, undue prioritisation, etc., for personal gains either individually or collectively by employees or associates of Cratoflow, Inc.

3. Definition/Interpretation

The following definitions constitute “Prohibited Conduct” under this Anti-fraud policy:

  1. Corrupt practice, which is offering, giving, receiving, or soliciting, directly or indirectly, anything of value to influence improperly the actions of another party.
  2. Fraudulent practice, which is an act or omission, including a misrepresentation that knowingly or recklessly misleads, or attempts to mislead, a party to obtain a financial or other benefit or to avoid an obligation.
  3. Coercive practice, which is impairing or harming, threatening to impair or harm, directly or indirectly, any party or property of the party to influence improperly the actions of a party.
  4. Collusive practice, which is an arrangement between two or more parties designed to achieve an improper purpose, including influencing improperly the actions of another party.
  5. Obstructive practice, which is deliberately destroying, falsifying, altering or concealing of evidence material to an investigation, and or threatening harassing or intimidating any party to prevent it from disclosing its knowledge of matters relevant to an investigation or from pursuant the investigation.
  6. Money laundering, which is (i) the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity for the purpose of concealing or disguising the illicit origin of the property or assisting any person who is involved in the commission of such activity to evade the legal consequences of their actions; (ii) the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of property, knowing that such property is derived from criminal activity or from an act of participation in such activity; (iii) the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such activity; (iv) participation in , association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actions mentioned in the foregoing points.
  7. Financing of terrorism, which is the provision or collection of funds, by any means, directly or indirectly, with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out terrorism.
4.Policy / Process
  • Policy

Cratoflow, Inc. will not tolerate Prohibited Conduct in any of its activities. Management is responsible for the detection and prevention of Prohibited Conduct, misappropriations, and other irregularities. Any Prohibited Conduct, misappropriation or irregularity that is detected or suspected must be reported immediately to the Chairman of the Board of Directors of Cratoflow, Inc., who coordinates all investigations with legal counsel for taking appropriate action.

  • Examples of Prohibited Conduct, Misappropriation and fiscal Irregularities

Examples of misappropriation and other fiscal irregularities include, but are not limited to:

  • Any dishonest or fraudulent act, including forgery, falsification of documents and instruments, misrepresentation, impersonation and other activities;
  • Misappropriation of funds, securities, supplies or other assets;
  • Impropriety in handling or reporting of money or financial transactions;
  • Profiteering as a result of insider knowledge of company activities;
  • Disclosing confidential and proprietary information to outside parties;
  • Disclosing to other persons securities activities engaged in or contemplated by Cratoflow, Inc.;
  • Accepting or seeking anything of material value from contractors, vendors or persons providing services / materials to Cratoflow, Inc.;
  • Destruction, removal or inappropriate use of records, furniture, fixtures and equipment and/or;
  • Any similar or related irregularity
  • Investigation Responsibilities

The Board of Directors of Cratoflow, Inc., or officers to whom it may designate such power, has the primary responsibility for the investigation of all suspected Prohibited Conduct, misrepresentations and irregularities as defined in the policy. If the investigation substantiates that Prohibited Conduct or any other fraudulent misrepresentation has occurred, the Board of Directors of Cratoflow, Inc. may decide to prosecute or refer the investigation results to the appropriate law enforcement and/or regulatory agencies for independent investigation; provided that, such determination will be made in conjunction with legal counsel and senior management, as will final decisions on disposition of any case.

  • Reporting and Confidentiality

Obligated Parties who suspect dishonest or fraudulent activity will notify the Chairman of the Board of Directors of Cratoflow, Inc. immediately and should not attempt to personally conduct investigations or interviews / interrogations related to any suspected fraudulent act. The Chairman of the Board of Directors treats all information received confidentially. Any Obligated Party who supplies information that results in an investigation will not be disclosed or discussed with anyone other than those who have a legitimate need to know. This is important in order to avoid damaging the reputations of persons suspected but subsequently found innocent of wrongful conduct and to protect Cratoflow, Inc.

  • Authorization for Investigating Suspected Fraud

The Board of Directors may appoint an investigation team to investigate suspected violations of this Anti-fraud policy.  Members of the Investigation team will have:

  • Free and unrestricted access to all Cratoflow, Inc. records and premises, whether owned or rented; and
  • The authority to examine, copy, and/or remove all or any portion of the contents of files, desks, cabinets, and other storage facilities on the premises without prior knowledge or consent of any individual who might use or have custody of any such items or facilities when it is within the scope of their investigation.
  • Employees under investigation may be asked not to enter Cratoflow, Inc. premises or to access any Cratoflow, Inc. web pages, drives or links either personally or through colleagues or other means, until the investigations are complete.
  • Cratoflow, Inc. reserves the right to question the employee’s colleagues, friends, relatives, associates, outside service providers, etc., whom Cratoflow, Inc. or its investigating team suspects of their involvement.
  • Cratoflow, Inc. reserves the right to restrict access to services from Obligated Parties that have been the subject of reports of fraudulent activity, Prohibited Conduct or other illegal behavior.
  • Reporting Procedures

Great care must be taken in the investigation of suspected improprieties or irregularities so as to avoid mistaken accusations or alerting suspected individuals that an investigation is underway. An Obligated Party who discovers or suspects fraudulent activity will contact the Chairman of the Board of Directors immediately. The Obligated Party may remain anonymous. All inquiries concerning the activity under investigation from the suspected individual, his or her attorney or representative or any other inquirer should be directed to the investigations team or legal counsel. No information concerning the status of an investigation will be given out.

The individual who reports a fraud should be made aware of the following:

  • Do not contact the suspected individual in an effort to determine facts or demand restitution.
  • Do not discuss the case, facts, suspicions, or allegations with anyone unless specifically asked to do so by legal counsel.
  • Termination

If an investigation results in a recommendation to terminate an individual as an employee or contractor, the recommendation from the investigating team will be reviewed for approval by legal counsel, before any such action is taken. The decision to terminate an employee is ultimately made by the Management.

5.Amendment

Any deviation to this policy has to be approved by the Board of Directors of Cratoflow, Inc.

6.Non-compliance and Consequence

Violation of this policy is subject to disciplinary action, up to and including termination and a breach of any Master Subscription Agreement, or other similar agreement, that has been executed between Cratoflow, Inc. and the violative Obligated Party.