Platform Services, Transfer Agent and Registrar Agreement

Exhibit 1A-6.2

This PLATFORM SERVICES, TRANSFER AGENT AND REGISTRAR AGREEMENT, including all exhibits hereto (“Agreement”) is made and entered into as of September, 2021 (“Effective Date”), and is by and between Securitize LLC, a Delaware limited liability company with offices at 000 Xxxx Xxxxxx, Xxxxx 0000, Xxx Xxxxxxxxx, XX 00000 94111 (“Securitize”) and Hygienic Dress League Corp., a Delaware corporation with offices at 000 Xxxx Xxxxx Xxxx. Xxxxxxx, XX 00000 (the “Issuer”), each a “Party”, together the “Parties”.

RECITALS

WHEREAS, the Issuer desires that certain services be provided by Securitize with regard to the issuance, transfer and registration of certain Securities (as defined below) of Issuer;

WHEREAS, Securitize is engaged in the business of providing technological and transfer agent services for issuers of securities and seeks to provide such services to Issuer; and

WHEREAS, the Parties desire to set forth the terms and conditions for the provision of services by Securitize to Issuer.

NOW THEREFORE, in consideration of the terms and conditions set forth below and other good and valuable consideration, the sufficiency of which is hereby acknowledged, the Parties agree as follows:

TERMS AND CONDITIONS

DEFINITIONS. For purposes of this Agreement, each capitalized word or phrase listed below shall have the meaning designated:

“Affiliate” of a Party means a business entity that directly or indirectly controls, is controlled by, or is under common control with, such Party. For purposes of this definition, “Control” (including, with correlative meaning, the term “Controlled by”), as used with respect to any entity, means the direct or indirect ownership of more than fifty percent (50%) of the voting stock, or more than fifty percent (50%) of the voting power at general meetings, or the power to appoint and dismiss a majority of the board of directors or otherwise to direct the activities, of such entity. Unless otherwise specified in this Agreement, the term “Affiliate” includes current and future Affiliates of a Party.

“Applicable Law” means all US state and federal laws, rules or regulations applicable to the provision of the Services; provided that, Applicable Law does not include Offering Laws.

“Authorized Participants” has the meaning described in Section 7.2.

“Authorized User” means a natural person who is an employee, agent, or contractor of Issuer or Issuer’s Affiliates who has been authorized by Issuer to access and use the Platform or other Services of Securitize under this Agreement solely for the benefit of Issuer.

“Company Offering” has the meaning described in Section 7.2.

“Confidential Information” has the meaning described in Section 10.1.

“Exchange Act” means the Securities Exchange Act of 1934, as amended.

“Harmful Code” has the meaning described in Section 7.5.2.

“Intellectual Property Rights” means all tangible and intangible rights associated with works of authorship throughout the world, including but not limited to, copyrights, moral rights, and mask works; trademarks and trade name rights and similar rights; trade secret rights; patents, designs, algorithms, and other legally protectable intellectual or industrial property rights (of every kind and nature throughout the world and however designated); and all registrations, initial applications, renewals, extensions, continuations, divisions, or reissues now or hereafter in force (including any rights in the foregoing) anywhere in the world, that exist as of the Effective Date or hereafter come into existence, regardless of whether or not such rights have been registered with the appropriate authorities in such jurisdictions in accordance with the relevant legislation.

“Issuer Data” means all electronic data or information submitted by or on behalf of Issuer to the Platform whether included in the Issuer Smart Contract or otherwise, including any data or information submitted by Authorized Participants; provided, however, that Issuer Data shall not include any information submitted by Authorized Participants that registered on the Platform utilizing Securitize’s “Securitize ID” Product, which shall be proprietary to Securitize and governed by existing agreements between Securitize and such Authorized Participants.

“Issuer Due Diligence Information” means information provided by Issuer to Securitize, either before or after the Effective Date, for the purposes of Securitize’s evaluation of Issuer’s suitability as a party to this Agreement.

“Issuer Intellectual Property Rights” means the Intellectual Property Rights over Issuer Data, Issuer Instructions, Issuer Materials, the Issuer Smart Contract (other than the Securitize Intellectual Property contained therein) and Feedback, as well as any other Intellectual Property Rights held by Issuer prior to the date hereof.

“Issuer Materials” has the meaning defined under Section 6.

“Issuer Smart Contract” means the smart contract consisting of software code that exists on the Algorand blockchain and which has been created by Securitize pursuant to written instructions provided to Securitize by Issuer (such instructions, “Issuer Instructions”).

“Joinder Agreement” means the Joinder Agreement to this Agreement, the form of which is included herein as Exhibit E, to be entered into among the Parties and any Affiliate of the Issuer that may issue Securities.

“Offering Laws” means the laws governing the offering and sale or issuance of Securities in each jurisdiction where Issuer is offering and selling or issuing Securities, and the laws governing the Issuer Smart Contract, its performance the interpretation thereof.

“Order Form” means the order form agreed between the Parties in substantially similar form as Exhibit A.

“Platform” means the Securitize cloud-based services as described in Exhibit A, including any related mobile applications, and all upgrade and enhancements to the Platform that may be provided by Securitize (for itself or on behalf or through any of its Affiliates) under this Agreement.

“PII” means personally identifiable information as defined in Section 10.5.

“Securities” means the Issuer’s Crowd SAFE Securities. The Securities may be represented by digital tokens on a blockchain.

“Securities Act” means the Securities Act of 1933, as amended.

“Securitize Intellectual Property Rights” means the Intellectual Property Rights over all material contained on or available through the Platform and/or other Securitize Services, as well as any other Intellectual Property Rights held by Securitize prior to the date hereof.

“Services” means the provision of the Platform, related documentation, and any other specified services or deliverables required to be provided by Securitize (for itself or on behalf or through any of its Affiliates) under this Agreement as described in the Order Form.

“Service Level Agreement” or “SLA” has the meaning described in Exhibit B as attached hereto and incorporated by reference.

“Term” has the meaning described in Section 12.

“Territory” means the world, excluding those countries or parties subject to applicable prohibitions under U.S. export laws or in which the use of the Securitize Services would be prohibited or constrained.

GENERAL APPOINTMENT OF SECURITIZE AS TRANSFER AGENT.

Securitize is hereby appointed as the transfer agent for the issuance, transfer and registration of the Securities and to perform such other services related to the Securities as provided in this Agreement. If an Affiliate of Issuer is to issue the Securities, the Parties and such Affiliate shall enter into a Joinder Agreement to formally appoint Securitize as transfer agent for such Affiliate’s Securities and for such Affiliate to assume the obligations of an Issuer hereunder.

ISSUANCE OF SECURITIES.

Securitize is authorized and directed to issue Securities of the Issuer, including digital tokenized representations of the Securities on the blockchain, from time to time upon receiving from the Issuer all of the following:

3.1.

Written instructions as to the issuance of the Securities from an authorized officer of the Issuer.

3.2.

A certified copy of any order, consent, decree or other governmental authorization existing as of the date of issue of the Securities.

3.3.

An opinion of the Issuer’s counsel that (i) the Securities are duly authorized, validly issued, fully paid and nonassessable, (ii) the issuance of the Securities has been registered under the Securities Act (as amended), or, if exempt from registration, the basis of such exemption, and (iii) no order or consent of any governmental or regulatory authority other than that provided to Securitize is required in connection with the issuance of the Securities or, if no such order or consent is required, a statement to that effect. The opinion should also indicate whether it is necessary that the Securities be subject to transfer restrictions or a statement to the effect that all Securities to be issued are freely transferable upon presentation to Securitize for that purpose.

3.4.

Such further documents as Securitize may reasonably request.

REGISTRAR; TRANSFER OF SECURITIES.

4.1.

Securitize is authorized and directed to act as the official registrar of the Securities.

4.2.

Securitize is authorized and directed to make transfers of Securities from time to time upon the books of the Issuer as maintained by Securitize. Securities, in either certificated or book entry form (or other appropriate form of ownership), will be transferred or exchanged upon the surrender of the old Securities (or appropriate instructions in the case of noncertificated shares) in form reasonably deemed by Securitize to be properly endorsed for transfer, accompanied by such documents as Securitize may deem necessary to evidence the authority of the person making the transfer. Securitize reserves the right to refuse to transfer Securities until it has received reasonable assurance that each necessary endorsement is genuine and effective, that the transfer of the Securities is legally valid and genuine and that the requested transfer is otherwise legally in order. For that purpose, Securitize may require an acceptable guaranty of the signature of the person signing and appropriate assurance of authority to do so. Securitize may rely upon the Uniform Commercial Code, Applicable Law, and generally accepted industry practice in effecting transfers, or in delaying or refusing to effect transfers. Securitize may delay or refuse to process any transfer that in its reasonable judgment appears improper or unauthorized. If, on a transfer of a restricted item, Issuer counsel fails to issue an opinion or to provide adequate reasons therefore within a “reasonable” number of business days of a request to do so, Securitize is authorized, but not required, to process such transfer upon receipt of an appropriate opinion of presenter’s counsel.

4.3.

Securitize shall be fully protected and held harmless in recognizing and acting upon written instructions of an authorized officer of the Issuer.

4.4.

When Securitize deems it expedient it may apply to the Issuer, or counsel for the Issuer, or to its own counsel for instructions and advice; the Issuer will promptly furnish or will cause its counsel to furnish such instructions and advice, and, for any action taken in accordance with such instructions or advice, or in case such instructions and advice shall not be promptly furnished, the Issuer will indemnify and hold harmless Securitize from any and all liability, including reasonable attorney’s fees and court costs.

4.5.

The Issuer will at all times advise Securitize of any and all stop transfer notices or adverse claims lodged against Securities of the Issuer and further, will promptly notify Securitize when any such notices or claims have expired or been removed. Securitize is not otherwise responsible for stop transfer notices or adverse claims from either the Issuer or third parties unless it has received actual written notice.

[RESERVED]

PLATFORM SERVICES

Attached hereto as Exhibit A and Exhibit B are the exhibits executed by the Parties contemporaneously with this Agreement and incorporated herein by reference. Each Party will (directly or through its Affiliates or designated contractors provided however that delegation of any duty or obligation shall not relieve the Party of such duty or obligation) perform its duties and obligations in relation to such exhibits in a timely and professional manner consistent with industry standards. Issuer understands and agrees that delays or failure of Issuer or its representatives to deliver required content, information, instructions (including Issuer Instructions) or other materials reasonably requested by Securitize (collectively, “Issuer Materials”) in a timely manner will excuse Securitize from related performance requirements under this Agreement but only to the extent such delay materially caused or contributed to delays or disruption in the performance of Services. Without limiting the generality of the foregoing, Securitize reserves the right to prohibit transactions on the Platform until all Issuer Materials required by Securitize to perform such actions are provided, as determined in Securitize’s sole discretion. Unless otherwise specified in an exhibit, each Party is to bear its own costs and expenses of performance.

RIGHTS

7.1.

Ownership. Subject to the licenses specifically granted to Issuer herein, all right, title and interest in and to Securitize Intellectual Property Rights remain, as between the Parties, in and with Securitize and/or its suppliers. Subject to the licenses specifically granted to Securitize herein, all right, title and interest in and to Issuer Intellectual Property Rights remain, as between the Parties, in and with Issuer and/or its Affiliates.

7.2.

Limited License Grant. Securitize shall make available to Issuer the Securitize services that are specified in an Order Form (the “Securitize Services”). During the term of the applicable Order Form, and subject to the terms of this Agreement, Securitize grants to Issuer, and Issuer accepts from Securitize, a non-exclusive, non-transferable limited license, without a right to sublicense, in the Territory, to access the Platform solely for the purpose of preparing, facilitating and managing an offering and sale or issuance by Issuer of Securities (or such other similar transactions) as described in the applicable Order Form (the “Company Offering”). In addition, Securitize agrees that it will grant, in accordance with relevant Securitize documentation, to prospective investors solicited by Issuer or its agents who are interested in purchasing Securities in the Issuer’s offering (“Authorized Persons” and, together with Authorized Users, “Authorized Participants”) the right to access the Platform in order to utilize the Securitize Services for the benefit of Issuer. If, based on the reasonable determination of Securitize or Issuer, any Authorized Participant is using the Securitize Services in a manner that is prohibited by Securitize or otherwise inconsistent with the intended use of the Securitize Services (a “Prohibited Use”), in addition to any of its other rights or remedies, Securitize may, without liability to Issuer, suspend or limit the Issuer’s or such Authorized Participant’s access to the Securitize Services until such prohibited usage is fully remedied. Issuer shall use commercially reasonable efforts to provide Securitize notice of any Prohibited Use as soon as reasonably practicable after gaining knowledge thereof.

7.3.

Restrictions; No Reverse Engineering. Issuer shall not, and shall not knowingly allow any employee, agent, contractor, Affiliate, Authorized Participant, or others to (i) decompile, disassemble, or otherwise reverse engineer or attempt to reconstruct or discover any source code, underlying ideas, or interoperability interfaces of the Securitize Services by any means whatsoever; (ii) remove any product identification, copyright or other notices on the Securitize Services; (iii) provide, lease, lend, use for timesharing, service bureau, hosting purposes or otherwise use the Securitize Services to or for the benefit of third parties other than Issuer and its Affiliates; or (iv) modify, adapt, alter, translate or incorporate into or with other software or create a derivative work of any part of the Securitize Services.

7.4.

Issuer Smart Contract. Securitize hereby grants to Issuer, and Issuer accepts from Securitize, a royalty free, perpetual, irrevocable, worldwide, non-exclusive, non-transferable limited license, without a right to sublicense or create derivative works thereon, in the Territory, to Securitize’s Intellectual Property Rights included in, or forming part of, the Issuer Smart Contract. Issuer hereby assumes all prospective obligations, liabilities and duties attendant to the Issuer Smart Contract. The foregoing does not and is not intended to transfer or grant, and shall not otherwise affect in any way, ownership by Securitize of, or rights of Securitize in, any of Securitize’s Intellectual Property Rights or other proprietary rights, assets, content, products and services, and nothing in this Agreement shall be construed as the assignment or transfer of any ownership rights in any Intellectual Property Rights or other proprietary rights, assets, technology, content, products or services of Securitize and/or its Affiliates, including, without limitation, Securitize’s technology, software, ideas, know-how, or information, except for the limited license granted herein to the specific Issuer Smart Contract. Securitize hereby expressly reserves all of its rights not expressly granted to Issuer under of this Agreement, and nothing herein shall be construed as granting Issuer any rights in or to the Algorand blockchain. For the avoidance of doubt, Securitize shall have no obligation to update or maintain the Issuer Smart Contract, or to defend any third party claim arising or related to the Issuer Smart Contract or any liability arising out of or related to Issuer Smart Contract after the term of the applicable Order Form.

7.5.

Security and Access Policies.

7.5.1.

Platform Security. Securitize shall use commercially reasonable efforts consistent with industry standards to protect the physical security and electronic security of the Platform and other systems utilized to provide the Securitize Services, including but not limited to using up-to-date anti-virus, security and firewall technology commonly used in the industry. Issuer agrees that it, and shall ensure that its Affiliates and Authorized Participants, will not take actions that negatively affect the confidentiality, integrity, and availability of Securitize’s systems and information assets.

7.5.2.

Harmful Code. If either Party becomes aware that an unauthorized party has accessed Issuer Data, or Confidential Information, or that Harmful Code has infected a relevant network or system of such Party, then it shall notify the other Party as soon as reasonably practical, so the Parties can work together to mitigate any potential adverse effect and undertake any further steps that may be applicable or required by law. “Harmful Code” means computer instructions whose primary purpose or effect is to disrupt, damage or interfere with use of any computer or telecommunications facilities, including, without limitation, any automatic restraint, time-bomb, trap-door, virus, worm, Trojan horse, or other harmful code or instrumentality that will cause a system to cease to operate or to fail to conform to its specifications. Each Party shall take commercially reasonable precautions to avoid, prevent, stop, find and eliminate the spread of all Harmful Code on its hardware systems and networks.

7.5.3.

No Export. Issuer will, and ensure that its Affiliates and Authorized Participants will, not remove or export from the United States or re-export from anywhere any part of the Securitize Services or any direct product thereof to any prohibited country or party as specified by the export laws of the United States. Further, each Party warrants to the other that it, any of its Affiliates or Authorized Participants, is not on the United States’ prohibited party list and is not located in or a national resident of any country on the United States’ prohibited country list. The Issuer acknowledges and shall ensure that its Affiliates and Authorized Participants are aware that the Securitize Services contain encryption technology, export of which is subject to regulation by the U.S. and certain foreign jurisdictions.

7.5.4.

Limited Storage and Retrieval of Data. All Issuer Data including third party PII that is received, stored or otherwise maintained by Securitize and/or its Affiliates for Issuer pursuant to this Agreement shall be maintained in a secure hosting environment that, to Securitize’s knowledge, meets or exceeds industry standards.

FEES AND PAYMENT TERMS

8.1.

Fees. The fees charged by Securitize for the provision of the Services, and any other fees shall be set forth in the applicable Order Form and exhibits to this Agreement[, but will follow the agreed fee structure set forth on Exhibit A hereto.]¹

8.2.

Payment Terms. Fees are due and shall be paid upon Issuer’s receipt of the invoice unless otherwise specified in the Order Form and applicable exhibits. Payments from Issuer to Securitize will be made in U.S. dollars, electronically via wire transfers or ACH as specified on the invoice. Invoices may be delivered in any manner provided by Section 17 (“Notices”), and in addition may be delivered electronically by email or facsimile transmission. Issuer shall notify Securitize of any invoice dispute by email or facsimile transmission within five (5) days of receipt of invoice, and shall pay the undisputed portion of such invoice on or before the due date. The Parties shall work in good faith to resolve any disagreements over disputed amounts as quickly as reasonably possible, and in no event later than thirty (30) days after the date payment was originally due.

8.3.

Late payments. Any payment due that is not received by the due date will accrue interest at a rate of one percent (1%) per month, or the highest rate allowed by Applicable Law, whichever is lower. For the avoidance of doubt, interest on late payments due is in addition to any remedies allowed by Applicable Law.

TAXES

Issuer shall be responsible for the payment of any and all taxes applicable to the license and use of the Securitize Services under this Agreement (other than those based upon Securitize’s net income) including, without limitation, Issuer’s income, payroll, sales, VAT, use, gross receipts, real estate, personal property or other taxes imposed upon transactions under this Agreement (“Taxes”), and will indemnify and hold harmless Securitize for any loss or damage (including without limitation any penalties and interest) sustained because of Issuer’s failure to pay such taxes. If Securitize has the legal obligation to collect Taxes for which Issuer is responsible under this section, the appropriate amount shall be invoiced to and paid by Issuer upon notice and documentation (if any, within Securitize’s possession) by Securitize to Issuer unless Issuer provides Securitize with a valid tax exemption certificate authorized by the appropriate taxing authority.

10.

CONFIDENTIAL INFORMATION

10.1.

Generally. “Confidential Information” shall mean confidential or other non-public proprietary information that is disclosed by either Party to the other under this Agreement, including without limitation, software code and designs, hardware, product specifications and documentation, financial data, business, marketing and product plans, or technology, and Authorized Participant information (which includes, without limitation, any of the names, addresses, phone numbers, email addresses, and other PII relating to Authorized Participants).

10.2.

Obligations of Confidentiality. Each Party agrees that it and its Affiliates will hold in strict confidence and not disclose the Confidential Information of the other Party to any third party and to use the Confidential Information of the other Party for no purpose other than the purposes expressly permitted by this Agreement. Each Party shall only permit access to the other Party’s Confidential Information to those of its or its Affiliates’ employees, contractors and advisors, including the Authorized Participants, having a need to know and who have signed or are bound by confidentiality obligations or agreements containing terms at least as restrictive as those contained in this Agreement. Each Party shall maintain the confidentiality and prevent accidental or other loss or disclosure of any Confidential Information of the other Party with at least the same degree of care as it uses to protect its own Confidential Information, but in no event with less than reasonable care.

10.3.

Exclusions from Obligations. A Party’s obligations of confidentiality under this Agreement shall not apply to information which such Party can document the information (i) is in the public domain without the breach of any agreement or fiduciary duty or the violation of any law, (ii) was known to the Party prior to the time of disclosure without the breach of any agreement or fiduciary duty or the violation of any law, (iii) is proven by contemporaneous records to be independently developed by the Party prior to receiving such Confidential Information.

10.4.

Legally Required Disclosure. In the event either Party is required to disclose, pursuant to a judicial order, a requirement of a governmental agency or by operation of law, any Confidential Information provided to it by the other Party then such Party shall provide the other Party written notice of any such requirement immediately after learning of any such requirement, and take commercially reasonable measures at the other Party’s expense to avoid or limit disclosure under such requirements and to obtain confidential treatment or a protective order and allow the other Party to participate in the proceeding.

10.5.

Personally Identifiable Information. The Parties hereby acknowledge that each has a special responsibility under applicable data protection laws to keep personally identifiable information regarding Authorized Participants (“PII”) private and confidential. Securitize acknowledges that in no way shall it gain possession of any ownership or other proprietary rights with respect to Authorized Participant PII. Securitize agrees that it shall store and process the Authorized Participant PII in strict compliance with the terms of this Agreement and all applicable laws governing the use, collection, disclosure and storage of such information. In relation to the processing of EU Personal Data (each as defined in Exhibit [C][D]) in performing the Services, the Parties shall comply with the obligations set out in Exhibit [C][D]. Securitize shall only permit access to such data to those of its employees having a need to know and who have signed confidentiality agreements containing terms at least as restrictive as those contained in this Agreement, and Securitize further agrees that it shall not further disclose such information to any third party without the prior written consent of Issuer except to its legal counsel or as may be required by law.

10.6.

Storage of Data. All PII that is received, stored or otherwise maintained by Securitize for Issuer pursuant to this Agreement shall be maintained in a secure environment with physical, technical, and administrative information and data security safeguards that meet or exceed industry standards. Issuer is responsible for transmitting all PII and Issuer Confidential information to Securitize in encrypted or otherwise secure form if it is transmitted outside the normal operation of the Platform. In the event of a breach or suspected breach of security of any Securitize system, website, database, equipment or storage medium or facility that results or may have resulted in unauthorized access to any PII or any Issuer Confidential Information by any third party (including any employee, agent or subcontractor of Securitize that is not authorized to access such information) (collectively, a “Security Breach”), Securitize shall (i) notify Issuer within twenty four (24) hours of being informed of such breach of security, (ii) make commercially reasonable efforts to re-secure its systems immediately and remedy the Security Breach, (iii) cooperate with Issuer, at Securitize’s expense, to draft disclosures, press releases and other communication for Issuer to use with its customers, the public or government entities, and (iv) take any other remedial measures. In the event of a breach or suspected breach of security of any Issuer system, website, database, equipment or storage medium or facility that results or may have resulted in unauthorized access to any of Securitize’s Confidential Information by any third party, Issuer shall notify Securitize within twenty four (24) hours of being informed of such breach of security, and make commercially reasonable efforts to re-secure its systems immediately.

10.7.

Injunctive Relief. Each Party recognizes and acknowledges that any use or disclosure of the Confidential Information of the other Party in a manner inconsistent with the provisions of this Agreement will cause the other Party irreparable damage for which remedies at law may be inadequate. Accordingly, the non-breaching Party shall have the right to seek an immediate injunction in respect of any material breach of these confidentiality obligations to obtain such relief. Notwithstanding the foregoing, this paragraph shall not in any way limit the remedies in law or equity otherwise available to the non-breaching Party.

11.

FEEDBACK

Issuer may, during the term, provide Securitize with requests, suggestions and other feedback related to Issuer’s use of the Platform or Services, including, but not limited to, feedback in support requests. Such information, ideas, concepts, and feedback provided by Issuer to Securitize concerning the Platform, Services or any other Securitize products or services (“Feedback”) may be used by Securitize and/or its Affiliates in any manner and media to develop and improve the Platform and Services, and Issuer hereby grants to Securitize and Securitize’s Affiliates and successors and assigns a transferable, non-exclusive, royalty-free, irrevocable, perpetual, worldwide right and license to reproduce and use Feedback, in any manner and media, for any lawful purpose.

12.

Term and Termination.

12.1.

Term. The term of this Agreement (“Term”) shall commence upon the Effective Date and continue until this Agreement is terminated by mutual agreement of the Parties if there are no outstanding Order Forms or exhibits, or until it is terminated pursuant to Section 12.2.

12.2.

Termination.

12.2.1.

Termination for Cause. Either Party may cancel or terminate this Agreement or any Order Form by giving written notice if the other Party (a) becomes insolvent, unable to pay debts when due, or the subject of bankruptcy proceedings not terminated within thirty (30) days of any filing; or makes a general assignment for the benefit of creditors; or if a receiver is appointed for substantially all of its property; or (b) breaches or defaults on its undisputed payment obligations, and such breach or default remains uncured after ten (10) days; or (c) breaches or defaults on other material obligations under this Agreement and fails to cure the breach or default within sixty (60) days after receipt of written notice. Furthermore, Securitize may terminate this agreement at any time upon written notice if (i) Securitize determines in its sole discretion based on review of the Issuer Due Diligence Information that Issuer is not a suitable counterparty to this Agreement or (ii) it reasonably believes that Issuer intends to use the Platform to violate Offering Laws or Applicable Laws, or if Issuer intends to take other actions that would cause an offering by Issuer conducted pursuant to an Order Form to violate Offering Laws or other Applicable Laws.

12.2.2.

Disclaimer and Waiver. NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR COMPENSATION, REIMBURSEMENT OR DAMAGES ON ACCOUNT OF THE LOSS OF PROSPECTIVE REVENUE, INVESTMENT, PROFITS OR ANTICIPATED SALES OR ON ACCOUNT OF EXPENDITURES, INVESTMENTS, LEASES OR COMMITMENTS IN CONNECTION WITH THE BUSINESS OR GOODWILL OF SECURITIZE OR ISSUER BECAUSE OF TERMINATION OR EXPIRATION OF THIS AGREEMENT IN ACCORDANCE WITH ITS TERMS.

12.2.3.

Survival. The following provisions will survive any expiration or termination of the Agreement: Sections 1, 7.1, 7.2, 8.3, 9, 10, 11, 12.2.2, 12.2.3, 16-19, 21 and 22.

13.

INTELLECTUAL PROPERTY OWNERSHIP.

13.1.

Issuer Intellectual Property. Subject to the provisions of Section 11, neither this Agreement nor any provision herein transfers ownership from Issuer to Securitize of any Issuer Intellectual Property Rights of any kind whatsoever. Without limiting the generality of the foregoing, Issuer shall own and retain ownership of all Issuer Instructions and other Issuer Materials. Issuer hereby grants (for itself an on behalf of applicable Authorized Participants and Affiliates) to Securitize and Securitize’s Affiliates, successors and assigns a (i) transferable, non-exclusive, royalty-free, irrevocable, perpetual, worldwide right and license, under all Intellectual Property Rights of Issuer in and to Issuer Instructions and Issuer Data, to reproduce, create derivative works based on and otherwise use, in any manner and media, all Issuer Instructions and Issuer Data, to the extent any such Issuer Instructions and Issuer Data, or any derivative works based thereon, are expressed, implemented or otherwise incorporated in any manner in any Issuer Smart Contract, for any lawful purpose, and (ii) transferable, non-exclusive, royalty-free, irrevocable, worldwide right and license during the Term, under all Intellectual Property Rights of Issuer in and to Issuer Materials, to reproduce, create derivative works based on and otherwise use, in any manner and media, all Issuer Materials, for purposes of providing the Securitize Services.

13.2.

Securitize Intellectual Property. Subject to Issuer’s rights in all Feedback and Issuer Materials, all Securitize Intellectual Property Rights, unless otherwise indicated, are protected by applicable laws including, but not limited to, copyright, trade secret, and trademark laws, as well as other state, national, and international laws and regulations. Except as expressly provided herein, Securitize does not grant any express or implied right to Authorized Participants under any patent(s), copyright(s), trademark(s), or trade secret information or other Intellectual Property Rights. Accordingly, unauthorized use of any material contained on the Platform may violate copyright laws, trademark laws, trade secret laws, the laws of privacy and publicity, and other regulations and statutes.

14.

INDEMNIFICATION

14.1.

Reliance on Issuer. Securitize may conclusively rely and act or refuse to act without further investigation upon any list, instruction, certification, authorization, stock certificate or other communication, including electronic communication, instrument or paper believed by it in good faith to be genuine and unaltered, and to have been signed, countersigned or executed by any duly authorized person or persons, or upon the instruction of any officer of the Issuer, the Authorized Participants or the advice of counsel for the Issuer, or counsel for Securitize. Securitize may make any transfer or registration of ownership for such securities which is believed by it in good faith to have been duly authorized or may refuse to make any such transfer or registration if in good faith Securitize deems such refusal necessary in order to avoid any liability upon either the Issuer or itself. Issuer agrees that it shall, and ensure that its Authorized Participants shall, not knowingly give Securitize direction to take any action or refrain from taking any action, if implementing such direction would be a violation of applicable law or regulation. Issuer agrees that it shall, and ensure that its Authorized Participants shall, not direct Securitize to act in connection with the Securities if such action is subject to any restriction or prohibition on transfer to or from a securities intermediary in its capacity as such, and Securitize shall be protected in refusing to effect any such transfer. Securitize may conclusively and in good faith rely and act, or refuse to act, upon the records and information provided to it by or on behalf of the Issuer and its prior transfer agent or recordkeeper without independent review and shall have no responsibility or liability for the accuracy or inaccuracy of such records and information.

14.2.

Indemnification by Securitize. Securitize shall defend, indemnify and hold Issuer and Issuer’s Affiliates, and its and their officers, directors, managers, shareholders, members, employees, agents, representatives and successors and assigns (“Issuer Indemnitees”) harmless from and against any loss, liability, damage or expense (including, without limitation, reasonable attorney’s fees (collectively, “Losses”) to which Issuer Indemnitees may become subject based upon the existence of this Agreement, except those arising out of or otherwise related to (i) any failure or alleged failure of Issuer or any Issuer Affiliate to comply with any applicable law, which, for the avoidance of doubt, includes any Offering Laws; (ii) any material breach by Issuer of its obligations herein; (iii) the willful misconduct, bad faith or gross negligence of Issuer or its Affiliates; or (iv) Claims that any Issuer Data or other materials provided by Issuer to be included or hosted by Securitize infringe the Intellectual Property Rights or other rights of any third party.

14.3.

Indemnification by Issuer. Issuer shall defend, indemnify, and hold Securitize and its Affiliates, and its and their officers, directors, managers, shareholders, members, employees, representatives and successors and assigns (“Securitize Indemnitees”) harmless against any Losses to which Securitize Indemnitees may become subject based upon the provision of Services, the existence of this Agreement or the offering of Securities and any action or inaction related thereto, except those arising out of or otherwise related to: (i) the willful misconduct, bad faith or gross negligence of the Securitize Indemnitee, (ii) Securitize Indemnitee’s breach of Applicable Law or (iii) the Securitize Indemnitee’s material breach of this Agreement.

14.4.

Procedure. As an express condition to the indemnifying Party’s obligation under this Section 10, the Party seeking indemnification must: (a) promptly notify the indemnifying Party in writing of the applicable Claim for which indemnification is sought; (b) tender control of the defense to the indemnifying Party; and (c) provide the indemnifying Party with non-financial assistance, information, and authority reasonably required for the defense and settlement of such Claim. The indemnified Party may select its own counsel and participate in the defense of a Claim if it chooses to do so, but at its own expense. The indemnifying Party may settle any Claim, to the extent it seeks a money payment, with or without the consent of the indemnified Party providing the settlement is a full and complete settlement of all Claims against the indemnified Party and the indemnifying Party satisfies the settlement payment obligation. The indemnifying Party must obtain the indemnified Party’s prior written consent to any settlement to the extent it consents to injunctive relief or requires any admission of fault or any public statement or contains contract terms governing future activities that would materially affect the indemnified Party’s business or interests, said consent not to be unreasonably withheld, conditioned, or delayed.

15.

REPRESENTATIONS AND WARRANTIES

15.1.

Authorization and Enforceability. Each Party represents and warrants to the other Party that (a) it is duly organized, incorporated or established (as the case may be), and validly existing under the laws of its jurisdiction of organization, incorporation or establishment (as the case may be); (b) it has the legal power and authority to execute and deliver this Agreement; (c) the execution, delivery and performance of this Agreement by it have been duly authorized by all necessary actions and do not violate its organizational documents or any other material agreements to which it is a Party; and (d) this Agreement constitutes a legally valid and binding obligation of it enforceable against it in accordance with its terms, except as such enforcement may be limited by applicable law.

15.2.

Securitize Representations and Warranties. Securitize represents, warrants, and agrees that (a) it will perform the Services in compliance with all Applicable Laws, (b) it shall provide the Services in a professional and workmanlike manner, (c) the Services and the Platform do not knowingly infringe, violate or misappropriate the intellectual property rights of any third party, and (d) Securitize has the full right to provide Issuer with the Services as provided for herein.

15.3.

Issuer Representations and Warranties. Issuer represents, warrants and agrees that (a) its use of the Services and Platform by Authorized Participants complies and will comply with all Applicable Laws, including, for the avoidance of doubt, Offering Laws, and all applicable anti-bribery, anti-money laundering, customer due diligence, know your clients, and anti-terrorist laws and regulations, (B) it shall make any and all registrations, filings and pay any and all fees required by Offering Laws in connection with any Issuer Offering or the secondary trading of the Securities, (C) any Securities issued and outstanding on the date hereof have been duly authorized, validly issued and are fully paid and are non-assessable; and any Securities to be issued hereafter, when issued, shall have been duly authorized, validly issued and fully paid and will be non-assessable, (d) any Securities issued and outstanding on the date hereof have been duly registered under the Securities Act, and such registration has become effective, or are exempt from such registration; and have been duly registered under the Exchange), or are exempt from such registration, (e) any Securities to be issued hereafter, when issued, shall have been duly registered under the Securities Act, and such registration shall have become effective, or shall be exempt from such registration; and shall have been duly registered under the Exchange Act, or shall be exempt from such registration, and (f) Issuer has paid or caused to be paid all taxes, if any, that were payable upon or in respect of the original issuance of the Securities issued and outstanding on the date hereof.

15.4.

Disclaimer. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED HEREIN, SECURITIZE AND ITS SUPPLIERS EXPRESSLY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF NONINFRINGEMENT, TITLE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SECURITIZE MATERIALS ARE PROVIDED "AS IS" WITH ALL FAULTS. ISSUER AGREES THAT ALL RISK PERTAINING TO THE USE OF THE SECURITIZE SERVICES IS ASSUMED BY ISSUER ALONE. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY SECURITIZE OR ITS AFFILIATES, EMPLOYEES OR AGENTS WILL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF ANY WARRANTY PROVIDED HEREIN.

16.

LIMITATION OF LIABILITY

16.1.

EXCEPT FOR LIMITED INDEMNIFICATION OBLIGATIONS AS EXPRESSLY PROVIDED FOR IN SECTION 14, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY OR ITS SUPPLIERS BE LIABLE TO THE OTHER PARTY, OR ANY OTHER PERSON OR ENTITY, FOR ANY INDIRECT, INCIDENTAL, COVER, SPECIAL, STATUTORY, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR ANY FINES OR PENALTIES, OR ANY LOSS OF OR HARM TO PROFITS, ASSETS, OPPORTUNITIES, OR DATA WHATSOEVER, ARISING FROM OR RELATED TO THIS AGREEMENT OR ISSUER’S USE OR RELIANCE UPON THE SECURITIZE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF SUCH DAMAGES ARE FORESEEABLE AND A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ADDITION, SECURITIZE AND ITS AFFILIATES MAY CONSULT WITH COUNSEL AND ACCOUNTANTS IN RESPECT OF SECURITIZE’S AFFAIRS, INCLUDING, WITHOUT LIMITATION, WITH RESPECT TO OFFERING LAWS, AND BE FULLY PROTECTED AND JUSTIFIED IN ANY ACTION OR INACTION WHICH IS TAKEN IN GOOD FAITH AND IN ACCORDANCE WITH THE INFORMATION, REPORTS, STATEMENTS, ADVICE OR OPINION PROVIDED BY SUCH PERSONS, PROVIDED THAT THEY WERE SELECTED WITH REASONABLE CARE AND THE MATTER CONSULTED ON IS REASONABLY BELIEVED BY SECURITIZE AND ITS AFFILIATES TO BE WITHIN SUCH PERSONS’ PROFESSIONAL OR EXPERT COMPETENCE.

16.2.

EXCLUDING CLAIMS FOR FEES DUE PURSUANT TO SECTION 8.1 OF THIS AGREEMENT, AND INFRINGEMENT OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR A PARTY’S INDEMNIFICATION OBLIGATIONS PURSUANT TO SECTION 14, IN NO EVENT WILL SECURITIZE BE LIABLE TO ISSUER OR ANY OTHER PERSON OR ENTITY WHETHER UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR ANY OTHER LEGAL OR EQUITABLE THEORY FOR ANY AMOUNTS IN EXCESS OF THE LESSER OF ONE HUNDRED THOUSAND DOLLARS (US$100,000.00) OR THE TOTAL AMOUNTS PAID OR PAYABLE BY ISSUER TO SECURITIZE UNDER THIS AGREEMENT DURING THE PREVIOUS TWELVE (12) MONTHS.

16.3.

Allocation of Risk and Material Term. THE PROVISIONS OF THIS SECTION 16 ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES AND ARE AN INTRINSIC PART OF THE BARGAIN BETWEEN THE PARTIES. THE FEES PROVIDED FOR IN THIS AGREEMENT REFLECT THIS ALLOCATION OF RISKS AND THE LIMITATION OF LIABILITY AND SUCH LIMITATION WILL APPLY NOTWITHSTANDING A FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY AND TO THE FULLEST EXTENT PERMITTED BY LAW.

17.

GENERAL PROVISIONS

17.1.

Notices. All notices, demands, requests or other communications given under this Agreement shall be in writing and be given by personal delivery, certified mail, return receipt requested, or nationally recognized overnight courier service to the address set forth in the Order Form, or by electronic delivery to email or facsimile numbers as set forth in the Order Form, or to such address or email or facsimile numbers which have been subsequently designated by a Party by a notice made under this paragraph.

17.2.

Publicity. Either Party may disclose the existence of this Agreement including, without limitation, disclosure deemed reasonably necessary to comply with applicable law. Each Party will obtain the other Party’s prior written consent prior to any press release that references such Party or this Agreement. Notwithstanding the foregoing, the other terms and conditions of this Agreement remain the Confidential Information of both Parties.

17.3.

Independent Contractor Status; No Fiduciary Duties. It is expressly agreed and understood that Securitize (and any officer, director, employee, Affiliate, agent, or other representative of Securitize) is at all times acting as an independent contractor to Issuer, and is neither an employee, nor agent of or on behalf of, Issuer. Each Party specifically disclaims and waives the formation of any fiduciary relationship between them under or in relation to this Agreement and the Services. Issuer acknowledges and agrees that (i) Securitize is not a registered investment advisor nor a broker-dealer, (ii) Securitize is not providing any legal, tax, investment or marketing advice, (iii) no Authorized Person or any other person was or will be solicited by Securitize or will be referred by Securitize to any third party, (iv) Securitize has no role in effectuating or otherwise executing the sale or issuance of any Securities for Issuer and does not communicate with any Authorized Person or any other person regarding the suitability of an investment in Securities and (v) Securitize is not involved in the drafting or review of white papers or offering memoranda and in no event shall Securitize be liable to Issuer, to any Authorized Person or any other person for any losses arising out of any statements or omissions therein.

17.4.

No Waiver or Modification. This Agreement may not be amended, modified or terminated orally, and no amendment, modification, termination or attempted waiver of any of the provisions hereof shall be binding unless in writing and executed by authorized representatives of both Parties.

17.5.

Severability. Should any provision hereof be deemed, for any reason whatsoever, to be invalid or inoperative, such provision shall be deemed severable and shall not affect the force and validity of other provisions of this Agreement.

17.6.

Governing Law and Dispute Resolution by Arbitration. This Agreement shall be interpreted in accordance with the laws of the State of California, (excluding conflict of laws rules) as applied to agreements entered into and to be performed entirely within the State of California between California residents, without giving effect to any conflict of law principles that would require the application of the laws of a different jurisdiction. The U.N. Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. Any controversy or claim arising out of or relating to this contract, or the breach thereof, shall be determined by arbitration administered by the American Arbitration Association/International Centre for Dispute Resolution (xxx.xxx.xxx) in accordance with its Commercial Arbitration Rules (or International Arbitration Rules if applicable); the number of arbitrators shall be three, the place of arbitration shall be San Francisco, California, and the language of the arbitration shall be English. Each Party acknowledges that any actual or threatened breach of Section 10 may cause the other Party irreparable harm for which money damages may not be an adequate remedy, and that injunctive relief may be an appropriate remedy for such breach in arbitration and in any court of competent jurisdiction.

17.7.

Attorney’s Fees. In any action or proceeding to enforce rights or obligations under this Agreement, the substantially prevailing Party shall be entitled to recover in addition to any other costs or damages awarded, all reasonable costs, including, but not limited to expert witness’ fees and attorneys’ fees.

17.8.

Force Majeure. No failure, delay or default in performance of any obligation of either Securitize or Issuer, including without limitation, with respect to the Services or Platform, shall constitute an event of default or breach of this Agreement to the extent that such failure to perform, delay or default arises out of a cause, existing or future, that is beyond the control and without negligence of such Party, including, without limitation, action or inaction of governmental, civil or military authority, change in law, fire, strike, lockout or other labor dispute, flood, terrorist act, war, or riot, theft earthquake and other natural disaster. In addition, no failure, delay or default in performance of Securitize, including without limitation, with respect to the Services or Platform, shall constitute an event of default or breach of this Agreement to the extent that such failure to perform, delay or default arises out of a cause, existing or future, that is beyond the control and without negligence of Securitize, including, without limitation errors of implementation (e.g., “bugs” and classic coding errors), errors of design, and errors resulting from unexpected interaction of various code modules or systems, failures of such systems or equipment, interruptions in access to or the operations of such systems or equipment; loss of functionality of such systems or equipment; degradation or corruption of such systems or equipment; compromises in the security or integrity of such systems or equipment; loss of power to such systems or equipment; and other situations that adversely affect such systems or equipment, however caused or occurring. The Party affected by such cause shall take all reasonable actions to minimize the consequences of any such cause.

17.9.

Assignment. Either Party may assign this Agreement in connection with the sale of all, or substantially all, of its business (whether by merger, consolidation, transfer of control, sale of assets, operation of law or otherwise) upon not less than thirty (30) days written notice of such proposed sale and assignment to the other Party, provided that any proposed assignee assumes all rights and obligations of the assigning Party under the Agreement and is ready, willing and able to do so. Furthermore, Securitize may assign this Agreement without notice to any of its subsidiaries or affiliates. Any other attempt to assign this Agreement without prior written consent shall be null and void; provided that Securitize may perform any of the Services, and share fees received from Issuer with, subcontractors at its sole discretion, provided that such use of subcontractors shall not relieve Securitize of any of its obligations pursuant to this Agreement.

17.10.

Counterparts. This Agreement may be executed in counterparts, each of which is deemed to be an original and all of which together constitute one and the same agreement. Each Party may sign this Agreement using an electronic or handwritten signature, which are of equal effect, whether on original or electronic copies. Each copy of this Agreement bearing the facsimile transmitted signature of the authorized representatives of each of the Parties shall be deemed to be an original.

17.11.

Entire Agreement. The provisions herein constitute the entire agreement between the Parties and supersede all prior agreements, oral or written, and all other communications between the Parties, including any and all supplier or distribution agreements and purchase orders. No term or condition contained in any document provided by one party to the other Party pursuant to this Agreement shall be deemed to amend, modify, or supersede or take precedence over the terms and conditions contained herein; provided, however, that to the extent the terms and conditions of an exhibit under this Agreement may conflict, the exhibit shall control as to its subject matter.

[Signatures on next page]

IN WITNESS WHEREOF, the Parties acknowledge that each has fully read and understood this Agreement, and intending to be legally bound thereby, executed this Agreement on the date set forth below.

SECURITIZE LLC			HYGIENIC DRESS LEAGUE CORP.



By:			By:

Name:			Name:

Title:			Title:

Date:			Date:

EXHIBIT A: (“ORDER FORM”)

This Order Form is entered in entered into as of ____________, 2022 (“Order Form Effective Date”) in accordance with the terms of the PLATFORM SERVICES, TRANSFER AGENT AND REGISTRAR AGREEMENT entered into by SECURITIZE LLC (“Securitize”) and Hygienic Dress League Corp., a Delaware corporation (“Issuer”) dated ____________, 2021 (the “Agreement”). Any capitalized terms below not defined in the Order Form shall have the meanings set forth in the Agreement.

DESCRIPTION OF ISSUER OFFERING

600,000 shares of Class B Non-Voting Common Stock with a purchase price of $50.00 per share.

FEES

	Service	Description	Amount
Platform Fees Please Select Your Preferred Option
¨	Full-Service Transfer Agent	Enhanced Transfer Agent Services: · Payment Processing · Dividend Processing Issuer Management Dashboard Dashboard for issuer to manage investors, issuances, admin and transfer agent functions. (note: this is non-investor facing) Investor Dashboard Dashboard for individual investors to access issuer data, view their specific holdings (post issuance), transaction history, communicate with issuer and wallet/payout management.	Set up Fee: $2,500 Monthly Fees: 0-000 Xxxxxxxxx: $1,000/month 251-1000 Investors: $1,250/month 1001-2500 Investors: $1,500/month >2501 investors by appraisal Invoices to be sent by the 5^thof the month following the onboarding kickoff call with the Securitize Customer Success Team
¨	Tokenization / Securities Issuance	Creation and issuance of tokens on public or private blockchain	Issuance Fee: $10,000 + Applicable Gas Fees Due and payable at the time of issuance Any subsequent issuances will be billed at a rate of $7,500 Annual Licensing Fee: $10,000 *Due and payable on Order Form Effective Date and on anniversary of order effective date.

¨	KYC / AML	Know-your-customer (KYC) and Anti-Money Laundering checks during on-boarding of investors.	$7.50 per individual $50 per entity Invoices to be sent by the 5^thof the month following services
¨	Accreditation	Accreditation of USA investors, valid for 90 days	$50.00 per investor Invoices to be sent by the 5^thof the month following services
¨	Dividend Payment Distribution	Payments in Crypto and Fiat. Costs can be paid by issuer or investor based on issuer preference.	$3.00 per USA investor $12.00 per Non-US investor Due and payable upfront. Fees do not include any “Gas” fees for crypto payments.
¨	Yearly Tax Form Generation	Preparation of yearly tax forms for investors (1099-B, 1099-Div, 1099-Int, 1042-S). (When we handle payouts)	$7.00/yr/investor
¨	Craft Your Story	· Inside the Deal · CEO Video · Digital Marketing Creative · Launch Announcement	$25,000

¹Securitize may increase Monthly Service Fees annually, effective each anniversary of the Order Form Effective Date, upon thirty (30) days’ written notice from Securitize to Issuer, provided such adjustments collectively do not exceed a compounded growth rate of six percent (6%) per year. Any work or customization requests by the Issuer not explicitly described herein shall be subject to additional negotiation and fees. The Issuer shall be billed for such agreed fees, which shall be denoted in a supplemental Order Form, prior to beginning work on such requests.

Securitize will issue invoices for fees on the applicable Due Date referenced above. Invoices may be sent electronically and delivered to Issuer at:

Issuer:	Hygienic Dress League Corp.
ADDRESS:	000 Xxxx Xxxxx Xxxx. Xxxxxxx, XX 00000
PHONE:
ATTENTION:	Xxxxxx Xxx
EMAIL:	xxxxx@xxxxxxx.xx

ORDER FORM TERM AND RENEWAL.

This Order Form shall be effective on the Order Form Effective Date and shall terminate two (2) years from the Order Form Effective Date (the “Initial Term”) unless early terminated pursuant to the terms of the Agreement. This Order Form will automatically renew for subsequent one-year periods (each a “Renewal Term”) until either Party provides thirty (30) days’ prior written notice of its intent not to renew at the end of the Initial Term or any Renewal Term.

EXHIBIT B (“SERVICE LEVELS AND SUPPORT”)

Subject to the terms and conditions of the Agreement, Securitize and/or its Affiliates will make the Platform and the Securitize Services available to the Issuer subject to the following service level requirements and limitations commencing upon the Effective Date:

AVAILABILITY/UPTIME FOR THE SECURITIZE ENVIRONMENT

1.1.

Securitize Environment. The “Securitize Environment” consists of the servers, storage and networking hardware, operating systems, database management systems and operating systems, as well as computers owned by Securitize and those of its agents, that are required to be provided by Securitize to provide the Platform services to the Issuer.

1.2.

Issuer Environment. The “Issuer Environment” consists of Issuer’s or third party servers, storage and networking hardware, operating systems, Internet connectivity, database management systems and operating platforms and all application software, as well as computers owned by Issuer and those of its agents and Affiliates, that are required to be provided by the Issuer in relation to its authorized use of the Platform under the Agreement.

1.3.

SLA. The following is the Service Level Agreement (“SLA”) for the Platform:

1.3.1.

Scheduled Maintenance. Periodic maintenance on the servers and system elements that support the Securitize Environment, for purposes of system upgrades, maintenance, and backup procedures (“Scheduled Maintenance”) will be scheduled by Securitize. Primary hours of Securitize service level standard support operations are 24x7, less Scheduled Maintenance. Scheduled Maintenance up to two (2) days per month, between the hours of 11:00 p.m. and 3:00 a.m., Pacific Time, or on some other schedule as determined by Securitize. If emergency maintenance is needed to fix critical security vulnerabilities, Securitize will notify Issuer as soon as possible. The Issuer acknowledges that it may be necessary for Securitize to begin work and/or apply fixes prior to notification of Issuer. Notification of Scheduled Maintenance will be sent via email at least 7 days in advance. Notification of emergency maintenance will both be called into Issuer at and sent via email to the email address identified in the Order Form as soon as is technically feasible.

1.3.2.

Unscheduled Maintenance. The application of ad hoc updates to the Platform (“Updates”) will be scheduled by Securitize in the event it is necessary for such Updates to occur outside of the Scheduled Maintenance times (“Unscheduled Maintenance”). Notification of Unscheduled Maintenance will be sent via email to the email address identified in the Order Form at least 1 day in advance.

1.3.3.

Securitize Environment Service Level. In addition to Scheduled Maintenance and Unscheduled Maintenance, there may be events that from time to time will make the Securitize Environment not Available (as defined below) for a limited amount of time due to unforeseen software, hardware, network, power and/or Internet outages (“Unscheduled Downtime”). Notwithstanding anything herein to the contrary, Securitize shall have no liability for any failure to meet the Environment Performance Requirement set forth herein in the event that: (a) such failure is caused by independent, external circumstances that are not within the reasonable control of Securitize; (b) the outage condition is not directly caused by the Securitize Environment (e.g., outages caused by plant issues, operational or maintenance errors in Issuer Environment); or (c) the failure to implement any fixes, patches or other workarounds recommended by Securitize to Issuer to the extent the implementation of such fixes, patches or other workarounds are technically feasible and commercially practical.

1.3.4.

Securitize and/or its Affiliates will operate the Securitize Environment, as set forth below, to be Available and functioning within the relevant SLA defined herein, measured on a monthly basis (the “Environment Performance Requirement”). For the purposes of this SLA Addendum, “Available” means that the Securitize Environment is accessible based on SLA measurement techniques for ninety-nine and five tenths percent (99.5%) of the time 24 hours a day, seven days per week, excluding Scheduled Maintenance or any loss or interruption of services resulting from actions or inactions of Issuer, or their respective equipment or service providers. Actual availability percentage will be calculated with the following formula:

100% minus [((X) Total Unscheduled Downtime and Unscheduled Maintenance minutes in a month; divided by (Y) total minutes in said month); multiplied by (Z) 100%] = availability percentage

Uptime measurements are on fifteen minute intervals, utilizing Keynote UP5 measurements or another equivalent, technically feasible and commercially-reasonable measurement technique.

SUPPORT SERVICES

2.1.

Support Service Issues. Support service issues are grouped into the following four levels, in each case pertaining to issues that are caused by and in the sole control of Securitize, and excluding, for example, problems caused by Issuer or the Issuer Environment.

Service Level	Definition
P1	Severe problems with Platform resulting in complete work stoppage for a large number of users. No alternatives or work-around identified and work cannot continue.
P2	Critical issue which interferes with investors accessing the Platform or making an investment using the standard flow.
P3	Issue which interferes with a minor function of Platform but an acceptable work-around is in place.

2.2.

Securitize and/or its Affiliates will notify and respond to Issuer regarding a reported issue as soon as an issue is noted within the response times below:

Service Level	Target Response Times
P1	2 business hours
P2	4 business hours
P3	Within 7 business days

2.2.1.

Securitize and/or its Affiliates shall provide an update by email to a mutually agreed upon distribution list each hour in the case of P1 problems and every 4 hours in the case of P2 problems.

2.2.2.

The Issuer shall have direct access 24 hours per day, 7 days per week, 365 days per year, to Securitize or its Affiliates’ online technical support system to report any service issues. In the event of a failure in the case of P1, or in the case of P2 a multiple failure, on the part of Securitize to achieve target response times, Securitize will promptly apply additional technical resources to the problems, including without limitation, Securitize’s technical resources most knowledgeable about the problems. This addition of resource shall continue until all relevant technical resources have been applied and/or the relevant problem has been resolved. In such cases and at Issuer’s request, Securitize shall promptly supply Issuer with a list of all technical resources working to resolve the problem.

ISSUER OBLIGATIONS

3.1.

General; Compliance with Procedures. The Issuer shall at all times comply with Securitize’s policies, procedures and controls, as relevant.

3.2.

Issuance Size Notification. The Issuer shall at all times provide true and accurate information to Securitize concerning the Issuer’s authorized and outstanding securities. The Issuer must notify Securitize of any changes to the number of authorized and outstanding securities in writing at xxxxxxxxxx@xxxxxxxxxx.xx, or any other email address selected by Securitize, promptly after any change is made. Securitize shall have the right to restrict any follow on, secondary, or any increases of the Issuer’s outstanding securities in the event that the Issuer has failed to make adequate disclosure to investors or similar regulatory compliance issues.

3.3.

Control Affiliate Certification. Prior to the commencement of any issuance, Issuer shall provide a true and accurate list of all “affiliates” for purposes of Rule 144 of the Securities Act of 1933, as amended. Issuer shall provide Securitize with a quarterly update certificate, to be delivered within five (5) days of the end of each fiscal quarter, specifying whether there have been any changes to their previously provided affiliate list. Additionally, on an ongoing basis, Issuer shall promptly notify Securitize in writing when any new persons or entities attain affiliate status during a fiscal quarter.

3.4.

Lost, Stolen, or Unclaimed Securities. The Issuer shall promptly notify Securitize of any lost, stolen, unclaimed, or abandoned digital Securities and provide Securitize with written instructions as to the measures to be taken with respect to such lost, stolen, unclaimed, or abandoned digital securities. Securitize shall be entitled to demand recompense for the costs associated with replacing or reclaiming any digital securities, along with a separate indemnity from the Issuer. The Issuer shall comply with all state and federal laws governing and regulating the handling of lost, stolen, unclaimed or abandoned property. In particular, the Issuer shall send year-end statements to security holders to establish and maintain communications with security holders and avoid dormancy and Issuer shall send final escheatment notices to security holders to inform them of a potential transfer of the property to the state.

3.5.

Buy-in Responsibility. In the event of an issuance, resale or transfer of Securities that resulted from incorrect information regarding authorized and outstanding Securities provided by the Issuer or a failure by the Issuer to provide information necessary to implement a transfer or resale restriction (e.g., affiliate information), the Issuer agrees and acknowledges that Securitize and/or its Affiliates may buy-in the security to satisfy the obligations of the counterparty to the transfer or resale. In such cases, the Issuer agrees to satisfy the entire amount to buy-in the securities to accommodate the counterparty.

EXHIBIT C: NOT APPLICABLE

EXHIBIT D: DATA PROTECTION (EU DATA SUBJECTS)

Definitions

In this Exhibit D, the following terms shall have the meanings set out below. Capitalized terms used in this Exhibit D but not defined shall have the meaning set out in the Agreement.

“EU Data Subject” means an identified or identifiable natural person who is domiciled in the European Union.

“Data Subject Request” means a request made by an EU Data Subject to exercise any rights of data subjects under applicable EU Data Protection Laws.

“Delete” means the removal or obliteration of EU Personal Data such that it cannot be recovered or reconstructed.

“EU Data Protection Laws” means any applicable law regarding the processing, privacy and use of EU Personal Data including any laws and regulations of the European Union, the European Economic Area and their member states including the GDPR.

“EU Personal Data” means any personal data of an EU Data Subject as processed by Securitize or any Sub-Processor on behalf of the Issuer, pursuant to or in connection with the Agreement.

“GDPR” means the EU General Data Protection Regulation 2016/679.

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, EU Personal Data transmitted, stored or otherwise processed.

“Standard Contractual Clauses” means the Standard Contractual Clauses (processors) set out in Decision 2010/87/EC and included in Annex 4 to this Exhibit [C][D].

“Sub-Processor” means any person (including a third party) appointed by or on behalf Securitize to process EU Personal Data on behalf of the Issuer in connection with the Services.

“Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering applicable EU Data Protection Laws.

In this Exhibit D references to “controller”, “data subject”, “personal data”, “processor” and “processing” shall have the meanings ascribed to them in the GDPR and their cognate terms shall be construed accordingly.

Data Processing

2.1

The Parties acknowledge and agree that some or all of the Services to be provided by Securitize pursuant to this Agreement may involve Securitize processing EU Personal Data and that the Issuer will be a controller and Securitize will be the processor when processing such EU Personal Data pursuant to this Agreement.

2.2

Securitize shall:

(a)

comply with applicable EU Data Protection Laws when processing EU Personal Data; and

(b)

only process EU Personal Data in accordance with the Issuer's documented written instructions or as otherwise agreed in writing between the Parties, unless the processing is required by any applicable laws to which Securitize, or relevant Sub-Processor is subject.

2.3

The Issuer instructs and grants a general written authorization for Securitize (and authorizes Securitize to instruct each Sub-Processor) to process EU Personal Data and represents and warrants that it is and will at all times remain duly and effectively authorised to give the instruction set out in this paragraph 2.3 of this Exhibit D and have in place all fair processing notices and (where applicable) consent mechanisms for EU Data Subjects sufficient to ensure that all processing of EU Personal Data envisaged by this Agreement will be lawful.

2.4

Annex 1 to this Exhibit D sets out the scope, nature, purpose of the processing by Securitize the duration of the processing, the types of EU Personal Data and the categories of EU Data Subjects.

Technical and organisational measures and security

3.1

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Securitize shall implement and maintain, appropriate technical and organisational measures in relation to the processing of EU Personal Data by Securitize to ensure a level of security appropriate to that risk including, as appropriate, the measures referred to in applicable EU Data Protection Laws.

3.2

Securitize shall take reasonable steps to ensure that any employee, agent or contractor of Securitize or any Sub-Processor who may have access to EU Personal Data are subject to confidentiality undertakings or other contractual, professional or statutory obligations of confidentiality.

Sub-Processors

4.1

The Issuer authorizes Securitize to appoint (and permits each Sub-Processor appointed in accordance with this paragraph 4 to appoint) Sub-Processors in accordance with this paragraph 4.

4.2

Securitize may continue to use those Sub-Processors already engaged by Securitize as at the date of this Agreement including Amazon Web Services.

4.3

Securitize shall give the Issuer notice of the appointment of any new Sub-Processor. If, within ten (10) business days of receipt of that notice, the Issuer notifies Securitize in writing of any objections (on reasonable grounds) to the proposed appointment, Securitize shall not appoint that proposed Sub-Processor until reasonable steps have been taken to address the objections raised by the Issuer and the Issuer has been provided with a reasonable written explanation of the steps taken. Where Securitize is unable to address the objections raised by the Issuer, notwithstanding any other provisions in this document, either Party may by written notice to the other Party with immediate effect terminate this Agreement.

EU Data Subject rights

Securitize shall:

(a)

notify the Issuer without undue delay if it receives a Data Subject Request in respect of any EU Personal Data; and

(b)

use commercially reasonable efforts to assist the Issuer in dealing with any Data Subject Requests.

Data protection impact assessment and audit

6.1

Securitize shall provide commercially reasonable assistance to the Issuer with any data protection impact assessments, and prior consultations with Supervisory Authorities which the Issuer reasonably considers to be required by Article 35 or 36 of the GDPR in each case solely in relation to processing of EU Personal Data by Securitize and taking into account the nature of the processing and information available to Securitize.

6.2

The Issuer agrees to exercise its right to conduct an audit or inspection under EU Data Protection Laws by instructing Securitize or its Sub-Processors to carry out the audit described in paragraph 6.3 (below). If the Issuer wishes to change this instruction regarding audit, then the Issuer has the right to request a change to this instruction by sending Securitize a written notice as provided in clause 17.1 of the Agreement.

6.3

Securitize and its Sub-Processors verify the adequacy of its technical and organisational security measures by performing an audit at least once annually.

Incident and breach notification

Securitize, on becoming aware of a Personal Data Breach shall:

(a)

notify the Issuer without undue delay of the occurrence of such Personal Data Breach; and

(b)

provide the Issuer with sufficient information as is reasonably available to allow the Issuer to meet any of its obligations to report a Personal Data Breach or to inform EU Data Subjects under applicable EU Data Protection laws.

Deletion or Return of Personal Data

8.1

Subject to paragraph 8.2 of this Exhibit [C][D], Securitize shall on receipt of a written request from the Issuer upon termination of the Services:

(a)

return a complete copy of all EU Personal Data it and each Sub-Processor has in current possession, to the Issuer by secure file transfer; and /or

(b)

Delete and procure the Deletion of all copies of EU Personal Data held by itself and any Sub-Processor.

8.2

Notwithstanding paragraph 8.1 of this Exhibit [C][D], the Parties agree that Securitize and each Sub-Processor may retain EU Personal Data to the extent required by and for such period as required by applicable laws.

Transfer outside the European Economic Area

9.1

Each of Securitize (as “data importer”) and the Issuer (as “data exporter”) hereby enter into these Standard Contractual Clauses in connection with any transfer of EU Personal Data where an appropriate safeguard is to be implemented in accordance with Article 46 of the GDPR.

Annex 1 to Exhibit D

This Annex 1 includes certain details of the processing of EU Personal Data as required by Article 28(3) of the GDPR.

Subject Matter of processing	The performance of the Services under this Agreement.
Duration of processing	The processing shall continue until the later of: the Agreement being terminated in accordance with its terms and any notice period or transition period prescribed by Agreement having expired; and Securitize no longer being subject to an applicable legal or regulatory requirement to continue to store the EU Personal Data.
Nature and purpose of processing	The processing is being conducted in order to facilitate the performance of the Services.
Types of EU Personal Data	Issuer Data
Categories of EU Data Subject	Authorized Participants
Obligations and rights of the Issuer (as controller)	As set out in this Agreement.

Annex 2 to Exhibit D

Population of Appendix 1 of the Standard Contractual Clauses

Data exporter

The data exporter is Security Token Market

Data importer

The data importer is Securitize LLC.

Data subjects

The personal data transferred concern the following categories of data subjects:

This section is deemed to be populated with the content of the section headed "Categories of Data Subject" in Annex 1 to this Exhibit D.

Categories of data

The personal data transferred concern the following categories of data:

This section is deemed to be populated with the content of the section headed "Types of Personal Data" in Annex 1 to this Exhibit D.

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data:

No special categories of EU Personal Data are processed.

Processing operations

The personal data transferred will be subject to the following basic processing activities:

The processing operations are processing of personal data as necessary to provide the Services as set out in the Agreement.

Annex 3 to Exhibit D

Technical and Organizational Measures

1.1

The technical and organizational measures (the “Measures”) set out within clause 7.5 of this Agreement shall apply wherever EU Personal Data is processed by Securitize (i.e. whether processing is undertaken the EEA or elsewhere), unless otherwise expressly stated and agreed between the Parties in writing.

1.2

The Measures shall be deemed to populate Appendix 2 of the Standard Contractual Clauses.

Annex 4 to Exhibit D

Standard Contractual Clauses (processors) set out in Decision 2010/87/EC

1. DEFINITIONS

For the purposes of the Clauses:

(a) personal data, special categories of data, process/processing, controller, processor, data subject and supervisory authority shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1);

(b) the data exporter means the controller who transfers the personal data;

(c) the data importer means the processor who agrees to receive from the data exporter personal data intended for processing on its behalf after the transfer in accordance with its instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) the sub-processor means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with its instructions, the terms of the Clauses and the terms of the written subcontract;

(e) the applicable data protection law means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) technical and organizational security measures means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

2. DETAILS OF THE TRANSFER

The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex A which forms an integral part of the Clauses.

3. THIRD-PARTY BENEFICIARY CLAUSE

The data subject can enforce against the data exporter this Clause 3, Clause 4(b) to Clause 4(i), Clause 5(a) to Clause 5(e) and Clause 5(g) to Clause 5(j), Xxxxxx 6.1 and Xxxxxx 6.2, Xxxxxx 7, Xxxxxx 8.2 and Clause 9 to Clause 12 as third-party beneficiary.

The data subject can enforce against the data importer this Clause, Clause 5(a) to Clause 5(e) and Clause 5(g), Clause 6, Clause 7, Clause 8.2 and Clause 9 to Clause 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3.1 The data subject can enforce against the sub-processor this Clause 3.1, Clause 5(a) to Clause 5(e) and Clause 5(g), Clause 6, Clause 7, Clause 8.2, and Clause 9 to Clause 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

4. OBLIGATIONS OF THE DATA EXPORTER

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Annex B to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Annex B and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subjects as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to Clause 4(i).

5. OBLIGATIONS OF THE DATA IMPORTER

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organizational security measures specified in Annex B before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

(ii) any accidental or unauthorized access; and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Annex B which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11; and

(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

6. LIABILITY

6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

6.2 If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or its sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

6.3 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

7. MEDIATION AND JURISDICTION

7.1 The data importer agrees that if the data subject invokes against its third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

8. COOPERATION WITH SUPERVISORY AUTHORITIES

8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

9. GOVERNING LAW

The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely ....................................................................................

10. VARIATION OF THE CONTRACT

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.

11. SUB-PROCESSING

11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.

11.2 The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

11.3 The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely ...........................................

11.4 The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

12. OBLIGATION AFTER THE TERMINATION OF PERSONAL DATA PROCESSING SERVICES

12.1 The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

12.2 The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

Document Metadata

Table of Contents

Platform Services, Transfer Agent and Registrar Agreement

Document Metadata