Exhibit 10.19

Contract ID: 925719

Google Cloud Marketplace Vendor Agreement

This Google Cloud Marketplace Vendor Agreement (“Agreement”) is effective as of the Effective Date and is entered into by Google and Vendor.

“Vendor”	Full legal name:	mCloud Technologies (USA) Inc.
	Place of formation:	Delaware
	Postal address:	580 California St
		San Francisco, California 94104-1000
		United States
	Notification Email Address:	tino.lanza@mcloudcorp.com
“Google”	Full legal name: Place of formation: Postal address:	Google LLC Delaware 1600 Amphitheatre Parkway Mountain View, California 94043 Attn: Legal Department
“Effective Date”	The date of the last signature.
“Term”	Commencing on the Effective Date and continuing until terminated.

1. Definitions

1.1 “Affiliate” means an entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party.

1.2 “Applicable Laws” means all applicable laws, rules, regulations or orders of any jurisdiction, including those relating to data privacy, data transfer, international communications or the export of technical or personal data.

1.3 “Brand Features” means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party, respectively, as owned (or licensed) by such party from time to time.

1.4 “Control” means control of greater than 50% of the voting rights or equity interests of a party.

1.5 “Customer(s)” means any person or entity who purchases, acquires, or deploys Products from the Store. All references to ‘Customer(s)’ in the Agreement will be deemed to include ‘Resold Customer(s)’, where the context dictates.

1.6 “Customer Charges” means the charges for Customers’ purchase and use of Products from the Store, which may be subscription based or based on metrics determined by Google, for example usage.

1.7 “EULA” means Vendor’s end user license agreement applicable to a Product.

1.8 “Excluded Charges” means the charges (a) that arise through any fraudulent or invalid means (as determined by Google in its reasonable discretion), including the fraudulent use of credit cards or other means of payment; (b) that are subject to chargebacks, reversals, adjustments or rejections, whether by a bank, Customer action or otherwise, including related fees; (c) for Customer’s use of GCP; or (d) for Google’s or its Affiliates’ use of the Products in (i) its operation of the Store, including for developing and testing the Store and addressing and assessing Customer issues; or (ii) in connection with marketing, including, demonstrating Products to prospective customers and use by sales personnel for education regarding the Product.

1.9 “GCP” means the services that comprise the Google Cloud Platform at https://cloud.google.com/cloud/services or such other URL as Google may determine (including any associated APIs).

1.10 “GCP Reseller(s)” means an authorized reseller and/or supplier of GCP, including resellers and/or suppliers purchasing GCP via a Google authorized distributor for onward resale.

1.11 “Google” means the entity specified in the information table above.

1.12 “Google-Provided Data” means information relating to a Customer that Google provides or makes available to Vendor.

1.13 “including” means including but not limited to.

1.14 “Marketplace Data” means, collectively, Google-Provided Data and Vendor-Collected Data.

1.15 “Open Source Material(s)” means any materials that are available under an open source license, including those licenses identified by the Open Source Initiative at https://opensource.org/licenses/alphabetical, that are included or used in any of the Products.

1.16 “Payment Account” means the Vendor-owned payment account approved by Google and set up by Vendor through the Google vendor management system located at the following URL: https://console.cloud.google.com/partner/payments or such other URL as Google may determine.

1.17 “Product(s)” means the Vendor software or services identified by Vendor and approved by Google for listing in the Store (and any related Brand Features).

1.18 “Reseller Agreement” means the written agreement under which Google has appointed GCP Reseller as a reseller and/or supplier of GCP under the Google channel partner program.

1.19 “Resold Customer(s)” means an entity to whom a GCP Reseller is permitted to resell GCP under the Reseller Agreement.

1.20 “Rev Split Base” means the Customer Charges collected by Google minus any Taxes, foreign exchange costs, and Excluded Charges.

1.21 “Revenue Split” means 97% of the Rev Split Base.

1.22 “Store” means “GCP Marketplace”, “Google Cloud Launcher”, “Google Cloud Marketplace”, or other GCP online marketplace operated by Google, which allows the procurement or deployment by customers of software or services.

1.23 “Tax(es)” means all applicable taxes, except for taxes based on either party’s net income, net worth, employment, or assets (including personal and real property).

1.24 “Third Party Material(s)” means any materials not owned solely by Vendor or Google that are included, incorporated or used in any of the Products.

1.25 “UBB Products” has the meaning described in Attachment B.

1.26 “Vendor” means the person or entity specified in the information table above who is registered with and approved by Google for listing of software or services via the Store in accordance with the terms of this Agreement.

1.27 “Vendor Account” means an account issued by Google to Vendor that enables the listing of Products via the Store.

1.28 “Vendor-Collected Data” means any information, content or data that Vendor obtains directly from Customer in connection with providing a Product.

1.29 “Vendor Console” means the console or other online tool that may be provided by Google to Vendor to manage administrative functions related to the Store.

1.30 “Vendor GCP Agreement” means the agreement under which Google or its Affiliate has agreed to provide GCP to Vendor.

2. Provision of Products

2.1 Listing Requirements. Google will display and make Products available for procurement, purchase, deployment, and use (as applicable) by Customers. In order for Products to be available via the Store, Vendor will: (a) accept this Agreement and the Vendor GCP Agreement; (b) have a Vendor Account and Payment Account in good standing; (c) comply with Section 7.5.4 (Third Party Materials and Open Source), and (d) provide complete and accurate information to Google in the Vendor Console (or otherwise requested by Google). Vendor will (i) ensure that all non-container-based Products run or are deployed on, as applicable, GCP infrastructure and (ii) upon Google’s request, verify to Google, through the provision of supporting documentation, that all such Products purchased by Customers run on GCP.

2.2 Merchant of Record. The parties agree that Google is the merchant of record relative to the business contemplated by this Agreement. If Google is not deemed to be the “merchant of record”, “seller of record”, or other equivalent for the sale of any Product in any jurisdiction, then Vendor will be merchant of record for that jurisdiction and Product, and Vendor agrees that Google is assisting Vendor as Vendor’s authorized and disclosed agent and is acting on Vendor’s behalf under this Agreement with Vendor as merchant of record.

2.3 Marketing. The parties will work together on a marketing plan.

3. Payments and Pricing.

3.1 Payment Terms.

3.1.1 Payments. Subject to Section 3.1.2 (Minimum Payment), Google will, on or before the last business day of each calendar month during the Term of this Agreement, pay Vendor the Revenue Split for the previous calendar month. All payments of the Revenue Split will be made directly to the Payment Account. Payments will be transferred by the ACH Network (or by other means determined by Google).

3.1.2 Minimum Payment. Google will not be obligated to make a payment to Vendor under Section 3.1.1 (Payments) if the Revenue Split at the time to be paid is less than $100.00 USD or foreign currency equivalent. Such unpaid Revenue Split will carry over and be included in the Revenue Split for the following calendar month.

3.1.3 Conditions. Upon the termination of this Agreement and any applicable Wind Down Period that follows, Google will pay any remaining Revenue Split to Vendor within 90 days after termination. In no event will Google be obligated to make payments for any balance less than $1.00 USD or foreign currency equivalent. Google is not responsible for any delay, inaccuracy or non-payment caused by incorrect or incomplete information provided by Vendor or a bank, or for failure of a bank to credit Vendor’s account for the correct amount.

3.2 Pricing. Google will set the price for Products based on a Google defined billing structure.

3.3 Reports. On a monthly basis during the Term, Google will provide Vendor with reports of Customer Charges in the form generally made available to other Store vendors. Google’s measurement of the usage metrics is final.

3.4 Refunds to Customers. Google may provide Customers a partial or full refund of Customer Charges if the Customer requests the refund and Google determines that the refund should be given. Customer refunds may be exclusive of taxes previously included in Customer Charges.

3.5 Right to Offset Payment. Google may withhold payments for, offset against payments due, or require Vendor to pay to Google within 60 days of receipt of a related invoice from Google for, any amounts that are or were (a) subject to billing disputes for Products, except in cases when Google reasonably determines that the Customer initiating the dispute has an abnormal dispute history, (b) an Excluded Charge under Section 1.8(a) or (b); (c) based on Customer Charges for Products that are not delivered to the Customer, for example due to termination of the Agreement or take down or modification of the Products; (d) refunded in accordance with Section 3.4; or (e) overpaid by Google to Vendor in prior periods whether as a result of miscalculation by Google or Vendor or otherwise.

3.6 Fraud. Vendor will not, and will not authorize or encourage any third party to directly or indirectly purchase or otherwise obtain access to the Store through (a) any automated, deceptive, fraudulent or other invalid means, (b) the use of robots or other automated query tools or computer-generated search requests, or (c) the fraudulent use of software or credit cards. Vendor will cooperate with Google in any investigation of any of the above circumstances, regardless of whether encouraged, authorized, or perpetrated by Vendor or not.

3.7 Taxes. If Vendor is legally obligated to collect transaction Taxes, Vendor will notify Google of this requirement and state each Tax as a separate line item on an invoice to Google. Google will be required to pay transaction Tax only on receipt of a tax invoice that meets all of the relevant tax authority’s requirements (to allow Google to obtain relief from such Tax if available). Google will pay Taxes separately on the Revenue Split, unless Google provides Vendor with a valid tax exemption certificate. If Google is obligated to withhold any Taxes from the Revenue Split, Google will pay the Revenue Split net of the withheld amounts. Google will provide Vendor with sufficient evidence of such Tax payments withheld on behalf of Vendor to allow Vendor to apply for a refund of the withheld Tax if available.

4. Support

4.1 Vendor Support of Customers. Vendor will provide and maintain complete and up to date information in the Vendor Console. Such information, including Vendor contact information, may be made available to Customers and other users of the Store. Customers will be instructed to contact Vendor concerning any defects or performance issues related to Products. Vendor will be solely responsible for, and Google will have no responsibility for handling support and maintenance of Products or any complaints about Products. Vendor’s response to Customer support inquiries should be no less urgent, inclusive or responsive than the response Vendor offers or provides to similarly situated customers outside of the Store. Google may direct Customers to Vendor to complete setup of Products. If Vendor offers direct management of its Products through Vendor’s own systems, Vendor will support such system and make it available to Customers on substantially similar terms and with substantially similar capabilities as it does for customers outside of the Store. Google will support Customer issues related to GCP.

4.2 Product Updates and Patches.

4.2.1 Vendor will update, or will provide Google with updates to, as applicable, Products in the Store within five days of release of those updates to the public (or through any other online marketplace) and within 24 hours if those updates include critical security patches, as determined by Google.

4.2.2 If Google requests a critical security matter be patched, Vendor will respond to Google within 24 hours of such request with either a resolution or a written resolution plan, contact information for person(s) managing the resolution, and the estimated time for delivery of a resolution. Google may choose to hide or prohibit access to any Product until Vendor provides any security patch determined necessary by Google.

4.2.3 Failure to provide the information, support, or updates for Products described in this Section 4.2 (Product Updates and Patches) may result in consequences including less prominent Product exposure or placement in the Store, removal of the Product from the Store, or Google’s termination of this Agreement.

4.3 Redeployments. So long as Customers pay the applicable, required Customer Charges, Customers are allowed unlimited deployments of each deployable Product.

5. Vendor Responsibilities

5.1 Authorized Purpose. Vendor will use the Store only for purposes that are permitted by (a) this Agreement, and (b) any Applicable Law.

5.2 Prohibited Actions. Vendor will not engage in any activity with the Store that interferes with, disrupts, damages, or accesses in an unauthorized manner the devices, servers, networks, or other properties or services of Google; Google’s Affiliates; or any third party, including GCP users, Store users, or any network operator.

5.3 Vendor Responsibility for Products. Vendor is solely responsible for (and Google has no responsibility to Vendor or any third party for) (a) any Products, including their interaction with the Store, Store APIs, or GCP; or (b) the consequences of any Vendor actions (including any loss or damage which Google may suffer) related to the Products, including with respect to Vendor’s use of the Store, Store APIs, or GCP, except to the extent resulting solely from an unforeseeable malfunction (e.g., a bug) of the Store, Store APIs, or GCP. Except as described in this Agreement, Vendor has no responsibility for the Store.

5.4 Vendor Responsibility for Breach. Vendor is solely responsible for (and Google has no responsibility to Vendor or any third party for) any breach by Vendor of its obligations under this Agreement, any applicable third-party contract or terms of service between Vendor and its Customer(s), or any Applicable Law.

5.5 Product Display. Google may use and publish performance measurements for Products, such as uninstall or refund rates. Google may display Products to Customers in a manner determined by Google.

5.6 Product Information. Vendor will be responsible for providing Google with all information and materials necessary to sell and deploy the Products via the Store, including accurate and complete Product information and support information for Customer. Google may immediately hide, prohibit access to, or remove any Products from the Store if Vendor fails to comply with this Section 5.6 (Product Information).

5.7 Restricted Content and Store Use. Google may upon 30 days prior notice impose generally applicable Vendor Use Policies (“VUP”) related to Product content and Vendor’s use of the Store. Google will email Vendor if it imposes any VUP, and the VUP will be binding on Vendor on the date stated in the email notice to Vendor.

5.8 Public Storage. Vendor understands that container based Products may be available from a public location, and as such, a third party who is not a Customer may be able to access, including download, and use such Product. Vendor acknowledges that Google and its Affiliates are not responsible for any access, including download, or use of the Product by such third party.

5.9 Security and Privacy.

5.9.1 Marketplace Data. Vendor will Process (as defined in Attachment D) any Marketplace Data solely in accordance with (a) the applicable EULA, (b) a clear, conspicuous and legally compliant privacy policy and, where applicable, consents from Customer’s end users; and (c) Applicable Laws. Without limiting the foregoing, Vendor may Process (as defined in Attachment D) Marketplace Data as necessary to provide the Product to Customer and for other purposes for which the Customer has provided express authorization. The terms of the EULA and privacy policy will not limit Vendor’s obligations under this Agreement.

5.9.2 Google-Provided Data. Without limiting Section 5.9.1 (Marketplace Data), Vendor will comply with Attachment D (Data Protection Addendum) in its Processing (as defined in Attachment D) of any personal information contained in the Google-Provided Data.

5.9.3 Security. Vendor will use industry-standard technical, administrative and physical security measures to protect the security and privacy of all Marketplace Data.

5.9.4 Security Incidents. Without limiting any breach or incident reporting obligations in Attachment D (Data Processing Addendum), Vendor will immediately notify Google of any Security Incident and provide necessary information and documentation about the Security Incident and Vendor’s compliance with this Section 5.9 (Security and Privacy). Vendor will use all reasonable efforts to assist Google in investigating and remediating the Security Incident and mitigating its effects. Vendor must obtain Google’s approval for any Security Incident notifications to Customers that refer directly or indirectly to Google. As used in this Section 5.9.4, “Security Incident” means an actual or reasonable degree of certainty of unauthorized use, destruction, loss, control, alteration, acquisition, exfiltration, theft, retention, disclosure of, or access to, Marketplace Data for which Vendor is responsible. Security Incidents do not include unsuccessful access attempts or attacks that do not compromise the confidentiality, integrity, or availability of Marketplace Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

6. License Grants

6.1 Products.

6.1.1 Grant to Google. Vendor grants to Google a non-exclusive, worldwide, and royalty-free (except for payment of Revenue Split by Google) license to distribute, deploy, reproduce, perform, display, configure, and use the Products in connection with (a) a Customer’s use and deployment of the Product, (b) the operation and marketing of the Store, and (c) the marketing of GCP products and services that interact with the Products.

6.1.2 Limitations. Except for the license rights granted by Vendor in Section 6 (License Grants) Google obtains no right, title or interest from Vendor (or its licensors) under this Agreement to any of the Products.

6.1.3 Customer License. Vendor will grant Customers a non-exclusive, worldwide, royalty-free, license to use the Product. Vendor will provide Google (in a manner and format specified by Google) with theEULA for the Product. If Vendor provides the EULA via a URL link, Vendor will ensure that the link is functional and points to the EULA. In no event will Vendor’s EULA limit Google’s or Customers’ rights under, or described in, this Agreement or any Customer facing terms of service for the Store. Vendor will comply with its obligations in the EULA.

6.1.4 Reseller Grant to Google. Vendor grants to Google a non-exclusive, worldwide, and royalty-free (except for payment of Revenue Split by Google) license to sell the Products to GCP Resellers in connection with GCP Resellers’ resale of the Products to Resold Customers. The license granted herein includes the right to grant a limited, non-exclusive, worldwide, royalty-free sublicense to GCP Resellers to use and display Vendor Brand Features in connection with GCP Resellers’ marketing, distribution and resale of the Products to Resold Customers.

6.2 Brand Features.

6.2.1 Ownership. Google and Vendor each owns all right, title and interest, including all intellectual property rights, in its own Brand Features. Except as expressly provided in this Section 6.2 (Brand Features) neither party grants any right, title or interest in any Brand Features of the other party. Except as expressly stated in Section 6.2.3 (Store Brand Features) nothing in this Agreement gives Vendor a right to use any of Google’s Brand Features. Any use of a party’s Brand Features will inure to the benefit of the party holding intellectual property rights to those Brand Features.

6.2.2 Vendor Brand Features. Vendor grants to Google a limited, non- exclusive, worldwide, royalty-free license to use and display Vendor Brand Features (a) in connection with the marketing, distribution and sale of the Product through the Store and its availability for use on GCP, including by including Vendor’s name or Brand Features in online or in promotional materials for the Store and verbally referencing Vendor as a provider of the Products, or (b) as otherwise necessary to exercise Google’s or its Affiliates’ rights under this Agreement. If a Product is removed from the Store, Google and its Affiliates will stop using the Brand Features associated solely with the discontinued Products, except as necessary to allow Google to effectuate the Wind Down Period.

6.2.3 Store Brand Features. Google grants to Vendor a limited, non-exclusive, worldwide, royalty-free license to use the Store Brand Features for the Term of this Agreement solely for marketing purposes specifically related to the Store with the prior approval of Google and in accordance with Google’s trademark guidelines located at http://www.google.com/permissions/guidelines.html.

7. Vendor Representations & Warranties

7.1 Anti-Bribery. Vendor represents and warrants that it will comply with all applicable commercial and public anti-bribery laws, including the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act of 2010, which prohibit corrupt offers of anything of value, either directly or indirectly to anyone, including Government Officials, to obtain or keep business or to secure any other improper commercial advantage. “Government Officials” include any government employee; candidate for public office; and employee of government-owned or government-controlled companies, public international organizations, and political parties. Furthermore, Vendor will not make any facilitation payments, which are payments to induce officials to perform routine functions they are otherwise obligated to perform. Vendor will use commercially reasonable and good faith efforts to comply with Google’s due diligence process, including providing requested information.

7.2 Discrimination. Vendor represents and warrants that it is an equal-opportunity employer and does not discriminate on the basis of age, race, creed, color, religion, sex, sexual orientation, gender identity, national origin, disability, marital or veteran status, or any other basis that is prohibited by Applicable Law.

7.3 Equal Employment Opportunities. Because Google is an equal employment opportunity employer and a U.S. federal contractor or subcontractor, Vendor warrants that it will, to the extent applicable, comply with the requirements of 41 CFR 60-1.4(a), 41 CFR 60-300.5(a), and 41 CFR 60-741.5(a), all of which are incorporated into this Agreement by reference. These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. As applicable, Vendor will also abide by the requirements of Executive Order 13496 (29 CFR Part 471, Appendix A to Subpart A), relating to the notice of employee rights under federal labor laws.

7.4 Employment; Occupational Health and Safety. Vendor represents and warrants that it will comply with all other applicable employment and occupational health and safety laws and regulations.

7.5 Product Representations and Warranties.

7.5.1 Applicable Law. In connection with the Agreement, Vendor represents and warrants that Vendor and the Products comply and will comply with Applicable Laws.

7.5.2 Rights and Infringement. Vendor represents and warrants that Vendor owns or has valid and enforceable licenses to the intellectual property, including patent, trademark, trade secret, copyright and other proprietary rights, in and to the Products to allow their sale and distribution in the Store and use by Customer. Vendor represents and warrants that the Product does not violate any person’s rights, including intellectual property, privacy, and security rights. If Vendor reasonably determines, or becomes aware of any allegation that any Product, its use, sale or distribution, infringes the intellectual property of any individual or entity, Vendor will notify Google immediately.

7.5.3 Viruses. Vendor also represents and warrants that Products do not include any viruses, spyware, Trojan horses, or other malicious code of any kind.

7.5.4 Third Party Materials and Open Source.

a. If Vendor makes use of Third Party Materials or Open Source Materials, Vendor represents and warrants that Vendor has the right to distribute the Third Party Material or Open Source Material. Vendor further represents and warrants that, as of each Product’s listing via the Store, Vendor has provided in writing to Google the names and license information for all Open Source Materials.

b. Vendor will comply with, and will cooperate in any manner necessary (as determined by Google) to assist Google in complying with, any obligations contained in any licenses related to Third Party Material or Open Source Material. Vendor will not include or use any material licensed under AGPL or SSPL. To the extent required by the applicable license and/or for Open Source Material licensed under GPL, LGPL, or MPL, Vendor will include a .zip file within the Product of the full source code and license terms for such Open Source Material and any third party component or library to which such is linked or with which it is distributed.

c. Vendor will notify Google by email to external-opensource-licensing@google.com, with a copy to cloud-partners@google.com, of any Open Source Materials. Vendor will make such notification before or when Vendor submits or identifies potential Products to Google for consideration, and in all cases before Products are made available through the Store. Vendor will not cause to be listed on the Store any software or service that is not a Product. Google retains the right to reject a Product because of Open Source Material or Third Party Material on any grounds.

8. DISCLAIMER OF WARRANTIES

8.1 STORE. VENDOR’S USE OF THE STORE IS AT VENDOR’S SOLE RISK. THE STORE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND.

8.2 MATERIALS. VENDOR’S USE OF ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE STORE IS AT VENDOR’S OWN RISK, AND VENDOR IS SOLELY RESPONSIBLE FOR ANY DAMAGE TO VENDOR’S COMPUTER SYSTEMS, SOFTWARE, NETWORK OR OTHER PROPERTY, OR LOSS OF ANY DATA THAT RESULTS FROM SUCH USE.

8.3 DISCLAIMER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GOOGLE AND ITS AFFILIATES FURTHER DISCLAIM ALL WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

9. Confidential Information

9.1 “Confidential Information” means information that one party (or an Affiliate) discloses to the other party under this Agreement, and that is marked as confidential or would normally be considered confidential information under the circumstances. It does not include information that was independently developed by the recipient, is or becomes public through no fault of the recipient, or is rightfully known by the recipient without confidentiality obligations. The terms of this Agreement are Confidential Information.

9.2 Duty. The recipient will not disclose the discloser’s Confidential Information, except to employees, Affiliates, contractors, agents, or professional advisors (“Delegates”) who need to know it and who have a legal obligation to keep it confidential. The recipient will use the discloser’s Confidential Information only to exercise rights and fulfill obligations under this Agreement, and will ensure that such people and entities use the discloser’s Confidential Information only to exercise rights and fulfill obligations under this Agreement while using reasonable care to protect the Confidential Information. The recipient will ensure that its Delegates are also subject to the same non-disclosure and use obligations. The recipient may disclose Confidential Information when required by Applicable Law after giving reasonable notice to the discloser, if permitted by Applicable Law.

9.3 Return. Upon termination of this Agreement, and if requested by a party, the other party will use commercially reasonable efforts to return or destroy all Confidential Information of such requesting party.

10. Product Takedowns.

10.1 Removal by Vendor. Vendor may remove any Product from the Store at any time by providing Google with (a) at least 30 days prior notice and (b) a transition or migration plan for Customers. All such removed Products are subject to the obligations in Section 12.5 (Wind Down).

10.2 Removal by Google. While Google is not obligated to monitor the Products or their content, if Google is notified by Vendor, becomes aware, or determines that a Product or Vendor Brand Feature: (a) violates the intellectual property rights or any other rights of Google or any third party; (b) violates any Applicable Law or is subject to an injunction; (c) is pornographic, obscene or otherwise violates Store policies or other terms of service as may be updated by Google from time to time; (d) may create liability for Google; (e) is deemed by Google to have a virus or to be malware, spyware or other malicious code; (f) violates this Agreement (g) is impacting the integrity of Google’s or Customer’s network or servers (e.g., Customers are unable to access the Product or otherwise experience difficulty); (h) is not meeting acceptable standards, including based on performance measurements such as uninstall and/or refund rates, as determined solely by Google; or (i) in the case of UBB Products, is the subject of repeated errors in Metrics calculation or measurement, Google may immediately hide, prohibit access to, or remove the Product from the Store. Google may hide, prohibit access to, or remove any Product from or bar any vendor from the Store at any time.

10.3 Cure. Google will use commercially reasonable efforts to provide 7 days’ notice to Vendor instructing Vendor to cure its failures before Google removes a Product from the Store unless the agreement is terminated or in Google’s opinion the provision of such notice is restricted by Applicable Law or would otherwise harm Google, or such failure is not reasonably capable of cure.

11. Vendor Account Credentials

Vendor is responsible for maintaining the confidentiality of any Vendor Account credentials. Vendor will be solely responsible for all actions related to its credentials, including all Products that are distributed through the Store. Google may limit the number of Vendor Accounts issued to Vendor.

12. Term and Termination

12.1 Term. This Agreement will start on the Effective Date and continue for the Term.

12.2 Termination for Convenience. Either party may terminate this Agreement on 30 days prior notice.

12.3 Termination by Google. Under the following circumstances Google may immediately terminate this Agreement if, in Google’s opinion, the provision of notice under Section 12.2 (Termination for Convenience) is restricted by Applicable Law; would otherwise harm Google, Vendor or Customers; or such circumstance is not reasonably capable of cure:

12.3.1 Vendor has breached any provision of this Agreement or another agreement with Google;

12.3.2 Google is required to do so by Applicable Law;

12.3.3 Vendor has a Product that violates any Applicable Law;

12.3.4 Vendor ceases to have a Vendor Account and Payment Account in good standing; or

12.3.5 Google no longer provides the Store.

12.4 Effects of Termination.

12.4.1 Subject to Section 12.5 (Wind Down) as applicable, upon termination of this Agreement: (a) all Products will be removed from the Store; and (b) Vendor must cease Vendor’s use of any Vendor Account credentials except as needed to fulfill Vendor’s obligations during the Wind Down Period.

12.4.2 Survival. All terms of this Agreement will remain valid and enforceable, as applicable with respect to the removed Product, during any Wind Down Period. The obligations in Sections 3.4 (Refunds to Customers), 3.5 (Right to Offset Payment), 5.9 (Security and Privacy), 8 (Disclaimer of Warranties), 9 (Confidential Information), 12.5 (Wind Down), 13 (Limitations of Liability), 14 (Indemnification) and 16 (General Legal Terms), and any remaining payment obligations under this Agreement will survive any expiration or termination of this Agreement.

12.5 Wind Down.

12.5.1 Except where prohibited by law and unless otherwise requested by Google, when a Product is removed from the Store (due to termination of the Agreement or otherwise), a wind down period will apply as to any such Products that were purchased by Customers prior to the date of removal (“Wind Down Products”), starting from the date the Product was removed and ending on the later of (a) six months after such date and (b) the date that the last Customer subscription term for such Wind Down Product expires or terminates (the “Wind Down Period”). Notwithstanding the preceding sentence, (i) the Wind Down Period will not apply if Google terminates the Agreement pursuant to Section 12.3, (ii) Google may terminate the Wind Down Period if any of the circumstances set forth in Section 12.3 occurs during the Wind Down Period, (iii) Google may terminate an individual Customer’s subscription for a Wind Down Product upon the Customer’s request, and (iv) the parties may mutually agree to terminate the Wind Down Period prior to its expiration. If the Wind Down Period is terminated early pursuant to this Section 12.5.1, Google may provide a full or partial refund to Customers who prepaid fees for the affected Wind Down Products pursuant to Section 3.4.

12.5.2 Subject to Section 12.5.3, during the Wind Down Period, the terms of the Agreement will continue to apply as to all Wind Down Products, including the following: (a) Vendor will continue to allow the procurement and deployment of Wind Down Products via the Store by existing Customers for such Products and will continue to support any such Products, in each case in accordance with the terms of this Agreement; and (b) all licenses granted under this Agreement with respect to any Wind Down Products will continue in full force and effect.

12.5.3 During the Wind Down Period, the listing for the removed Product will be removed from the Store, and users of the Store who have not already acquired the Product may not acquire or deploy the removed Product through the Store.

12.5.4 After the Wind Down Period expires, no user of the Store may acquire or deploy the removed Product through the Store. Google will have no responsibility or liability to Customer or Vendor for any Customer’s use of the Product after the end of the Wind Down Period.

13. LIABILITY

13.1 Definition. “LIABILITY” MEANS ANY LIABILITY, WHETHER UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, REGARDLESS OF WHETHER FORESEEABLE OR CONTEMPLATED BY THE PARTIES.

13.2 Limited Liabilities.

13.2.1 TO THE EXTENT PERMITTED BY APPLICABLE LAW AND SUBJECT TO SECTION 13.3 (UNLIMITED LIABILITIES), NEITHER PARTY WILL HAVE ANY LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT FOR ANY

(A) INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES; OR

(B) LOST REVENUES, PROFITS, SAVINGS, OR GOODWILL.

13.2.2 EACH PARTY’S TOTAL LIABILITY FOR DAMAGES PER INCIDENT ARISING OUT OF OR RELATING TO THIS AGREEMENT IS LIMITED TO THE GREATER OF $15 THOUSAND OR THE TOTAL CUSTOMER CHARGES FOR THE 12 MONTH PERIOD BEFORE THE INCIDENT GIVING RISE TO LIABILITY.

13.3 Unlimited Liabilities. NOTHING IN THIS AGREEMENT EXCLUDES OR LIMITS EITHER PARTY’S LIABILITY FOR:

(A) DEATH, PERSONAL INJURY, OR TANGIBLE PERSONAL PROPERTY DAMAGE RESULTING FROM ITS NEGLIGENCE OR THE NEGLIGENCE OF ITS EMPLOYEES OR AGENTS;

(B) ITS FRAUD OR FRAUDULENT MISREPRESENTATION;

(C) ITS BREACH OF SECTIONS 5.9 (SECURITY AND PRIVACY), 7.5 (PRODUCT REPRESENTATIONS AND WARRANTIES), OR 9, (CONFIDENTIAL INFORMATION);

(D) ITS OBLIGATIONS UNDER SECTION 14 (INDEMNIFICATION);

(E) ITS INFRINGEMENT OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS; OR

(F) MATTERS FOR WHICH LIABILITY CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

14. Indemnification

14.1 Indemnity. To the maximum extent permitted by Applicable Law, Vendor will defend and indemnify Google, its Affiliates and their respective directors, officers, employees, agents and Customers against any and all losses, liabilities, damages, costs, fees (including legal fees) and expenses relating to any third-party allegation or third-party legal proceeding arising from or related to: (a) the procurement and deployment of Product via the Store, including any claims of violation of Applicable Law or the violation of the privacy or security rights of any Customers or other third parties, but not including anything to the extent arising out of or accruing solely from the Store and its design, (b) Vendor’s use of the Store or any Marketplace Data, (c) any Product infringing any copyright, trademark, trade secret, trade dress, patent or other intellectual property right of any person or defames any person or violates a person’s rights of publicity or privacy, or (d) Vendor’s breach of any Vendor warranty under this Agreement.

14.2 Remedies. If an injunction preventing continued use of Products is threatened or granted, Vendor will do the following at its sole expense: (a) procure the right to continue providing the Products in compliance with this Agreement; (b) modify the Products to make them non-infringing; or (c) remove the affected Product under Section 10.1 (Removal by Vendor).

14.3 Exclusions. The indemnity provided by Vendor under this Agreement does not extend to claims to the extent arising solely from breach by Google of its material obligations hereunder.

15. Modifications to the Agreement

Google may make changes to this Agreement from time to time. Google will provide at least 30 days’ advance notice before the change becomes effective. If Vendor does not agree to the revised Agreement, Vendor should within 30 days of the notice (a) notify Google of its rejection of the modifications in total, (b) terminate this Agreement under Section 12.2 (Termination for Convenience), and (c) stop using the Store. So long as Vendor timely and properly rejects the modifications in total and terminates the Agreement, then the terms of the Agreement before the notified modification will continue to apply, including during any Wind Down Period.

16. General Legal Terms

16.1 Notices. Google will provide notices under the Agreement to the Vendor by sending an email to the Notification Email Address. Vendor will provide notices under the Agreement to Google by sending an email to legal-notices@google.com. Notice will be treated as received when the email is sent. Vendor is responsible for keeping its Notification Email Address current throughout the term.

16.2 Emails. The parties may use emails to satisfy written approval and consent requirements under the Agreement.

16.3 Assignment. Neither party may assign the Agreement without the written consent of the other, except to an Affiliate where (a) the assignee has agreed in writing to be bound by the terms of this Agreement, (b) the assigning party has notified the other party of the assignment, and (c) if the Vendor is the assigning party, the assignee is established in the same country as Vendor. Any other attempt to assign is void.

16.4 Change of Control. If a party experiences a change of Control other than an internal restructuring or reorganization, then (a) that party will give written notice to the other party within 30 days after the change of Control (such notice to include the identity of the acquiring or successor party) and (b) the other party may immediately terminate this Agreement any time within 30 days after it receives that written notice.

16.5 Other User Rights & Subcontracting. Google may use Affiliates, consultants, and other contractors in connection with its performance of obligations and exercise of rights under this Agreement. These Affiliates, consultants, and contractors will be subject to the same obligations as Google. Either party may subcontract any of its obligations under this Agreement, but will remain liable for all subcontracted obligations and its subcontractor’s acts or omissions.

16.6 Force Majeure. Neither party will be liable for failure or delay in performance of its obligations to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.

16.7 No Agency. The Agreement does not create any agency, partnership, or joint venture between the parties.

16.8 No Waiver. Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.

16.9 No Third-Party Beneficiaries. This Agreement does not confer any benefits on any third party unless it expressly states that it does.

16.10 Counterparts. The parties may execute this Agreement in counterparts, including facsimile, PDF, and other electronic copies, which taken together will constitute one instrument.

16.11 Amendments. Any amendment must be in writing. Except for amendments made under Section 15 (Modifications to the Agreement), any amendment must also be signed by both parties and expressly state that it is amending this Agreement.

16.12 Independent Development. Nothing in the Agreement will be construed to limit or restrict either party from independently developing, providing, or acquiring any materials, services, products, programs, or technology that are similar to the subject of the Agreement, provided that the party does not breach its obligations under the Agreement in doing so.

16.13 Entire Agreement. This Agreement states all terms agreed between the parties relating to its subject matter, and completely replaces any prior agreements between Vendor and Google in relation to the subject matter of the Agreement. If any Products have been listed in the Store before the Effective Date, then, as of the Effective Date, such Products will be governed by this Agreement. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation or warranty (whether made negligently or innocently), except those expressly stated in this Agreement.

16.14 Severability. If any term (or part of a term) of this Agreement is invalid, illegal or unenforceable, the rest of this Agreement will remain in effect.

16.15 Equitable Relief. Nothing in the Agreement will limit either party’s ability to seek equitable relief.

16.16 EXPORT RESTRICTIONS. PRODUCTS MAY BE SUBJECT TO UNITED STATES EXPORT LAWS AND REGULATIONS. VENDOR WILL COMPLY WITH ALL APPLICABLE EXPORT AND RE-EXPORT LAWS AND REGULATIONS, INCLUDING (a) THE EXPORT ADMINISTRATION REGULATIONS (“EAR”) MAINTAINED BY THE U.S. DEPARTMENT OF COMMERCE, (b) TRADE AND ECONOMIC SANCTIONS MAINTAINED BY THE U.S. TREASURY DEPARTMENT’S OFFICE OF FOREIGN ASSETS CONTROL, AND (c) THE INTERNATIONAL TRAFFIC IN ARMS REGULATIONS (“ITAR”) MAINTAINED BY THE U.S. DEPARTMENT OF STATE. VENDOR WILL PROVIDE GOOGLE WITH ALL ACCURATE INFORMATION NEEDED TO COMPLY WITH ALL APPLICABLE EXPORT CONTROL LAWS RELATED TO THE DISTRIBUTION OF PRODUCTS IN THE STORE.

16.17 Conflicting Languages. If this Agreement is translated into any other language, and there is a discrepancy between the English text and the translated text, the English text will govern.

16.18 Governing Law. All claims arising out of or relating to the Agreement will be governed by California law, excluding that state’s conflict of laws rules, and will be litigated exclusively in the federal or state courts of Santa Clara County, California; the parties consent to personal jurisdiction in those courts.

16.19 Electronic Signatures. The parties consent to electronic signature.

16.20 Headers. Headings and captions used in the Agreement are for reference purposes only and will not have any effect on the interpretation of the Agreement.

Signed by the parties’ authorized representatives on the dates below.

Vendor
By:	/s/ Costantino Lanza
Name:	Costantino Lanza
Title:	Chief Growth Officer
Date:	12-Oct-2022

Google LLC
By:	/s/ Philipp Schindler
Name:	Philipp Schindler
Title:	Authorized Signatory
Date:	12-Oct-2022
MVA v2.7

Attachment A

BYOL RIDER

This BYOL Rider (“Attachment A”) applies to all BYOL Products offered as Products.

1. Order of Precedence. This Attachment A is part of the Agreement. The terms of Attachment A apply to BYOL Products only. For BYOL Products, the terms of this Attachment A prevail over any other, conflicting terms in the remainder of the Agreement.

2. Definitions.

a. “BYOL Products” means a bring-your-own-license Product(s) (also known as BYOL) for which a Customer obtains the right to deploy and enable in the Store using a Product license key that is separately provisioned or purchased outside of the Store.

3. Updated Terms.

a. Vendor will describe all BYOL Products as BYOL in the Store and to Google. Vendor will not make a BYOL Product available through the Store unless Vendor has made a non-BYOL Product available through the Store.

b. All BYOL Products are offered without a charge to Customer through the Store and without any revenue sharing with Google. Google has no obligation to track usage or collect payments from Customers with respect to BYOL Products.

c. For all BYOL Products, the following terms in the Agreement do not apply:

i. All of Section 1.6 (Customer Charges);

ii. All of Section 1.16 (Payment Account), as well as the phrase “and Payment Account” from Sections 2.1(b) and 12.3.4;

iii. All of Section 1.21 (Revenue Split), as well as the phrase “(except for payment of Revenue Split by Google)” from Section 6.1.1;

iv. All of Section 2.2 (Merchant of Record);

v. All of Section 3 (Pricing and Payments), other than Section 3.6 (Fraud); and

vi. The phrase “So long as Customers pay the applicable, required Customer Charges” in the first sentence of Section 4.3 (Redeployments).

d. Any calculations using “Customer Charges” or “Revenue Split” in the remainder of the Agreement will use “$0” as the Customer Charge for purposes of all BYOL Product-related obligations or liabilities.

4. Vendor is responsible for all BYOL Product related activities, including, provisioning a temporary or free trial Product license, requiring a redirection to purchase a BYOL Product license, and all BYOL Product error handling.

5. To offer BYOL Products, Vendor will ensure that all related BYOL functionality is operational for Customers.

6. Vendor specifically acknowledges and agrees for all BYOL Products that Google will not provide Vendor with any Customer information or any analytics.

Attachment B

USAGE BASED BILLING RIDER

This Usage Based Billing Rider (“Attachment B”) applies to all UBB Products offered as Products.

1. Order of Precedence. This Attachment B is part of the Agreement. The terms of Attachment B apply to UBB Products only. For UBB Products, the terms of this Attachment B prevail over any other, conflicting terms in the remainder of the Agreement.

2. Definitions.

a. “Metric Unit(s)” means one or more of the following: (i) for time, seconds, (ii) for data, bytes, (iii) for storage, byte-seconds, or (iv) for count, integers.

b. “Metrics” means the measure of the consumption of a Resource in Metric Unit(s).

c. “Reporting Cycle” means the period of time and frequency for which the Metrics of a UBB Product are reported to Google. The Reporting Cycle must be no less frequent than once per hour.

d. “Resource” means one or more of the following: (i) time, (ii) data, (iii) storage, or (iv) count.

e. “UBB Order” means each individual order for a UBB Product.

f. “UBB Product” means a consumption Product offered by Vendor in the Store and under a usage based pricing model for which a Customer obtains the right from Google to deploy and enable, with such Product’s usage metrics tracked by the Product, Vendor, or Vendor’s agent(s) rather than Google.

3. Usage.

a. Product-Specific Metrics and Reporting Cycle. Prior to Vendor listing a UBB Product in the Store, Google and Vendor will determine which Metric Units and Reporting Cycle to apply to that UBB Product.

b. Reporting. For each Reporting Cycle during the Term plus any applicable Wind Down Period, and for one Reporting Cycle that follows, Vendor will provide to Google accurate and complete Metrics of each UBB Product for the previous Reporting Cycle, broken down by Customer and, if applicable, UBB Order. Vendor will provide Metrics in a format chosen by Google, and using the service control system and protocols established by Google, in each case as Google communicates to Vendor and which may be updated from time to time by Google at its discretion. Vendor acknowledges that reported Metrics will be used by Google for billing Customers, making it critical that Vendor provide Metrics free of errors or omissions.

c. Error Correction.

i. Vendor Discovered. During the Term plus any applicable Wind Down Period, and for 90 days thereafter, Vendor will monitor its Metrics collection, calculation and reporting system and if Vendor discovers any tampering of or errors in such Metrics system, or has reason to believe that a Metric may have been unreported to Google or that a Metric previously reported to Google may have been inaccurate, Vendor will promptly notify Google of this circumstance, including all relevant details, and keep Google fully apprised of Vendor’s findings as to the root cause of the issue, the correction, and any recalculation made necessary as a result of this circumstance. As necessary, Vendor will issue a new report with revised Metrics.

ii. Google or Customer Discovered. If at any time Google or a Customer reasonably believes that a Metric reported to Google by Vendor or to Customer by Google may have been inaccurate, Google will notify Vendor of this circumstance, including all relevant details. Once Google disputes any Metrics, the parties will confer and determine what adjustments, if any, are necessary.

iii. Google’s determination in the case of disputed Metrics is final.

d. Credit. Vendor will not issue credits directly to Customers for use of UBB Products in the Store. Subject to the obligations of Section 3(c) (Error Correction) of this Attachment B, if Vendor believes that any Customers qualify for a usage credit or other credits for overcharges as determined in good faith by Vendor, Vendor will share this with Google so that Google may directly apply any valid credit. Vendor will not modify the Metrics to account for such credit or report Metrics to Google that are negative. The minimum reportable Metric is ZERO.

4. Applicability.

a. Customer Charges. Customer Charges do not include, and no Revenue Split will be due on, any payments due or made for (i) any UBB Product usage which has not been properly and timely reported under Section 3(b) (Reporting) of this Attachment B or (ii) Metrics for which Google has required a correction (e.g., faulty or broken reporting).

Attachment C

INDIRECT LISTINGS RIDER

1. Application; Order of Precedence. This Indirect Listings Rider is part of the Agreement and governs all Indirect Listings and Indirect Products. The terms of Indirect Listings Rider apply to Indirect Listings and Indirect Products only. For Indirect Listings and Indirect Products, the terms of this Indirect Listings Rider prevail over any conflicting terms in the remainder of the Agreement.

2. Definitions.

a. “Indirect Customer” means a customer who purchases or licenses an Indirect Product after being directed to the Vendor’s website or other online property from an Indirect Listing.

b. “Indirect Listing” means a listing for a Product in the Store, which listing directs potential customers for such Products to a website or other online property operated by Vendor where such potential customers can complete the purchase or license of the Product directly from the Vendor.

c. “Indirect Product” means a Product featured in an Indirect Listing.

3. Updated Terms.

a. Procurement from the Vendor. Notwithstanding anything to the contrary in the Agreement, Indirect Customers purchase or license Indirect Products directly from the Vendor, and Google will have no contractual relationship with Indirect Customers with respect to their purchase or license of an Indirect Product.

b. Updated Terms.

i. Clause (a) of Section 14.1 is amended to read as follows: (a) the Product;

c. Inapplicable Terms. The following clauses and sections of the Agreement do not apply to Indirect Listings or Indirect Products: clause (c) of 2.1; 2.2; 3; 4.2; 4.3; 5.5; 6.1; 7.5.4; clause (b) of 10.1; and 12.5.

d. Applicability of Remainder of Agreement. Any terms of the Agreement not referenced in clause (b) or (c) of this Section 3 (Updated Terms) (“Applicable Terms”), will apply to Indirect Listings and Indirect Products. Any references to “Products” or “Customers” in the Applicable Terms will be deemed to mean “Indirect Products” and “Indirect Customers,” respectively, as they apply to this Indirect Listings Rider.

Attachment D

Data Protection Addendum

1) General.

a) Agreement. This Data Protection Addendum (the “DPA”) forms part of the Agreement and incorporates the mandatory terms in the DPA and the Applicable Standard Contractual Clauses (as defined below) to the extent applicable.

b) End Controller. Where Google is not the Google Controller, Google will ensure the Google Controller complies with the representations, warranties, and obligations under the DPA applicable to Google.

c) Order of Precedence. To the extent the DPA conflicts with the Agreement, the DPA will govern.

d) Interpretation. The Agreement’s defined terms apply unless the DPA expressly states otherwise. Capitalized terms used but not defined will have the meanings given to them in the Agreement.

2) Defined Terms. In this DPA:

a) “Alternative Transfer Solution” means a mechanism other than the Applicable Standard Contract Clauses that enables the lawful transfer of Personal Information from the EEA, UK, or Switzerland to a third country in accordance with Applicable Data Protection Law, including as applicable, the Swiss-U.S. or UK-U.S. Privacy Shield self-certification programs approved and operated by the U.S. Department of Commerce (the “Privacy Shield”).

b) “Applicable Data Protection Laws” means privacy, data security, and data protection laws, directives, and regulations in any jurisdiction applicable to the Personal Information Processed for the Services including the GDPR, CCPA, and LGPD.

c) “Applicable Standard Contractual Clauses” means the European Commission’s standard contractual clauses which are standard data protection terms for the transfer of personal data to controllers established in third countries that do not ensure an adequate level of data protection, as described in Article 46 of the EU GDPR including (i) the Controller-Controller SCCs, or (ii) the UK Controller-Controller SCCs, each as defined in this DPA.

d) “Applicable Standards” mean government standards, industry standards, codes of practice, guidance from Regulators, and best practices applicable to the parties’ Processing of Personal Information for the Services, including Alternative Transfer Solutions and the Payment Card Industry Data Security Standards (“PCI DSS”).

e) “CCPA” means, as applicable: (i) the California Consumer Privacy Act of 2018, California Civil Code 1798.100 et seq. (2018); (ii) the California Privacy Rights Act of 2020, and (iii) Applicable Data Protection Laws modeled on either of the foregoing.

f) “Controller-Controller SCCs” means the terms at https://business.safety.google/gdprcontrollerterms/sccs/eu-c2c/.

g) “Data Controller” means the legal entity or party to the Agreement that determines the purposes and means of Processing Personal Information. Data Controller also means “controller” as defined by Applicable Data Protection Laws.

h) “GDPR” means (i) the European Union General Data Protection Regulation (EU) 2016/679 (the “General Data Protection Regulation”) on data protection and privacy for all individuals within the European Union (“EU”) and the European Economic Area (“EEA”); (ii) the General Data Protection Regulation as incorporated into United Kingdom (“UK”) law by the Data Protection Act 2018 and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (“UK GDPR”); and (iii) the Federal Data Protection Act of 19 June 1992 (Switzerland) (each as amended, superseded, or replaced).

i) “Google Controller” means the Google Entity that Processes Personal Information as a Data Controller as specified in Google’s applicable privacy policy at https://policies.google.com/privacy, or as otherwise notified to You.

j) “Google Entity” means Google LLC (formerly known as Google Inc.), Google Ireland Limited, or another affiliate of Google LLC.

k) “includes” or “including” means “including but not limited to”.

l) “individual” or “individuals” mean natural persons who can be readily identified, directly or indirectly, or data subjects as defined by Applicable Data Protection Laws.

m) “LGPD” means Brazilian Law no. 13,709 for the protection of personal data.

n) “Personal Information” means (i) any information about an individual; or (ii) information that is not specifically about an individual but, when combined with other information, may identify an individual. Personal Information includes names, email addresses, postal addresses, telephone numbers, government identification numbers, financial account numbers, payment card information, credit report information, biometric information, online identifiers (including IP addresses and cookie identifiers), network and hardware identifiers, and geolocation information, and any information that constitutes “personal data” or “personal information” within the meaning of Applicable Data Protection Laws.

o) “Process” or “Processing” means to access, handle, create, collect, acquire, receive, record, combine, consult, use, process, alter, store, retain, maintain, retrieve, disclose, or dispose of. Process also includes “processing” within the meaning of Applicable Data Protection Laws.

p) “reasonable” means reasonable and appropriate to (i) the size, scope, and complexity of Your business; (ii) the nature of Personal Information being Processed; and (iii) the need for privacy, confidentiality, and security of Personal Information.

q) “Regulator” or “Regulatory” means an entity with supervisory or regulatory authority over Google under Applicable Data Protection Laws.

r) “Secondary Use” means any Processing of Personal Information for purposes other than as necessary to fulfill Your obligations set forth in the Agreement, including: (i) Processing Personal Information for purposes other than specified in the Services; (ii) Processing Personal Information in combination with any Personal Information that You Process outside of the Services; or (iii) Processing Personal Information in a manner that would constitute a sale, targeted advertising, or cross-context behavioral advertising of Personal Information as defined by Applicable Data Protection Laws.

s) “Services” means any goods, services, operations, or activities for which You Process Personal Information under the Agreement.

t) “Third-Party Provider” means an agent or other entity that You authorize to act on Your behalf in connection with the Services. “Third Party Provider” includes “processor” within the meaning of the Applicable Standard Contractual Clauses.

u) “UK Controller-Controller SCCs” means the terms at https://business.safety.google/gdprcontrollerterms/scc/uk-c2c.

v) “You” or “Your” means the Vendor (including any personnel, contractor, or agent acting on behalf of that party).

3) Representations and Warranties. You represent and warrant to Google that You:

a) are an independent Data Controller with respect to the Personal Information and will not Process the Personal Information as a joint Data Controller with Google; and

b) will determine the purposes and means of Your Processing of Personal Information received from Google as described in the Agreement.

4) Data Protection Obligations. In fulfilling Your obligations under the Agreement, You will comply with Applicable Data Protection Laws, including to the extent applicable:

a) Processing Personal Information only where You maintain a lawful basis of Processing;

b) providing all required notices or obtaining all required consents from individuals before Processing the Personal Information;

c) providing individuals with rights in connection with Personal Information in a timely manner, including the ability of individuals to: (i) access or receive their Personal Information in an agreed upon format; and (ii) correct, amend, or delete Personal Information where it is inaccurate, or has been Processed in violation of Applicable Data Protection Laws;

d) responding to individual requests or a Regulator concerning Your Processing of Personal Information; and

e) maintaining appropriate age verification mechanisms in compliance with Applicable Standards and Applicable Data Protection Laws where You Process Personal Information related to individuals under the age of 18.

5) Additional Obligations.

a) Limitation on Secondary Use. As required by Applicable Data Protection Laws, You will (i) provide explicit notice to individuals in writing of the Secondary Use and maintain a mechanism enabling individuals to opt out of the Secondary Use at any time; (ii) obtain lawful consent from the individuals prior to Processing Personal Information for a Secondary Use; or (iii) not Process Personal Information for a Secondary Use.

b) Safeguards. You will have in place reasonable technical and organizational measures to protect Personal Information against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, or access. You will ensure that such measures provide a level of security reasonable to the risk represented by the processing and the nature of the data to be protected including:

i) maintaining reasonable controls to ensure that access to Personal Information will be limited to personnel or Third-Party Providers who have a legitimate need to Process Personal Information under the Agreement;

ii) promptly terminating personnel and Third-Party Provider access to Personal Information when such access is no longer required for performance under the Agreement;

iii) using reasonable and secure data transfer methods to transfer any Personal Information across any network other than an internal company network owned and managed by You;

iv) assuming responsibility for any unauthorized access to Personal Information under Your custody or control (or Third-Party Provider(s)’ custody or control);

v) providing reasonable ongoing privacy and information protection training and supervision for all personnel (including Third-Party Providers) who Process Personal Information; and

vi) maintaining a reasonable incident response program to respond to security incidents, publish a point of contact for security reports on Your website, and monitor security reports.

c) Security Incident Response; Statements. You will promptly inform Google if a security incident requires notice to end users. Except as required by law, You will not make (or permit any Third-Party Provider under Your control to make) any statement concerning the security incident that directly or indirectly references Google unless Google provides its written authorization.

d) Third-Party Providers. You will contractually require each ThirdParty Provider that Processes Personal Information to protect the privacy, confidentiality, and security of Personal Information using all reasonable measures as required by this DPA and Applicable Data Protection Laws. You will regularly assess Your ThirdParty Providers’ compliance with these contractual requirements.

e) Owned or Managed Systems. To the extent You access Google’s owned or managed networks, systems, or devices (including APIs, corporate email accounts, equipment, or facilities) to Process Google’s Personal Information, You will comply with Google’s written instructions.

f) Assessments of Compliance with this DPA. Within 15 days of Google’s written request to assess Your compliance with the DPA, You will, as relevant, provide certification, audit reports, or other reports regarding Your compliance with this DPA and Applicable Standards as defined by the International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), or Statement on Standards for Attestation Engagements (SSAE) and International Standard on Assurance Engagements (ISAE) as published by the American Institute of Certified Public Accountants (AICPA), Payment Card Industry Data Security Standards, and International Auditing and Assurance Standards Board (IAASB), respectively. Examples of acceptable reports include: (1) SOC 1 Type II (based on SSAE 16, 18 or ISAE 3402); (2) SOC 2 Type II (based on SSAE 16, 18 or ISAE 3402); (3) ISO/IEC 27001:2013 certification; and (4) PCI DSS certification.

6) Legal Process. If a court or other government authority legally compels You to disclose Personal Information, then to the extent permitted by law, You will promptly inform Google of the request and reasonably cooperate with its efforts to challenge the disclosure or seek an appropriate protective order.

7) Data Transfers. Each party may transfer Personal Information if it complies with applicable provisions on the transfer of Personal Information required by Applicable Data Protection Laws.

a) To the extent You or a Google Controller transfers Personal Information relating to individuals within the UK, EEA, or Switzerland to Google or You (as applicable) and the receiving party is not: (i) subject to the binding obligations of a valid Alternative Transfer Mechanism, or (ii) located in a jurisdiction that is subject to a valid adequacy decision (as determined by the Applicable Data Protection Laws regarding the individuals about whom the Personal Information is Processed), You and Google expressly agree to the Applicable Standard Contractual Clauses including the warranties and undertakings contained therein as the “data exporter” and “data importer” as applicable to the transfer contemplated by the parties.

b) To the extent Section 7(a) applies: (i) if Google or You transfer Personal Information relating to individuals within the EEA or Switzerland to the other party, You and Google (on its own behalf or on behalf of the Google Controller) agree to the Controller-Controller SCCs; and (ii) if Google or You transfer Personal Information relating to individuals within the UK to the other party, then You and Google (on its own behalf or on behalf of the Google Controller) agree to the UK Controller-Controller SCCs.

c) To the extent You or a Google Controller transfers Personal Information to Google or You (as applicable) in accordance with an Alternative Transfer Solution, the receiving party will: (i) provide at least the same level of protection for the Personal Information as is required by the Agreement and the applicable Alternative Transfer Solution; (ii) promptly notify the disclosing party in writing if the receiving party determines that it can no longer provide at least the same level of protection for the Personal Information as is required by the Agreement and applicable Alternative Transfer Solution; and (iii) upon making such a determination, cease Processing Personal Information until the receiving party is able to continue providing at least the same level of protection as required by the Agreement and the applicable Alternative Transfer Solution.

d) Google LLC has certified under the Privacy Shield on behalf of itself and certain wholly-owned US subsidiaries. Google’s certification and status are available at https://www.commerce.gov/page/eu-us-privacy-shield.

e) Where Google is not the Google Controller, Google will ensure that it is authorized by the Google Controller to (i) enter into the Applicable Standard Contractual Clauses on behalf of the Google Controller, and (ii) exercise all rights and obligations on behalf of the Google Controller, each as if it were the Data Controller.

8) Termination. In addition to the suspension and termination rights in the Agreement, Google may terminate the Agreement if it reasonably determines that (a) You have failed to cure material noncompliance with the DPA within a reasonable time; or (b) it needs to do so to comply with Applicable Data Protection Laws.

9) Survival. This DPA will survive expiration or termination of the Agreement as long as You continue to Process Personal Information.