• Sibill S.r.l. with registered office at Via Mattine 5, 84043 Agropoli (SA), (the "Company") is a company that has developed a software as - a - service called "Sibill" which it owns and through which companies can manage their cash flow;
  • the Company is entitled to grant rights to access and use the Services, as defined below;
  • The Customer, as defined below, wishes to access and use the Services in accordance with these general terms and conditions of use of Sibill's software as - a - service (the "Agreement") which, in accordance with the provisions of Article 6 below, he declares that he accepts in full having read them

In light of the foregoing premises, the Company and the Customer (also referred to individually as a "Party" and jointly as the "Parties"), to be deemed a material and integral part of this Agreement.



  1. Background

1.1. The premises, together with the annexes and Order Forms form an integral and substantial part of this Contract


  1. Definitions

2.1. Capitalized terms and expressions below have the meanings ascribed to each of them below, whether used in the singular or plural:


is the legal entity or natural person to whom, through adherence to this Agreement and its terms, acquires the right to access and use the Services

Effective Date

is the date on which Customer signed this Agreement - if Customer purchased only the Basic Services - or the date on which Customer made payment for the Additional Services

Client Data

are all information, including banking and commercial information, as well as Personal Data that the Customer owns and that the Customer enters, compiles, transmits, collects, stores and/or processes by means of the Services, in connection with the performance of the Contract

Intellectual Property Rights

are all rights, concerning software, inventions, patents, copyrights in the broad sense, databases, confidential information, designs, know-how, trade secrets, licensing rights or contractual rights in general, confidential and proprietary information protected by contract or ex lege, trademarks, whether registered or unregistered, distinctive signs, domain names, trade dress, logos and other intellectual and industrial property rights and privative rights arising by law or as a result of registrations, wherever they exist in the world and regardless of the time of their creation

Order Form

is a document defined as such in the header and issued for the purchase of the Ancillary Services that refers to the provisions of this Agreement and contains inter alia payment terms


are the basic services accessible through credential-protected links, described below: creation of a user and one or more companies. These definitions also include updates and enhancements as needed from time to time.

Additional Services

These are additional services to the basic ones described on the following web page: www.sibill.com/plans

  1. Item

3.1. The Company grants to the Customer, who accepts, upon acceptance of this Agreement and/or payment indicated in the Order Form - if Additional Services are purchased -, for the entire Term, a non-exclusive and non-transferable right to access and use the Services solely and exclusively for internal use. Therefore, Customer acknowledges and agrees that it will not use the Services for the purpose of their distribution and marketing.

3.2. It is understood that the right to access and use the Services remains the exclusive property of the Customer and this Agreement does not attribute nor shall it be interpreted in the sense of attributing - neither pursuant to Article 1411 of the Italian Civil Code nor any other regulatory provision - such rights to any subsidiary of the Customer, having reference to the definition of control set forth in Article 2359 of the Italian Civil Code.1.3.         

3.3. During the Term of this Agreement or concurrently with the signing of this Agreement, Customer may purchase Additional Services only by signing a specific Order Form containing the commercial terms and conditions relating to the new purchase. For anything not expressly provided for and regulated in the relevant Order Form, such Additional Services shall be governed by this Contract. Therefore, it is understood that in the event of a purchase of Additional Services, the term "Services" will also refer to the latter. However, this Agreement shall be deemed to take precedence over any additional documentation that may conflict with it.


  1. Use of Services

4.1. Following the conclusion of this Agreement, in accordance with the provisions of Article 6 below, the Services will be accessible and usable at the following link: app.sibill.com. In order to activate them, it will be necessary to complete a registration procedure for the same and obtain the assignment of an account and a password reserved (the "Access Data").

4.2. The Company agrees to make every reasonable effort to render the production environment for use of the Services at an availability level of98% (ninety-eight percent) during a calendar year.

4.3. Customer acknowledges and agrees that it is the sole and exclusive owner of the Access Data also with respect to its use and may disclose the same only and exclusively to employees authorized to access and use the Services by virtue of the duties assigned to them.

4.4. To this end, the Customer agrees to use reasonable efforts to prevent unauthorized access to or use of the Services, therefore, the Customer: (i)shall notify the Company immediately if it becomes aware of any unauthorized use of its Access Data. It is understood that, in such event, the Company may disable access to the Services, which will be rehabilitated at a later date upon Customer's request and upon resolution of the issue; it may not (ii)in any way assign and/or communicate its Access Data to unauthorized third parties. Such assignment and/or communication constitutes a breach of this Agreement as well as the Order Form; (iii) sublicense or sell the Access Data to theServices to unauthorized third parties; (iv) use the Services for unlawful purposes or to harm the rights of third parties; (v) damage the integrity and/or operation of the Services; (vi) subject to the provisions of Article 8 below as well as the mandatory rules of law on intellectual property, shall not (nor shall it allow third parties to do so) carry out operations consisting of copying, decompiling, decoding, deriving source code, creating a derivative work.

4.5. The Customer acknowledges and agrees that the Company shall not be liable for fraudulent use of the Access Data as well as the Services by third parties.

4.6. It is understood that all operations carried out by entering the Access Data, entail the attribution to the Customer of its conduct. TheCustomer acknowledges and agrees that the Company reserves the right to monitor the Customer's use of the Services.


  1. Security

5.1. The Company undertakes to implement technical measures that, in accordance with the norms and standards industry standards, protect the physical and digital security of the server and networks as well as the security, confidentiality and integrity of Customer Data in using the Services.

5.2. The Company will make every reasonable effort to report, where appropriate, any unauthorized access to Customer Data. To this end, theSociety shall set up an access control system for the Services so that only the Customer may access them.

5.3. For the purpose of ensuring the security as well as the confidentiality of Customer Data, connections are secure in that security protocols such as 256-bit AES for "at rest" data encryption and Transpot Layer Security (TLS) 1.2 for "in transit" data encryption are used. In particular, the Company implements technical and IT measures to prevent fraudulent use or misappropriation of Customer Data.

5.4. It is understood that the Company will not (I) copy documents or media, of any kind and nature, that may contain Customer Data - except those strictly necessary for the provision of the Services -; (II) disclose Customer Data except as required by applicable law; (III) access Customer Data except as necessary to resolve technical problems or to provide maintenance activities.


  1. Contract Formation

6.1. The Customer interested in signing this Contract and, therefore, in obtaining a license to use the Services, may do so by accessing the following link app.sibill.com where, by checking the appropriate boxes, he/she may accept as well as approve (a) these terms and conditions of the Contract; (b) the vexatious clauses referred to in Articles 1341 and 1342 of the Italian Civil Code; (c) the information on the processing of personal data (collectively the "Contract Documents").

6.2. Following acceptance and approval of the Contract Documents, Customer will receive at the e-mail address provided a confirmation of the activation of its account and, from that moment, the Services will be immediately accessible. It is understood that the Contract will be deemed to be concluded solely and exclusively on the Effective Date.

6.3. If the Customer is interested in taking advantage of Additional Services, he/she may purchase them by accessing his/her personal area following the procedures therein. The Customer, having made the choice as well as the purchase of the Additional Services, will receive an Order Form that will have the chosen Additional Services as its object. The same will be activated after payment of the relevant Order Form. The costs of the Additional Services will be charged on the 15th (fifteenth) day starting from the activation of the same, therefore, at the end of the Trial Period -as defined below-.

6.4. TheCustomer acknowledges and agrees that if within 15 (then) days of the request from the acceptance and approval of the Contract Documents as well as the Order Form it does not make the relevant payment, the Company may cancel the order and the Customer may not make any claim against the Company to the extent provided by the applicable regulations.

6.5. It is understood that the Services will be accessible free of charge for one calendar month commencing from the signing of this Agreement (the "Trial Period"). At the end of theTrial Period, should Customer not be interested in using the purchased Additional Services, Customer will not be charged.


  1. Obligations of the Client

7.1. In accessing and using the Services the Customer shall:

- To provide, when registering for the Services, complete, true, and current information;

- indicate, when using the Services, complete and accurate data, taking care to update them where necessary. It is understood that the Customer is solely responsible for the correctness of the data indicated and that, should false, inaccurate or out-of-date data be entered, the Company reserves the right to suspend, for as long as necessary, theaccount Customer's account preventing him from using the Services;

- to use the Services for lawful purposes in accordance with the provisions of both this Agreement and, subject to Articles 4.3 and8, with the provisions of applicable law including intellectual property and banking law;

- to use equipment, including computer equipment, suitable and necessary to use iServices. It is understood that the Customer will be solely responsible for the use of the aforementioned equipment;

- not to download viruses or files that may cause damage to the use of the Services. To this end, the Customer represents and agrees to hold the Company harmless for any costs, charges, damages or compensation that the same may suffer as a result.

7.2. The Customer declares that by purchasing the Services he/she has title to the use and/or legal availability of the data that he/she enters and that he/she does not infringe on the rights and/or interests of third parties by assuming responsibility regarding the ownership, use as well as the management of the aforementioned data, relieving the Company, as of now, from any liability that may be contested to it in relation to the same.

7.3. Should the Customer violate any of the above obligations, the Company reserves the right to intervene in such form and manner as it deems most appropriate to eliminate the actual or alleged violations including by suspending theServices or terminating, without prior notice, the Contract, retaining the sums paid by the Customer as a penalty, without prejudice to compensation for any greater damages.


  1. Intellectual Property

8.1. The Sibill Services are protected by intellectual property laws, including copyright, as well as by the civil and criminal laws applicable therein.

8.2. The Customer acknowledges and agrees that the Company is the owner of all IntellectualProperty Rights inherent in the Services (and, therefore, in Sibill's software-as-a-service) which, therefore, shall remain in the exclusive ownership of the Company and/or its licensors as the circumstances may require.

8.3. Notwithstanding the provisions of Article 3.1 above, nothing in this Agreement shall be construed as conferring and/or assigning to the Customer any other Intellectual Property Rights owned by the Company and/or its assigns, therefore, the Customer shall not claim any Intellectual Property Rights, including copyright, in the Services or any parts or components thereof.

8.4. In addition to the provisions of Article 4.3 above, the Customer acknowledges and agrees that it shall refrain from taking any actions that are detrimental to the Intellectual Property Rights owned by theCompany.

8.5. All rights not expressly granted to the Customer under this Agreement are reserved to the Company.

8.6 TheCustomer acknowledges and agrees that all signs and/or logos containing the term "Sibill" are trademarks, registered or unregistered, owned by the Company and, therefore, shall not be entitled to claim any rights to the same under thisContract.

8.7. Any material forming the subject matter of Intellectual Property Rights made available to the Customer through the provision of the Services shall be used in compliance with such rights. To this end, the Customer assumes all liability with respect to the use of any IntellectualPropertyRights owned by the Company and/or third parties that does not comply with thisContract, indemnifying the Company from any prejudicial consequences, costs, damages and/or burdens it may suffer as a result of a violation of the aforementioned provisions by the Customer.

8.8. It is understood that all Intellectual Property Rights in or relating to the Customer Data shall remain in the exclusive ownership of the Customer, therefore, nothing in this Agreement shall be construed as conferring and/or assigning to the Company any other Intellectual Property Rights owned by the Customer and/or its assigns, as the case may be, not expressly granted by the Customer to the Company.


  1. Guarantees

9.1. To the fullest extent permitted by law, the Company does not guarantee that theServices will be 100% available and/or that they will be free from defects, malfunctions and/or errors and/or that they will be provided without interruption. Notwithstanding the foregoing, should such circumstances arise, theSociety warrants that it will provide, free of charge, maintenance activities to restore the use of the Services provided that the Customer notifies the Company as soon as it becomes aware of them.

9.2. TheCompany warrants that at the time of the Effective Date, the Services provided will comply with the provisions of Italian law applicable at that historical time.

9.3. TheSociety does not guarantee that the Services will meet the actual demands and needs of the Client. Therefore, the Client shall be considered solely responsible for ensuring that the same are in accordance with the purposes it intends to pursue by waiving, as of now, any action and/or remedy against the Company.

9.4. TheCustomer warrants that (a) the Customer Data is true, complete and up-to-date; (b) the person who will sign this Agreement is authorized and legitimized to do so; (c) he/she is legitimized to use the Customer Data and that such use does not violate third party rights; (d) if he/she uses Personal Data, as defined under the Privacy Policy, such use is in compliance with the same.To this end, the Company, to the extent provided in Article 1229 c.c, makes no warranty and disclaims any liability arising from the use of the Services as well as the accuracy and/or adequacy of the Customer Data entered to take advantage of the Services.



  1. Limitation of liability

10.1. To the fullest extent permitted by applicable law, except in cases of willful misconduct or gross negligence, the Customer acknowledges and agrees that the Company shall not be held liable for any direct, indirect and/or consequential, pecuniary, non-pecuniary damages arising, by way of example, from: (i)failure, inexact and/or incorrect and/or unlawful use of the Services; (ii)use of assets, including computer and/or technical assets, not compatible with the Services; (iii) tampering and/or interventions on the Services carried out by the Customer and not authorized by the Company; (iv) cases of force majeure or circumstances by virtue of which the Company is required to perform emergency interventions or related to the resolution of security problems attributable to third parties such as, purely by way of example, the failure of the Internet network; (v) failure or interruption of third-party applications that may be used or necessary to use the Services also caused, purely by way of example, by malfunctions, service interruptions and/or withdrawal from the market.

10.2. The Customer acknowledges and agrees that in the above cases the same shall not be awarded any compensation for damages suffered and, therefore, excludes, to the fullest extent permitted by applicable law, any liability, contractual or non-contractual, on the part of the Company.

10.3. The Parties acknowledge and agree that if it is determined that this Article 10 is void, invalid or ineffective, the Customer shall only be entitled to damages in an amount not exceeding the price paid for the purchase of the Services.


  1. Manleve

11.1. Without prejudice to the provisions of Articles 7 and 8 above.7, the Customer acknowledges and agrees that it shall indemnify and hold harmless the Company (as well as all its directors, employees, consultants), to the fullest extent possible, from all prejudicial consequences as well as from any damage, tangible and intangible, direct and/or indirect, that may be suffered by the Company and arising, for any reason whatsoever, directly or indirectly, from the incorrect and/or unlawful use of the Services, including, but not limited to, any request and/or dispute and/or claim and/or demand that may arise from:

  1. (a) any criminal offenses and otherwise infringement of Intellectual Property Rights arising out of the use of theServices or otherwise the performance thereof;
  2. (b) any violation of RegulationPrivacy for noncompliance with it;
  3. (c) any use of the Services that is unlawful or otherwise not in compliance with either this Agreement or applicable law.


12. Duration

12.1. The Parties agree that this Contract shall be effective as of theEffective Date indefinitely unless terminated earlier pursuant to Article 16 below.

12.2. If, on the other hand, Additional Services have been purchased, the Contract shall have a term equal to the term set forth in the Order Form to be issued at the time of purchase of the same. 


  1. Confidentiality

13.1. During the Term of this Agreement, the Parties shall exchange confidential information with each other, which they agree not to disclose to third parties without the express prior consent of the other Party.

13.2 For the purposes of this Agreement, Confidential Information shall mean (i) the terms and conditions of this Agreement; (ii) the Services owned by theCompany; (iii) technical and commercial information regarding the Services as well as the Company; (iv) Customer Data as well as Customer's technical and commercial information; and (v) any additional documentation that is designated as confidential on documents, in any format shared between theParties as well as any oral communication that has taken place between the Parties and is identified as such (the "Confidential Information").

13.3. TheParties represent and agree to maintain the strictest confidentiality of any news or information concerning each of them and of which they become aware during the Term of this Contract. In particular, theParties acknowledge that any Confidential Information of which they may become aware in the performance of this Contract has intrinsic economic value and is of paramount importance to each of them. Each Party also agrees, without limitation, not to disclose or divulge any type of information or news pertaining to the organization and/or its customers, products, and services, as well as the operational and promotional techniques used by the other Party, and of which it has become aware in the performance of this Contract.

13.4. The Parties acknowledge that they will take all possible measures and precautions to keep secret all Confidential Information received in the performance of this Agreement, protecting it with the same degree of care that eachParty uses in protecting its own Confidential Information.

13.5. It is understood that the foregoing obligations shall not apply if the Confidential Information (i) must be disclosed because it is required by a court or governmental or administrative authority; (ii) is necessary for the fulfillment of obligations under applicable laws or regulations; (iii)is necessary to ensure the full exercise of the right of defense in proceedings before authorities sub(i); (iv)have become public knowledge due to causes not attributable to unauthorized disclosure or any other breach by the Receiving Party in violation of this Agreement.


  1. Protection of personal data

14.1 The Parties acknowledge that, during the Term of the Contract, personal data of natural persons will be processed. Personal data means, pursuant to Article 4 of the European Data Protection Regulation no. 679/2016 ("GDPR"), any type of information relating to an identified or identifiable natural person; an identifiable person is any natural person who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity ("Personal Data"). Therefore, in view of the foregoing, the Parties undertake to comply with the provisions of the current legislation on the protection of Personal Data within the scope of which includes the GDPR as well as the national legislation transposing the GDPR such as Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018, the regulatory and secondary legislation in force in the European Union, as subsequently amended or supplemented, including any guidance and measures issued by the Data Protection Authority as well as the Committee of European Data Protection - European Data Protection Board ("Privacy Legislation").

14.2. Specifically, in the performance of the Contract and, therefore, in the use of the Services by the Customer, the Company may process Personal Data owned by the Customer. Therefore, the Company acknowledges and agrees that it will process suchPersonal Data on behalf of the Customer in performance of its contractual obligations under this Contract. To this end, the Parties sign the deed of appointment of the Company as external processor of Personal Data, reproduced herein as Annex 1, in accordance with the provisions of Article 28 GDPR.


  1. Major Force

15.1. The Parties shall not be held liable for delays or failures in the performance of the Contract if the same have occurred due to force majeure events or fortuitous events.

15.2. The Parties agree that, for the purposes of this Contract, force majeure shall include, but not be limited to: malfunctions of telephone operators, W-Fi networks as well as any other malfunctions caused by instruments owned by third parties; failures of energy systems.

15.3 Should force majeure events occur, this Contract shall be deemed suspended unless otherwise agreed by the Parties. It is understood that this Article shall not be enforceable with respect to payment obligations assumed under this Contract.

15.4 If the impediment is permanent, the Parties may terminate the Contract in accordance with Article 16 below.


  1. Termination of Contract

16.1. The Company, with immediate effect pursuant to and for the purposes of Article 1456 of the Civil Code,may terminate this Contract by sending a registered letter with return receipt and/orPEC in the event that the Customer fails to fulfill its obligations and/or violates the prohibitions set forth in Articles 4.3; 7; 8; 9.5; 13.

16.2 In addition to the provisions of Article 16.1 above, each Party shall have the right to terminate this Agreement at any time by giving the other Party at least 14 (fourteen) days' prior written notice to the other Party.

16.3 Upon termination or cessation, for any reason, of thisContract: (i) all rights of Customer to access and use the Services shall immediately cease; (ii) all Order Forms already issued shall immediately cease to be effective; and (iii) the Parties' obligations under this Contract shall cease to exist and be effective, except for Customer's payment obligations arising prior to the date of such termination and cessation. In addition, all provisions of the Agreement consistent with such termination and/or termination shall nevertheless remain in effect between the Parties, such as, without limitation, Articles 8, 13, 10 and 11.


  1. Assignment of Contract

17.1 Each Party also agrees not to assign, in any capacity, title to this Contract unless expressly authorized in writing by the other Party.


  1. Entire agreement

18.1. This Agreement, together with both the Order Forms issued pursuant thereto, which form an integral and substantial part thereof, and any other material and/or technical documentation, constitute the entire agreement existing between the Parties with respect to the same subject matter.

18.2 No amendment and/or addition shall be valid unless first approved in writing by the other Party.


  1. Communications

19.1 Any written communication that may be necessary between the Parties for the purpose of the execution of this Agreement shall be delivered to the other Party by: (i) e-mail; or (ii) PEC; or (iii) registered letter.


  1. Null and void clauses

20.1 In the event that one or more clauses of this Contract are declared null and void or contrary to law, they shall be deemed as not affixed and shall not affect the validity of the Contract, without prejudice to each Party's right to request its amendment in the event that the elimination of the clause would affect the rights of the applicant.


  1. Applicable law and jurisdiction

21.1. This Contract shall be governed by Italian law. The Court of Milan shall have jurisdiction over any dispute arising out of its interpretation, performance or termination.

Pursuant to and in accordance with Articles 1341 and 1342 of the Civil Code, the Parties specifically approve and sign the following articles: 4 (Use of the Services), 7(Obligations of the Customer), 8 (Intellectual Property), 9 (Warranties), 10(Limitation of Liability), 11 (Hold Harmless), 12 (Duration), 13 (Confidentiality), 17 (Assignment of Contract), 21 (Applicable Law and Jurisdiction).

Document updated as of February 23, 2022.



  1. Item

By signing the DPA, the Client, as the data controller, appoints the Company, which it accepts, to be responsible for the processing of Personal Data pertaining to the Data Subjects, as defined in the Privacy Policy.

1.2. The Parties, in the course of the processing ofPersonal Data, each undertake to comply with the Privacy Regulations, in relation to the determination of the purposes and methods of processing ofPersonal Data entrusted by the Client to the Company or Personal Data that are accessed, stored or otherwise processed by the Company under the Contract.

1.3. The tasks assigned to the Company in connection with the processing of Personal Data related to the Contract are only those made necessary to take advantage of theServices by the Customer.

  1. Categories of Personal Data and categories ofInterests.

2.1. Personal Data that will be processed by theCompany pursuant to the DPA will fall under the category of identification, contact and banking data and may consist of either the first and last names of the Interested Parties, or any additional contact data that may result from the cash flows associated with the use of the Services or that may be entered by the Customer in the execution of the Contract, such as, without limitation, the residence or home addresses or e-mail addresses, or computer account credentials, bank details of the Interested Parties.

2.2. The Company will process the Personal Data of the following Data Subjects: employees or self-employed collaborators of the Customer and third natural persons, such as customers and suppliers of theCustomer.

  1. Definitions

2.1. Capitalized terms and expressions below have the meanings ascribed to each of them below, whether used in the singular or plural:

  1. Nature, purpose and manner of processing of Personal Data

3.1. The nature and purpose of the processing of Personal Data by the Company are strictly related to the performance of the Services by the Company, i.e., in particular, but without limiting the generality of the foregoing, the analysis and sharing of both bank and accounting balances and transactions in real time, the management and forecasting of cash flows, the reconciliation of bank accounting movements, the integration of invoices and the automation of cash forecasts, the management of payments and the acceleration of the collection of what has been paid to the Client by the relevant customers.

3.2. The processing of Personal Data by the Company will take place through modalities cloud.

  1. Obligations of the Client

4.1. If in the context of the processing operations of Personal Data it becomes necessary to transmit instructions or communications in any way inherent to the purposes and methods of processing of Personal Data, the same shall be transmitted to the Company by e-mail. In this regard, where necessary, the Client may agree with theSociety on the technical and organizational measures to be implemented in the specific case.

  1. Obligations of the Society

5.1. The Company is obliged to process the DataPersonal Data only and exclusively for the purpose and within the limits of what is required for the performance of the Contract.

5.2. The Company undertakes to carry out any Personal Data processing operations in accordance with the principles and regulations set forth in the Privacy Regulations, as well as in accordance with theContract and the DPA.

5.3. Notwithstanding the foregoing, the Customer hereby authorizes the Company to record and disclose Personal Data to theCustomer where necessary to report any issues regarding theServices. In any case, the Company shall be obliged to immediately delete thePersonal Data in case of termination of the Contract, for whatever reason occurred.

5.4. The Company undertakes to faithfully execute the instructions given by the Customer in the processing of Personal Data, avoiding processing activities that do not comply with the aforementioned instructions or are aimed at pursuing purposes other than those related to the performance of the Contract, the Services and the DPA. Notwithstanding the foregoing, the Customer acknowledges and agrees that, in the absence of specific instructions on the manner of processing, the methods and choices implemented by the Company in relation to the processing of Personal Data shall be deemed to be correct and agreed between the Parties and may not be challenged by the Customer unless they violate the Privacy Regulations.

5.5. The Company will assist the Owner in ensuring compliance with obligations regarding the security of Personal DataPersonal Data, reporting of data breaches, data protection impact assessment, and prior consultations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the controller. By way of example, these obligations include the immediate and without delay reporting to the Controller of the data breach or potential data breach taking into account that under Article 33 of the GDPR, the same has 72 hours for notification.

  1. Sub-responsible

6.1. The Customer acknowledges and agrees that theCompany shall have the right to appoint sub-contractors, such as, but not limited to, providers of cloud storage, of hosting, database or data analysis providers, necessary for the performance of the Services and/or the storage of Personal Data in the course of the performance of such Services. The Customer also acknowledges and agrees that any sub-processors may in turn appoint their own processors, at their sole discretion, without the need for prior authorization to do so from the Customer.

  1. Security measures

7.1. The Company acknowledges and accepts that, pursuant to Article 32 GDPR, it is obliged to take appropriate technical and organizational measures to ensure a level of security of the processing of Personal Data appropriate to the relevant risk as well as to ensure the confidentiality of the DataPersonal Data in accordance with the provisions of the Privacy Regulations.

  1. Persons authorized to process Personal Data

8.1. In view of the obligations of secrecy and confidentiality related to the management of the contractual and economic relationship between the Client and the Interested Parties, as well as the relationship underlying theContract, the Company guarantees that, where made necessary under thePrivacy Regulations, it will designate, by a formal act in accordance with the same RegulationsPrivacy Regulations, persons in charge of the processing of Personal Data.

8.2. The Company therefore undertakes as of now to provide the aforesaid designated persons who may be involved in the performance of the Services with the appointment as the person in charge of the processing of Personal Data, as well as appropriate instructions for the proper performance of the same processing and any further instructions it may receive from the Client in this regard.

  1. Relations with authorities

9.1. The Company, at the request of the Customer, undertakes to provide the necessary support, cooperating with the same, in case of proceedings before the supervisory authority, such as the aforementioned Personal Data Protection Authority, or the judicial authority, concerning the processing of Personal Data.

9.2. The Company also undertakes to promptly notify the Client, to the extent reasonably practicable and consistent with commitments related to its business activities or to other clients, of any complaints received, as well as inspections or requests from supervisory and judicial authorities in connection with the processing of Personal Data.

  1. Instances of Interested Parties

10.1. The Company undertakes to use its best efforts to assist the Customer with appropriate technical and organizational measures that can be implemented by its organizational structure, in the fulfillment of the obligations incumbent on the same Customer, consisting in following up any petitions of the Interested Parties exercised pursuant to Articles 15 to 21 of theGDPR, offering all the technical and human resources at its disposal and that it can effectively and reasonably employ, the information and activities necessary to fulfill said exercise of rights, in accordance with the instructions documented by the Customer.

10.2. In the event that the Company receives instances from Data Subjects to exercise their rights under the GDPR in relation to the processing of Personal Data, it shall immediately notify theCustomer in writing, attaching a copy of the request. In this regard, the Company also undertakes to respond to such instances only following written authorization to that effect from the Customer, also granted by e-mail.

  1. Audits and inspections

11.1. The Client acknowledges and accepts that the relationship underlying the Contract will involve the processing of a small amount of Personal Data, consisting mostly of the identification and contact data of the Interested Parties, and that it will have as its sole purpose the best execution of theContract in the interests of the Client. Therefore, the Client acknowledges and agrees that no right of inspection and control with respect to the Personal Data processing operations carried out by theCompany arises from the DPA, unless expressly authorized in writing by the Company itself. Should such authorization actually be granted, the Parties agree that the controls and inspections may be carried out through audit activities by the Client at the Company's premises and will focus on the Company's fulfillment of its obligations arising from the DPA and the compliance of the processing of Personal Data with the Privacy Regulations.

11.2. Following the issuance of the authorization to perform the control and inspection activities referred to in this Article 11at the Company's premises, the Customer undertakes to agree in writing with the Company on the date and time when they will actually take place, taking into account the respective needs of the Parties. 11.3 The Customer acknowledges and accepts that, where the control and inspection activities referred to in this Article 11will actually take place, the costs related to the same shall be borne exclusively by the Customer.

  1. Responsibility

12.1. The Customer acknowledges and accepts that, in cases where co-responsibility is established between the Company and the Customer in relation to violations of the DPA or the Privacy Regulations by a final judgment, if the Customer is the recipient of compensatory and/or sanctioning measures by the competent authorities, the Customer shall be obliged to pay in full the amounts covered by such measures.

  1. Duration

13.1. The DPA shall become effective on the date of the last signature by either Party and shall remain in effect until the Contract ceases to be effective for any reason whatsoever.

  1. Return and deletion of personal data

14.1 The Company, upon the termination of the effectiveness of the Contract and, therefore, of the DPA, except in the event that there is an obligation of national and/or community law or regulation, including, without limiting the generality of the foregoing, the obligations arising from thePrivacy Regulations, which provides for the preservation of Personal Data, shall discontinue any processing operation of the same. The processing does not involve the storage of Personal Data which, therefore, upon termination of the effectiveness of the Contract and, therefore, of the DPA, will not be retained by theCompany. WHEREAS, the Client acknowledges and agrees that the Company shall not be obliged to delete Personal Data until the termination of theContract and/or the DPA and/or the complete performance of the Services.

14.2. The Client agrees to notify theCompany of the technical methods and procedures used for the deletion/destruction of Personal Data in the event of a request to do so by the Company.

  1. Final Provisions

15.1. The Parties agree that the activity of processing of Personal Data by the Company on behalf of the Client is limited to what is required by the Contract and that, as long as it remains so, its performance shall not entitle the Company to any specific compensation or indemnity or reimbursement for the activity performed. Should the processing of Personal Data performed by the Company extend beyond what is set forth in the DPA and required by the Contract, the Parties shall be entitled to agree on specific compensation or reimbursement of expenses related to the additional activities to be performed.

15.2 Any amendment and supplement to the DPA shall be effective only if agreed in writing between the Parties and signed by an authorized person of each Party.

15.3 The law applicable to the DPA shall be Italian law and the court of jurisdiction for any and all disputes shall be that of Milan.