Terms of Service

1.1 These Terms of Service are an Agreement between Rise-X and the Customer.

1.2 This Agreement takes effect on the earlier of: Rise-X accepting an Order, the Customer using any Service, or the Customer accepting this Agreement ("Commencement Date").

1.3 If a person acquires a Service using an employer's email address, that person binds their employer to this Agreement and the "Customer" refers to that employer.

2.1 Rise-X may vary this Agreement with 30 days notice (except beneficial changes or changes required by law). If the Customer disagrees, they may terminate within 60 days and receive a refund for unused prepaid Services.

2.2 The current version is available on Rise-X's Website. Using Services after updates constitutes acceptance.

3.1 Rise-X grants the Customer a non-exclusive, non-transferable licence to use the Services for the Term.

3.2 The Services consist of the Rise-X Software (Ecosystem Orchestration Platform) provided as a service, an ecosystem operating platform for building, operating, and optimizing business ecosystems. Services include hosting of Rise-X Software and Customer data.

3.3 Data hosting includes reasonable use volumes. Rise-X will notify Customer of excessive data use and work toward solutions (Customer infrastructure, additional fees, or technical restrictions).

3.4 Rise-X will provide reasonable advance notice of Planned Maintenance and will use reasonable endeavours to conduct Planned Maintenance during advised maintenance windows.

5.1 This Agreement commences on the Commencement Date and remains in effect until the expiration of the last Service Term, unless terminated in accordance with this Agreement.

6.1 If the Customer wishes to acquire or vary any Services, the Customer must submit an Order to Rise-X.

6.2 An Order takes effect on Rise-X's acceptance. Each accepted Order forms part of this Agreement.

7.1 Rise-X will use reasonable care and skill in performing the Services to the standard generally accepted within the industry.

7.2 Due to the nature of software, Rise-X does not warrant that:

• Services will be uninterrupted or error free

• Services will be compatible with all applications or software

• Any particular outcome will be obtained from use of the Services

7.3 Rise-X will implement reasonable and appropriate security measures to protect Customer data against accidental or unlawful loss, access or disclosure.

7.4 Services are provided via a common platform. Features and functionality are as described in standard documentation made available to Customer.

7.5 Rise-X is not liable for failures attributable to: modifications by others, Customer misuse, unapproved integrations, use of outdated versions, or non-compliance with this Agreement.

7.6 If a problem is determined not to be Rise-X's responsibility, Rise-X may invoice Customer for investigation costs.

8.1 The Customer must:

• Comply with Rise-X's Policies

• Maintain security of Equipment, accounts, and passwords

• Ensure data backup and security

• Ensure users are trained and over 18 years old

• Comply with all applicable laws

8.2 The Customer must not:

• Use Services for unlawful purposes or inappropriate content

• Engage in fraud, bribery, corruption, human rights abuse, or violate Trade Controls

• Reverse engineer, resell, or modify the Services

• Interfere with service integrity or security

8.3 The Customer indemnifies Rise-X against third-party claims relating to Customer's use of Services.

9.1 Customer owns Customer Material and grants Rise-X a licence to use it solely for providing Services.

9.2 Rise-X owns all Rise-X Material.

9.3 The Customer indemnifies Rise-X against claims that Customer Material infringes third-party Intellectual Property rights.

10.1 Fees are payable in AUD unless otherwise specified, exclusive of taxes.

10.2 Payment due within 30 days. Late payment may result in service suspension.

10.3 Rise-X may vary Fees with 30 days notice.

10.4 Customer authorizes Rise-X to bill designated payment method. Payment processing fees may apply.

11.1 Customer must pay all Taxes including GST/VAT on Services.

11.2 Where GST applies, Customer must pay an additional amount equal to the GST.

11.3 If Customer is required by law to make Tax Deductions, Customer must pay an additional amount so Rise-X receives the full payment.

12.1 Each Party must keep the other's Confidential Information confidential and use it only for this Agreement's purposes.

12.2 Confidential Information may be disclosed only: to personnel on a need-to-know basis, with prior consent, if required by law, or if in the public domain.

12.3 Parties must destroy or return Confidential Information promptly upon request, subject to legal retention requirements.

12.4 Each Party may seek injunctive relief to prevent breach of confidentiality obligations.

13.1 Customer is responsible for obtaining privacy consents for Service Data.

13.2 Rise-X collects, uses and discloses data per Rise-X Policies and Privacy Policy.

13.3 Customer must ensure users are aware of Rise-X's Privacy Policy.

13A.1 Application

Applies to Customers subject to GDPR, UK GDPR, or EU/UK data protection laws.

13.2 Data Roles

• Account Data: Rise-X is Data Controller

• Service Data with personal data: Customer is Data Controller, Rise-X is Data Processor

13.3 Customer Obligations (as Controller)

Customer must:

• Have lawful basis under GDPR Article 6

• Obtain necessary consents and provide privacy notices

• Ensure data accuracy

• Only instruct lawful processing

• Implement appropriate security

• Respond to data subject rights requests

• Notify Rise-X of personal data breaches

• Conduct DPIAs where required

13.4 Rise-X Obligations (as Processor)

Rise-X will:

• Process only on Customer instructions

• Ensure personnel confidentiality

• Implement Article 32 GDPR security measures

• Notify Customer of breaches within 48 hours

• Assist with data subject rights requests

• Delete or return data after service ends (90-day retention for retrieval)

• Allow audits with reasonable notice

• Obtain authorization before engaging sub-processors

13.5 Sub-Processors

• Customer authorizes sub-processors with 30 days notice of changes

• Customer may object on data protection grounds

• Rise-X remains liable for sub-processor performance

• Current list available on request to connect@rise-x.io

13.6 International Transfers

• Rise-X operates in Australia and may transfer data outside EEA/UK

• Safeguards: Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms

• SCCs available on request

13.7 Data Subject Rights

Rise-X will assist Customer with requests for: access, rectification, erasure, restriction, portability, objection, and automated decision-making rights. Customer must respond within GDPR timeframes (typically 1 month).

13.8 Data Protection Impact Assessment and Prior Consultation

Rise-X will provide reasonable assistance for DPIAs and supervisory authority consultations where processing is likely to result in high risk.

13.9 Records of Processing Activities

Rise-X will maintain records per Article 30(2) GDPR and make available to supervisory authorities upon request.

13.10 Data Retention and Deletion

• Retention limited to service provision or legal requirements

• 30-day export period post-termination

• Deletion within 90 days unless legally required to retain

• Certification of deletion available on request

13.11 Security Breach Notification

Rise-X notifies Customer within 48 hours with sufficient detail for Customer's regulatory obligations.

13.12 Audits and Inspections

Customer may audit annually with 30 days notice (or more frequently after breaches). Alternatively, Customer may review Rise-X's third-party audit reports.

13.13 Supervisory Authority and Data Subject Complaints

UK: Information Commissioner's Office (ICO) - https://ico.org.uk

EU: See https://edpb.europa.eu/about-edpb/board/members_en

13.14 Data Processing Agreement

This clause constitutes the DPA per GDPR Article 28. Separate DPA with SCCs available on request to connect@rise-x.io.

13.15 Demonstrating Compliance

Rise-X will make available information necessary to demonstrate compliance, including documentation of security measures, personnel training, sub-processor records, transfer mechanisms, and third-party audit reports.

13.16 Liability for Data Processing

Each party's liability for data protection is subject to clause 14, except GDPR fines/penalties are not subject to the liability cap. Customer remains solely liable for its Controller obligations.

14.1 Liability is capped at Fees paid in the relevant 12-month period, except for:

• Customer's payment obligations

• Fraud

• Customer indemnities

• Death/personal injury from negligence

• GDPR fines/penalties

• Wilful misconduct or gross negligence

14.2 Neither Party is liable for indirect losses, lost profits, revenue, or business opportunities.

14.3 Customer is responsible for backing up data. Rise-X's data liability is limited to restoration from Rise-X backups where available.

14.4 Each Party acknowledges it does not rely on any representation except as expressly provided in this Agreement.

14.5 Nothing excludes liability that cannot be excluded under Australian Consumer Law or Data Protection Laws.

15.1 Notices must be in writing to email addresses in Orders or as notified.

15.2 Email notices are deemed to be received upon successful receipt.

15.3 For GDPR matters, contact: connect@rise-x.io

16.1 Rise-X may suspend Services to protect service integrity, after 5 days notice of material breach (24 hours if urgent), or if use becomes unlawful.

16.2 Rise-X will provide advance notice where possible.

17.1 Either Party may terminate if the other becomes insolvent or materially breaches and fails to remedy within 30 days.

17.2 Customer may terminate for convenience with 30 days notice but remains liable for the current Service Term.

17.3 On termination: Customer pays for Services rendered; Rise-X complies with data deletion obligations (clause 13.10).

18.1 The following clauses survive termination: clause 8, clause 11, clause 13 (for post-termination obligations), clause 14, and clause 17.3.

19.1 Parties must attempt good faith resolution. Senior executives meet within 7 days of formal dispute notice.

19.2 For EEA/UK Customers: may refer disputes to supervisory authorities and data subjects retain all GDPR rights.

• Subcontracting: Rise-X may use subcontractors (sub-processing per clause 13.5)

• Force Majeure: No liability for circumstances beyond reasonable control. Either Party may terminate if force majeure exceeds 6 months

• General Warranties: Each Party warrants it has authority to enter into this Agreement

• Assignment: Neither Party may assign without consent, except Rise-X may assign to Group members or successors

• Entire Agreement: This Agreement supersedes all prior agreements

• Waiver: No waiver of rights by delay or failure to exercise. Rights are cumulative

• Further Assurance: Each Party shall execute documents necessary to carry out this Agreement

• Severance: If any provision is unenforceable, it shall be severed without affecting remaining provisions

• Law and Jurisdiction:

  - Australian/other customers: Western Australian law and courts

  - EEA/UK customers: Western Australian law, but Customer may sue in home courts and mandatory consumer/data protection laws apply

• Language: Agreement is in English. English version prevails over translations

Affiliate: Person directly or indirectly Controlling, Controlled by, or under common Control with another person.

Commencement Date: When Agreement takes effect (clause 1.2)

Confidential Information: Agreement terms, technical, operational, billing, pricing, customer and commercial information

Customer Material: Customer's documents, software, data (excluding Rise-X Material)

Data Controller: Per GDPR Article 4(7)

Data Processor: Per GDPR Article 4(8)

Data Protection Laws: GDPR, UK GDPR, and EU/UK equivalent laws

Data Subject: Per GDPR Article 4(1)

Equipment: Hardware, software, servers, networking needed to access Services

Events: Each step within a workflow in Production Environment

Fees: Fees payable for Services per Orders or as notified

GDPR: EU Regulation 2016/679

Group: A Party and its Affiliates

Indirect Taxes: GST, VAT, sales tax, consumption tax, or similar taxes

Intellectual Property: All IP rights as defined by WIPO Convention

Order: Request for Services submitted to Rise-X

Parties: Rise-X and Customer

Personal Data: Per GDPR Article 4(1)

Personal Data Breach: Per GDPR Article 4(12)

Personnel: Officers, employees, agents, contractors and sub-contractors

Production Environment: Operating environment where Customer uses Services

Rise-X: Rise-X Digital Services Pty Ltd (ABN 45 640 133 615)

Rise-X Material: Rise-X's documents, software, data including Rise-X Software

Rise-X Policies: Policies published by Rise-X applicable to Services

Rise-X Software: Rise-X Ecosystem Orchestration Platform (EOP)

Rise-X Website: www.rise-x.io

Sanction: Sanctions, restrictions or designations under applicable laws

Services: Rise-X Software provided as a service

Service Term: Period specified in Order, auto-renews unless terminated with 30 days notice

Standard Contractual Clauses: EU Commission approved clauses for data transfers

Sub-processor: Processor engaged by Rise-X for Customer's personal data

Supervisory Authority: Per GDPR Article 4(21)

Taxes: All taxes except GST and taxes on net income

Term: Term of Agreement per clause 4.1

Trade Controls: Trade sanctions, embargoes, export/import controls imposed by Australia, US, UK, EU, UN

UK GDPR: GDPR as part of UK law per EU Withdrawal Act 2018

In this Agreement:

• References to Agreement include all Orders, schedules and annexures

• References to a Party include its Personnel

• References to law include statutes, regulations, Sanctions and Data Protection Laws

• References to applicable law include laws where Services are supplied or used

• GST terms have meanings per A New Tax System (Goods and Services Tax) Act 1999 (Cth)

• References to a Party include successors and assigns

• Singular includes plural and vice versa

• "Includes" and similar terms are not words of limitation