a. Scope of license: This license granted to the Licensee for the Software by Licensor is a non-exclusive, revocable, fee-bearing, non-transferable and non-sub-licensable license to use the Software for a term on any device that the Licensee owns or controls. This license does not allow the Licensee to use the Software on any device that the Licensee does not own or control, and the Licensee may not distribute, share or make the link to the Software available over a network where it could be used by unintended parties without the consent of the Licensor. Any attempt to do so is a violation of the rights of the Licensor. If the Licensee breaches this restriction, the Licensee may be prosecuted for damages as prescribed by applicable law. Further, the license may be revoked or terminated prematurely without any refund for paid amounts. The terms of the license will govern any upgrades provided by Licensor that replace and/or supplement the original Software, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern. It is hereby clarified that nothing in this license or the License and Services Agreement shall be interpreted to mandate that the Licensor shall develop and release revisions, updates, customize any revisions or updates to the Software to satisfy the Licensee’s requirements or to be integrated into the Licensee’s particular software or technical environment. The license will be granted to a specific person, signing on behalf of the organization they are working for, and is not transferrable and should not be shared. The Licensee agrees that the information they provide is accurate and complete. The Licensee is aware that any changes, requiring your approval, may be subject to additional costs.

b. Services: The Software may enable access to Licensor’s and third-party services and websites (collectively and individually, "Third Party Services"). Use of the Third Party Services may require Internet access and that the Licensee accepts additional terms of service. The Licensee agrees to use the Third Party Services at their sole risk and that the Licensor shall not have any liability to the Licensee for content that may be found to be offensive, indecent, or objectionable. Subject to the terms hereof, the Licensor will provide the Licensee with reasonable technical support services in accordance with the terms set forth. For a paying Licensee technical support is extended via online medium and phone medium only. Direct on-site Licensee support is not applicable unless it has been agreed mutually between the Licensee or the organization.

c. Conditions. The Licensor’s obligations pursuant to the license are expressly conditioned upon the Licensee:

d. Prohibitions: Except as otherwise expressly provided in this license or the License and Services Agreement, the Licensee shall not and shall not permit others to:

The Licensee may not remove or export or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of any governing authority.

e. Warranty: The Licensor does not warrant that the Software or Services will be free of interruptions, errors, bugs, viruses or security problems (especially when the Licensor is doing maintenance work on the Software), or that the Software or the Services will meet the Licensee’s requirements. The Software and Services are provided “as is” and the Licensor specifically disclaims all warranties and indemnities, express, implied or statutory, including without limitation any warranty of merchantability, fitness for a particular purpose, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, non-infringement of third party rights and any warranty arising from the course of performance or course of dealing. The Licensee expressly acknowledges and agrees that use of the Software is at the Licensee’s sole risk and that the entire risk as to satisfactory quality, performance, accuracy and effort is with the Licensee. No oral or written information or advice given by Licensor, or its authorized representative shall create a warranty. Should the Software or Services prove defective, the Licensee shall assume the entire cost of all necessary servicing, repair or correction. Some jurisdictions do not allow the exclusion of implied warranties or limitations on applicable statutory rights of a consumer, so the above exclusion and limitations may not apply to the Licensee.

f. Limitation of Liability: Lean Station will not be liable for any damages resulting in the use of its features or services or from the use of data or information from the Software to the extent not prohibited by law, in no event shall application manufacturer, provider or distributor be liable for personal injury, or any incidental, special, indirect or consequential damages whatsoever, including, without limitation, damages for loss of profits, loss of data, business interruption or any other commercial damages or losses, or attorney’s fees arising out of, or related to, your use or inability to use the Software, however caused, regardless of the theory of liability (contract, tort or otherwise) and even if Licensor has been advised of the possibility of such damages. Some jurisdictions do not allow the limitation of liability for personal injury, or of incidental or consequential damages, so this limitation may not apply to the Licensee. In no event shall Licensor’s total liability to the Licensee for all damages exceed the amount of one dollar ($1.00). The foregoing limitations will apply even if the above stated remedy fails of its essential purpose.

The warranties specified in this license or the License and Services Agreement will not apply if the Software malfunctions due to extrinsic causes, including but not limited to:

Additionally, it is hereby agreed that the Licensor will not be liable for any delays and/or cost overruns with regard to the Project where the Software is deployed owing to any reason whatsoever.

g. Data Consent: The Licensee agrees that the Licensor may collect and use technical data and related information, including but not limited to technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, support and other services to the Licensee (if any) related to the Software. The Licensor may use this information, as long as it is in a form that does not personally identify the Licensee, to improve its Software or to provide services or technologies to the Licensee.

h.Termination: The license is effective until terminated by the Licensee or Services Provider. Your rights under this license will terminate automatically without notice from the Licensor if the Licensee fails to comply with any term(s) of this license. Upon termination of the license, the Licensee shall cease all use of the Software, and destroy all copies, full or partial, of the Software.

i. Governing Laws: The governing law specified in the License and Services Agreement will govern the license of the Software and Services. Your use of the Software may also be subject to other local, state, national, or international laws. Lean Station will manufacture and license the Software in compliance with the state, and local laws applicable to each Software. Licensee will comply with the state, and local laws applicable to the handling, transportation, storage and use of the Software.

j.Corruption & Anti-Bribery: Under no circumstances will Licensor or Licensee offer or make any payment or give anything of value to another person or entity where such payment or action would violate an applicable law or regulation, including, but not limited to, any applicable anti-bribery, anti-corruption, or anti-kickback law. As applicable, Licensor and Licensee shall comply with their obligations under the Prevention of Corruption Act, 1988 or other such equivalent enactment in the concerned jurisdictions where the Software is deployed and the Services and Training (as defined in the License and Services Agreement) are provided.

a. became available to the public other than as a result of any act or omission by it or any of its Affiliates, agents, employees or consultants;

b. is previously known or independently developed by the recipient without use or reliance on the other party’s Confidential Information, as evidenced by records;

c. was received from a third party who was not under a duty of non-disclosure; or

d. is requested or required to be disclosed under a subpoena, court order, statute, law or regulation in the applicable jurisdiction (a “Legal Requirement”). Licensor and Licensee will, to the extent not precluded by law, provide prompt notice of such Legal Requirement to other party so the other party may seek an appropriate injunction or protective order or other appropriate remedy or waive compliance with the provisions of this Terms of Use and/or the License and Services Agreement. If the other party is not successful in obtaining an injunction or protective order or other appropriate remedy and the party originally served is legally compelled to disclose such Confidential Information, or if the other party waives compliance with the provisions of this Agreement in writing, the party originally served may disclose, without liability hereunder, such Confidential Information in accordance with, but solely to the extent necessary to comply with the Legal Requirement.

a. to take reasonable precautions to protect such Proprietary Information, and

b. not to use (except in performance of the Services or as otherwise permitted herein) or

c. divulge to any third person any such Proprietary Information.

a. is or becomes generally available to the public, or

b. was in its possession or known by it prior to receipt from the Disclosing Party, or

c. was rightfully disclosed to it without restriction by a third party, or

d. was independently developed without use of any Proprietary Information of the Disclosing Party, or

e. is required to be disclosed by law.

a. the Services and Software, all improvements, enhancements or modifications thereto,

b. any software, applications, inventions or other technology developed in connection with Implementation Services or support, and

c. all intellectual property rights related to any of the foregoing.

a. use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Licensor offerings, and

b. disclose such data solely in aggregate or other de-identified form in connection with its business.

a. Information you provide to us: When you register to use the Services, communicate with our customer service team, send us an email, or post on our blog, you’re giving us personal information that we collect. That personal information may include your IP address, name, physical address, email address, phone number, credit card information, and other details like gender, occupation, and other demographic information. By giving us this information, you consent to your information being collected, used, disclosed, and stored by us, only as described in our Terms of Use and Privacy Policy.

b. List and email information: When you add a collaborator to the project or create an email with the Services, we have access to the data on your list and the information in your email.

c. Information from your use of the service: We may get information about how and when you use the Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application. Also, project data gathered from the use of services.

d. Cookies: When you register to use Lean PlanDo, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our Website, when you use the Services, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block our cookies, it may be more difficult (and maybe even impossible) to use the Services.

e. Construction related information: All data that are added to the websites are captured including the names of the activities, the type of activities, the duration, constraints, site photos, drawings, layouts, permits, images, videos etc. When the Licensee or any invited collaborator updates this information again real-time data is captured through information such as task progress or variance etc. These are all considered as personal data to the Licensee and all this data is captured and stored securely.

f. Information from other sources: We may get more information about you, like name, age, and participation in social media websites, by searching the internet or querying third parties (we’ll refer to that information as Supplemental Licensee Information). We only collect data that’s publicly available or provided by a third party according to its terms of use.

a. To promote use of our services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking whether you want to sign up. And if you use any of our Services, and we think you might benefit from using another Service we offer, we may send you an email telling you about it.

b. For R&D of our Software and Services. For example, our automated systems will analyze your data provided when you use our Software and Services to improve them, develop new, secure, maintain and provide stable operations consistently.

c. To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 7 below.

d. To send you system alert messages. For example, we may let you know about temporary or permanent changes to our Services, like planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.

e. To enforce compliance with our terms of use and applicable law. This may include developing tools and algorithms that help us prevent violations.

f. To provide customer support. This may include providing project level support from a representative from the company who can access your project data upon your approval.

g. To protect the rights and safety of our Licensees and third parties, as well as our own.

h. To meet legal requirements like complying with court orders and valid subpoenas.

i. To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.

j. To prosecute and defend a court, arbitration, or similar proceeding.

k. To support and improve the Services we offer.

l. To communicate with you about your account for informational, not promotional, reasons.

m. To transfer your information in the case of a sale, merger, consolidation, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Websites.

n. To send you informational and promotional content that you may choose (or "opt in") to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.

a. Blog: We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you’d like it to be removed, contact us at support@leanstation.com. If we’re not able to remove your information, we’ll let you know why.

b. Social media widgets: Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.

c. Links to third-party sites: Our Websites include links to other websites, whose privacy practices may be different from the Licensor’s. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Website you visit.

d. Service providers: If it is necessary to provide you a service you've requested, like send you a T-shirt or enable a feature like Social Profiles, then we may provide your personal information to a service provider. We will restrict any service provider's use of your personal information. We will tell you whenever reasonably possible and you may request at any time the name of our service providers.

“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.

“Authorized Affiliate” means any of Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.

“Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.

“Controller” means an entity that determines the purposes and means of the processing of Personal Data.

“Customer Data” means any data that Lean Station and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.

“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, PDPA or the EU Data Protection Law.

“EU Data Protection Law” means (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).

“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law

“Privacy Shield” means the EU-US and Swiss-US Privacy Shield Frameworks, as administered by the U.S. Department of Commerce.

“Privacy Shield Principles” means the Privacy Shield Framework Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision of 12 July 2016 pursuant to the Directive, details of which can be found at www.privacyshield.gov/eu-us-framework.

“Processor” means an entity that processes Personal Data on behalf of the Controller.

“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

“Services” means any product or service provided by Lean Station to Customer pursuant to and as more particularly described in the Agreement.

“Sub-processor” means any Processor engaged by Lean Station or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or any Lean Station Affiliate.

2.1 This DPA applies where and only to the extent that Lean Station processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of Singapore, the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.

2.2 Role of the Parties. As between Lean Station and Customer, Customer is the Controller of Personal Data and Lean Station shall process Personal Data only as a Processor on behalf of Customer. Nothing in the Agreement or this DPA shall prevent Lean Station from using or sharing any data that Lean Station would otherwise collect and process independently of Customer's use of the Services

2.3 Customer Obligations. Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to Lean Station; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Lean Station to process Personal Data and provide the Services pursuant to the Agreement and this DPA.

2.4 Lean Station Processing of Personal Data. As a Processor, Lean Station shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Agreement; (ii) processing to perform any steps necessary for the performance of the Agreement; and (iii) to comply with other reasonable instructions provided by Customer to the extent they are consistent with the terms of this Agreement and only in accordance with Customer’s documented lawful instructions. The parties agree that this DPA and the Agreement set out the Customer’s complete and final instructions to Lean Station in relation to the processing of Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Lean Station.

2.5 Nature of the Data. Lean Station handles Customer Data provided by Customer. Such Customer Data may contain special categories of data depending on how the Services are used by Customer. The Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to Customer; (ii) to provide customer and technical support to Customer; and (iii) disclosures as required by law or otherwise set forth in the Agreement.

2.6 Lean Station Data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Customer acknowledges that Lean Station shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered personal data under Data Protection Laws, Lean Station is the Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.

3.1 Authorized Sub-processors. Customer agrees that Lean Station may engage Sub-processors to process Personal Data on Customer's behalf. The Sub-processors currently engaged by Lean Station and authorized by Customer are listed in Annex A.

3.2 Sub-processor Obligations. Lean Station shall: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Lean Station to breach any of its obligations under this DPA.

3.3 Changes to Sub-processors. Lean Station shall provide Customer reasonable advance notice (for which email shall suffice) if it adds or removes Sub-processors.

3.4 Lean Station engages Cloudalio Technologies Pvt Ltd, India, to act and work as a sub-processor.

3.5 Objection to Sub-processors. Customer may object in writing to Lean Station’s appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying Lean Station promptly in writing within five (5) calendar days of receipt of Lean Station’s notice in accordance with Section 3.3. Such notice shall explain the reasonable grounds for the objection. In such event, the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by Lean Station without the use of the objected-to-new Sub-processor.

4.1 Security Measures. Lean Station shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with Lean Station's security standards.

4.2 Confidentiality of Processing. Lean Station shall ensure that any person who is authorized by Lean Station to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

4.3 Security Incident Response. Upon becoming aware of a Security Incident, Lean Station shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

4.4 Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that Lean Station may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.

5.1 Lean Station shall maintain records of its security standards. Upon Customer's written request, Lean Station shall provide (on a confidential basis) copies of relevant external ISMS certifications (if available), internal audit report summaries and/or other documentation reasonably required by Customer to verify Lean Station's compliance with this DPA (on a Confidential basis). Lean Station shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Lean Station's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.

Available upon request (confidential information)

7.1 Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent Lean Station is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data Lean Station shall securely isolate and protect from any further processing, except to the extent required by applicable law.

8.1 To the extent that Customer is unable to independently access the relevant Personal Data within the Services, Lean Station shall (at Customer's expense) taking into account the nature of the processing, provide reasonable cooperation to assist Customer by appropriate technical and organizational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. In the event that any such request is made directly to Lean Station, Lean Station shall not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Lean Station is required to respond to such a request, Lean Station shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

8.2 To the extent Lean Station is required under Data Protection Law, Lean Station shall (at Customer's expense) provide reasonably requested information regarding Lean Station's processing of Personal Data under the Agreement to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.

9.1 Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.

9.2 This DPA is a part of and incorporated into the Agreement so references to "Agreement" in the Agreement shall include this DPA.

9.3 In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.

9.4 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.