Aeii — EULA & Data Processing Addendum

01The License

The license grant. Aeii ApS (Aeii) hereby grants to the individual or organisation purchasing one or more licenses (Licensee) a non-exclusive, revocable, worldwide, non-assignable and non-sublicensable right to use the software including the documentation pertaining hereto (the Software) for its own internal business purposes, in accordance with Acceptable Use (as defined below) and subject to the terms and conditions set out in this end user license agreement (the EULA). The number of licenses obtained is to be agreed between Aeii and Licensee.

Priority. This EULA governs the Software and shall apply to and take precedent over any other terms agreed regarding use of the Software.

As is. The Software is a standard product. It is provided “as is” and it is the sole responsibility of Licensee to ensure that the functions in the Software fulfill the requirements and expectations of Licensee. Aeii is not liable for defects or errors and makes no warranty as to the Software’s functionality, quality, fitness or suitability for any purpose. If Licensee notifies Aeii of defects or errors, Aeii may (or may not) choose to remedy such defect or error at its own discretion.

Licensee must ensure backup. It is Licensee’s responsibility to back up data, configurations and settings in the Software.

Updates, upgrades and downtime. Aeii may from time-to-time update, upgrade, patch or repair the Software without notice, which may cause downtime. Aeii will use its best endeavors to notify Licensee in advance of such downtime.

02Acceptable Use

Acceptable Use. Licensee warrants that it will only use the Software for lawful and non-malicious purposes and that all use will comply with whichever professional sports associations rules apply to the given use situation, such as FIFA or UEFA.

03Payment

Payment as specified at purchase. The payment terms are agreed upon at the time of purchase of the licenses to the Software. Late or no payment constitutes material breach of the EULA.

Price adjustments. Aeii may adjust prices once annually by providing Licensee at least 60 days’ prior written notice. Fee increases shall not exceed 5% per year.

04Audit

Audit without notice. Aeii shall always and without prior notice be entitled to verify Licensee's compliance with the EULA. Such verification may take the form of electronic access to the Software and records therein. Licensee shall upon request provide Aeii with reasonable assistance in this regard.

Additional payment. Without prejudice to any other remedies that Aeii may have at its disposal, and, if Licensee is not properly licensed, Aeii shall be entitled to demand payment of an amount corresponding to the additional license fee for the period during which the Licensee has not held the necessary licenses.

Costs in connection with audit. Licensee is liable for audit costs incurred by Aeii if an audit shows Licensee’s non-compliance with the EULA.

05Intellectual Property Rights

Aeii reserves all rights. Aeii reserves all intellectual property rights in and to the Software, including copyrights and related rights such as sui-generis database rights, trademarks, patents, trade secrets, goodwill, etc. The rights granted to Licensee under clause 1.1 above does not allow Licensee to change the Software regardless of purpose, hereby explicitly deviating from section 36(1)(1) under the Danish Copyright Act pursuant to section 36(3). Licensee may, however, decompile the Software subject to the restrictions under section 37(1) and (2), provided Aeii is informed in advance.

Source code. The source code of the Software is considered confidential and a trade secret of Aeii.

Licensee retains ownership of data. All data processed in the Software provided by Licensee, that was not in or part of the Software upon purchase of the license, is the property of Licensee.

06Data Processing

As part of providing the Software, Aeii will process personal data on behalf of Licensee. This processing is governed by the Data Processing Addendum enclosed as Annex I.

07Third-party Intellectual Property Rights

Warranty. Aeii warrants that it has the right to license the Software, including any documentation, to Licensee, and that Aeii holds the necessary rights, titles and licenses to allow Licensee to perform all rights contemplated by this EULA, and that the Software does not violate any third party's rights valid and enforceable in Denmark. This warranty shall not apply to violations of third-party rights resulting from use of or modifications to the Software by Licensee in violation with this EULA, including Acceptable Use.

Sole remedy in case of violation of third-party IP. If Licensee is met with a claim from a third party that the Software violates that third party’s intellectual property rights in violation with the warranty above, Licensee’s sole remedy is to notify Aeii soonest possible who must then take over and defend the claim at Aeii’s cost. If Aeii cannot solve the claim or does not otherwise remedy such violation within reasonable time, i.e. never less than 40 Danish business days, Licensee may terminate this EULA for cause with immediate effect without liability.

08Limitation of Liability

General liability. The Parties are liable towards each other for damages in accordance with Danish law with the exceptions below.

Disclaimers. Aeii expressly disclaims any liability for (i) defects and errors in the Software or third-party products, (ii) incorrect or corrupt data (personal as well as non-personal data) processed through the Software, (iii) claims arising out of Licensee’s changes and/or modifications to the Software, (iv) lack of compatibility between the Software and third-party software, and (v) use of the Software in violation with Acceptable Use.

Indirect loss. A Party shall not be liable for the other Party’s indirect, incidental, consequential or economic loss arising out of or in connection with agreements between the Parties. This exclusion includes loss of profit, loss of revenue, loss of business opportunity, loss of goodwill, loss of data and loss due to data recovery (unless the first Party had a backup obligation for the data lost or sought recovered) and loss of function of other software, regardless of whether such loss was foreseeable at the time of signing or whether the first Party had or had not been notified to the affected Party beforehand.

Monetary liability cap. Aeii shall not be liable for damages exceeding an amount corresponding to the license fee paid by Licensee for the Software, excluding payments for third party services, products or software, during the previous 12 months prior to the events giving rise to the claim.

Exceptions carveout. The exceptions to liability above do not apply insofar as the loss is the result of gross negligence or wilful misconduct.

09Changes

Aeii may at any time change the terms of this EULA without prior individual notice by uploading them to Aeii’s website. In case of material changes, Aeii will use all reasonable efforts to notify Licensee in advance.

10Assignment

Aeii can assign. Aeii may at any time in full or in part assign its rights and obligations under this EULA to any third party.

Licensee cannot assign. Licensee may not assign neither its rights nor obligations under this EULA without Aeii’s prior, explicit and written permission.

11Reference

Aeii may include Licensee’s name and logo in Aeii’s lists of customers, on its website or other online presence such as social media or in any other documents in accordance with good marketing practices.

12Suspension and Termination

Suspension. Aeii may suspend Licensee’s access to the Software with immediate effect if reasonably necessary due to security risks, suspected unlawful use or use in violation with Acceptable Use or Customer’s material breach.

Automatic renewal and Licensee’s termination. This EULA is automatically renewed for a period corresponding to the latest agreed upon term unless Licensee terminates it before expiry of the current term. Termination takes effect at the end of the current term, and no refund is given for the remainder of the term.

Aeii’s termination for cause. If Licensee breaches the terms of this EULA, Aeii may terminate it with immediate effect, including the revocation of all licenses issued to Licensee provided said breach has not been remedied before 15 business days after Aeii’s written notice to Licensee.

No refund. Upon termination, regardless of cause, Licensee shall not be entitled to any refund of the license fee upon such termination.

13Governing Law and Dispute Resolution

Governing law. This Agreement shall be governed by and construed in accordance with Danish law, excluding the CISG and without regard to its conflict of laws principles.

Mediation. Any dispute arising out of or in connection with this Agreement shall first be attempted to be resolved amicably between the Parties. If the dispute cannot be resolved amicably after at least escalating it to the highest level of management, the Parties shall attempt to settle it by mediation in accordance with the Association of Danish IT Attorneys’ (DITA) Mediation Procedure (www.itadvokater.dk). The mediator shall be nominated by DITA. The mediation shall take place in Aalborg, and the mediation language shall be English. To initiate the mediation a Party must give notice in writing to the other Party. A copy of the request shall be sent to DITA. The mediation shall start no later than 8 days after DITA's receipt of the notice. No Party may commence arbitration proceedings in relation to any dispute arising out of this Agreement until it has attempted to settle the dispute by mediation and the mediation has terminated. As a minimum, a Party shall be obliged to attend the first meeting convened by the mediator. A Party may commence arbitration proceedings if any delay of such proceedings may result in the forfeiture of any right, e.g. due to time-barring.

Venue. If mediation above is unsuccessful, the dispute shall be settled by the ordinary Danish courts, with the Danish Maritime and Commercial High Court as first instance.

A.1The Data Processing Addendum and the Main Agreement

Main Agreement. The Parties have entered into the EULA concerning Aeii’s provisioning of the Software (the Main Agreement). In this connection, Aeii (henceforth the Data Processor) must process personal data on behalf of the Licensee (henceforth, the Data Controller). Therefore, the following data processing addendum (the Data Processing Addendum) has been concluded.

Interdependence. The Main Agreement and the Data Processing Addendum are interdependent. When the Main Agreement is terminated, the Data Processing Addendum terminates as well. The Data Processing Addendum may, however, be terminated separately or amended, provided that both Parties agree.

Priority. The Data Processing Addendum takes precedence over the Main Agreement so that terms of the Main Agreement in conflict of terms in the Data Processing Addendum give way for the terms of the Data Processing Addendum.

A.2The Data Controller’s Obligations

Legal processing. The Data Controller shall ensure that the processing of personal data under the Data Processing Addendum takes place in accordance with the Regulation 2016/679, the General Data Protection Regulation (GDPR), data protection provisions in other EU or national law which the Data Controller is subject to (collectively, Data Protection Law) and the Data Processing Addendum and must ensure that there is a processing basis for the processing that the Data Processor is instructed to carry out, in accordance with the instruction below.

A.3The Data Processor’s Obligations

Instruction

The Data Processor may only process personal data in accordance with the following instruction from the Data Controller unless this is required by Data Protection Law: The Data Processor processes identification and contact information and unstructured information about the athletes that Data Controller choose to process through the Software. This information may sometimes be sensitive information such as information relating to the health of the athlete or information of private nature such as personal financial details or a national identification number. The processing is necessary to deliver the full functionality of the Software. Data is stored until it is actively deleted by the Data Controller.

Unlawful instructions

The Data Processor shall immediately notify the Data Controller if, in his or her opinion, an instruction is in breach of Data Protection Law.

Change of instructions

If instructions change, the Data Controller is, to the extent that the Parties agree, obliged to make sure that the Data Processing Addendum is updated and to send an updated version signed by the Data Controller to the Data Processor for signature.

Confidentiality

The Data Processor may only grant access to personal data processed on behalf of the Data Controller to persons who are subject to the Data Processor's instructions, who have committed themselves to confidentiality or are subject to an appropriate statutory duty of confidentiality, and only to the extent necessary for carrying out the Data Controller’s instructions. The list of persons who have been granted access to personal data must be reviewed on an ongoing basis. Based on this review, access to personal data may be closed if access is no longer necessary, and the personal data must no longer be available to these persons. The Data Processor must, at the request of the Data Controller, be able to demonstrate that the persons in question, who are subject to the Data Processor's instructions, are subject to the above-mentioned duty of confidentiality.

Risk assessment

The Data Controller must assess the risks involved in the processing activities and implement security measures to address these risks. For this assessment, the Data Controller shall make the necessary information available to the Data Processor which enables him or her to identify and assess such risks.

Assistance with security

The Data Processor shall assist the Data Controller in complying with the Data Controller's obligation under Article 32 of the GDPR by, inter alia: to make the necessary information available to the Data Controller regarding the technical and organizational security measures already implemented by the Data Processor and all other information necessary for the Data Controller's compliance with its obligation under Article 32 of the GDPR.

A.4Sub-data Processors

General authorisation. The Data Processor authorises the Data Controller's use of the following sub-data processors for the processing under the Data Processing Addendum:

Sub-processor

Processing description

Microsoft Ireland Ltd. One Microsoft Place, South County Business Park, Carmanhall And Leopardstown, Dublin, D18 P521, Ireland

Chatbot infrastructure; AI services hosted in Sweden Central and App Service hosted in West Europe. Microsoft Ireland’s parent company, Microsoft Corporation, is self-certified under the EU-U.S. Data Privacy Framework, and Standard Contractual Clauses have been concluded between the Data Processor and Microsoft. Thus, transfers between MS Ireland and MS Corp., as applicable, ensure an adequate level of personal data protection.

Supabase Inc. 548 Market St, San Francisco, CA 94104, United States

Data hosting; primary database located in West EU (Ireland), region eu-west-1. Supabase Inc. is self-certified under the EU-U.S. Data Privacy Framework, and Standard Contractual Clauses have been concluded between the Data Processor and Supabase. Thus, transfers between the Data Processor and Supabase ensure an adequate level of personal data protection.

Stripe Payments Europe, Ltd. 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland

Payment processing for license fees and subscriptions. Stripe Payments Europe, Ltd. processes payment-related personal data (e.g. name, email, billing details) within the EU/EEA. Stripe Payments Europe, Ltd.’s parent company, Stripe LLC, is self-certified under the EU-U.S. Data Privacy Framework. Thus, transfers between Stripe Europe and Stripe LLC, as applicable, ensure an adequate level of personal data protection.

The Data Processor shall notify the Data Controller in writing of any planned changes regarding the addition or replacement of sub-data processors with at least 30 days’ notice. If the Data Controller does not object to such changes or replacements within 14 days of receipt of this notification, the Data Controller shall be deemed to have authorised them.

Requirements to the sub-processing agreement

The Data Processor shall impose on the sub-processor the same data protection obligations as those set out in this Data Processing Addendum.

Provisioning of sub-processor agreements

Sub-processor agreement(s) and any subsequent amendments thereto are sent in copy to the Data Controller at Data Controller’s request.

Liability for sub-processors

If the sub-processor does not fulfil its data protection obligations, the Data Processor remains fully liable to the Data Controller for the fulfilment of said obligations.

Transfer to third countries

Save for the transfers to sub-processors described above, the Data Processor does not transfer personal data to third countries.

A.5Assistance to the Data Controller

The Data Processor assists the Data Controller, taking into account the nature of the processing, by means of appropriate measures in fulfilment of the Data Controller's obligation to respond to requests for the exercise of the data subject's rights as set out in Chapter III of the GDPR. In addition, the Data Processor must, taking into account the nature of the processing and the information available to the Data Processor:

notify the Data Controller of any personal data breach as soon as possible and no later than 48 hours after becoming aware of the breach;
assist the Data Controller in notifying personal data breaches to the competent supervisory authority and provide to the Data Controller the information required pursuant to Article 33(1) of the GDPR;
assist the Data Controller in carrying out a data privacy impact assessment (DPIA) of the processing activities under the Data Processing Addendum; and
assist the Data Controller in consulting the competent supervisory authority before processing if the DPIA mentioned above shows that the processing involves a high risk for the rights and freedoms of the data subjects.

A.6Return and Deletion

Upon termination of the Data Processing Addendum, the Data Processor must:

return all personal data that has been processed on behalf of the Data Controller in connection with the processing activities mentioned in the instruction above;
delete the personal data, unless under mandatory Data Protection Law the Data Processor is obliged to store such data; and
at the request of the Data Controller — confirm to the Data Controller that the deletion has taken place and send documentation thereof.

A.7Documentation, Audit and Inspection

Documentation of compliance. At the request of the Data Controller, the Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with Data Protection Law and the Data Processing Addendum.

Audit and inspection. The Data Processor provides the Data Controller with the opportunity for and contributes to audits, including inspections, carried out by the Data Controller itself or an auditor authorised by the Data Controller.