Annex 1 - General Terms and Conditions

MASTER Page no

AGREEMENT1 (30)

Annex 1 - General Terms and Conditions

Master Agreement No.

Table of Contents

1.Definitions

2.Supplier's Obligations

3.Buyer's Obligations

4.Result Services

5.Resource Services

6.Consultants

7.Software-as-a-Service

8.Continuous Services

9.Goods

10.Software

11.Ordering procedure

12.Delivery and Acceptance

13.Delays

14.Price

15.Invoicing and Payment Terms

16.Reporting and Governance

17.Use of Sub-Contractors

18.Intellectual Property Rights

19.IPR Indemnity

20.Liability

21.Insurance

22.Force Majeure

23.Confidentiality

24.Security

25.Personal Data Protection

26.Telia Company Supplier Code, Sustainability

27.Audit

28.Termination

29.Consequences of Termination

30.Notices

31.Transfer of Rights and Obligations

32.Changes

33.Rights and Remedies

34.Severability

35.Entire Agreement

36.Applicable Law

37.Disputes

38.Surviving Clauses

Annex 1 General Terms and Conditions (2017-09-01)

MASTER Page no

AGREEMENT1 (30)

Annex 1 - General Terms and Conditions

Master Agreement No.

Annex 1 General Terms and Conditions (2017-09-01)

MASTER Page no

AGREEMENT1 (30)

Annex 1 - General Terms and Conditions

Master Agreement No.

These General Terms and Conditions shall apply to the purchase and provision of Deliverables under the Master Agreement.

1.Definitions

The following terms shall have the meaning defined below. Additional terms may be defined in the context of particular provisions of the Agreement.

“Acceptance Certificate” shall mean the document signed by both Parties upon successful completion of Acceptance Test.

“Acceptance Test” shall mean the tests agreed in the Agreement, performed to verify if the Deliverables meet the requirements set forth in the Agreement.

”Actual Date of Delivery” shall mean the date when

(a)If the Deliverables are subject to an Acceptance Test: a successful Acceptance Test has been performed and an Acceptance Certificate has been signed by the Parties,

(b)If the Deliverables are subject to a Control Period:

1. if the Deliverables do not meet the requirements, the date when Supplier has remedied the faults and demonstrated compliance of the Deliverables,
2. the Control Period expires without Buyer having made justified complaint in respect of the Deliverables, or

(c)if (a) or (b) do not apply, for example for Resource Services, the date when Supplier starts providing the Service(s).

“Affiliate” shall mean a legal entity directly or indirectly controlling a Party, under the same direct or indirect ownership or control as a Party or directly or indirectly owned or controlled by a Party for so long as such ownership lasts. Ownership or control shall exist through direct or indirect ownership of more than fifty (50) percent of the nominal value of the issued equity share capital or of more than fifty (50) percent of the shares entitling the holders to vote for the election of directors or persons performing similar functions.

“Agreed Specification” shall mean all the requirementsfor a Deliverable specified in the Delivery Contract.

“Agreement” shall mean the Master Agreement (including the annexes thereto) as well as any Delivery Contracts (including any appendices thereto) concluded by the parties and any Purchase Order(s) concluded by the parties.

“Applicable Data Protection Laws” mean any applicable law relating to data protection and security, including without limitation EU Data Protection Directive (EU Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data), Directive on privacy in electronic communications (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector) and General Data Protection Regulation (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 94/46/RC) and any amendments, replacements or renewals thereof (collectively the “EU Legislation”), all binding national laws implementing the EU Legislation and other binding data protection or data security directives, laws, regulations and rulings valid at the given time.

“Bespoke Result” shall mean all results and Deliverables specifically developed for the Buyer as a result of the assignment under the Agreementother than Customized Software.

“Buyer’s Data” shall mean data or other information that Buyer, or a person acting on behalf of Buyer, makes available to Supplier, and the result of Supplier’s processing of such data.

“Consultant” shall mean Supplier’s own employees as well as Supplier’s sub-contractors or other consultants engaged by Supplier for the provision of the Result Services or Resource Services.

“Connection Point” shall mean the point or points where Buyer can access the Software-as-a-Service.

“Consignment Note” shall mean a specification to be prepared by Supplier and provided at the delivery of Goods.

“Customized Software” shall mean customer-specific software representing a new functionality or feature, including documentation which has been produced by Supplier as a result of the assignmentunder the Agreement.

“Continuous Service(s)” shall mean Services provided by Supplier to Buyer under the Agreementwith the exception of Result Services, Resource Services or Software-as-a-Service.Support, maintenance, mail and repair services constitute examples of Continuous Services.

“Contractual Date of Delivery” shall mean the date agreed between the Parties when, at the latest, the Deliverablesshall have been accepted or approved, as applicable, by Buyer. Contractual Date of Delivery shall be agreed by the Parties in the Agreement. If the Deliverablescomprise delivery of a Service other than Result Services, theContractual Date of Delivery shall be the date when Supplier starts providing the Service(s).

“Control Period” shall mean a period of time, starting at Supplier’s delivery of the Deliverable(s) to Buyer, reserved for Buyer to inspect the Deliverables provided and verify their compliance with what has been agreed.

“Cure Period” shall mean the period of time defined in the Agreement, starting from Supplier’s receipt of Buyer’s Notice of Non-compliance, within which Supplier shall remedy any non-compliance identified during a Control Period, in an Acceptance Test or during a Warranty Period, as the case may be.

“Delay” shall mean that Actual Date of Delivery occurs later than Contractual Date of Delivery.

“Deliverable(s)” shall meanallseparate deliverables specified in the Delivery Contract(s) including any Documentation.

“Delivery Contract” shall mean a specific agreement signed by both parties specifying the purchase of the Deliverables.

“Delivery Site” shall mean the delivery address ofthe Goods as specified by Buyer in a Delivery Contract or a Purchase Order.

“Documentation” shall mean documentation related to the assignment such as reports, pre-studies, design documents, drawings, descriptions, manuals etc.

“End User” shall mean Buyer’s customer and/or customer’s user, as applicable.

“Goods” shall mean tangible goods (that is not Software) ordered by Buyer from Supplier. Goods shall include any documentation for the goods.

“GTC” shall mean this Annex 1 to the Master Agreement – General Terms and Conditions.

“Intellectual Property Rights” or “IPR” shall mean any patent, registered design, copyright, design right, database right, topography right, trade mark, service mark, the right to apply to register any of the aforementioned rights, trade secret, right in un-patented know-how and any other intellectual or industrial property right.

“International Data Transfer” means transfer of Personal Data to recipients outside EU Member State or EEA Country (“third country”).

“Non-Customized Software” shall mean Supplier’s or third party standard software including documentation supplied by Supplier under this Agreement and specified as Non-Customized Software.

“Notice of Non-compliance”shall mean a written report issued by Buyer where a non-compliance with the Agreed Specificationhas been identified during an Acceptance Test, during a Control Period or during a Warranty Period.

“Open Source Software” shall mean a software program in which the source code is available to the general public for use and/or modification from its original design free of charge.

“Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be directly or indirectly identified by reference to an identifier such as a name, address, social security number, subscription number, IP address, location data, an online identifier, traffic data or message content or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Purchase Order(s)” shall mean a specific order placed by Buyer under a Delivery Contractto purchase Supplier’sDeliverables.

“Regulatory Requirements” means any laws, rules and regulations issued by any country, state, governmental body (e.g. the relevant Financial Services Authorities or Data Protection Authorities), including any acts issued by the European Union, as well as all applicable case law, recommendations and guidelines by said bodies on the above, as applicable in the case concerned, including but not limited to Applicable Data Protection Laws.

“Resource Services” shall mean services under which Supplier makes available designated individuals to perform assignments for Buyer under Buyer’s management control.

“Result Services” shall mean consulting or other services provided by Supplier to Buyer under this Agreement with the purpose to achieve a certain specified result for the benefit of Buyer. Result Services may include Deliverables such assoftware, implementation work, specifications, designs and reports.

“Security Requirements” meansall agreed applicable security requirements and security instructions and their updates applicable at each point in time depending the nature of the Deliverables to be provided by Supplier. Security Requirements include(i) the Security Directives and any other document to which reference is given under section “Security” of the Master Agreement, (ii) any additional security provisions stated in the specific Agreement and (iii) further security instructions as provided by Buyer from time to time.

“Services” shall mean all the Result Services, Resource Services, Software-as-a-Serviceor Continuous Service to be delivered by Supplier under the Agreement.

“Software” shall mean Customized Software and/or Non-Customized Software.

“Software-as-a-Service” shall mean software provided by Supplier to Buyer as a functionality where software and associated data are centrally hosted with the Supplier, instead of provided to Buyer under a software license.

“Supplier Background IPR” shall mean IPR related to and required for the use of the Deliverables and which either i) is owned by Supplier prior to the start of the term of therelevant Delivery Contract or ii) which is created during the term of the relevant Delivery Contract.

“Territory” is normally the country/countries or region where the Deliverables shall be used and shall be specified in each Delivery Contract.

"Traffic Data" shall mean data which is processed for the purpose of transferring an electronic message via an electronic communications network or in order to invoice such message such as, for example, time, extent, network used and technical data.

“Warranty Period” shall mean the period of time defined in the Agreement, starting from Actual Date of Delivery, within which Supplier shall remedy anon-compliance identified in the Deliverables and Buyer hasnotified Supplier in a Notice of Non-Compliance.

2.Supplier's Obligations

2.1.Supplier shallfulfil its obligations under the Agreement and is responsible for the Deliverables meeting the Agreed Specification(s). The Deliverables shall be purveyed with the level of expertise, training and skills called for by the assignment in question and following a good technical practice and business-like manner.

2.2.Supplier shall promptly inform Buyer if, in order to perform Supplier’s obligations under this Agreement or for Buyer to use the Deliverables, it is necessary to obtain permits, licenses or authorisations from authorities or others.

2.3.Supplier shall ensure that the defined scope of supply in quality and essence is sufficientin order for Supplier to meet the Agreed Specification and Buyer’s anticipated needs when providing the Deliverable(s). This means, inter alia, that Supplier shall use its best endeavours to request from Buyer all information that is relevant to enable Supplier to fulfil its undertakings as soon as the need for such information occurs. Upon Supplier’s request, Buyer shall promptly furnish Supplier with the information if it is readily available. If the information is not readily available, Buyer will advise Supplier on how to obtain it.

2.4.Supplier shall, upon Buyer’s request, work with other appointed suppliers of Buyer in order to provide the Deliverables under this Agreement. This means,inter alia,to interwork with external systems or networks which are out of Supplier’s scope of supply.

The interfaces between separate suppliers in their respective roles in providing for instance specifications, development, and maintenance, shall when applicable be regulated by a separate agreement between such suppliers.

2.5.If co-operation between Supplier and above mentioned suppliers causes conflicts or prevents or substantially hampers co-operation, the suppliers shall use best efforts to resolve the issues between themselves.

2.6.Supplier shall, at Supplier’s own cost,make back-up copies of

(a)the software, data and files developed or processed by Supplier under the Agreement, to the extent the work is performed in Supplier’s hardware environment;

(b)Buyer’s Data, files and programs in Supplier’s possession; and

(c)data, files and programs in Buyer’s hardware environment if Supplier has the operational responsibility for Buyer’s hardware and/or software environment under the Agreement.

2.7The Supplier shall comply with all Regulatory Requirements that are applicable to the Supplier and /or the Deliverables.

3.Buyer's Obligations

3.1.Buyer shall be responsible for the accuracy of the information provided to Supplier.

3.2.Buyer shall make back-up copies of software, data and files before delivery of the same to Supplier. With the exception of what is stated in section 2.6 (c), Buyer is responsible for making back-up copies of data, files and programs in Buyer’s hardware environment.

4.Result Services

4.1.What is stated in this sectionshall apply to Supplier’s provision of Result Services. However, when Supplier’s scope of supply under the Agreement contains several Deliverables (e.g.Goods, Software, Services) to be delivered within the frame of an implementation project, what is stated in this section 4 regarding Actual Date of Delivery, time schedule, change requests and warranty shall apply to the implementation project as a whole and all the Deliverables delivered pursuant to theimplementation project.

4.2.Supplier shall provide the Result Services according to the Agreed Specification and as generally set out in the Agreement.

4.3.If the assignment is divided into several milestones, Supplier may proceed to a subsequent milestone only after the acceptance by Buyer of the previous milestone, unless otherwise agreed in writing.

4.4.Supplier undertakes at Supplier’s own cost to provide necessary equipment as telephone, PC, working space and other ordinary office equipment.

4.5.In the event the cost, work or schedule estimates for the completion of the Result Services prove substantially different from those stated in the Agreement, Supplier shall inform Buyer to this effect in writing without delay. Buyer shall then have the right to immediately discontinue the Result Services, to stop further payments for work not yet performed and to terminate the Agreement in accordance with the applicable provisions in section28.

4.6.Supplier shall ensure that any advice or recommendation given to Buyer in the course of the assignment is in compliance with legislation, regulations, and established practices.

4.7.Buyer or Supplier may propose changes to Supplier’s scope of supply after the Agreementhas been concluded. A request for change according to this sectionshall be made in writing using a change request form.

4.8.Supplier shall number every change request and maintain a change request log. A template change request form is attached to the Agreement.

4.9.Change requests may pertain to deviations from the Agreed Specificationin the Delivery Contract, in the time schedule or affecting the workload for Supplier resulting in reduced or extra cost for Buyer, as applicable. A change request shall be made as an amendment to the Delivery Contract. A change request resulting in extra cost for Buyer in relation to the price stated in the Agreementis not valid or binding on Buyer until Supplier has received a purchase order (including signedamendments) from Buyer for the same.

Warranty

4.10.For Result Services, Supplier shall at Supplier’s expense be obliged to remedy any non-compliance with the Agreed Specification in the Delivery Contract occurring during a Warranty Period of twelve (12) months. All deviations from the Agreed Specifications are considered as non-compliant. Buyer's acceptance of Supplier's proposals, methods, acts or working results does not relieve Supplier from liability for any non-compliance which Buyer reasonably could not have discovered or foreseen at the time of acceptance.

4.11.Supplier's responsibility does not include non-compliance due to:

(a)incorrect use of any Deliverable(s) by Buyer;

(b)Buyer’s unauthorised modifications to Deliverable(s);

(c)defects in equipment or third party software other than provided or approved by Supplier, or

(d)incorrect information provided by Buyer to Supplier for the provision of the Deliverable(s).

4.12.Any non-compliance shall be remedied by Supplier within a Cure Period of fifteen (15) calendar daysfrom Supplier’s receipt of Buyer’s Notice of Non-compliance. When the Cure Period has ended, Supplier shall without undue delay demonstrate to Buyer’s satisfaction that the non-compliance has been remedied.

4.13.If Supplier has not remedied the non-compliance within the Cure Period, Buyer has the right to, at the expense of Supplier, remedy the non-compliance by itself or through a third party.

4.14.If the non-compliance cannot be cured, Buyer is entitled to a price-reduction corresponding to the non-compliance and taking into account the extent and impact the non-compliance has on Buyer’s ability to use the Deliverable(s) for the contemplated purposes.

5.Resource Services

5.1.What is stated in this section shall apply to Supplier’s provision of Resource Services.