PHONOVATION SMS MESSAGING AGREEMENT

INTRODUCTION AND INTERPRETATION:

This is an Agreement for the provision of SMS messaging and / or WhatsApp messaging services under the Phonovation SMS platform and related integrations or channels by PHONOVATION LIMITED, a company incorporated in Ireland (Company Registration Number 127108) with its registered office at Phonovation Ltd, Frascati Hall, Sweetman's Avenue, Blackrock, Co. Dublin, A94 F9N7, Ireland ("Phonovation", "We" or "Us"), to the Client ("You") for a continuous period unless terminated in accordance with the terms of this Agreement.

The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Schedules.

A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time, and includes all subordinate legislation made thereunder.

In the event of any conflict between any provision of this Agreement (including Schedule 1) and the Standard Contractual Clauses referred to in Clause 11.2 of Schedule 1, the Standard Contractual Clauses shall take precedence.

1. OWNERSHIP AND LICENSING

1.1 Nothing in this Agreement effects an assignment by either Party of any intellectual property rights, whether registered or unregistered, or any applications for registration of such rights.

1.2 Neither Party shall use the other's logos, trademarks, or other intellectual property without prior express written consent.

1.3 All intellectual property rights in the Phonovation Services shall remain with Phonovation and its licensors. All intellectual property rights in the Client Elements (as defined in Clause 3.1) shall remain with the Client and its licensors. Except as expressly provided in this Agreement, no rights or licences are granted to either Party in respect of the other's intellectual property.

2. CONFIDENTIAL INFORMATION

All Confidential Information disclosed by either Party during the Term and for a period of three (3) years following termination shall be kept confidential by the receiving Party and used solely in connection with this Agreement. The receiving Party shall not disclose Confidential Information to any third party without the prior written consent of the disclosing Party.

The obligation of confidentiality shall not apply to information which:

1. (a) is or becomes publicly available other than through breach by the receiving Party;
2. (b) is received on a non-confidential basis from a third party lawfully entitled to disclose it;
3. (c) was already known to the receiving Party prior to disclosure;
4. (d) is independently developed without use of the disclosing Party's Confidential Information; or
5. (e) is required to be disclosed by law or court order, provided the receiving Party gives reasonable advance written notice to allow the disclosing Party to seek to limit disclosure.

"Confidential Information" means information which the disclosing Party desires to protect against unrestricted disclosure or competitive use, and which is identified as confidential or would reasonably be understood to be confidential given the nature of the information and the circumstances of disclosure. It includes business methods, rates, business plans, client information, and technology know-how.

3. WARRANTIES AND UNDERTAKINGS

3.1 Warranties of Client

Client represents, warrants and undertakes that:

1. (a) to the best of its knowledge, the Client brand, Client content and web interfaces associated with Client (collectively, the "Client Elements") do not and will not infringe or violate the intellectual property rights of any third party;
2. (b) Client Elements will not: (i) violate any applicable law or regulation; (ii) be defamatory, obscene or harmful; or (iii) contain any malicious code including viruses, trojans, worms, time bombs or cancel bots;
3. (c) it shall not make any representation or warranty on behalf of Phonovation to any Client User;
4. (d) it holds all necessary consents, permissions and authorisations to send messages to the intended recipients via the Services and shall comply with all applicable marketing, e-privacy and data protection laws including the ePrivacy Regulations 2011 (S.I. 336/2011), ComReg Sender Id Regulations 2025 (Decision D14/D24) and any successor regulations; and
5. (e) all recipients have provided valid, freely given, specific, informed and unambiguous consent to receive messages where required by applicable law.

Warranties of Phonovation

Phonovation warrants and undertakes that:

1. (a) to the best of its knowledge, the Phonovation brand and content associated with the Services ("Phonovation Elements") do not and will not infringe any third-party intellectual property rights; and
2. (b) the Phonovation Elements will not: (i) violate any applicable law or regulation; (ii) be defamatory, obscene or harmful; or (iii) contain malicious code.

Client's sole remedy and Phonovation's sole liability for breach of the foregoing warranties shall be as set out in Section 4.

3.3 DISCLAIMER

EXCEPT AS EXPRESSLY SET OUT IN THIS AGREEMENT AND SCHEDULE 1, NEITHER PARTY MAKES ANY REPRESENTATION OR WARRANTY IN RESPECT OF ITS SERVICES, BRANDS OR CONTENT, AND EACH PARTY HEREBY DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY OF DATA AND NON-INFRINGEMENT. PHONOVATION SERVICES ARE PROVIDED "AS IS". PHONOVATION AND ITS SUPPLIERS DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE.

4. INDEMNIFICATION

4.1 Each Party shall defend the other from and against all third-party claims, suits and proceedings, and pay all final judgments or settlements arising therefrom, to the extent such claim arises from a breach of its warranties and undertakings set out in Clause 3.

4.2 As a condition of indemnification, the indemnified Party shall: (a) promptly notify the indemnifying Party in writing of any claim; (b) give the indemnifying Party the opportunity to defend or settle the claim at its expense (provided any settlement does not impose obligations on the indemnified Party beyond money payment and unconditionally releases the indemnified Party); and (c) co-operate fully with the indemnifying Party at the indemnifying Party's expense. Each Party reserves the right to participate in its own defence at its own cost.

5. LIMITATION OF LIABILITY

5.1 SUBJECT TO CLAUSE 5.3, EACH PARTY'S TOTAL AGGREGATE LIABILITY (WHETHER IN CONTRACT, TORT INCLUDING NEGLIGENCE, BREACH OF STATUTORY DUTY OR OTHERWISE) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) TWENTY-FIVE PERCENT (25%) OF THE TOTAL FEES PAID OR PAYABLE BY CLIENT IN THE TWELVE-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO LIABILITY; OR (B) €1,000.

5.2 IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF PROFITS, REVENUE OR INTERRUPTED COMMUNICATIONS) EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

5.3 NOTHING IN THIS AGREEMENT LIMITS OR EXCLUDES LIABILITY: (I) FOR DEATH OR PERSONAL INJURY CAUSED BY NEGLIGENCE; (II) FOR FRAUDULENT MISREPRESENTATION; (III) UNDER THE INDEMNITY IN CLAUSE 14.1 OF SCHEDULE 1; OR (IV) FOR ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE IRISH OR EU LAW.

6. SERVICE USAGE

6.1 Acceptable Use — Prohibited Content

Phonovation shall not be held responsible for messages sent through the platform by Client or Client Users. Client shall not use the Services to send messages that:

1. (a) are unsolicited or sent without valid recipient consent where required by applicable law;
2. (b) contain spyware, viruses, worms, trojans, adware or other malware;
3. (c) contain content illegal under Irish law or the law of the recipient's country;
4. (d) are offensive, abusive, defamatory, threatening, indecent, menacing, misleading or discriminatory;
5. (e) contain copyright works, trademarks or other intellectual property without the rights holder's written permission; or
6. (f) may bring the name of Phonovation into disrepute.

6.2 Security and Account Credentials

Client is responsible for maintaining the security of its account credentials, selecting sufficiently complex passwords, and implementing IP address access controls where applicable. Phonovation shall not be liable for any loss arising from unauthorised access resulting from Client's failure to maintain credential security.

Client acknowledges that messages transmitted over the Phonovation platform may be transmitted in an unencrypted format where the chosen integration method does not support end-to-end encryption. Client is encouraged to use HTTPS and SMPP-TLS where available. Phonovation may disclose messages transmitted over the platform to the extent permitted by law to protect its rights or property, or to comply with legal or regulatory requirements.

6.3 Data Processing

To the extent that Phonovation processes Personal Data on behalf of Client in the course of providing the Services, Schedule 1 (Data Processing Terms) shall apply.

6.4 Message Delivery and Callback Notifications

Phonovation Services operate a push-based notification model. Upon receipt of a Delivery Receipt (DLR) or incoming message, Phonovation's platform will automatically push the notification to the Client's system by calling the API endpoint provided by Client at the time of the service configuration.

Client is responsible for ensuring its callback endpoint is available, correctly configured and capable of receiving push notifications.

HTTPS is required to protect data in transit.

Phonovation shall not be liable for undelivered notifications resulting from Client's failure to maintain a reachable and correctly configured callback endpoint.

6.5 Source and Destination Addresses

Where applicable, Client acknowledges that correct Type Of Number (TON) and Number Plan Indicator (NPI) settings and correct source and destination address formatting in accordance with GSM specification must be set for each message submitted. Failure to do so may result in message delivery failure or incorrect source address display. Phonovation shall not be responsible for checking or correcting these settings.

6.6 Abuse of Services

Phonovation's acceptable use policy, as set out in the "Abuse of Services" section of Client's online account, defines the only acceptable uses of each Service. Where Services are accompanied by documentation, use is restricted to those documented parameters. Client shall not modify, circumvent, or reverse engineer any Phonovation software.

ANY ATTEMPT BY CLIENT TO GAIN UNAUTHORISED ADVANTAGE, INCLUDING EXPLOITATION OF UNDOCUMENTED FEATURES, SHALL RESULT IN IMMEDIATE ACCOUNT SUSPENSION. CLIENT SHALL BE LIABLE TO REPAY PHONOVATION THE FULL VALUE OF ANY IMPROPER GAIN AS DETERMINED BY PHONOVATION.

7. BILLING

7.1 CHARGES: Client shall pay Phonovation for: (a) all submitted messages at the applicable rate, regardless of delivery status; (b) any HLR Lookup queries; (c) applicable payment processor transaction fees; and (d) applicable Value Added Tax. Standard post-paid payment terms are 30 days from date of invoice.

7.2 PRE-PAYMENT: For pre-paid accounts, all charges are payable in advance and access to the Services is conditional on receipt of payment, unless otherwise agreed. Payment is currently via Stripe by credit or debit card.

7.3 RECEIVED PAYMENTS: Bank transfer payments are deemed received once Phonovation confirms receipt of the correct amount in the agreed currency. Stripe card payments are deemed received upon successful authorisation and funds capture. Client should allow reasonable time for anti-fraud checks.

7.4 PAYMENT PROVIDER NOTIFICATIONS: Authorisation notifications from payment providers such as Stripe do not constitute confirmed receipt of payment. Acceptance of transactions is at Phonovation's sole discretion.

7.5 TRANSACTION FEES: Client shall bear all transaction or currency exchange fees levied by Client's bank, payment provider, or intermediate financial institutions.

7.6 PROCESSING FEES: Phonovation reserves the right to charge processing fees on payments made via payment providers. These will be disclosed and confirmed by Client before submission. Only the amount prior to processing fees will be credited to Client's balance. Processing fees will not appear on invoices.

7.7 BANK TRANSFER INVOICES: Invoices must be paid within 30 days of issue, unless otherwise agreed. Non-payment constitutes a breach. Phonovation may suspend the account without prior notice. Client shall include its account number or name as the payment reference.

7.8 CLIENT PAYMENT RESPONSIBILITY: If card payment fails or direct debit is rejected, Client remains liable for all amounts due on demand. Phonovation may charge reasonable administrative costs incurred in recovering failed direct debit payments.

7.9 FREE TRIALS: At Phonovation's discretion, free trial credit may be issued for testing purposes only. All Agreement terms apply during trial periods.

7.10 CURRENCY: All balances are held in Euro (EUR). All charges are deducted in EUR.

7.11 NO INTEREST: Client shall not earn interest on any balance held with Phonovation.

7.12 CREDIT EXPIRY: Deposited funds must be used within 365 days of receipt. Phonovation may extend this at its discretion on a case-by-case basis. Client should log in on the account and send a message within 365 days to keep the account active so that their credits are not removed.

7.13 MESSAGE CHARGES: Phonovation charges for each submitted message consisting of up to 140 bytes of payload data after GSM encoding. Messages exceeding 140 bytes are automatically split and concatenated, with each part charged separately. Charges are based on destination network prefix per national numbering plan. Charges are deducted immediately on submission.

7.14 PRICING CHANGES: Phonovation may change pricing and coverage (additions, removals, or price modifications) with 15 days' email notice to Client's contact. WhatsApp platform transaction prices will change (additions, removals, or price modifications) with immediate effect of email sent to Client's contact.

Changes are deemed communicated at the time of sending. Phonovation is not liable for indirect losses arising from pricing changes.

7.15 CREDIT LIMITS: No automated credit limit applies to this account.

7.16 OVERDUE PAYMENTS: Where the payment term is "Immediate", an invoice is overdue if unpaid within 7 days. Interest on overdue amounts may be charged at the rate provided for under the European Communities (Late Payment in Commercial Transactions) Regulations 2012 (S.I. 580/2012).

7.17 MESSAGE STATISTICS: Phonovation records message submission data daily (00:00:00 to 23:59:59 Irish time). Statistics are verified nightly. Client is not charged for any message that does not receive a unique ID or is not assigned to an outgoing connection. Long messages are recorded as single entries with the total charge.

7.18 STATISTICS DISPUTES: Client must notify Phonovation within 7 days of any statistical imbalance. Phonovation will investigate and respond within 7 days of receiving notice. Disputes raised after 7 days may not be investigated.

8. TERMINATION

8.1 TERM AND EARLY TERMINATION: This Agreement operates on a rolling 12-month basis. Either Party may terminate by giving 30 days' written notice without penalty. Either Party may terminate immediately upon written notice if the other Party commits a material breach that: (a) is not remedied within 60 days for non-monetary breaches; or (b) within 5 days for monetary breaches, in each case following written notice specifying the breach in reasonable detail. Except as explicitly set forth elsewhere in this Agreement, the foregoing rights of termination shall be in addition to and not in lieu of any other legal or equitable remedies that the terminating Party may have.

8.2 EFFECT OF TERMINATION: Within 30 days of termination or expiry, each Party shall return or certifiably destroy the other's Confidential Information and delete all electronic copies, except for copies retained in ordinary-course backup systems or as required by law.

8.3 SURVIVAL: The following provisions survive termination: Ownership and Licensing (Clause 1), Confidential Information (Clause 2), Warranties and Undertakings (Clause 3), Indemnification (Clause 4), Limitation of Liability (Clause 5), Effect of Termination (Clause 8.2), Miscellaneous (Clause 9), and Schedule 1 to the extent applicable post-termination. Accrued payment obligations under Clause 7 also survive.

9. MISCELLANEOUS

9.1 INDEPENDENT CONTRACTOR: Each Party is an independent contractor. Nothing in this Agreement creates an employment, partnership, joint venture or agency relationship.

9.2 NON-SOLICITATION: During the Term and for 2 years following termination, neither Party shall directly or indirectly solicit or employ the other Party's employees, unless the individual has been unaffiliated with that Party for at least 6 months.

9.3 ASSIGNMENT: Neither Party may assign this Agreement without the other's prior written consent (not to be unreasonably withheld), except in connection with a merger, corporate reorganisation, or sale of substantially all assets or shares, in which case notice is sufficient. This Agreement binds successors and assigns.

9.4 AMENDMENTS: Any amendment must be in writing, dated, and communicated to both Parties.

9.5 NOTICES: Notices shall be in writing and deemed given: (a) 72 hours after pre-paid recorded delivery posting; (b) upon delivery by a recognised express courier; or (c) upon email confirmation of receipt to an email address registered on Client's account, sent from a Phonovation email address.

9.6 FORCE MAJEURE: Neither Party shall be liable for failure to perform obligations due to causes beyond its reasonable control, including acts of government or military authority, acts of God, materials shortages, telecommunications failures (including systemic internet or mobile network failures), transportation delays, natural disasters, labour disturbances, pandemics, or wars.

9.7 WAIVER: Failure by either Party to enforce any provision shall not constitute a waiver of that or any other provision.

9.8 COUNTERPARTS: This Agreement may be executed in counterparts, each of which constitutes an original, and all of which together form a single instrument.

9.9 GOVERNING LAW AND JURISDICTION: This Agreement is governed by the laws of Ireland. Each Party submits to the non-exclusive jurisdiction of the courts of the Republic of Ireland.

9.10 SEVERABILITY: If any provision is held invalid, illegal or unenforceable, the remaining provisions shall remain in full force and shall be construed to give effect to the Parties' original intentions so far as possible.

9.11 EXPORT CONTROL: Client shall comply with all applicable Irish and EU import/export laws and regulations. Client shall not export or re-export the Services without obtaining all required consents and authorisations.

9.12 SUPPORT: All Services include complimentary business-hours technical support (Monday to Friday, 09:00-17:00 GMT/IST). Support requests must be submitted via the Support section of Client's online account with full details and international-format numbers where applicable. Phonovation will respond by email to the address provided at ticket submission.

SCHEDULE 1 - DATA PROCESSING TERMS

1. Definitions

The following definitions apply in this Schedule:

Appropriate Technical and Organisational Measures: has the meaning given in Data Protection Legislation (including measures referred to in Article 32(1) GDPR).

Authorised Person: personnel authorised by Client to provide instructions in relation to Processing.

Business Day: a day other than a Saturday, Sunday or public holiday in Ireland when banks in Dublin are open for business.

Business Purpose: the provision of the Services under this Agreement.

Data Controller, Data Processor, Data Subject, Personal Data, Processing: each has the meaning given under Data Protection Legislation.

Data Protection Commission (DPC): the Irish supervisory authority for data protection, currently situated at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland (www.dataprotection.ie).

Data Protection Legislation: all applicable data protection legislation including: the GDPR (EU) 2016/679; the Data Protection Act 2018 (Ireland); the ePrivacy Regulations 2011 (S.I. 336/2011); any implementing, amending or successor legislation; and guidance issued by the DPC.

Personal Data Breach: any personal data breach as defined in Article 4(12) GDPR in respect of Personal Data Processed by Phonovation.

Restricted Transfer: any transfer of Personal Data to a country outside the EEA not subject to an adequacy decision by the European Commission, where such transfer would be restricted by Data Protection Legislation.

Standard Contractual Clauses (SCCs): the standard contractual clauses for the transfer of Personal Data to third countries adopted by the European Commission on 4 June 2021 (Decision 2021/914), or any successor mechanism approved by the European Commission or the DPC.

Sub-processor: any third party engaged by Phonovation to Process Personal Data on behalf of Client.

2. Processing Instructions

2.1 Phonovation shall only act on written processing instructions given by an Authorised Person, sent by email to Client's designated account manager or to orders@phonovation.com.

2.2 Phonovation shall Process Personal Data solely for the Business Purpose and in compliance with Client's instructions, unless required to do otherwise by applicable law, in which case Phonovation shall (to the extent legally permitted) inform Client before Processing.

2.3 The types of Personal Data Processed may include: name, phone number, email address, postal address, date of birth, and other Personal Data uploaded by Client or Users. Data Subjects include Client (if an individual) and Users.

2.4 Personal Data may be transferred to Phonovation via Website, API, Management Portal, Excel/CSV upload, CRM integration, or SMPP. Secure channels (HTTPS, SFTP or equivalent) must be used for data in transit.

3. Parties' Obligations

3.1 Phonovation shall: (a) only copy Personal Data to the extent necessary for the Business Purpose (including for logs, backup, security, disaster recovery and testing); and (b) not re-use, exploit, redistribute or store Personal Data for any other purpose.

3.2 Phonovation shall notify Client without delay of any change affecting its ability to Process Personal Data as set out in this Agreement.

3.3 On Client's written request and at Client's cost, Phonovation shall amend, transfer or delete Personal Data as directed. Phonovation may retain one archived copy for the duration of any applicable limitation period or legal retention requirement, plus one year.

3.4 Client shall: (a) ensure it is lawfully entitled to transfer Personal Data to Phonovation; (b) ensure all relevant Data Subjects have provided the required consents or that another lawful basis applies; (c) ensure Personal Data is accurate, adequate, relevant and limited to what is necessary; and (d) ensure Personal Data is not retained for longer than necessary.

4. Security

4.1 Phonovation shall implement Appropriate Technical and Organisational Measures to protect Personal Data against unauthorised or unlawful Processing, accidental loss, destruction or damage, having regard to the state of technology, the cost of implementation and the nature and risk of the Processing.

4.2 Phonovation shall ensure Personal Data is accessed only by authorised personnel and systems required for the Business Purpose.

4.3 Client shall maintain its own backup copies of Personal Data as frequently as necessary.

5. Sub-processors

5.1 Client acknowledges and agrees that Phonovation may engage Sub-processors to assist in providing the Services. Phonovation's current Sub-processors include:

WhatsApp Channel - Additional Disclosure

Clients who activate the WhatsApp messaging channel acknowledge that message delivery is facilitated via WhatsApp Business Solution Provider, and that the WhatsApp Business Solution Provider integration with the WhatsApp Business Platform is operated by Meta Platforms Ireland Limited ("Meta"). As a result, certain message metadata (including sender and recipient phone numbers and message timestamps) will be processed by Meta's infrastructure in the course of delivery. Clients are solely responsible for ensuring that their own privacy notices and consent mechanisms accurately disclose to their end users that their personal data may be processed by Meta Platforms Ireland Limited and its affiliates in connection with WhatsApp message delivery, and for obtaining any consents required under applicable data protection and ePrivacy legislation.

5.2 Phonovation shall enter into a written data processing agreement with each Sub-processor imposing equivalent data protection obligations to those in this Schedule.

5.3 Phonovation shall verify that each Sub-processor is capable of providing the required level of protection before it first Processes Personal Data.

5.4 Phonovation remains fully liable to Client for any failure by a Sub-processor to fulfil its data protection obligations.

5.5 Phonovation shall notify Client of any intended addition or replacement of Sub-processors with reasonable advance notice, giving Client the opportunity to object. Client shall not unreasonably withhold or delay objection.

6. Restricted Transfers

6.1 Phonovation shall not make Restricted Transfers without Client's prior written consent, except to affiliates and agents performing the Services. Restricted Transfers shall only be made where appropriate safeguards are in place, including (as applicable): (a) the 2021 Standard Contractual Clauses; (b) binding corporate rules; or (c) any other transfer mechanism recognised under applicable Data Protection Legislation.

7. Breach Notification

7.1 Phonovation shall inform Client without undue delay if it becomes aware of any Personal Data Breach, and shall provide sufficient information to enable Client to meet its notification obligations to the DPC (within 72 hours of becoming aware) and to affected Data Subjects where the breach is likely to result in high risk.

7.2 Phonovation shall co-operate fully with Client and take commercially reasonable steps to investigate, mitigate and remediate each Personal Data Breach.

7.3 Client shall not make any public announcement regarding a Personal Data Breach involving the Services without first consulting with Phonovation.

8. Data Subject Rights

8.1 Phonovation shall assist Client in responding to Data Subject rights requests (access, rectification, erasure, restriction, portability, objection) using Appropriate Technical and Organisational Measures, at Client's cost.

8.2 Phonovation shall promptly notify Client if it receives any Data Subject request, complaint or compensation claim relating to Personal Data Processed under this Agreement. Phonovation shall not respond to any such request without Client's documented instructions, except as required by law.

9. Audits

9.1 Client has the right to audit Phonovation's compliance with this Schedule once per 12-month period, during Normal Business Hours (09:00-17:00 GMT), on one Business Day. Client shall bear Phonovation's reasonable costs of such audit.

9.2 Audit scope shall be agreed in writing in advance.

9.3 Phonovation may demonstrate compliance through recognised certification (e.g., ISO 27001) or an approved code of conduct in lieu of an on-site audit.

10. Data Protection Officer

10.1 Each Party shall appoint a Data Protection Officer if required to do so under applicable Data Protection Legislation and shall provide the other Party with that person's contact details.

11. Records

11.1 Phonovation shall maintain records of all Processing activities carried out on behalf of Client, including: descriptions of security measures; names and contact details of sub-processors and relevant contacts; categories of Processing; and details of any Restricted Transfers and safeguards in place.

12. Warranties (Schedule 1)

12.1 Phonovation warrants that it will: (a) Process Personal Data in compliance with Data Protection Legislation; (b) maintain Appropriate Technical and Organisational Measures; and (c) discharge its obligations under this Schedule with due skill, care and diligence.

12.2 Client warrants that it: (a) has complied with and will comply with Data Protection Legislation; (b) is lawfully entitled to transfer Personal Data to Phonovation; (c) has provided appropriate notices to and obtained valid consents from Data Subjects as required; and (d) will not by act or omission cause Phonovation to violate applicable Data Protection Legislation.

13. Indemnity (Schedule 1)

Client shall indemnify and keep indemnified Phonovation against all costs, claims, damages or expenses arising from Client's failure to comply with its obligations under this Schedule or applicable Data Protection Legislation.

14. Consequences of Termination

14.1 Upon termination or expiry, Phonovation shall, at Client's election within 10 days, either return or certifiably delete all Personal Data, unless legally required to retain it. If Client makes no election, Phonovation may delete the Personal Data. Phonovation may retain one archived copy for the limitation/retention period plus one year in accordance with Clause 3.3.

SCHEDULE 2 - SERVICES

Phonovation shall provide the Phonovation SMS platform to Client, enabling:

• One-off message sending via the Phonovation SMS web portal;
• Broadcast messaging via Excel/CSV list upload;
• Automated API-based messaging (REST API);
• SMPP direct connection to Phonovation SMS gateways;
• CRM-integrated nightly data updates with broadcast capability;
• Campaign sending on request (subject to explicit Client User consent);
• WhatsApp Business messaging (subject to separate channel activation and the WhatsApp Channel Disclosure below).

Processing activities performed under this Agreement include: collection, recording, organisation, storage, adaptation, retrieval, consultation, use, transmission, dissemination, combination, restriction, erasure and destruction of Personal Data.

WhatsApp Channel - Additional Disclosure

Clients who activate the WhatsApp messaging channel acknowledge that message delivery is facilitated via a WhatsApp Business Solution Provider, and that the WhatsApp Business Solution Provider integration with the WhatsApp Business Platform is operated by Meta Platforms Ireland Limited ("Meta"). As a result, certain message metadata (including sender and recipient phone numbers and message timestamps) will be processed by Meta's infrastructure in the course of delivery. Clients are solely responsible for ensuring that their own privacy notices and consent mechanisms accurately disclose to their end users that their personal data may be processed by Meta Platforms Ireland Limited and its affiliates in connection with WhatsApp message delivery, and for obtaining any consents required under applicable data protection and ePrivacy legislation.

Primary processing location: eir Datacentre, Clonshaugh, Dublin 17, Ireland.

UK and international message routing via telecommunication gateways.

Customer support and account management: Phonovation Ltd, Frascati Hall, Sweetman's Avenue, Blackrock, Co. Dublin, A94 F9N7, Ireland.