Distributor Legal Center

Preamble

Choco Communications FZCO (“Choco”) operates a cloud-based order management and communication platform for distributors (e.g., wholesalers) and their customers (e.g., restaurants) in the food industry ("Cloud Service") and provides related Onboarding and Support Services as well as Integration Services s (collectively “Implementation Services” and, together with the Cloud Service, each a “Service” and collectively the “Services”). A description of each Service is available here.

This Main Services Agreement (“MSA”) governs the provision and use of the Services. Distributor agrees to be bound by the MSA by either executing an Order Form which incorporates the MSA or by accessing and/or making use of the Free Services (as defined in section 1.3 below). Capitalised terms not otherwise defined in the MSA shall have the meaning assigned to them elsewhere in the Agreement.

THEREFORE, in consideration of the foregoing, Choco and Distributor (each a "Party" and collectively the "Parties") agree as follows:

1 Scope of the Services

1.1 Access to Cloud Service. Choco hereby grants Distributor a non-exclusive, non transferable, non-sublicensable right to access and use the Cloud Service during the term of the Agreement, solely for its own business operations and in accordance with the terms and conditions of the Agreement. Distributor is responsible for arranging the necessary equipment and the internet connection to use the Cloud Service. Distributor will have no right to any specific design or specific functionalities beyond the scope of the Cloud Service agreed in the Order Form.

1.2 Choco Deliverables. While providing Services, Choco may create deliverables for Distributor (“Choco Deliverables”). Choco hereby grants Distributor a non-exclusive, non transferable, non-sublicensable right to use the Choco Deliverables during the term of the Agreement and in accordance with the terms and conditions thereof. Distributor shall not make any modifications to or use the Choco Deliverables for any other purposes than achieving the purpose of the Agreement without prior written approval of Choco.

1.3 Free Services. Choco may offer certain features of the Cloud Service free of charge, such as trial periods, beta versions or delivery of orders from the restaurants using the Cloud Service in a digital form (“Free Services”). An entity benefiting from Free Services shall be deemed to constitute a Distributor and shall be subject to the terms of the Agreement governing use of the Cloud Service as long as it benefits from Free Services. Distributor acknowledges that Choco reserves the right to modify or terminate Distributor’s access to Free Services or any part thereof, at any time and for any reason in its sole discretion without any notice or liability to Distributor. Free Services are provided as-is and, to the maximum extent permitted by applicable law, Choco shall not be liable for any damages, costs or expenses resulting from the use of Free Services. To the extent such full exclusion of liability is not enforceable, Choco’s (including its legal representatives’, employees’, agents’ and Vicarious Agents’ (as defined in section 12.3 below)) aggregate liability shall be limited to £1,000 (one thousand pounds). In the event of a conflict between this section 1.3 and the rest of the Agreement, this section 1.3 shall take precedence.

1.4 Service Specific Terms. Some Services may be subject to additional terms specific to that Service, such as Integration GTCs, Onboarding GTCs and White-Label TCs (“Service Specific Terms”). Distributor agrees to be bound by the applicable Service Specific Terms by signing the Order Form or by accessing or using the Services covered by Service Specific Terms.

1.5 Availability. Choco will make commercially reasonable efforts to make the Cloud Service available 98% of the time, based on a monthly average. Excluded therefrom are necessary planned maintenance work as well as disruptions that are not within Choco’s sphere of influence (such as force majeure events, downtime that results from a third party’s equipment, software or technology or internet connectivity issues). If possible, Choco shall in a timely manner notify Distributor about planned maintenance work. Nevertheless, Choco expressly reserves the right to carry out unannounced maintenance work if necessary, particularly where this is required for data and operational security.

1.6 Modifications. Choco reserves the right to enhance, change or discontinue any and all features of the Cloud Service or introduce new features or Services at any time. If any such changes materially limit the features of the Cloud Service, Choco shall provide Distributor with advanced notice thereof. Distributor's continued use of the Cloud Service after being notified constitutes acceptance of those changes. In case of an objection by Distributor before such changes enter into force, Choco may terminate the Agreement or offer Distributor a reasonable remedy at its own discretion.

1.7 Third Party Components. Certain components of the Cloud Service may be provided through third party services. Any such components that Distributor could recognize as being subject to third-party rights, including open-source licences, will be subject to applicable third party and open-source software licences. Above all, any components that Choco discloses as third-party content in the Agreement, in the Cloud Service or in any Choco policies will be deemed recognizable within the meaning of the previous sentence. Distributor agrees that availability of the Cloud Service or certain features may be dependent on the corresponding availability of the third-party services. Choco is not responsible for any interruptions or issues with the Cloud Service caused by the third-party components. The maps functionality on the Cloud Service is provided through Google Maps as a third party component. By making use of the Cloud Service and the maps functionality, Distributor agrees to be bound by Google's Terms of Service including  Google Privacy Policy.

1.8 AI-powered Services. The Cloud Service may encompass functionalities that are powered by artificial intelligence (“AI”). Distributor will retain ownership over the input it provides and the output generated by AI based on the input, both of which shall constitute Distributor Data (as defined in section 3.1 below). Choco does not guarantee the accuracy, completeness and reliability of the output generated by AI and, to the extent permitted by law, disclaims all warranties and liability for such output. To the extent such full exclusion of liability is not enforceable, Choco’s (including its legal representatives’, employees’, agents’ and Vicarious Agents’) aggregate liability shall be limited to £1,000 (one thousand pounds). Output generated by AI may not be unique to Distributor and it does not represent Choco’s views. Distributor undertakes to comply with the fair use policies of Choco’s third party service providers when using AI-powered functionalities, available here. In the event of a conflict between this section 1.8 and the rest of the Agreement, this section 1.8 shall take precedence.

2 Access and Use of Cloud Service

2.1 Authorised Users. The licence granted to Distributor is limited to its employees, agents or contractors who are authorised by Distributor to use the Services (“Authorised Users”). Distributor is responsible for its Authorised Users’ compliance with the Agreement, including Choco’s policies on the use of the Cloud Service and for all of their acts and omissions. Distributor shall ensure that its Authorised Users keep the access data of their accounts confidential and shall inform Choco without undue delay if there is any suspicion that the access data may have become known to unauthorised persons. Distributor is solely responsible for all activities that occur under the accounts of its Authorised Users.

2.2 Usage Rules and Restrictions. Distributor shall use the Cloud Service only for offering products that address food and hotel industry needs and comply with all laws applicable to its access and use of the Cloud Service. Distributor shall not (a) reproduce, copy, modify, adapt, create derivative works, reverse engineer, decompile or engage in any action with the attempt to obtain the source code of the Cloud Service (except as permitted by mandatory law); (b) sublicense, sell, rent, distribute, transfer or provide a third party access to the Cloud Service or otherwise allow the use of the Cloud Service for the benefit of any third party; (c) engage in any conduct that interferes with or threatens the security, integrity or performance of the Cloud Service, including any related systems; (d) send any malicious code (e.g., viruses, worms, Trojan horses or other malware) through Cloud Service; (e) attempt to interfere with or otherwise circumvent any security measures, authentication mechanisms or any functional restrictions on the Cloud Service intended to limit its use; (f) use the Cloud Service in order to build a product or service which competes with the Cloud Service; (g) use any software, devices, robots or any other means to scrape data from the Cloud Service; (h) use the Cloud Service for fraudulent purposes; (i) make unfair use of the Cloud Service or (j) use the Cloud Service to send unsolicited commercial communications. If the Cloud Service allows Distributor to modify a Customer’s order or place orders on a Customer’s behalf, Distributor agrees to do so only with the clear instructions or explicit consent of the relevant Customer.

2.3 The relationship with the Customers. Distributor is solely responsible for its use of the Cloud Service, such as for the contact it establishes with other companies, all communications sent via or in connection with the Cloud Service, the content and availability of the products and for the proper management of orders. By making the Cloud Service available, Choco merely provides the infrastructure for placing and managing orders and for communication. Choco itself will not directly or indirectly become a party to the relationship between Distributor and the restaurants or other market participants who place orders with Distributor (“Customer(s)”). Each order (individual sale and purchase of products) shall be concluded solely between Distributor and the relevant Customer. Choco will have no liability whatsoever with regard to the performance of those orders and shall not be a party to disputes of any kind between Distributor and its Customers (such as disputes relating to incorrect deliveries or late payments). Distributor is solely responsible for the proper management of orders, and for its relationship and communication with its Customers and with any other third parties that it may engage with using the Cloud Service. 

2.4 Support and Maintenance. Choco shall offer standard support services to assist Distributor in using the Cloud Service during regular working hours. Choco will also provide maintenance services at its own discretion, including error corrections, updates, and upgrades, as deemed necessary to ensure the Cloud Service's continued functionality. Support and maintenance do not cover issues resulting from Distributor’s misuse, unauthorised modifications or third-party systems.

3 Distributor Data and Responsibilities

3.1 Distributor Data. Distributor shall retain all right, title and interest in and to information, images, texts, data, files, Distributor Deliverables and other materials that are transmitted, submitted or otherwise made available by or on behalf of Distributor to Choco in the course of Distributor's access and use the Services ("Distributor Data"). Distributor shall solely be responsible for the Distributor Data and shall ensure its accuracy, integrity and reliability throughout the term of the Agreement. Distributor grants Choco a non exclusive, royalty-free, perpetual and worldwide licence to collect, process, reproduce, modify, host, store, disclose, display and perform all necessary acts on the Distributor Data for the purposes of operating the Cloud Service and providing the Services to Distributor. Distributor agrees that Choco may collect, analyze and use information about Distributor’s use of the Services (“Usage Data”) and Distributor Data internally for research, security, analytics purposes and for improving its Services. Choco shall be entitled to create aggregated and/or de-identified information derived from User Data and Distributor Data and use such information at its own discretion without being subject to any limitations, to the extent it does not identify Distributor, its Customers or any person. Choco may sublicense or transfer the rights granted herein to its Vicarious Agents. 

3.2 Distributor’s Warranties. Distributor warrants that (i) it owns or will obtain the necessary rights and permissions to share the Distributor Data with Choco and to authorise the use of the Distributor Data by Choco as contemplated in this Agreement; (ii) it will provide the required information notices and obtain necessary consents under data protection laws for lawfully transferring data to Choco and enabling Choco to lawfully collect and process Distributor Data for the provision of the Services, as further described under the Data Processing Agreement; (iii) the Distributor Data and its use by Choco as contemplated in this Agreement do not violate any third-party rights or applicable laws; (iv) the Distributor Data will not include any illegal, defamatory, inappropriate, offensive, hateful or violent content at any time;  (v) it will comply with laws applicable to communications sent through the Cloud Service, including but not limited to those relating to obtaining consent (if necessary) and complying with opt-out requests and (vi) it has the necessary licenses and permits to operate in its country of registration. 

3.3 Removal. Choco is not obliged to monitor the Distributor Data but reserves the right to do so at its own discretion. Choco may, without prior notice, remove or disable access to any Distributor Data (including the products offered via the Cloud Service) if (i) it violates the Agreement including Choco policies made available to Distributor, (ii) it constitutes illegal content such as illegal hate speech, terrorist content, unlawful discriminatory content, or any content that the applicable laws render illegal or (iii) it is likely to give rise to complaints by third parties or other Choco customers. Due account of the fundamental rights and freedoms and legitimate interests of all parties involved will be taken when making decisions about removal of the Distributor Data. Choco will comply with binding orders of courts and supervisory authorities to remove any illegal Distributor Data from the Cloud Service.

3.4 Backup. Choco will use commercially reasonable efforts to ensure integrity and availability of the Distributor Data. Notwithstanding the foregoing Distributor shall be solely responsible for the Distributor Data and shall take back-ups on a regular basis and commensurately with the risk.

3.5 Distributor Indemnity. Distributor shall indemnify and hold Choco, its employees, representatives and Vicarious Agents harmless from and against any claims, losses, liabilities, damages and expenses (including reasonable attorneys’ fees), penalties, and/or administrative fines asserted against them by a third party arising out of (i) Distributor's (including its Authorised Users’) use of the Services, (ii) the Distributor Data, (iii) performance of orders submitted to the Distributor, (iv) Distributor’s (including its Authorised Users’) violation of applicable laws, or (v) Distributor’s breach of any warranties provided under section 3.2 of this Agreement. Choco shall notify Distributor without undue delay about any claims asserted by third parties and shall, upon request, provide the information and documents required for the defence. Moreover, Choco at its own discretion will either surrender the right of defence to Distributor or undertake such defence in consultation with Distributor. In particular, Choco shall neither acknowledge nor dispute any claims asserted by third parties without consulting with Distributor, except where Distributor has not responded to Choco's notification of the claim within a reasonable time period.

3.6 Cooperation. Distributor shall cooperate with Choco in good faith and provide all necessary information as reasonably required by Choco for the proper performance of the Services in a timely manner. All information provided by Distributor shall be up-to-date, complete, and accurate, and Distributor shall notify Choco in writing in case of any changes. Choco will not be liable for any delays in the provision of the Services caused by Distributor’s failure to provide Choco with the required information or cooperation.

4 Fees and Payment

4.1 Fees. Distributor shall pay Choco the fees agreed to in the Order Form or elsewhere in writing for the provision of the Services (the “Fees”). Unless expressly agreed otherwise in the Order Form, the Fees consist of a recurring monthly fee for the use of the Cloud Service (“Subscription Fee”) and a monthly or one-time fee for the Implementation Services (“Implementation Fee”). If the Parties agree on a monthly Implementation Fee, the Implementation Fee shall be payable for a maximum period of five (5) months.

4.2 Payment. If the Parties agree on a monthly Implementation Fee, the Implementation Fee shall be payable at the beginning of each month of the Implementation Phase up to the maximum duration set forth in section 4.1 above. If the Parties agree on a one-time Implementation Fee, the Implementation Fee shall be payable at the Effective Date (as defined in section 9.1 below). The Subscription Fee shall be payable on the Subscription Start Date (as defined in section 9.1 below) and at the beginning of each subsequent month of the Subscription Term (as defined in section 9.1 below). Unless expressly agreed otherwise in the Order Form, all invoiced amounts shall be due within two weeks of the date on the invoice and payable by direct debit. Choco may, at its discretion, accept alternative payment methods, including credit card or any other methods it deems acceptable. In case of late payment, Choco reserves the right to charge interest on the overdue amount at a rate of 4% per annum above the Bank of England base rate but at the rate of 4% per annum for any period during which that base rate is below 0% (such interest being deemed to accrue from day to day and being compounded on the last day of each calendar month) from the due date to the date of actual payment.

4.3 Taxes. The Fees are exclusive of taxes and Distributor shall be responsible for the taxes associated with the purchase of the Services. The applicable value added tax or other applicable taxes will be charged at the statutory rate to Distributor.

4.4 Discounts. Unless otherwise specified in the Order Form, any discounts are valid only for the relevant Subscription Term in which they are provided and do not automatically extend or apply to subsequent terms, renewals, or extensions.

4.5 Price Adjustments. Choco reserves the right to modify the Fees by providing Distributor with a written notice at least 30 days in advance. In the event that Distributor objects to the updated Fees within such 30-day period, Choco may terminate the Agreement or offer Distributor a reasonable remedy at its own discretion.

5 Intellectual Property

5.1 Reservation of Rights. Distributor acknowledges and agrees that Choco and/or its licensors own or otherwise have all the necessary intellectual property rights in the Cloud Service, Choco Deliverables, any improvements or modifications to the foregoing. Distributor does not have any rights in or to the Cloud Service and the Choco Deliverables, except for the limited express rights granted in this Agreement. The term Cloud Service includes any systems, programs, application programming interfaces or Integrations developed by or on behalf of Choco. In addition, Choco reserves all right, title, interest and ownership over aggregated and/or de-identified information derived from User Data and Customer Data.

5.2 Feedback. Distributor allows Choco to use, copy, disclose and exploit any suggestions and other feedback provided by Distributor and its Authorised Users freely in order to improve and enhance the Services and for development of other services in any manner without any obligation, royalty, attribution or restriction based on intellectual property rights or otherwise.

5.3 Trademark License. Distributor grants Choco a non-exclusive, worldwide licence to use Distributor's trademarks for operating the Cloud Service and for the performance of the Agreement. Choco shall be specifically entitled to display the trademark on Distributor's profile and to grant sublicenses to its Vicarious Agents to the extent necessary for the performance of the Agreement. Otherwise, the right of use may not be transferred or assigned.

5.4 Customer Reference. Choco may use Distributor’s name and logo in its marketing materials, presentations and similar communications to refer to Distributor as a customer. Distributor may revoke this consent any time by giving prior written notice.

6 Confidentiality

6.1 Duty of Confidentiality. The Parties undertake to keep confidential any information and documents of the disclosing party, which are either to be regarded as confidential due to the nature of the information or the circumstances of their disclosure or have been designated or marked as confidential by the disclosing party, such as business and/or trade secrets ("Confidential Information") and to use them exclusively for the purposes allowed under this Agreement. The technical components, documentation and the source code of the Cloud Service and the terms of the Order Form shall be considered as Confidential Information of Choco. The receiving party shall undertake reasonable technical and organisational measures to protect Confidential Information.

6.2 Disclosure of Confidential Information. The receiving party is entitled to disclose Confidential Information of the disclosing party solely (i) to its employees, Vicarious Agents, contractors or consultants on a need to know basis for the performance of this Agreement, provided that they are bound by the confidentiality obligations at least as protective as those contained herein, (ii) in a legal proceeding, (iii) where required by law, (iv) to third parties upon prior written approval of the disclosing party. "Affiliates" (meaning, in relation to a party, any: (i) subsidiary or holding company of that party; (ii) body corporate with an ultimate holding company in common with that party; and (iii) officer of that party or of such subsidiary, holding company or body corporate, and “subsidiary”, “holding company”, “body corporate” and “officer” shall have the meanings set out in sections 1159 and 1173 respectively of the Companies Act 2006) of the receiving party shall not be considered third parties and the receiving party may freely disclose Confidential Information to its Affiliates. When requests are made by judicial or administrative authorities relating to the disclosure of Confidential Information, the receiving party shall without undue delay notify the disclosing party thereof in writing, to the extent permitted by law.

6.3 Exclusions from Confidentiality. Confidential Information does not include information that (i) was already known to the receiving party prior to disclosure, (ii) is generally known or becomes known to public through no fault of the receiving party, (iii) is independently developed by the receiving party itself without access to the Confidential Information of the disclosing party or (iv) was brought to the attention of or shared with the receiving party by a bona fide third party authorised to do so.

6.4 Duration of Confidentiality. The duty of confidentiality shall commence upon gaining knowledge of the Confidential Information and will continue for the entire term of this Agreement. In addition, the duty of confidentiality shall remain in place for a period of three (3) years after cessation of the Agreement, unless statutory provisions provide for a longer confidentiality obligation. 

7 Data Protection

7.1 With regard to the personal data that Choco processes on behalf of Distributor for provision of the Services under this Agreement, the Parties conclude a Data Processing Agreement available here ("DPA") and which is hereby incorporated by reference into this MSA.

8 Suspension

8.1 Suspension. Choco is entitled, but not obliged, to monitor Distributor’s and its Authorised Users’ use of the Services and may suspend Distributor's or its any of its Authorised Users’ access to the Cloud Service (i) if Choco reasonably believes a violation of the Agreement has occurred, (ii) if the suspension is necessary for technical or security reasons or to avert imminent damage to Choco, Distributor or third parties or (iii) if Choco is obliged to suspend access by law. Choco will use commercially reasonable efforts to provide advance notice of suspension, unless prohibited by law. Choco shall lift the suspension if the reason for the suspension no longer exists. Choco will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Distributor may incur as a result of a suspension triggered by its Authorised Users’ own acts or omissions.

9 Term and Termination

9.1 Term. The Agreement shall commence on the date identified as the effective date on the Order Form (”Effective Date”).The term of the Agreement comprises the “Implementation Phase” and the “Subscription Term”. The Implementation Phase starts with the Effective Date and ends on the date when integration is complete, meaning that the customer number, order information (the list of ordered products, their product IDs and quantities) and order’s expected delivery date are successfully transmitted and integrated into Distributor's ERP or designated system (“Subscription Start Date”). Whilst additional components may be identified and assessed by the Parties depending on the specific functionalities of Distributor’s systems during the Implementation Phase, these will not be considered in determining the Subscription Start Date. If Integration is not in scope there won't be an Implementation Phase and the Effective Date will be considered as the Subscription Start Date. The Subscription Term starts on the Subscription Start Date and continues for a period of twelve (12) months or as otherwise indicated in the Order Form. The Subscription Term shall be renewed for successive periods of twelve (12) months if the Agreement is not terminated in writing by either Party with three (3) months' prior notice before the end of the respective Subscription Term.

9.2 Termination for Cause. Without prejudice to any other rights or remedies, either Party may, by written notice to the other, terminate the Agreement with immediate effect on the happening of any of the following events: (i) the other Party commits a material breach of the Agreement which is incapable of remedy; or (ii) the other Party commits a material breach of the Agreement which is capable of remedy and fails to remedy such material breach within thirty (30) days after receiving written notice requiring it to remedy that material breach. This clause shall not apply to breach of limited warranty provided by Choco as per section 10 and the exclusive remedies of Distributor are listed therein.

9.3 Termination by Choco. For the purpose of section 9.2(i) above a material breach by Distributor will be deemed incapable of remedy if (i) Distributor has repeatedly used the Services to place Distributor Data or products that are not permissible under the Agreement; (ii) Distributor is in default of its payment obligations for longer than two (2) weeks; (iii) Distributor becomes insolvent, files for or has filed against it, a petition of bankruptcy or; (iv) Distributor has acted against the use restrictions set out in section 2.2 above. Choco may terminate the Agreement for convenience without having to give any reasons any time with a notice period of one (1) month.

9.4 Effects of Termination. When the Agreement for the Services offered against remuneration is terminated Distributor shall lose its access to the Services, with the exception of the Free Services which may be still provided to the Distributor at Choco’s sole discretion. After termination, Choco will have no obligation to Distributor to continue storing Distributor Data and will delete the Distributor Data in its systems upon Distributor’s request or in line with its retention policy, whichever is earlier. Notwithstanding the foregoing, Choco will be entitled to retain the Distributor Data if Choco is obliged to do so by law or to the extent that the Distributor Data is required for accounting and documentation purposes or for the operation of the Cloud Service.

9.5 Survival. The sections 1.3 (Free Services), 3.5 (Distributor Indemnity), 4 (Fees and Payment), 6 (Confidentiality), 9.4 (Effects of Termination) and 11 (Limitation of Liability) and others which by their nature are intended to survive, shall survive after termination or expiration of this Agreement.

10 Warranty

10.1 Limited Warranty. Choco provides a limited warranty against defects in the Services. A defect is deemed to exist in case of any significant deviations from the functional scope of the Services as described in the Agreement that render the use of the Service impossible or greatly restricted. Distributor shall without undue delay notify Choco in writing of any defect and provide all information that is available to Distributor and is necessary for Choco to identify, reproduce, analyse and remedy the defect. Furthermore, Distributor shall assist Choco in remedying defects free of charge and in a reasonable manner. Choco will either rectify the defect or deliver the impacted Service once again at its discretion and within a reasonable period of time upon receiving written notification of the defect. The provision of instructions for use, with which Distributor can reasonably workaround the defects, will also be deemed to be a remedy of defects. If both remedies fail, Choco will at its own discretion offer Distributor a reasonable remedy (such as by giving Distributor a reasonable discount on the affected Services or terminating the Agreement partially or in whole). This limited warranty does not apply (i) to any defects caused by unauthorised use, abuse, negligence or equipment of Distributor, (ii) to any defects not notified by Distributor within 30 days upon noticing the defect. Choco's sole responsibility and Distributor's sole exclusive remedies against defects are set out in this section.

10.2 Limitation period. All claims by Distributor shall become time barred upon elapse of the earlier of the statutory limitation period, or a period of twelve (12) months from Distributor becoming aware of the fact or event giving rise to the cause of action.

10.3 Disclaimer of Warranty. Except as expressly provided herein and to the maximum extent permitted by applicable law, the Services are provided as-is and on an as available basis. Choco hereby disclaims all warranties of any kind, whether express or implied by statute or common law, including, but not limited to, warranties of merchantability, fitness for a particular purpose, or non-infringement. Choco does not warrant that all errors can be corrected, or that operation of the Services shall be uninterrupted or error-free, nor does Choco guarantee any specific results in connection with use of the Services.

11 Limitation of Liability

11.1 Limitation of Liability. Choco’s (including any representatives’, employees’, agents’, and Vicarious Agents’) full and aggregated liability for any and all damages arising out of or in connection with this Agreement (whether such liability arises from contract, tort (including negligence), misrepresentation, breach of any duty (including strict liability) or otherwise), shall be limited to the Fees paid by Distributor during the last 12 months preceding the last event giving rise to liability. In cases of ordinary negligence, Choco shall be liable when there has been a breach of a material contractual duty. A material contractual duty within the meaning of this section is an obligation the fulfilment of which makes the performance of the Contract even possible in the first place.

11.2 Disclaimer of Consequential and Related Damages. Choco (and any representatives, employees, agents, and Vicarious Agents) shall only be liable for direct and foreseeable damages at the time of the conclusion of the Agreement and shall not be liable for incidental, indirect, special, consequential or punitive damages, regardless of the nature of the claim, including, without limitation, lost profits, loss of data, damage to reputation, costs of delay or procurement of substitute services, any business interruption, even if Choco has been advised of the possibility of such damages.

11.3 Exclusions from Limitation of Liability. The limitations on liability set out in this section shall not apply for losses caused by death or personal injury caused by its negligence, or the negligence of its personnel, agents, Vicarious Agents, fraud or fraudulent misrepresentation; and any other liability which cannot be limited or excluded by applicable law.

12 Final Provisions

12.1 Force Majeure. Choco shall have no liability to the Distributor under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of Choco or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of vendors or sub-contractors, provided that the Distributor is notified of such an event and its expected duration.

12.2 Amendments. Choco may amend this Agreement with effect for the future. Any amendments and side agreements to this Agreement must be made in writing. In case of minor or cosmetic amendments that do not affect Distributor, the amendments shall be posted on Choco's website. In other cases, Choco will provide Distributor with notice before the changes enter into force and allow Distributor a reasonable time to review. Amendments shall be deemed as agreed by Distributor if Distributor has not expressly objected to them by the time they take effect. In case of objection, Choco may terminate the Agreement or offer Distributor a reasonable remedy at its own discretion. Notwithstanding the foregoing, Choco may amend its policies from time to time to make necessary adjustments due to changes in its Services or laws without prior notice.

12.3 Assignment and Subcontracting. Distributor shall not, without the prior written consent of Choco, assign, transfer, charge, subcontract or deal in any other manner with all or any of its rights or obligations under this Agreement. Choco may at any time assign, transfer or deal in any other manner with all or any of its rights or obligations under this Agreement without Distributor’s consent. If Choco subcontracts any of its obligations to its subcontractors or affiliates (“Vicarious Agents”), Choco will remain responsible for their acts and omissions.

12.4 Entire Agreement and Order of Precedence. The Agreement consists of this MSA (including DPA), the Order Form, the applicable Service Specific Terms and Choco’s policies that are made available to the Distributor. It shall constitute the entire agreement between the Parties regarding the provision and use of the Services. The Agreement shall supersede any previous agreements, communications, representations and understandings between them, whether written or oral, relating to this subject matter. In case of any inconsistency or conflict between the provisions of this Agreement, the following order of precedence shall apply: DPA, Order Form, Service Specific Terms and MSA.

12.5 Headings. Headings or titles used in this agreement are for convenience and reference purposes only and shall not be considered in the interpretation or construction of any provision of this Agreement.

12.6 Waiver and Severability. No failure or delay by a Party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver, nor shall it prevent or restrict the further exercise of any right or remedy. If any part of this Agreement is determined to be invalid or unenforceable by a competent court, that part shall be deemed deleted, but this shall not affect the validity and enforceability of the rest of the Agreement.

12.7 Governing Law. The Agreement shall be governed by the laws of England and Wales.

12.8 Arbitration. All disputes, controversies or claims arising from the interpretation, performance or non-performance of this Agreement or any and all transactions related to this Agreement (including, but not limited to, the validity, scope and enforceability of this provision, or disputes under rights granted pursuant to law) shall be finally settled in accordance with the International Chamber of Commerce Rules on Commercial Arbitration by one or more arbitrators. The place of the arbitration shall be Dubai, United Arab Emirates. The language to be used in the arbitration proceedings shall be English.

Integration General Terms and Conditions

These Integration General Terms and Conditions (the "Integration-GTC") together with the Main Services Agreement (the “MSA”) govern Choco’s performance of Integration Services consisting of development of a technical infrastructure for digital transmission of information between the Cloud Service and Distributor’s enterprise resource planning (the “ERP”) system (the “Integration”) and the Parties’ obligations in relation to that.

These Integration-GTC, together with the Annex-1 attached thereto, constitute an integral part of the Agreement entered into between Choco and Distributor. Capitalised terms not otherwise defined in these Integration-GTC shall have the meanings assigned to them in the Agreement. In the event of any inconsistency between these Integration-GTC and the Agreement, the order of precedence prescribed in the MSA shall apply.

1 Subject Matter of the Integration-GTC

1.1 The subject matter of these Integration-GTC is the development of the Integration until its delivery to Distributor. Once accepted by Distributor, the Integration shall constitute a part of the Cloud Service.

1.2 Integrations built by or on behalf of the Distributor do not fall under the scope of these Integration GTC and Choco does not assume any responsibility for such integrations.

1.3 The services of Distributor’s ERP provider that are accessed through the Integration do not fall under the scope of the Agreement and are solely governed by the terms and conditions of the specific ERP provider.

2 Provision of the Integration Services

2.1 If the Parties agree on a minimum number of active Customers for the launch of the Integration Services in the Order Form, then Choco will start to perform the Integration Services only once that minimum number is reached. A Customer shall be deemed active if it has placed at least one order with Distributor using the Cloud Service in the relevant calendar month (“Active Customer”). If the minimum number is not reached within twelve months from the Effective Date of the Agreement, either Party shall be entitled to terminate the Integration Services, unless Choco has already commenced with the performance of the Integration Services.

2.2 The Parties shall mutually agree on the scope and channel of Integration, based on the standard content, channels and file formats supported by Choco as described in Annex-1. In case of any subsequent additions or changes to the agreed-upon scope, Choco reserves the right to adjust the timelines and charge additional Fees taking into consideration any extra efforts required to implement the changes.

2.3 Distributor shall provide Choco with a distinct technical contact person from its ERP provider who shall have sufficient technical knowledge and capacity to cooperate with Choco for the provision of the Integration Services.

2.4 Upon request, Distributor shall provide and shall ensure that its ERP provider provides Choco with all information required by Choco for the provision of the Integration Services in a timely manner, including sample catalog files, sample order files, API docs, documentation related to the system environment as well as with staging credentials and access rights to its ERP system and the test environment. Distributor shall ensure that Choco only gets access and permissions to the agreed transmission content and not to any other information that is not necessary for the Integration. Choco shall not be liable for any delay or interruption in Services resulting from the ERP or Distributor’s failure to provide the information in a timely manner.

2.5 If Distributor cannot provide any test environment, then Distributor shall alternatively provide Customer information with which Choco can perform integration tests. Unless delivery of the test results is automated, Distributor shall provide Choco with the test results. Distributor shall ensure that the provided test environment corresponds to the same technical parameters as the live product environment. Distributor will provide Choco with (test) access data of the selected authentication method. Any Choco Deliverables provided by Choco for the Integration Services as well as instructions regarding their use shall be deemed Confidential Information of Choco and Distributor shall not be entitled to edit, distribute or post publicly the documentation or instructions for use.

2.6 Distributor shall inform Choco in a timely manner about any upcoming adjustments to its technical systems that could have an impact on the functionality of the Integration Services or the performance of Choco's obligations under the Agreement. Choco will not be responsible for any delays or defects in the transmission of orders due to updates not notified on time.

3 Acceptance Procedure

3.1 The Integration shall be deemed ready when the customer number, order information (meaning the list of ordered products, their product IDs and quantities) and order’s expected delivery date are transmitted into the Distributor's ERP system. These constitute the conclusive list of main functionalities of the Integration. Whilst additional components may be identified and assessed by the Parties depending on the specific functionalities of Distributor’s systems during the Implementation Phase, these will not be considered in determining the date that Integration is complete.

3.2 When these main functionalities are ready, Choco shall either (i) conduct a live test in a meeting with Distributor, during which the Distributor shall accept the Integration if the functionalities are working, or (ii) submit the Integration to Distributor for testing at their convenience. Should the main functionalities not perform as expected during live test, Choco shall promptly address the defects and resubmit the Integration for acceptance.

3.3 In the event that the Integration is submitted for Distributor’s independent testing, Distributor shall have a period of one (1) week from the date of submission to test and provide written acceptance. Should the main functionalities not perform as expected, Distributor shall immediately notify Choco of such defects in writing and Choco shall promptly address the defects and resubmit the Integration for acceptance. If Distributor fails to respond or provide acceptance within this period, and no material bugs or issues are reported, the Integration shall be deemed accepted at the conclusion of the one (1) week period.

3.4 Acceptance by the Distributor may not be unreasonably withheld due to minor flaws or defects that do not materially affect the functionality of the Integration. Choco shall within a reasonable period of time use commercially reasonable efforts to remedy such insignificant defects after acceptance.

3.5 With respect to defects that were known to Distributor at the time of formal acceptance but were not reported by Distributor, defects that would have been obvious in the course of a proper inspection or defects that were otherwise not known to Distributor due to negligence, Distributor will not be entitled to the rights related to defects as governed in section 10 of the MSA on Warranty, otherwise any defects that occur and notified to Choco after formal acceptance will be subject to section 10 of the MSA on Warranty.
 

Annex 1 - Integration Services

This Annex sets out the standard scope of Integration, in particular the transmission content, transmission channels, file formats and technical procedures supported by Choco. Distributor-specific customizations may be possible subject to additional charges.

A. Transmission Content

It is possible to transmit different components through an Integration, such as orders, Product Catalog, prices, order confirmation, images, customer lists, Order Guides of Customers, order updates and edits. The standard transmission content is the customer number, order information (meaning the list of ordered products, their product IDs and quantities) and order’s expected delivery date. Parties will agree on the transmission content in the technical coordination meeting. After such a meeting, there may be a possibility for adding more components to the scope subject to additional charges.

B. Data Transmission

Data transmission may consist of one or a combination of the following technical channels: 

1. HTTP(s) API

2. (S)FTP Server

a) Hosting by Choco

b) Hosting by the Distributor or a third-party provider

3. Choco App for an ERP system (Connector)

More details on the transmission channels are given below:

1. HTTP(s) API

Choco supports the following authentication:

•Oauth 1.0 and 2.0

•Basic Auth

•Open ID

All other types of authentication (SAML, TLS, JWT,... ) require detailed technical review and may be subject to additional fees. Choco will keep all credentials strictly confidential and use them only for the purpose of Integration.

Choco supports all common methods (GET, POST, PUT, PATCH) with a transmission of orders placed via POST and a retrieval of product catalogs via GET. Distributor will ensure endpoint availability throughout the entire term of the contract. Choco will repeat erroneous transmissions, but cannot guarantee a transmission in the absence of available endpoints.

2. (S)FTP server

a) Hosting by Choco

Choco shall make a (S)FTP (SSH) server available and shall provide Distributor with username, password, URL and port. Distributor will be granted CRUD rights for the folders in question. Choco will provide separate (S)FTP servers for test and live operation.

b) Hosting by the Distributor

Distributor shall provide Choco with the username, password, URL and port of the (S)FTP server. Distributor shall ensure the availability of the endpoints throughout the entire term of the Agreement. Choco will repeat faulty transmissions but cannot guarantee a transmission in the absence of available endpoints.

3. Choco-App for an ERP system (Connector)

Choco provides system-side integration for selected ERP systems via an app or another standardized interface, whereby Choco builds a connector between the Cloud Service and Distributor’s ERP.

C. File Formats

Choco supports multiple file formats for the exchange: CSV, XML, JSON, TXT, Excel, EDI, X12.

In the event there are unclear or missing specifications from the Distributor, Choco shall provide files in a standard format (including documentation).

D.Technical Procedure

1. Orders from Cloud Service to Distributor

After the Integration is delivered (deployed in the production environment), Choco will send the orders to Distributor in real time via one of the transmission channels or shall make them available on an (S)FTP server. The Distributor shall import the orders in real time into its own ERP system. The purchase orders will follow the prescribed format, but will at a minimum contain (if not explicitly defined otherwise):

•Order number (unique)

•Product numbers (as specified by Distributor)

•Distributor number

2. Product catalogs from Distributor to Cloud Service

Distributor shall regularly send a (complete and up to date) Product Catalog and/or Order Guides of its Customers to Choco or make them available via one of the selected transmission technologies. Choco shall import them in real time or at least every 24 hours (unless explicitly defined otherwise).

Technical procedure for transmission of other components shall be agreed by the Parties. Unless agreed otherwise, both Parties shall use commercially reasonable efforts to transmit all components through Integration in real time.

*no other changes than replacing "Supplier" with "Distributor" 

These Onboarding and Support General Terms and Conditions (the "O&S-GTC") together with the Main Services Agreement (the “MSA”) govern Choco’s performance of the Onboarding and Support Services as described in the Order Form or agreed elsewhere between the Parties (“O&S Services”) and the Parties’ obligations in relation to that.

These O&S-GTC constitute an integral part of the Agreement entered into by and between Choco and Distributor. Capitalized terms not otherwise defined herein shall have the respective meanings assigned to them in the Agreement. In the event of any inconsistency between these O&S-GTC and the Agreement, the order of precedence prescribed in the MSA shall apply.

1 Provision of the O&S Services 
1.1 The Parties shall agree on a project plan for providing the O&S Services and Distributor shall appoint a project manager who will attend all the meetings and complete or arrange for completion of all Distributor activities as outlined in the project plan.

1.2 At the sole discretion of Choco, training may be given via workshops, training materials, dedicated point of contacts or any alternative methods. The Parties shall mutually agree on the time, duration, group of participants and location of such training. Unless otherwise agreed, training shall take place virtually. Both Parties shall be entitled to postpone agreed training dates with reasonable notice in advance of the agreed date.

1.3 If specifically agreed between the Parties, Choco will use commercially reasonable efforts to onboard Distributor’s Customers to the Cloud Service. Distributor warrants that all legal requirements are fulfilled for Choco to contact its Customers on Distributor’s behalf, and will indemnify Choco against any claims, actions, fines asserted against Choco in connection with such contact. In no case does Choco owe a duty to ensure a successful approach.

1.4 Subject to a respective agreement between the Parties, Choco shall create Choco Deliverables for the purpose of introducing the Cloud Service to Distributor’s Customers. Distributor shall use the Choco Deliverables only for the purpose they are created for and shall be solely responsible for the use of the Choco Deliverables, including the uses made by Choco upon Distributor’s instructions.

2 Distributor Obligations and Warranties

 2.1 Distributor shall provide Choco with all information, documents and other materials required for onboarding Distributor and its Customers to the Cloud Service, setting up their accounts and implementing the Cloud Service (the “Distributor Deliverables”) in a timely manner upon Choco's request. Such information includes, without limitation, Distributor’s delivery days, cut-off times and its product catalogue containing all the products in Distributor’s product range together with their designation, product number, name, ID, availability, order unit, list price and image (“Product Catalogue”), which will be displayed in Distributor’s account on the Cloud Service to its Customers.

 2.2 For onboarding its Customers, Distributor shall provide a list of all - or the number specified in the Order Form – of Customers, including at least the customer number, name, address, telephone number, email address of the Customer, as well as telephone number and email address of one contact person, and order history of those Customers for the last two hundred (200) days in order to be turned into individual shopping lists for the Customers (“Order Guide”).

 2.3 If there are Customers who are already registered with the Cloud Service, Distributor shall provide the Order Guides of such Customers immediately upon signing the Agreement. If a Customer registers for the use of the Cloud Service for the first time, then Distributor shall provide Choco with the Order Guides of such Customers without undue delay (but no later than within twenty-four (24) hours). Distributor shall ensure that the products reported in the Order Guides are also listed in the Product Catalogue and that the products in the Order Guide and in the Product Catalogue can be assigned to each other by means of a clear, identical product number. Unless explicitly indicated by Distributor, any Customer related information provided throughout the Agreement will may be used by Choco for onboarding purposes.

 2.4 Distributor warrants that its directives in relation to O&S Services do not violate any applicable legal requirements or third-party rights and that all legal requirements are fulfilled to allow Choco to provide the O&S Services. In particular, Distributor warrants that it has obtained all necessary consents for Choco to legally contact its Customers for the provision of the O&S Services.

 2.5 Distributor warrants that the individuals who are contacted by Choco upon the Distributor’s directives are authorized to represent the respective Customer and make use of the Cloud Service on behalf of the respective Customer.

3 Indemnification

3.1 Distributor shall indemnify Choco, its employees, representatives, group companies against all third-party claims, demands, actions, proceedings, losses, fines, penalties, awards, liabilities, damages, compensation, settlements, charges and expenses (including legal costs) asserted against Choco in relation to communications undertaken by Choco for provision of Onboarding Services. 

3.2 Choco shall inform Distributor without undue delay about any claims asserted by third parties and shall - upon request - provide the information and documents required for the defense. In addition, Choco shall at its own discretion either relinquish the defense to Distributor or engage in a defense in consultation with Distributor. In the absences of consultation with Distributor, Choco shall above all neither acknowledge nor dispute any claims asserted by third parties, except where Distributor has not responded to Choco's notification of the claim within a reasonable time period.

4 Warranty

4.1 Except as provided otherwise in an Order Form, all warranties, representations, conditions and all other terms of any kind whatsoever implied by law are, to the fullest extent permitted by applicable law, excluded from these O&S-GTC.

*no other changes than replacing "Supplier" with "Distributor" 

This White Label Terms and Conditions (the “WL-TC”) together with the Main Services Agreement (“MSA”) govern branding of the Choco's mobile app with Distributor’s name and logo (the “WL-App”), licensing of the WL-App to Distributor’s Customers and the operation and maintenance of the WL-App.

The WL-TC constitutes a Service Specific Term and is incorporated into the Agreement entered into by and between Choco and Distributor by reference. Capitalized terms not otherwise defined herein shall have the respective meanings assigned to them elsewhere in the Agreement. In the event of any inconsistency or conflict between the WL-TC and the MSA, WL-TC shall prevail.

1. License Grant. Choco hereby grants to Distributor a limited, revocable, non-exclusive, non transferable license to use the WL-App, and grants Distributor the right to sublicense the WL App to Distributor’s Customers during the term of the Agreement to access and use it solely for placing orders from Distributor and for communication with Distributor, subject to Choco’s ToS (as defined below) and the terms agreed herein. The WL-App may not be used on behalf of or for the benefit of a third party other than Distributor.

2. Branding. The WL-App will be branded with the Distributor's name and logo. It will include an acknowledgement as "Powered by Choco". Distributor is solely responsible for securing its own copyrights, trademarks and all other intellectual property rights for use of Distributor’s name and logo in the WL-App, and Choco shall have no responsibility in this regard.

3. Hosting and support. The WL-App will be operated, hosted and maintained by Choco and any customer support to Distributor’s Customers will be provided by Choco in accordance with Choco’s standard support policies.

4. App submission. The WL-App will be submitted to the mobile application stores under Distributor’s developer account. Distributor is responsible for maintaining its developer accounts in good standing and for all associated costs. Distributor will provide Choco with administrator access to its developer account to submit the WL-App for listing on the respective application stores and to maintain the WL-App.

5. Marketing. Distributor may market and promote the WL-App on any form of media, but shall not claim any ownership of the WL-App.

6 Use by Customers. Distributor’s Customers shall not further sublicense nor distribute the WL-App, and use of the WL-App by the Customers shall be subject to Choco's end user terms as determined by Choco (“Choco ToS”). The WL-App will be provided to Distributor’s Customers and such individual end users who are personnel of the Customers, on a strictly “as is” basis, and for free (i.e. Distributor cannot charge its Customers for the WL-App licensed hereunder). Distributor will remain responsible and liable towards Choco for all of its Customers and their end users’ (whether authorized or not) use of the WL-App in accordance with Choco ToS and for their acts and omissions. Choco reserves the right to suspend Distributors’ Customers access to the WL-App in the event of any violation of Choco ToS.

7. Functionality of WL-App. WL-App will enable Distributor’s Customers to communicate with the Distributor and place orders to Distributor. Choco may make additional functionalities available in the WL-App at its own discretion, but it makes no commitment and gives no guarantee to do so. Distributor acknowledges and accepts that not all of the functionalities available in the Choco's mobile app will be available in the WL-App and that Choco is under no obligation to make any additional functionalities available other than the ones indicated in the first sentence of this section.

8. Fees. The Fees for making the WL-App available will be agreed in the Order Form signed between the Parties or agreed elsewhere in writing.

9. Use by Distributor. The terms of the MSA will continue to govern the use of the WL-App by Distributor and its Authorized Users.

10. Limitation of liability. Choco’s warranties regarding use of the WL-App by Distributor’s Customers and its sole liability arising out of use of the WL-App by Distributor’s Customers are limited to those set out in the Choco ToS. Specifically, Distributor understands that the WL-App is provided to Distributor’s Customers on an “as is” and “as available” basis without any warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, or non-infringement. Distributor shall be solely liable towards its Customers for any amounts and claims beyond what is undertaken in Choco ToS.

11. Intellectual property. Distributor acknowledges and agrees that Choco and/or its licensors own or otherwise have all the necessary intellectual property rights in the WL-App and all derivative works thereto. Distributor does not have any rights in or to the WL-App, except for the limited express rights granted in this WL-TC.

12. Indemnification by Distributor. Distributor will indemnify, hold harmless, and defend Choco, its licensors, service providers, and their respective affiliates, directors, officers, agents, and employees, from and against any third party claim, suit, or proceeding arising out of or related to (i) any claims related to any infringement or violation of a copyright, trademark, trade secret, or confidentiality obligation by any Distributor branding and any other materials provided or published by Distributor on the WL-App, (ii) Distributor’s or its Customers’ and their users negligent acts or omissions in the operation of the WL-App, and their material breach of Distributor’s obligations, representations, warranties or covenants contained herein.

13. Miscellaneous. Unless specifically set forth in this WL-TC, all references to the Cloud Service in the Agreement shall include the WL-App as well.

*no other changes than replacing "Supplier" with "Distributor" 

Preamble

This Data Processing Agreement ("DPA") specifies the data protection obligations and rights of the Parties in connection with the personal data processed by Choco as a processor on behalf of Distributor when providing the Services as per the Agreement.

For the purposes of this DPA, "Data Protection Laws" means any applicable laws and regulations in any relevant jurisdiction relating to the use or processing of personal data, including in the United Arab Emirates (“UAE”) Federal Law No. 45/2021 on the Protection of Personal Data (“PPDL”), in Saudi Arabia (“KSA”), the Personal Data Protection Law issued by Cabinet Decision No. 98/1443 (“PDPL”), in each case, as updated, amended or replaced from time to time; and the terms "data subject", "processing", "processor" and "controller" shall have the meanings set out in the Data Protection Laws. “Personal Data” has the meaning set out in Data Protection Laws but is limited to personal data processed by Choco acting as a processor on behalf of Distributor under the Agreement as further described in Annex 1 to this DPA below.

1. Subject and Scope of the Assignment

1.1 Choco shall process the Personal Data which Distributor has provided directly or indirectly for the provision of the Services exclusively on behalf of, and in accordance with the instructions of Distributor, unless it is otherwise required by the applicable law. In such a case, Choco shall notify Distributor of such legal requirements prior to the processing, unless the relevant law prohibits such notification.

1.2 The processing of Personal Data by Choco on behalf of Distributor is specified in Annex 1 to this DPA. 1.3 The duration of the processing corresponds to the duration of the Agreement.

1.4 Distributor warrants and represents that it will provide the required information notices and obtain necessary consents under Data Protection Laws for lawfully making Personal Data available to Choco and for enabling Choco to lawfully collect, process and share Personal Data for the provision of the Services or as otherwise instructed by Distributor. In particular,  Distributor shall provide necessary notices and obtain necessary consents under the Data Protection Laws to enable Choco to deploy tracking technologies on the devices of data subjects, and collect and process data from such devices to provide the Services. 

1.5 The Distributor is responsible for ensuring that its instructions comply with applicable laws. If Choco believes that any Distributor instruction violates Data Protection Laws, it will inform the Distributor in writing. However, Choco shall not be liable for any claims arising from or in connection with processing activities carried out in accordance with the Distributor’s instructions.

2. Requirements of Personnel

2.1 Choco shall ensure that all persons who are authorized to have access to Personal Data are either under a contractual obligation to maintain confidentiality or are under an appropriate statutory obligation of confidentiality when processing the Personal Data.

3. Processing Security

3.1 Choco shall implement and maintain throughout the term of the Agreement appropriate technical and organizational measures specified in Annex-2 to this DPA ("TOM"), to ensure a level of protection of the Personal Data commensurate to the risk, taking into account the state of the art, the cost of implementation and, to the extent known to Choco, the nature, scope, circumstances and purposes of the processing of the Personal Data and the varying likelihood and severity of the risk to the rights and freedoms of the data subjects. Choco shall regularly assess the effectiveness of the TOMs and implement alternative measures if necessary for ensuring appropriate level of security.

3.2 It shall be incumbent upon Distributor to review the TOM taken by Choco, particularly to review whether these measures are also sufficient with regard to circumstances of the data processing that are not known to Choco.

4. Use of Sub-Processors and Data Transfers

4.1 Distributor generally authorizes Choco to make use of the services of its affiliates and sub-processors when processing the Personal Data.

4.2 The current sub-processors which are engaged by Choco are listed in Annex 3 to this DPA. Choco shall impose substantially similar data protection obligations vis-a-vis its sub-processors which are no less protective than the ones set out under this DPA and will remain liable towards the Distributor for its sub processors’ performance under this DPA.

4.3 Choco will update the list of sub-processors in Annex 3 to this DPA at least 30 days before authorizing a new sub-processor to process Personal Data on behalf of Distributor. If Distributor wants to receive an individual notification of an update to the list of sub-processors, it shall sign up to the notification mechanism available in Annex 3 to this DPA. If Distributor does not object within 14 days following Choco’s notification by sending an email to legal@choco.com, then the engagement shall be deemed approved. If Distributor objects, Choco shall be entitled, at its choice, to either provide the Services without using the rejected additional sub-processor or to terminate the Agreement.

4.4 Distributor authorizes Choco, its affiliates and its sub-processors to transfer the Personal Data across international borders and, access or process Personal Data outside the UAE, KSA, the UK, or the European Economic Area ("EEA"), provided that the requirements for such transfer, access or processing under Data Protection Laws are complied with.

5. Rights of the Data Subjects

5.1 Taking into account the nature of the processing of the Personal Data, Choco shall assist Distributor with

appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Distributor’s obligation to respond to requests for exercising the data subject’s rights laid down in the Data Protection Laws.

5.2 Choco shall in particular:

a. inform Distributor without undue delay if a data subject contacts Choco directly with a request to exercise his/her rights;

b. provide Distributor upon Distributor's request with all information available to Choco regarding the processing of the Personal Data that Distributor needs to respond to the request of a data subject and that Distributor does not have itself;

c. correct, delete or restrict the processing of the Personal Data without undue delay upon the instruction of Distributor, unless Distributor is able to do so itself and it is technically possible for Choco to do so;

d. support Distributor to the extent necessary to receive the Personal Data processed in Choco’s sphere of responsibility - insofar as this is technically possible for Choco - in a structured, common and machine-readable format, insofar as a data subject asserts a right to data portability.

6. Support Obligations

6.1 Choco shall notify Distributor without undue delay after becoming aware of a breach of Personal Data. The notification shall include a description, if possible, of the nature of the breach; the categories and approximate number of data subjects affected by the breach; the probable consequences of the breach; of the measures taken or proposed by Choco to remedy the breach of the protection of the Personal Data and, if applicable, measures to mitigate its possible adverse effects.

6.2 Choco shall investigate the cause of the breach and, where appropriate, take reasonable measures to mitigate its possible adverse effects.

6.3 If Distributor is obliged to inform the supervisory authorities and/or data subjects about the personal data breach, Choco shall assist the Distributor with complying with this obligation, taking into account the nature of processing and the information available to Choco. Any additional costs incurred by Choco in this context, which exceed statutory processor obligations under the applicable law shall be borne by Distributor.

6.4 Choco shall notify Distributor of any subpoena or other judicial or administrative order, process or proceeding seeking access to, or disclosure of, the Personal Data insofar as such notification is not prohibited by law. For the avoidance of doubt, the prior approval of the Distributor is not required for any obligatory disclosure of Personal Data made to the relevant authorities in accordance with applicable laws. If Distributor is obliged to provide information to a supervisory authority regarding the processing of the Personal Data or to otherwise cooperate with such authorities, Choco shall support Distributor in providing such information insofar as Distributor does not have the information itself and reasonably cooperate with Distributor and with supervisory authorities, including granting the competent supervisory authority the necessary rights of access, information and inspection.

6.5 Choco shall provide reasonable assistance to Distributor regarding Distributor’s compliance with its obligations related to security of processing, data protection impact assessments and prior consultations with the supervisory authorities in each case taking into account the nature of the processing and information available to Choco. Any additional costs incurred by Choco in this context, exceeding the foreseen statutory processor obligations under the applicable law, will be borne by Distributor.

7. Data Deletion and Return

7.1 Upon termination of the Agreement and written request from Distributor, Choco will either delete or return the Personal Data, unless Choco is obliged to continue storing the Personal Data under applicable law.

7.2 Some Personal Data may be archived in Choco’s back-up systems and such archived Personal Data will be deleted in accordance with Choco’s retention policy. Any Personal Data archived in backups will be isolated and protected from any further processing. For the period that the data is stored after the termination of the Agreement, the rights and obligations of the Parties under this DPA shall continue to apply.

8. Verifications and Audits

8.1 Choco shall keep records of its processing activities performed on behalf of Distributor and make available to Distributor upon request these records or any other information necessary to demonstrate compliance with statutory processor obligations set out under the Data Protection Laws.

8.2 Choco shall allow for and contribute to audits, including on-site inspections, by Distributor or an auditor mandated by Distributor in relation to the processing of the Personal Data. The audits and on-site inspections shall not hinder Choco in its normal business operations and should not place an undue burden on Choco. In particular, on-site inspections at Choco for no specific reason shall not take place more than once per calendar year and only during Choco’s normal business hours. Distributor shall notify Choco of inspections in written or text form at least 30 (thirty) days in advance, providing Choco with reasonable information about the scope, duration, and inspection plan. Distributor and Choco shall cooperate in good faith and mutually agree on the scope, duration, and start date of the inspection. Any costs incurred by Choco for any on-site inspections which are not clearly disproportionate or excessive, will be borne by the Distributor. Any auditor mandated by Distributor shall be an independent contractor that does not compete with Choco and such auditor may not commence its work prior to having executed a non-disclosure agreement with Choco.

9. Miscellaneous

9.1 Each Party’s and their affiliates’ liability taken together in the aggregate arising out of or related to this DPA whether in contract, tort, or under any other theory of liability, shall be subject to the limitation of liability provisions of the Agreement.

9.2 This DPA, including its annexes, constitutes an integral part of the Agreement between Choco and Distributor. If there are any inconsistencies between this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail.

9.3 Any amendments and/or side agreements to any parts of this DPA must be made in writing. This rule also

applies to this written form requirement itself. The governing law and jurisdiction under the Agreement shall apply accordingly for any parts of this DPA.

Annex 1 - Description of Personal Data Processing

Annex 2 - Technical and Organizational Measures

Taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, Choco shall, in its capacity as data processor, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, but not limited to, the following:

1 Confidentiality

1.1 Physical access control

Choco shall take appropriate measures to reduce the risk of unauthorized persons gaining access to data processing systems with which Distributor’s personal data are processed and used.

Technical measures

Automatic access control systems, control of access by gatekeeper services and alarm systems Lockable server cabinets

key regulation, service directives stipulating that service rooms are to be locked when employees are absent

1.2 System access control

Choco shall take appropriate measures to prevent data processing systems (computers) from being used by unauthorized persons. For this purpose, Choco shall take the following precautions:

Technical measures:

Login with username + password

Smartphone encryption

Encryption of company laptops

Remote laptop management

Deployment of anti-virus software for laptops and systems

Organizational measures:

Manage user permissions

Create user profiles

Policies on use of Company Hardware

General policy on data protection and / or security

1.3 Data access control

Choco shall take appropriate measures to ensure that the persons authorized to use the data processing systems can only access the personal data subject to their access authorization and that the Personal Data of Distributor cannot be read, copied, modified or removed without authorization during processing, use and after storage. For this purpose, Choco shall take the following precautions:

Technical measures:

Erasure of data carriers on laptops before reuse.

Logging of access to important documents, especially when entering, changing and deleting data. File shredder (min. level 3, cross cut)

Organizational measures:

Creating an authorization concept

Management of rights by system administrator

Reduction in the number of administrators

Closed area for sensitive documents

1.4 Separation control

Choco shall take appropriate measures to ensure that the Personal Data of Distributor collected for different purposes can be processed separately. For this purpose, Choco shall take the following precautions:

Technical measures:

Separate storage on different software

Software-based customer separation

Organizational measures:

Creation of an authorization concept

Determination of database rights

2 Integrity

2.1 Transmission control

Choco shall take reasonable measures to reduce the risk that the Personal Data of Distributor can be read, copied, modified or removed without authorization during electronic transmission or during their transport or

storage on data carriers. To this end, Choco shall take the following precautions:

Technical measures:

Email encryption

Logging of accesses and retrievals of important documents and data

Provision via encrypted connections such as sftp, https

2.2 Data input control

Choco shall take appropriate measures to ensure that it is possible to check and determine retrospectively whether and by whom personal data of the customer have been entered into data processing systems, changed or removed. For this purpose, Choco shall take the following precautions:

Technical measures:

Possibility of technical logging of the entry, modification and deletion of personal data. Organizational measures:

Traceability of entry, modification, and deletion of personal data through individual user names.

Retention of forms from which personal data have been transferred to automated processing operations.

Assignment of rights to enter, change, and delete personal data on the basis of an authorization concept.

3 Availability and resilience

3.1 Availability control

Choco shall take reasonable measures to ensure that the Personal Data of Distributor is protected against accidental destruction or loss. For this purpose, Choco shall take the following precautions:

Technical measures:

Fire and smoke detection systems

Careful selection of the hosting service provider

Organizational measures:

Regular control of the hosting service provider

4 Procedures for regular review, assessment and evaluation.

Choco shall implement procedures for regular review, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.

4.1 Data protection management

Organizational measures:

Central documentation of all procedures, regulations and guidelines on data protection with access for employees as required / authorized

A review of the effectiveness of the technical protective measures is carried out regularly Employees trained and committed to confidentiality

Raising employee awareness through training

4.2 Incident response management

Organisational measures:

Documentation of security incidents and data breaches

Regulation of responsibilities for the follow-up of security incidents and data breaches Security breach response support.

Formalized process for handling requests for information from data subjects is in place. 

Annex 3 - Subprocessor List

You may find the list of sub-processors and the notification mechanism for new sub-processors at https://legal.choco.com/supplier-subprocessors.
 

*no other changes than replacing "Supplier" with "Distributor" 

The following outlines the Services provided by Choco. Distributor shall only receive those Services explicitly listed in the signed Order Form or otherwise agreed upon in writing by the Parties. Capitalised terms shall have the meaning assigned to them in the Agreement. All Services are delivered under Choco’s standard terms unless specifically agreed otherwise in writing. 

1. Cloud Services

OrderAgent (formerly ChocoAI)

An AI-powered cloud solution for omnichannel order capture and automation. OrderAgent enables the Distributor to:

• Digitize order intake from email, text, WhatsApp, voicemail, and in-app channels
• Streamline workflows by eliminating manual entry
• Leverage AI models trained on historical Distributor data
• Receive intelligent alerts to ensure order accuracy and fulfillment speed
   

Choco eCommerce

A digital ordering experience delivered via Choco’s cloud-based mobile app and web applications, with two available configurations:

1. Choco App (Standard Version):
   Distributors may leverage the core Choco-branded mobile app and web application to provide their customers with a ready-to-use ordering experience featuring:
   • Full access to the Distributor’s product catalog
   • Built-in ordering workflows and account controls
   • Regular maintenance and user support
      
2. Branded App (White-Label Version):
   Alternatively, Distributors may elect to receive a customized, white-labeled version of the Choco App, branded under their own identity. This includes:
   • Use of the Distributor’s logo, color scheme, and brand assets
   • A distinct mobile/web ordering experience delivered under the Distributor's name
   • Includes core features of the Choco App
   • Hosting and maintenance provided by Choco

Choco SalesHub 

A sales enablement CRM supporting field sales representatives. SalesHub includes:

• Centralized customer data, order history, and communication logs
• The Distributor Sales Rep (DSR) App for mobile access in the field
• Tools for prospecting, managing accounts, tasks, and sales follow-up

Choco PromoHub

An in-platform toolset to manage and deploy promotional campaigns. PromoHub allows the Distributor to:

• Launch targeted product promotions and campaigns
• Reach segmented customer groups based on order behavior

• Analyze in-app engagement and campaign ROI

   

2. Implementation Services

Onboarding and Support Services

Choco provides a comprehensive onboarding process including:

• Setup of product catalogs and business rules within OrderAgent and eCommerce
• Role-based training for Distributor teams
• Support for customer onboarding and adoption, including joint promotional efforts
• Operational and strategic advisory, including IT infrastructure and sales processes

Integration Services

Choco offers tailored integration to the Distributor’s ERP environment, enabling:

• Seamless order, customer, product, pricing data syncs
• Real-time updates and process automation
• Integration via Choco’s standard or custom-built connectors