FRAMEWORK SUBSCRIPTION AGREEMENT
Version: 1.0
Effective date: 1 May 2026
Publisher: Vorellis Inc.
1. Purpose, acceptance and contractual documents
1.1 Parties to the contract
This SaaS Subscription Framework Agreement, including any applicable Purchase Order and the contractual documents incorporated by reference, is entered into between:
Vorellis Inc., a corporation legally incorporated under the Canada Business Corporations Act, having its head office at 2572, Daniel-Johnson, 2nd floor, Laval, Quebec, H7T 2R3, Canada (“Vorellis”) and the legal person, organisation, company or any other entity identified in the applicable Purchase Order (“Client”).
Vorellis and the Client are collectively referred to as the “Parties” and individually as a “Party”.
1.2 Product and Services Covered
This Agreement governs access to and use of the SaaS services provided by Vorellis, including, in particular, the Agent AlexArc platform, its modules, features, interfaces, reports, content, tools, dashboards, automations, artificial intelligence-assisted functions, generated documents, integrations and related services, within the limits set out in the applicable Purchase Order and Appendix A.
For the purposes of this Agreement, the term “Services” refers to all of these services, unless otherwise specified.
1.3 Professional use only
The Services are provided solely for commercial, professional, organisational or institutional purposes.
The Client declares that they are acting in the course of their commercial or professional activities, and not as a consumer. The Client undertakes not to create an account, order the Services, or use them for personal, domestic or consumer purposes.
1.4 Formation of the Contract and Acceptance
The Client accepts this Contract when an authorised representative of the Client performs one of the following actions:
a) signs or accepts a Purchase Order;
b) clicks an acceptance button in the application or on a Vorellis portal;
c) creates or activates a Subscription to the Services;
d) uses the Services after receiving or gaining access to this Agreement;
e) pays an invoice or authorises a payment relating to the Services after receiving a Purchase Order.
The person accepting this Agreement on behalf of the Client represents that they are authorised to bind the Client legally.
1.5 Purchase Order
Each Subscription to the Services must be documented by a Purchase Order issued or accepted by Vorellis.
The Purchase Order shall specify, in particular, as applicable:
a) the Client’s legal name;
b) the product or Services ordered;
c) the subscription plan;
d) the activated Modules;
e) the number of authorised Users;
f) the applicable usage limits;
g) the jurisdictions or packs activated, where applicable;
h) the duration of the Subscription;
i) the Fees, currency, billing cycle and payment terms;
j) the applicable support level;
k) the Professional Services included, if any;
l) any special conditions agreed by the Parties.
In the event of any conflict between the Purchase Order and this Agreement, the Purchase Order shall prevail solely in respect of the commercial and operational elements specific to the relevant Subscription.
1.6 Documents Incorporated by Reference
This Agreement incorporates by reference the following documents, in the version applicable on the date of acceptance of the Purchase Order, unless otherwise specified:
a) Appendix A — Terms specific to the Agent AlexArc product;
b) the Data Processing Addendum (“DPA”), including its annexes relating to security measures and sub-processors;
c) any other document expressly incorporated into the Purchase Order.
Vorellis must make these documents available to the Client via its website, the Agent AlexArc website, the application, a contractual link or any other reasonable means.
1.7 Order of precedence
In the event of any conflict between the contractual documents, the following order of priority shall apply:
1. the Purchase Order, for commercial, operational and Client-specific terms;
2. the Addendum relating to the processing of personal information, including its annexes relating to security measures and subcontractors, for matters relating to the processing of personal information or personal data on behalf of the Client;
3. Appendix A — Terms and Conditions Specific to the Agent AlexArc Product, setting out the terms and conditions specific to the Agent AlexArc product;
4. this SaaS Subscription Framework Agreement;
5. the Product Documentation or help pages, only to the extent that they do not conflict with the above documents.
No marketing page, sales presentation, demonstration, promotional email or non-contractual documentation shall amend this Agreement, unless expressly incorporated into a Purchase Order signed or accepted by Vorellis.
1.8 French version and other languages
For Clients located in Quebec or where required by Quebec law, the French version of this Agreement and the documents relating thereto must be provided or made available prior to any acceptance in another language.
Where the Client expressly chooses to enter into the Agreement in another language, the Parties may use that other language for the Agreement and related documents, subject to applicable laws.
In the event of any discrepancy between a French version and a version in another language, the version that prevails is the one expressly designated as the official version in the Purchase Order or, failing that, the one that may be relied upon under applicable law.
1.9 Retention of contractual evidence
Vorellis may retain an electronic copy of this Agreement, the Purchase Order, the incorporated documents, the proof of acceptance, the time of acceptance, the identity of the representative who accepted, the email address used, the IP address, the relevant technical logs and any applicable version of the Agreement.
These elements may be used to demonstrate the existence, integrity, acceptance and content of the Contract.
2. Definitions
For the purposes of this Agreement, the following terms shall have the meanings set out below, unless the context requires otherwise.
2.1 “Subscription” – Means the right granted to the Client to access and use the Services for a specified period, in accordance with the plan, modules, usage limits, fees and terms set out in the applicable Order Form.
2.2 “Administrator” – Means an authorised User designated by the Client to administer the Client’s account, manage certain settings, invite or remove authorised Users, configure certain access rights and interact with Vorellis in relation to the Services.
2.3 “Agent AlexArc” – Means the SaaS platform published by Vorellis and marketed under the name Agent AlexArc, including its modules, interfaces, questionnaires, registers, dashboards, document generation tools, analysis functions, reports, automations and related features and, where applicable, its artificial intelligence-assisted functions.
2.4 “Data Processing Addendum” or “DPA” – Refers to the contractual document, incorporated by reference into the Contract, which governs the processing of personal information or personal data by Vorellis on behalf of the Client, where Vorellis acts as a supplier, service provider, subcontractor or processor in relation to the Client’s Data. This addendum may also be referred to by its English name, “Data Processing Addendum”, or by the abbreviation “DPA”. It may include annexes relating to security measures, sub-processors, transfers, or any other matters related to the processing of personal information on behalf of the Client.
2.5 “Security Annex” – Means the annex relating to security measures provided for in the Addendum relating to the processing of personal information, which describes the technical, organisational and administrative measures implemented by Vorellis to protect the Services and the Client’s Data.
2.6 “Purchase Order” – Means the purchase order, order form, accepted quotation, subscription document, accepted order screen or any other transactional document accepted by the Client and Vorellis, which sets out the commercial and operational terms applicable to a given Subscription. The Purchase Order may be signed, accepted electronically or by any other means recognised by Vorellis.
2.7 “Client” – Means the legal person, association, company, business or any other entity identified in the applicable Purchase Order as the client of the Services.
2.8 “Account” – Means the environment, Client portal or digital account created or activated to enable the Client and its authorised Users to access the Services.
2.9 “Agreement” – Collectively refers to this SaaS Subscription Framework Agreement, any applicable Purchase Order, Appendix A — Terms Specific to the Agent AlexArc Product, the Addendum relating to the processing of personal information, including its appendices relating to security measures and subcontractors, and any other document expressly incorporated by reference.
2.10 “Documentation” – Means the user documentation, guides, help pages, technical instructions, functional descriptions and support documents made available by Vorellis in relation to the Services. The Documentation does not amend the Agreement, except where expressly incorporated into a Purchase Order or a contractual document signed or accepted by Vorellis.
2.11 “Client Data” – means the data, information, files, documents, records, responses, comments, evidence, configurations, content or other information that the Client or its Authorised Users submit, upload, create, enter, import, store or process within the Services. Client Data may include personal information, confidential information, internal documents, supplier information, compliance records, reports, documentary evidence and data relating to the Client’s processing activities.
2.12 “AI Features” – Means the features of the Services that use or incorporate artificial intelligence models, systems, tools or agents to assist the Client, in particular to analyse, structure, summarise, suggest, classify, generate or rephrase certain content. The AI Features are assistance tools. They do not replace professional judgement, human validation, legal advice, auditing or the Client’s final decision.
2.13 “Fees” – Means the amounts payable by the Client to Vorellis for access to the Services, Subscriptions, modules, options, overages, additional services or any other item set out in the applicable Purchase Order.
2.14 “Credentials” – Means usernames, passwords, access keys, tokens, codes, authentication mechanisms or any other element enabling an authorised User to access the Services.
2.15 “Usage Limits ” – Means the limits applicable to the Client’s use of the Services, including the number of authorised Users, organisations, modules, processing activities, registers, documents, reports, storage volumes, API calls, AI uses, jurisdictions or activated packages, as set out in the applicable Purchase Order.
2.16 “List of Sub-processors” – Means the list, annex or contractual page relating to the main Sub-processors or categories of Sub-processors used by Vorellis in connection with the Services, in accordance with the Addendum relating to the processing of personal data.
2.17 “Modules” – Means the functional components of the Services to which the Client has access under their Subscription plan, for example the modules for identifying discrepancies, the processing activity register, the evidence inventory register, the supplier register, the PDPO register, the incident register, the DSAR register, remediation task manager, Sessions, reports, questionnaires, jurisdictional packs or other modules offered by Vorellis.
2.18 “Subscription Period” – Refers to the period during which the Client is authorised to access the Services, as set out in the applicable Purchase Order, including any renewal period.
2.19 “Personal Information” – Means any information relating to an identifiable natural person, as defined by applicable data protection or privacy laws.
2.20 “Generated Results” – Means the reports, analyses, recommendations, summaries, tasks, questionnaires, statuses, scores, documents, texts, classifications or other outputs generated, proposed or produced by the Services, including outputs generated with the aid of AI Features.
2.21 “Services” – Means the AlexArc Agent and the other SaaS services provided by Vorellis to the Client in accordance with this Agreement, the applicable Purchase Order and Appendix A.
2.22 “Professional Services” – Means consulting, configuration, implementation, training, support, review, drafting, analysis, personalised support or other professional services that may be provided separately by another authorised service provider. Professional Services are included only if expressly provided for in a Purchase Order, a statement of work or a separate contract.
2.23 “Subcontractors” – Means third-party suppliers, service providers, hosts, processors, tools or external services used by Vorellis to provide, secure, operate, host, maintain, analyse or support the Services. Specific commitments relating to sub-processors that process personal information on behalf of the Client are set out in the Addendum on the processing of personal information, including the List of Sub-processors.
2.24 “Appendix A — Terms and Conditions Specific to the Agent AlexArc Product” or “Appendix A” – Refers to the terms and conditions specific to the Agent AlexArc product, including, in particular, the description of the modules, functional limitations, rules applicable to AI Features, service levels, acceptable use policies, and warnings regarding the Results generated by the Services.
2.25 “Authorised User” – Means any natural person authorised by the Client or by Vorellis to access the Services on behalf of the Client, including the Client’s employees, officers, directors, consultants, agents or service providers. The Client is responsible for the acts and omissions of its Authorised Users in relation to the Services, as if they were the Client’s own.
3. Access to the Services and Subscriptions
3.1 Provision of the Services
Subject to the Client’s compliance with the Contract, Vorellis shall provide access to the Services during the applicable Subscription Period, in accordance with the modules, features, Usage Limits, support levels and other conditions set out in the applicable Purchase Order.
Vorellis may provide the Services directly or through suppliers, hosting providers, service providers, subcontractors, tools or technical infrastructure used to operate, secure, maintain or support the Services.
3.2 Limited Right of Access
During the applicable Subscription Period, Vorellis grants the Client a limited, non-exclusive, non-transferable, non-assignable and revocable right (in the event of a breach of the Contract) to access and use the Services solely for its internal commercial, professional or organisational purposes.
No ownership rights, intellectual property licences, reproduction rights, distribution rights, marketing rights or independent exploitation rights are granted to the Client, except as expressly provided for in the Contract.
3.3 Activation of the Subscription
The Subscription is activated following acceptance of the applicable Purchase Order and fulfilment of the activation conditions set out by Vorellis, including the creation of the Account, validation of the required information, the applicable initial configuration and, where applicable, authorisation or processing of the initial payment.
Vorellis may refuse, delay or suspend the activation of a Subscription if the information provided is incomplete, inaccurate, fraudulent, incompatible with the Services or contrary to the Contract.
3.4 Included Modules
The Client shall have access only to the Modules, features, jurisdiction packs, environments, options and service levels expressly provided for in the applicable Purchase Order or activated by Vorellis in the Client’s Account.
Vorellis is not obliged to provide any module, feature, integration, jurisdiction pack, environment or service that is not listed in the applicable Purchase Order or in the Client’s Subscription plan.
3.5 Usage limits
The Client must comply with the Usage Limits applicable to their Subscription, in particular the limits on the number of authorised Users, entities, processing activities, registers, documents, reports, storage volumes, API calls, AI usage, jurisdictions, or activated packs.
If the Client exceeds the applicable Usage Limits, Vorellis may, as appropriate:
a) notify the Client of the exceedance;
b) temporarily restrict certain features;
c) require an upgrade of the plan;
d) charge the applicable additional fees;
e) suspend the creation of new surplus elements;
f) take any other reasonable measures provided for in the Contract or the Purchase Order.
3.6 Authorised Users
The Client is responsible for identifying, authorising, managing and removing its Authorised Users.
The Client must ensure that each Authorised User complies with the Agreement, uses the Services solely on behalf of the Client and has the necessary internal rights to access the Client Data processed within the Services.
Any act or omission by an Authorised User in relation to the Services shall be deemed to constitute an act or omission by the Client.
3.7 Accounts, access and configuration
The Client is responsible for configuring their Account, managing access, ensuring the accuracy of information entered into the Services, and determining which persons are authorised to access the Client Data.
The Client’s detailed responsibilities regarding Administrators, authorised Users, Credentials, access, Client Data, internal authorisations and applicable security measures are set out in section 4.
Vorellis may provide settings, templates, questionnaires, suggestions, default configurations, or onboarding flows to facilitate the use of the Services. These elements do not replace the Client’s internal validation.
3.8 Pilot, beta or experimental environments
Vorellis may, at its discretion, offer certain modules, features, connectors, packages, automations or AI features in pilot, beta, pre-release, experimental or early access modes, in accordance with the product-specific terms set out in Appendix A.
Unless otherwise stated in the Purchase Order, these elements are provided for testing or evaluation purposes, may be modified, restricted, suspended or withdrawn by Vorellis, and are not subject to the same commitments regarding availability, support or stability as the generally available Services.
3.9 Development of the Services
Vorellis may modify, improve, correct, update, or evolve the Services to optimise their performance, security, reliability, user experience, compliance, maintenance, or functional value.
Vorellis must, however, avoid, during a current Subscription Period, substantially removing an essential feature expressly included in the applicable Purchase Order, except where such modification is reasonably necessary for reasons of security, compliance, applicable law, technical stability, end-of-life of technology, dependence on a third-party supplier or normal product evolution.
3.10 Availability, Maintenance and Support
The commitments relating to availability, support, maintenance windows, response times, planned interruptions, exclusions and, where applicable, service credits are those set out in Appendix A or in the applicable Purchase Order.
Unless expressly stated in these documents, Vorellis does not guarantee that the Services will be available at all times, without interruption, without error or in a timely manner.
3.11 Client’s Technical Requirements
The Client is responsible for providing the equipment, internet connections, browsers, systems, configurations, access, internal authorisations and security measures necessary for the use of the Services.
Vorellis shall not be liable for any interruptions, loss of access, slowdowns, errors or incompatibilities caused by the Client’s systems, networks, equipment, configurations, suppliers or environments.
3.12 Professional services are excluded unless otherwise stated
The Subscription provides access to the SaaS Services. It does not include Professional Services unless expressly provided for in a Purchase Order, a Statement of Work, or a separate contract accepted by Vorellis.
The Services are technological tools for support, structuring, documentation, analysis and management. They do not, in themselves, constitute a professional service, legal advice, a legal opinion, an audit, a certification, a compliance attestation, a regulatory validation, or a personalised support mandate.
Without limiting the foregoing, the Subscription does not include, unless otherwise specified:
a) the complete drafting of legal documents specific to the Client;
b) a legal opinion, legal advice or a personalised interpretation of the law applicable to a specific situation of the Client;
c) a formal audit, certification, attestation or independent compliance validation;
d) an engagement as a vDPO, vRPRP, RPRP, DPO, CISO, external officer, legal adviser, auditor or professional consultant;
e) a full incident investigation, a decision on notification, or the full preparation of a notice to a regulatory authority or a data subject;
f) a compliant, comprehensive or validated description of the Client’s personal data processing procedures;
g) a validation of the purposes of processing, legal bases, grounds for collection, categories of personal information, retention periods or destruction rules applicable to the Client;
h) a comprehensive review of the Client’s contracts, suppliers, processors, transfers, security measures or contractual safeguards;
i) a validation of the validity, adequacy or completeness of the tasks, measures, documents, records or actions carried out by the Client;
j) a bespoke legal validation of the Results generated by the Services;
k) a full implementation of the Client’s compliance, governance, cybersecurity or personal data protection programme;
l) a guarantee that the Client complies or will comply with laws, regulations, standards, contractual requirements, internal policies or the expectations of a supervisory authority;
m) a guarantee that the use of the Services will prevent an incident, a complaint, an access request, an investigation, a sanction, a loss, a claim or a finding of non-compliance.
The Client remains responsible for reviewing, validating and approving the information, decisions, documents, records, reports, tasks, recommendations, classifications, statuses and Results generated by the Services before relying on or using them.
The Client must, where necessary, seek the advice of its own legal, professional, technical, security, compliance or data protection advisers before making a decision or taking action based on the Services.
3.13 Client’s Responsibility for Decisions
The Client remains solely responsible for:
(a) the accuracy, quality, completeness and up-to-date nature of the Client Data;
b) the description of its activities, processes, systems, suppliers, security measures, incidents, transfers, records and internal obligations;
c) its choices regarding compliance, governance, security, risk management and the protection of personal information;
d) the human validation of the Results generated;
e) the decision to implement, modify, disregard, defer or reject a recommendation, task or measure proposed by the Services;
f) obtaining any required professional advice;
g) its communications with authorities, data subjects, Clients, suppliers, employees or other third parties.
Vorellis shall not be liable for any errors, omissions, inaccuracies, delays, losses, non-conformities or consequences resulting from Client Data that is incomplete, inaccurate, out of date, misclassified or misinterpreted by the Client, nor for any decisions taken by the Client based on the Services without appropriate validation.
4. User accounts and the Client’s responsibilities
4.1 Account Creation and Management
Vorellis creates, activates or makes an Account available to the Client in accordance with the terms set out in the applicable Purchase Order.
The Client is responsible for providing Vorellis with accurate, complete and up-to-date information for the purposes of creating, configuring, administering, billing, supporting and managing the Account.
The Client must inform Vorellis without delay of any significant changes to its administrative details, billing information, designated representatives, Administrators or any information necessary for the proper management of the Subscription.
4.2 Account Administrators
The Client must appoint one or more Administrators responsible for the day-to-day management of the Account.
Administrators may, in particular, depending on the available features:
a) invite, authorise, suspend or remove authorised Users;
b) manage certain roles, permissions and access;
c) configure certain Account settings;
d) access the Client’s Data;
e) interact with Vorellis regarding support, billing, security or Account administration;
f) accept certain updates, configurations or settings applicable to the Services.
The Client is responsible for the acts and omissions of its Administrators as if they were the Client’s own.
4.3 Authorised Users
The Client must ensure that each Authorised User:
a) is authorised to use the Services on behalf of the Client;
b) uses the Services solely in the course of the Client’s business activities;
c) complies with the Agreement;
d) has the necessary internal rights to view, enter, modify, upload, export or delete the Client’s Data to which they have access;
e) does not share their Login Details with any other person;
f) complies with the applicable security, confidentiality and acceptable use policies.
The Client remains liable for any use of the Services by its Authorised Users, whether authorised, unauthorised, wrongful, negligent or in breach of the Contract, except to the extent that such use results directly from a breach by Vorellis of its contractual obligations.
4.4 Login Credentials and Access Security
The Client is responsible for the confidentiality, protection and appropriate use of the Credentials associated with its Account and its Authorised Users.
The Client must take reasonable measures to prevent unauthorised access to the Services, in particular by:
a) restricting access to only those persons who require it;
b) promptly revoking access for persons who are no longer authorised;
c) requiring the use of strong passwords;
d) enabling strong authentication mechanisms where available;
e) avoiding the sharing of accounts or credentials;
f) monitoring access where relevant;
g) applying its own internal security and access management policies.
Vorellis shall not be liable for any unauthorised access resulting from the Client’s mismanagement of Credentials, the sharing of access, a compromised device, an unsecured network, the negligence of an authorised User, or the Client’s failure to fulfil its security obligations.
4.5 Notification of access incidents
The Client must notify Vorellis without delay if they become aware of or reasonably suspect:
(a) unauthorised access to the Account;
b) compromise of Credentials;
c) unauthorised use of the Services;
d) a configuration error that may expose Client Data;
e) suspicious activity affecting the Account;
f) any situation likely to compromise the security, confidentiality or integrity of the Services or the Client’s Data.
The Client must cooperate reasonably with Vorellis to investigate the situation, limit the impact, rectify access, change the relevant Credentials and implement any reasonable protective measures.
4.6 Accuracy and quality of Client Data
The Client is responsible for the accuracy, completeness, quality, legality, relevance, and up-to-date nature of the Client Data entered, uploaded, imported, created, generated, configured or processed within the Services.
Vorellis is not obliged to verify the accuracy, legal validity, sufficiency, completeness or compliance of the Client Data, unless a separate mandate expressly provides for this.
Errors, omissions, incomplete information, incorrect classifications or out-of-date data provided by the Client may affect the Results generated. The Client remains responsible for taking this into account when using the Services.
4.7 Authorisation to process Client Data
The Client represents and warrants that it has the necessary rights, authorisations, consents, legal bases, contractual powers or other grounds to submit, upload, import, store, use or process the Client Data within the Services.
The Client is responsible for ensuring that its use of the Services complies with the laws, regulations, contracts, internal policies, confidentiality obligations, third-party rights and requirements applicable to its activities.
Without limiting the foregoing, the Client must ensure that it is authorised to process, within the Services, any personal data, confidential information, internal documents, or information relating to employees, suppliers, Clients, incidents, systems, contracts or processing activities that it uploads or enters into the Services.
4.8 Sensitive Data and High-Risk Information
The Client must exercise caution before entering, uploading or importing into the Services any sensitive personal information, highly confidential data, trade secrets, regulated information, credentials, sensitive financial data, medical information, information relating to minors or any other high-risk information.
Where the Services permit the processing of such information, the Client remains responsible for determining whether its processing within the Services is necessary, proportionate, authorised and compliant with applicable laws and obligations.
Vorellis may impose restrictions, parameters, exclusions or specific conditions regarding certain categories of data, in particular in Annex A, the Addendum relating to the processing of personal information, including its annex relating to security measures, or the applicable Purchase Order.
4.9 Permitted Use of the Services
The Client must use the Services in accordance with:
a) the Agreement;
b) the applicable Purchase Order;
c) Annex A;
(d) the applicable Documentation;
(e) applicable laws and regulations;
f) the rights of third parties;
g) its own internal policies where they apply to its Authorised Users.
The Client must not use the Services in any way that may compromise the security, integrity, availability, reputation or normal operation of the Services, Vorellis, another Client or a Vorellis supplier.
4.10 The Client’s Equipment, Networks and Environment
The Client is responsible for its equipment, devices, browsers, internet connections, networks, systems, configurations, software, firewalls, security policies, internal tools and technical environments used to access the Services.
Vorellis shall not be liable for any problems, losses, interruptions, errors, slowdowns, incompatibilities, vulnerabilities or incidents arising from the Client’s systems, networks, devices, tools, configurations or suppliers.
4.11 Client Backups and Exports
Unless otherwise expressly provided for in the Contract, the Client is responsible for exporting, backing up or retaining any Client Data of which it wishes to maintain an independent copy.
Vorellis may offer export, reporting, history or backup features depending on the Services and the applicable plan. Still, these features do not replace the Client’s internal obligations regarding retention, documentation, auditing, evidence or business continuity.
4.12 Client Cooperation
The Client must cooperate reasonably with Vorellis where such cooperation is necessary to:
(a) to activate or maintain the Services;
b) to resolve a technical issue;
c) process a support request;
d) investigate a security incident;
e) verify an exceedance of the Usage Limits;
f) deal with a billing issue;
g) comply with an applicable legal or contractual obligation;
h) prevent misuse, unauthorised use or use contrary to the Contract.
Any delay, refusal to cooperate, incomplete information or failure to respond on the part of the Client may limit Vorellis’ ability to provide the Services, support or requested corrections.
5. Purchase orders, fees, payment and taxes
5.1 Purchase order required
Each Subscription must be documented by a Purchase Order accepted by the Client and Vorellis.
The Purchase Order sets out the commercial and operational terms applicable to the relevant Subscription, including the plan, Modules, Subscription Period, Fees, billing cycle, Usage Limits, applicable support level and any special conditions accepted by Vorellis.
No Subscription shall be deemed activated until the applicable Purchase Order has been accepted in accordance with the Contract and Vorellis’ procedures.
5.2 Acceptance of the Purchase Order
The Client accepts a Purchase Order when an authorised representative of the Client performs one of the following actions:
a) signs the Purchase Order;
b) accepts it electronically;
c) clicks an acceptance button in the application, portal or link provided by Vorellis;
d) authorises payment of the Fees set out in the Purchase Order;
e) uses the Services after receiving or gaining access to the applicable Purchase Order.
The person accepting a Purchase Order on behalf of the Client represents that they are authorised to bind the Client legally.
Vorellis may retain electronic evidence of the acceptance of the Order Form, including the date, time, user identity, email address, IP address, version of the incorporated contractual documents and a copy of the accepted Order Form.
5.3 Applicable Fees
The Client must pay the Fees set out in the applicable Order Form.
The Fees may include, in particular:
a) Subscription fees;
b) activation or implementation fees, where applicable;
c) fees relating to additional Modules;
d) excess usage fees;
e) fees relating to additional authorised Users;
f) fees relating to additional storage;
g) fees relating to AI Features, API calls, connectors or additional packs;
h) fees for expressly ordered Professional Services.
Unless otherwise specified in the Purchase Order, Fees are payable in the currency specified in the Purchase Order.
5.4 Discounts, promotional credits and vouchers
Vorellis may, at its discretion, grant the Client a discount, promotional credit, voucher, promotional code or any other reduction applicable to all or part of the Fees.
Such discounts, promotional credits, vouchers or promotional codes may be offered directly by Vorellis or provided to the Client through a partner, affiliate, reseller, consultant, integrator, service provider or other distribution channel authorised by Vorellis.
Unless otherwise specified in writing by Vorellis, any discount, promotional credit, voucher or promotional code:
(a) applies only to the Fees expressly referred to;
b) is subject to the applicable terms and conditions, limits, expiry dates and eligibility criteria;
c) is non-transferable;
d) is non-refundable;
e) is not exchangeable for cash;
f) cannot be combined with any other promotion;
g) does not automatically apply to renewal periods;
h) may not be used to amend the Contract, the Purchase Order, the Services, the Usage Limits or Vorellis’ obligations.
No partner, affiliate, reseller, consultant, integrator, service provider or other third party is authorised to modify the Fees, grant a discount, extend a promotion, amend the terms of the Contract or bind Vorellis, unless authorised in writing by Vorellis.
Vorellis may refuse, correct, suspend or cancel the application of a discount, promotional credit, voucher or promotional code in the event of an error, expiry, ineligibility, abuse, fraud, misuse, use contrary to the applicable terms and conditions, or an offer not authorised by a third party.
Applicable taxes are calculated in accordance with applicable tax laws, taking into account any discount or credit permitted by law.
5.5 Invoicing
Vorellis invoices the Fees in accordance with the billing cycle specified in the applicable Order Form.
Unless otherwise specified in the Purchase Order, Subscription Fees are invoiced in advance for the applicable Subscription Period.
The first invoice may be issued following acceptance of the Order Form, activation of the Subscription, or any other step specified in the Order Form.
The invoice may be sent by email, via the application, through a billing portal or by any other reasonable means used by Vorellis.
5.6 Payment
The Client must pay each invoice within the time limit specified on the invoice or on the applicable Purchase Order.
Unless otherwise stated, invoices are payable within thirty (30) days of the date of issue.
Vorellis may require payment by credit card, direct debit, bank transfer, electronic payment or any other payment method accepted by Vorellis.
The Client authorises Vorellis or its payment provider to process the applicable payments when the Client provides an authorised payment method.
5.7 Taxes
The Fees are exclusive of all applicable taxes, unless otherwise stated in the Purchase Order or invoice.
The Client is responsible for paying all sales taxes, goods and services taxes, harmonised sales taxes, provincial sales taxes, duties, levies, withholdings, or other government charges applicable to the Services, except for taxes based on Vorellis’ net income.
Vorellis may add applicable taxes to invoices in accordance with applicable tax laws.
5.8 Non-refundable Fees
Unless otherwise specified in the Purchase Order or required by applicable law, Fees paid or payable are non-cancellable and non-refundable.
No refund, credit or reduction is due as a result of partial use of the Services, non-use, an internal decision by the Client to cease using the Services, or termination by the Client prior to the end of the Subscription Period.
This clause does not limit the rights expressly provided for in the Contract in the event of a material breach by Vorellis.
5.9 Renewal
Where the Purchase Order provides for automatic renewal, the Subscription shall be renewed for successive periods of the same duration, unless either Party gives notice of non-renewal within the timeframe specified in the Purchase Order.
In the absence of a timeframe specified in the Purchase Order, notice of non-renewal must be given at least thirty (30) days before the end of the current Subscription Period.
Vorellis may adjust the Fees applicable to a renewal period upon reasonable prior notice, unless the Purchase Order expressly provides for different pricing terms.
5.10 Exceeding Usage Limits
If the Client exceeds the applicable usage limits, Vorellis may charge the additional fees set out in the Purchase Order, require an upgrade to a higher plan, or restrict certain excess features until the matter is resolved.
Vorellis may notify the Client of an overrun before charging additional fees, unless the Order Form provides for automatic billing of excess usage.
The Client remains responsible for monitoring their use of the Services and for managing their Authorised Users, volumes, Modules, entities, packs, data, reports, AI usage, and other elements subject to Usage Limits.
5.11 Disputing an invoice
The Client must notify Vorellis in writing of any reasonable dispute regarding an invoice within fifteen (15) days of receipt.
The notice must specify the disputed amounts and the grounds for the dispute.
The Client must pay, in a timely manner, any amount not disputed in good faith.
The Parties must cooperate reasonably to resolve any billing dispute promptly.
In the absence of a dispute within the specified time limit, the invoice shall be deemed accepted, unless there is a manifest error.
5.12 Late payment
Any amount not paid by the due date may bear interest at the rate specified in the Purchase Order or the invoice.
In the absence of a specified rate, Vorellis may charge reasonable interest at the rate of one point five per cent (1.5%) per month, or eighteen per cent (18%) per annum, or at the maximum rate permitted by applicable law if such rate is lower.
The Client shall be liable for reasonable costs incurred by Vorellis in recovering unpaid amounts, including administrative costs, collection costs and reasonable professional fees, to the extent permitted by applicable law.
5.13 Suspension for Non-Payment
If the Client fails to pay an undisputed amount due in good faith, Vorellis may suspend access to the Services after providing reasonable written notice to the Client.
Except in cases of emergency, risk of fraud, repeated payment rejection or manifest default, Vorellis shall grant the Client a reasonable period of time to rectify the situation before suspending the Services.
Suspension does not release the Client from their obligation to pay the Fees due.
Vorellis shall not be liable for any losses, interruptions, delays, damages or consequences arising from a suspension carried out in accordance with the Contract.
5.14 No Set-off
The Client may not withhold, set off or deduct any amount payable to Vorellis on account of a claim, dispute or alleged debt, unless Vorellis consents in writing or unless required by applicable law.
5.15 Professional Services and Additional Charges
Professional Services, customised work, specific configurations, training, support, migrations, integrations, reviews, analyses, workshops or interventions not included in the Subscription must be covered by a Purchase Order, a Statement of Work or a separate contract.
In the absence of such a document, Vorellis is not obliged to provide these services.
6. Permitted Use and Restrictions
6.1 Permitted Use
The Client may use the Services solely for its internal commercial, professional, organisational or institutional purposes, in accordance with the Agreement, the applicable Purchase Order, Appendix A, the applicable Documentation and applicable laws.
The Client may allow its Authorised Users to access the Services solely on behalf of the Client and within the limits of the applicable Subscription.
6.2 General restrictions
The Client must not, directly or indirectly, and must not permit any third party to:
(a) use the Services for any illegal, fraudulent, deceptive, abusive or unauthorised purpose;
b) use the Services in a manner that breaches any law, regulation, contract, confidentiality obligation or the rights of a third party;
c) sell, resell, rent, grant, sub-license, distribute, provide, share or make the Services available to a third party, unless the Purchase Order expressly permits this;
d) use the Services on behalf of a third party, unless the Purchase Order expressly authorises MSP, reseller, consultant, multi-client or white-label use;
e) copy, reproduce, modify, adapt, translate, create a derivative work or attempt to reproduce the Services, except to the extent expressly permitted by the Contract;
f) disassemble, decompile, reverse engineer or attempt to extract the source code, models, internal rules, algorithms, methods, workflows or architecture of the Services, except to the extent that applicable law permits this notwithstanding this restriction;
g) circumvent, disable, alter or compromise any security, authentication, access control, usage limitation, logging or protection measure of the Services;
h) disrupt, overload, degrade, interfere with or compromise the availability, security, integrity or performance of the Services;
i) use a robot, script, extractor, scraper, unauthorised automation or other similar process to access the Services, extract data or circumvent the Usage Limits;
j) introduce viruses, malware, harmful code, destructive payloads or elements likely to damage the Services, Vorellis’ systems or a third party’s data;
k) attempt to gain unauthorised access to the Services, Vorellis’ systems, another Client’s data or any unauthorised environment;
l) remove, obscure or alter any intellectual property notices, trademarks, copyright notices or privacy notices displayed within the Services;
m) use the Services in a manner likely to harm the reputation, security or business of Vorellis, another Client, a supplier or a third party.
6.3 Restrictions relating to Client Data
The Client must not submit, upload, import, store or process in the Services any Client Data:
a) which the Client is not authorised to process within the Services;
b) obtained unlawfully or in breach of a contractual or confidentiality obligation;
c) containing information that the Client is not authorised to disclose to Vorellis or its Sub-processors;
d) designed to compromise, abusively test, circumvent or harm the Services;
e) that is manifestly unlawful, defamatory, fraudulent, misleading, discriminatory, abusive or infringes the rights of a third party;
f) which exceed the specific restrictions set out in the Order Form, Annex A or the Addendum relating to the processing of personal data, including its annex relating to security measures.
6.4 Restrictions relating to AI Features
When the Client uses the AI Features, they must do so prudently and responsibly and in accordance with the Contract.
The Client must not use the AI Features to:
a) obtain or attempt to obtain automated legal advice without human validation;
b) automatically generate, validate or submit a compliance conclusion without appropriate review;
c) make a decision having a legal, contractual, disciplinary, financial, regulatory or significant effect on a person without appropriate human intervention;
d) produce misleading, fraudulent, defamatory, discriminatory or illegal content;
e) circumventing any security, confidentiality, governance, acceptable use or usage restriction rule;
f) extract, reproduce, train, test or reconstruct any model, system, prompt, internal rule or mechanism used by Vorellis;
g) submit highly sensitive, regulated or confidential data where this is unnecessary, disproportionate or not authorised by the Client.
Additional rules applicable to AI Features may be set out in Appendix A.
6.5 MSP, Consultant, Reseller or Multi-Client Use
The Client may only use the Services to provide services to third parties, manage multiple clients, operate a shared platform, resell the Services, provide white-label services or act as an MSP, consultant, integrator or external service provider via the Services if the Purchase Order expressly authorises such use.
Where such use is authorised, the Client remains responsible for its own Clients, users, mandates, instructions, Client Data, access, validations, deliverables, communications and professional obligations.
Vorellis is not a party to contracts entered into between the Client and its own Clients, unless otherwise agreed in writing.
6.6 Security Tests
The Client must not allow any third party to carry out a penetration test, vulnerability scan, load test, exploitation test, active technical audit, automated analysis or any other security test targeting the Services, Vorellis’ systems or the infrastructure used by Vorellis, without Vorellis’ prior written authorisation.
Vorellis may refuse, supervise, or impose conditions on any security test to protect the Services, the Client’s Data, other clients, its suppliers, and its infrastructure.
6.7 Circumvention of Usage Limits
The Client must not circumvent or attempt to circumvent the applicable Usage Limits, including by creating multiple accounts, sharing Login Credentials, unauthorised automated use, artificial data segmentation, duplication of environments, or any other method intended to avoid applicable Fees, restrictions or limits.
6.8 Reporting of non-compliant use
The Client must notify Vorellis without delay if they discover or suspect non-compliant, abusive, fraudulent, unauthorised or dangerous use of the Services by an Authorised User or by a third party using their access credentials.
The Client must reasonably cooperate with Vorellis to stop the non-compliant use, limit the impact, and rectify the situation.
6.9 Protective measures by Vorellis
If Vorellis reasonably believes that any use of the Services breaches the Contract, compromises security, exceeds the Client’s rights, exposes Vorellis or a third party to a legal, technical or operational risk, or harms the Services, Vorellis may take reasonable measures, including:
a) requesting the Client to rectify the situation;
b) temporarily restricting, blocking or suspending the relevant access;
c) removing or disabling problematic content, access, integration or functionality;
d) suspending an authorised User or a Username;
e) suspending all or part of the Services where the situation so requires;
f) terminate the Contract in the circumstances provided for therein.
Where reasonably practicable, Vorellis shall notify the Client before taking any significant suspension measure. However, Vorellis may act without prior notice where immediate action is necessary to protect the Services, the Client’s Data, other Clients, its suppliers, its systems or its legal obligations.
6.10 No tolerance or waiver
The fact that Vorellis does not take immediate action in respect of non-compliant use does not constitute approval, permanent tolerance, an amendment to the Contract, or a waiver of its rights.
Vorellis may exercise its rights at a later date if the non-compliant use continues, recurs, or poses a risk to Vorellis, the Services, the Client, or a third party.
7. Client Data and Processing of Personal Information
7.1 Ownership of Client Data
Between the Parties, the Client retains all rights, title and interest in and to the Client Data.
Vorellis shall not acquire any ownership rights over the Client Data. Vorellis may, however, process, host, use, transmit, store, display, technically reproduce and otherwise exploit the Client Data to the extent necessary for the provision, security, maintenance, improvement, support and administration of the Services in accordance with the Agreement.
7.2 Authorisation for processing by Vorellis
Vorellis may process the Client Data to the extent necessary to provide, secure, maintain, support and administer the Services in accordance with the Agreement. Where the Client Data includes Personal Information processed on behalf of the Client, such processing is governed by the Addendum relating to the processing of personal information.
7.3 Client’s Responsibility in Relation to Client Data
The Client remains responsible for:
a) the lawfulness, accuracy, quality, completeness and up-to-date nature of the Client Data;
b) for obtaining any authorisation, consent, power, legal basis or permission necessary to process the Client Data within the Services;
c) for the relevance and proportionality of the Client Data uploaded or entered into the Services;
d) for the classification of the Client Data, including the identification of sensitive personal information or highly confidential information;
e) the validation of the Client Data used to generate reports, analyses, statuses, tasks, recommendations or other generated Outputs;
f) compliance with the legal, regulatory, contractual and internal obligations applicable to the Client Data.
Vorellis is not required to verify the Client Data, unless expressly provided for in a separate engagement letter.
7.4 Personal information processed on behalf of the Client
Where the Client Data includes personal information or personal data processed by Vorellis on behalf of the Client, the Parties agree that such processing is governed by the Addendum relating to the processing of personal information.
Without limiting the provisions of this Addendum, Vorellis processes such personal information solely in accordance with the Contract, the Addendum on the Processing of Personal Information, the Client’s documented instructions and applicable laws.
7.5 Personal Information Processed by Vorellis for Its Own Purposes
Vorellis may process certain personal information for its own commercial, administrative, technical or legal purposes, in particular in connection with:
a) the creation and management of user accounts;
b) billing and payments;
c) communications with the Client;
d) support;
e) the security of the Services;
f) the prevention of fraud and abuse;
g) improving the Services;
h) commercial communications permitted by law;
i) compliance with Vorellis’ legal obligations.
Such processing is governed by the applicable privacy policy of Vorellis or Agent AlexArc, and not by the Addendum relating to the processing of personal information, unless otherwise specified.
7.6 Security Measures
Vorellis implements reasonable security measures to protect the Services and the Client’s Data. The measures applicable to the processing of Personal Information on behalf of the Client are described in the Addendum relating to the processing of personal information, including its Annex 2 – Security Measures.
The Client acknowledges that security also depends on its own practices, including the management of Authorised Users, Credentials, access, devices, networks, configurations, exports, internal policies and Client Data.
7.7 Access to Client Data by Vorellis
Vorellis restricts access to Client Data to those persons and Sub-processors who need it to provide, secure, maintain, support, or administer the Services, or to comply with an applicable legal or contractual obligation.
Vorellis may access Client Data where reasonably necessary to:
a) provide the Services;
b) process a support request;
c) rectify a technical issue;
d) investigate non-compliant use or an incident;
e) prevent a risk of security, fraud, abuse or damage;
f) comply with the law, a court order or a legally binding request;
g) enforce the Contract.
7.8 Sub-processors
The use of Sub-processors processing Personal Information on behalf of the Client is governed by the Addendum relating to the processing of personal information, including its Annex 3 – Authorised Suppliers and Sub-processors.
7.9 Transfers and places of processing
The places of processing and transfers applicable to Personal Information processed on behalf of the Client are governed by the Addendum relating to the processing of personal information.
7.10 Security incidents and privacy incidents
Vorellis manages security incidents affecting the Services in accordance with its internal procedures, the Contract and applicable laws. Confidentiality incidents affecting Personal Information processed on behalf of the Client are governed by the Addendum relating to the processing of personal information.
7.11 Export of Client Data
During the Subscription Period, the Client may export certain Client Data using the features available within the Services, provided such features are included in the Client’s Subscription plan.
Export capabilities may vary depending on Modules, formats, plans, Usage Limits, Account configuration and applicable technical restrictions.
Vorellis is not obliged to provide customised export, assisted migration, format conversion or special extraction of Client Data, unless expressly provided for in a Purchase Order, Statement of Work or separate contract.
7.12 Retention, deletion and return of Client Data
The retention, deletion, return, and export of Client Data at the end of the Subscription are governed by section 14, the Addendum relating to the processing of Personal Information, the applicable Purchase Order, and the features available within the Services.
7.13 Aggregated Data, Statistics and Usage Data
Vorellis may collect and use technical data, statistics, usage metrics, logs, performance data, diagnostic data, aggregated data or de-identified data relating to the use of the Services to:
(a) to operate, secure and maintain the Services;
b) measure the performance and usage of the Services;
c) correct errors and improve functionality;
d) develop new products or features;
e) produce internal statistics;
f) prevent abuse, fraud and security risks.
Vorellis must not use this data in a way that directly identifies the Client or any natural person, or that indirectly identifies a natural person, unless this is necessary to provide the Services, fulfil the Contract, ensure security, or comply with the law.
7.14 Use of Client Data for Training AI Models
Unless expressly authorised by the Client or otherwise stated in the Order Form or Annex A, Vorellis shall not use Client Data to train general artificial intelligence models intended for other Clients.
The specific rules applicable to AI Features, data submitted in prompts, generated Results, usage logs and AI providers are set out in Annex A, the Addendum on the processing of personal information, including its annex on security measures, or the applicable privacy policy.
7.15 Government, judicial or regulatory requests
If Vorellis receives a legally binding request from a governmental, judicial, administrative or regulatory authority relating to the Client’s Data, Vorellis may respond to it to the extent required by applicable law.
Where permitted by law and where reasonably practicable, Vorellis shall notify the Client of such a request to enable the Client to exercise any available remedies or objections.
Vorellis is not obliged to challenge a legally binding request on behalf of the Client, unless a separate contract expressly provides for this.
8. Intellectual Property
8.1 Ownership of the Services
Vorellis and its licensors retain all rights, title and interest in and to the Services, Agent AlexArc, the Documentation, interfaces, software, code, databases, workflows, questionnaires, models, templates, configurations, algorithms, rules, methodologies, content, standard reports, structures, taxonomies, architectures, automations, AI features, visual elements, trademarks, trade names, logos, domain names, trade secrets, know-how and other elements used, developed, supplied or made available by Vorellis.
No ownership rights in the Services or their elements are transferred to the Client.
8.2 Limited Licence of Use
Subject to compliance with the Contract and payment of the applicable Fees, Vorellis grants the Client, during the applicable Subscription Period, a limited, non-exclusive, non-transferable, non-assignable right, revocable in the event of a breach of the Contract, to access and use the Services in accordance with the Contract, the applicable Purchase Order and Annex A.
This licence is granted solely for the Client’s internal commercial, professional, organisational or institutional purposes, unless a broader use is expressly provided for in the Purchase Order.
8.3 Restrictions relating to Vorellis’ intellectual property
The Client must not, directly or indirectly, and must not permit any third party to:
a) copy, reproduce, modify, adapt, translate, distribute, sell, rent, grant, sub-license or create a derivative work of the Services, except to the extent expressly permitted by the Agreement;
b) reverse engineer, disassemble, decompile or attempt to extract the source code, models, prompts, internal rules, evaluation logic, workflows, algorithms or architectures of the Services, except to the extent that applicable law permits this notwithstanding this restriction;
c) remove, obscure or modify any intellectual property, copyright, trademark, confidentiality or reserved rights notice;
d) use the Services to develop, train, improve, test, compare or market a competing product or service;
e) systematically extract, reproduce or reuse the content, structures, questionnaires, templates, taxonomies, methodologies or typical results of the Services to create a database, tool, model, corpus, service or competing offering;
f) access the Services to monitor their availability, performance or functionality for unauthorised competitive or comparative purposes;
g) use the trademarks, logos, trade names or distinctive signs of Vorellis or Agent AlexArc without the prior written authorisation of Vorellis.
8.4 Client Data
The Client retains all rights, title and interest in and to the Client Data.
The Contract does not grant Vorellis any ownership rights over the Client Data. The Client nevertheless grants Vorellis the rights necessary to host, process, technically reproduce, transmit, display, store, analyse and use the Client Data to the extent necessary for the provision, security, maintenance, support, improvement and administration of the Services in accordance with the Agreement.
This clause does not limit the rights and obligations set out in Section 7 or in the Addendum relating to the processing of personal information.
8.5 Generated Results
Subject to compliance with the Contract and payment of the applicable Fees, the Client may use the generated Results for its internal commercial, professional, organisational or institutional purposes.
The Results generated may incorporate or reflect structures, formats, methodologies, logic, taxonomies, models, templates, rules or content provided by Vorellis. The Client acquires no ownership rights over these underlying elements of Vorellis.
The Client may not use the generated Results to create, market, train, feed or improve any product, service, model, database, tool or offering that competes with the Services, unless Vorellis has given its prior written consent.
8.6 Comments, suggestions and feedback
If the Client or its Authorised Users provide Vorellis with comments, suggestions, ideas, requests for improvements, recommendations, corrections, proposals, observations or any other feedback regarding the Services, Vorellis may use them freely, without restriction, compensation or obligation to the Client, to maintain, correct, improve, develop or market its products and services.
The Client declares that it has the necessary rights to provide such feedback to Vorellis.
8.7 Improvements and developments
Any improvement, correction, update, adaptation, configuration, extension, functionality, automation, model, template, rule, workflow, standard report, integration, documentation or development relating to the Services remains the property of Vorellis, even if such improvement or development arises from a need, comment, request or suggestion made by the Client.
Unless otherwise stipulated in a Purchase Order, a statement of work or a separate contract, no custom development shall transfer to the Client any ownership rights over the Services, any component of the Services or any improvement to the Services.
8.8 Third-party elements
The Services may incorporate, use or make available certain software, libraries, templates, APIs, infrastructure, content, services or components provided by third parties.
These elements may be subject to third-party terms, licences, restrictions or rights. Vorellis does not transfer any rights to these elements to the Client, except to the extent necessary for the use of the Services in accordance with the Contract.
8.9 Trademarks and trade names
The Client may not use the names, trademarks, logos, trade names, slogans, graphic elements or distinctive signs of Vorellis, Agent AlexArc or their products without the prior written authorisation of Vorellis.
Unless the Client objects in writing, Vorellis may identify the Client as a client of Vorellis or Agent AlexArc in a client list, sales presentation or corporate communication, using the Client’s trade name and logo in a reasonable and non-misleading manner.
The Client may withdraw this authorisation by sending written notice to Vorellis.
8.10 Reservation of Rights
All rights not expressly granted to the Client under the Contract are reserved by Vorellis and its licensors.
Nothing in the Contract shall be construed as granting the Client any implied right, licence, transfer, assignment or waiver in relation to the Services, Vorellis’ intellectual property rights or the rights of its licensors.
9. Confidentiality
9.1 Confidential Information
For the purposes of this Agreement, the term “Confidential Information” means any non-public information disclosed or made available by one Party to the other Party, directly or indirectly, in written, oral, visual, electronic, technical or any other form, which is designated as confidential or which should reasonably be regarded as confidential given its nature or the circumstances of its disclosure.
Confidential Information includes, in particular:
a) Client Data;
b) personal data or confidential information contained in the Services;
c) a Party’s commercial, financial, operational, technical or strategic information;
d) information relating to a Party’s Clients, suppliers, partners, employees, processes, systems, security measures or incidents;
e) prices, discounts, specific commercial terms and conditions relating to a Purchase Order;
f) non-public information concerning the Services, Agent AlexArc, the Documentation, features, workflows, questionnaires, templates, rules, methodologies, architectures, models, integrations, product roadmaps, vulnerabilities, security reports, tests, configurations or technical limitations;
g) information contained in the Addendum relating to the processing of personal data or in its annexes, where such information is not made publicly available by Vorellis.
9.2 Exclusions
Confidential Information does not include information which the receiving Party can demonstrate:
a) was publicly available without any breach of the Agreement;
b) was already lawfully known to the receiving Party prior to its disclosure by the disclosing Party;
c) was lawfully received from a third party who was not subject to a duty of confidentiality;
d) was independently developed by the receiving Party without using the disclosing Party’s Confidential Information;
e) must be disclosed pursuant to a law, order, subpoena, court ruling, regulatory request or other legally binding obligation, subject to section 9.6.
9.3 Confidentiality Obligations
The receiving Party must:
a) use it solely for the purposes of the Contract;
b) protect it with a reasonable degree of care, at least equivalent to that which it uses to protect its own confidential information of a similar nature;
c) not disclose it to any third party, except where permitted by the Contract;
d) restrict access to its employees, officers, representatives, advisers, suppliers, service providers, subcontractors or agents who require access to it for the purposes of the Contract;
e) ensure that persons to whom it grants access to the Confidential Information are subject to reasonably equivalent confidentiality obligations;
f) not to copy, reproduce, extract, export or retain the Confidential Information beyond what is necessary for the purposes of the Contract;
g) notify the other Party without undue delay if it becomes aware of any unauthorised disclosure, loss, access or use of the Confidential Information.
9.4 Permitted Use by Vorellis
Vorellis may use and disclose the Client’s Confidential Information to the extent necessary to:
a) provide, operate, maintain, secure, support and administer the Services;
b) process support requests;
c) correct errors or technical issues;
d) investigate an incident, vulnerability, non-compliant use, abuse or fraud;
e) comply with the Agreement, the Addendum relating to the processing of personal data and applicable laws;
f) engage its employees, officers, advisers, suppliers, service providers and authorised Sub- ;
g) exercise its rights and remedies under the Agreement.
Where Confidential Information includes personal information processed on behalf of the Client, the use and disclosure of such personal information shall also be governed by the Addendum relating to the processing of personal information.
9.5 Permitted Use by the Client
The Client may use Vorellis’ Confidential Information solely to access, evaluate, administer and use the Services in accordance with the Agreement.
The Client must not use Vorellis’ Confidential Information to:
a) create, improve, train, test, compare or market a competing product or service;
b) publicly disclose non-public technical, commercial, pricing, security or performance information relating to the Services;
c) circumvent the Usage Limits, security measures, contractual restrictions or protection mechanisms of the Services;
d) reproduce or reuse Vorellis’ non-public methodologies, templates, questionnaires, workflows, taxonomies, rules, models or content outside the rights expressly granted to the Client.
9.6 Legally Required Disclosure
If a Party is legally required to disclose Confidential Information of the other Party, it may do so to the extent required by applicable law.
Where permitted by law and reasonably practicable, the Party receiving the request must notify the other Party prior to any disclosure to allow it to challenge the request, seek a confidentiality order or limit the scope of the disclosure.
The Party disclosing the Confidential Information must limit the disclosure to what is legally required.
9.7 Protection of Client Data
Client Data is considered to be the Client’s Confidential Information.
Vorellis must protect the Client Data in accordance with the Contract, the Addendum relating to the processing of personal information, including its annex on security measures, and applicable laws.
The Client acknowledges, however, that certain Client Data may be accessed, processed, transferred or disclosed by Vorellis in the circumstances provided for in the Contract, in particular to provide the Services, support the Client, ensure security, comply with legal obligations or engage authorised Sub-processors.
9.8 Confidentiality of commercial terms
Fees, discounts, credits, special conditions, negotiated terms, commercial limits and other conditions specific to a Purchase Order are confidential, unless their disclosure is required by law, by a competent authority, by applicable accounting rules, by internal governance obligations, or by the reasonable needs of professional advisers subject to confidentiality obligations.
9.9 Return or destruction
Upon termination or expiry of the Contract, or upon reasonable request by the Party disclosing the Confidential Information, the Party receiving the Confidential Information must cease using it and, where applicable, return, delete or destroy it to the extent reasonably possible.
This obligation does not apply to copies retained:
a) in routine technical backups;
b) to comply with a legal, regulatory, accounting, tax, security or audit obligation;
c) to establish, exercise or defend a legal claim;
d) in accordance with applicable retention policies;
e) where retention is expressly permitted by the Contract or the Addendum relating to the processing of personal information, including its annex on security measures.
Any Confidential Information retained remains subject to the confidentiality obligations set out in the Contract.
9.10 Duration of confidentiality obligations
The confidentiality obligations set out in this section shall remain in force for the duration of the Contract and for a period of five (5) years following its termination.
However, obligations relating to personal information, trade secrets, non-public security information, Client Data, highly sensitive information or information which, by its nature, must remain confidential shall remain in force for as long as such information does not become public without a breach of the Contract.
9.11 Remedies
The Parties acknowledge that a breach of confidentiality obligations may cause harm that is difficult to remedy by damages.
Subject to applicable laws, the aggrieved Party may seek any available remedy, including a protective order, injunction or any other appropriate judicial remedy, without limiting its other rights and remedies provided for in the Agreement or by law.
9.12 No restriction on permitted communications
This section does not restrict:
a) communications between Vorellis and its suppliers, service providers, subcontractors, professional advisers or competent authorities where such communications are permitted by the Contract or necessary for the provision of the Services;
b) communications by the Client to its legal, accounting, tax, financial, insurance or auditing advisers or competent authorities, where such communications are necessary and subject to appropriate confidentiality obligations;
c) disclosures expressly authorised in writing by the Party disclosing the Confidential Information;
d) disclosures necessary for the exercise of a right or remedy under the Contract.
10. Third-party services, integrations, availability and maintenance
10.1 Third-party services used by Vorellis
Vorellis may use suppliers, hosts, service providers, processors, tools, infrastructure, APIs, templates, payment systems, communication services, support services, analytics services, security services, or other third-party services to provide, operate, host, secure, maintain, support, or improve the Services.
Where such third-party services process Client Data or personal information on the Client’s behalf, their use is governed by the Addendum relating to the processing of personal information, including, where applicable, its annexes relating to security measures and sub-processors.
10.2 Third-party services connected to or used by the Client
The Client may, where permitted by the available features, connect, configure, or use the Services with third-party services, systems, accounts, applications, APIs, connectors, tools, environments, or platforms.
These third-party services may include, in particular, document management tools, identity systems, storage solutions, cloud services, collaboration tools, billing systems, payment platforms, cybersecurity tools, CRM systems, automation tools or other solutions used by the Client.
The Client is responsible for ensuring that it has the necessary rights, access, authorisations, licences, consents and powers to connect or use these third-party services with the Services.
10.3 Terms applicable to third-party services
Third-party services may be subject to their own terms of use, privacy policies, security conditions, fees, restrictions, technical limitations, API rules, licensing requirements or contractual obligations.
The Client is responsible for reading, understanding, and complying with the terms and conditions applicable to third-party services they choose to connect to, use, or authorise with the Services.
Vorellis is not a party to any contracts entered into between the Client and its third-party providers, unless otherwise specified in writing.
10.4 Data transmitted to third-party services
When the Client connects or authorises a third-party service to access the Services or the Client’s Data, the Client authorises Vorellis to transmit, receive, synchronise, process or make available the Client’s Data necessary for the operation of such integration.
The Client remains responsible for:
(a) the integration configuration;
b) the permissions granted to the third-party service;
c) the Client Data transmitted to or made available to the third-party service;
d) the consequences arising from the use of the third-party service;
e) the withdrawal or modification of access granted to the third-party service;
f) compliance with the laws and obligations applicable to such transmission or connection.
Vorellis shall not be liable for the processing, loss, alteration, storage, disclosure or use of Client Data by a third-party service connected to or authorised by the Client, except to the extent that the damage results directly from a breach by Vorellis of its contractual obligations.
10.5 Availability of integrations
Vorellis may offer certain integrations, connectors, APIs or compatibility with third-party services. These integrations may depend on external services over which Vorellis has no control.
Vorellis does not guarantee that integrations with third-party services will be available at all times, error-free, compatible with all versions of the third-party service, or maintained indefinitely.
Vorellis may modify, limit, suspend or withdraw an integration where reasonably necessary, in particular due to:
a) a change imposed by a third-party provider;
b) an API change;
c) a security issue;
d) a legal or regulatory risk;
e) end-of-life of the technology;
f) a reasonable commercial or operational change;
g) a technical incompatibility.
10.6 Availability of the Services
Vorellis shall use commercially reasonable efforts to make the Services available in accordance with the commitments expressly set out in Appendix A, the applicable Purchase Order, or any applicable service-level agreement.
Unless otherwise expressly agreed, Vorellis does not guarantee that the Services will be accessible at all times, without interruption, error, delay, performance degradation or temporary unavailability.
10.7 Scheduled Maintenance
Vorellis may carry out maintenance, updates, corrections, improvements, migrations, security measures, backups, optimisations or infrastructure work, which may result in a temporary interruption, limitation or degradation of the Services.
Where reasonably possible, Vorellis shall use reasonable endeavours to carry out planned maintenance operations to minimise the impact on Clients.
Vorellis may notify the Client of planned maintenance via the application, by email, via a status page, in the Documentation or by any other reasonable means.
10.8 Emergency Maintenance
Vorellis may carry out emergency maintenance without prior notice where necessary to protect the Services, the Client’s Data, Vorellis’ systems, other Clients and suppliers, and the security, integrity, availability, or compliance of the Services.
Emergency maintenance may be required, in particular, in the event of a vulnerability, a security incident, an operational risk, a technical failure, data corruption, a critical outage, a legal obligation or a serious risk to the Services.
10.9 Interruptions not attributable to Vorellis
Vorellis shall not be liable for any interruptions, delays, loss of access, errors, slowdowns, incompatibilities, data loss, transmission failures or performance degradation caused by factors beyond its reasonable control, including:
a) the Client’s systems, networks, devices, browsers, configurations or suppliers;
b) third-party services connected to or authorised by the Client;
c) internet, telecommunications or public infrastructure providers;
d) failures of cloud providers or third-party service providers;
e) acts or omissions of the Client or its authorised Users;
f) incorrect configuration of the Account by the Client;
g) improper or abusive use of the Services;
h) a force majeure event or an external incident reasonably beyond Vorellis’s control.
This clause does not limit Vorellis’ obligations as expressly set out in the Addendum on the processing of personal data, including its annex on security measures, or in Annex A.
10.10 Status Page and Operational Communications
Vorellis may provide a status page, portal, dashboard, in-app notification, email, or any other reasonable means to communicate information regarding the availability, outages, maintenance, or operational incidents affecting the Services.
These communications are provided for operational purposes. They do not amend the Agreement, unless expressly stated in writing by Vorellis.
10.11 Technical Support
The technical support applicable to the Services is that set out in Appendix A, the relevant Purchase Order or any applicable support policy.
Unless otherwise specified, technical support covers assistance with accessing the Services, the general operation of the platform, reasonably reproducible technical issues, and general usage queries.
Technical support does not include, unless otherwise specified:
a) professional services;
b) the full configuration of the Client’s compliance programme;
c) the correction of the Client’s Data;
d) legal or professional validation of the Results generated;
e) the resolution of problems caused by the Client’s third-party systems, networks, devices, configurations or services;
f) personalised support not provided for in the Client’s Subscription plan.
10.12 Changes imposed by third parties
The Client acknowledges that certain components of the Services may depend on third-party providers, APIs, services, models, infrastructure, app stores, operating systems, browsers or technologies.
If a third party modifies, suspends, withdraws, restricts, or renders incompatible a service, API, licence, technology, or functionality necessary for the Services, Vorellis may reasonably modify the Services to maintain their operation, security, or compliance.
Vorellis shall not be liable for any loss of functionality or modification necessitated by a decision, restriction, change or failure of a third party beyond its reasonable control.
11. Limited Warranties and Exclusions
11.1 Limited Warranty of Service Provision
Vorellis shall use commercially reasonable efforts to provide the Services in accordance with the Contract, the applicable Purchase Order and Annex A.
This warranty is a warranty of means and not a warranty of result.
11.2 Limited Security Warranty
Vorellis shall use commercially reasonable efforts to implement and maintain reasonable technical, organisational and administrative measures to protect the Services and the Client’s Data, in accordance with the Addendum relating to the processing of personal information, including its annex relating to security measures, where applicable.
This warranty does not replace the Client’s security obligations, in particular concerning the management of Authorised Users, Credentials, devices, networks, configurations, access, exports and Client Data.
11.3 Limited Warranty Regarding Rights
Vorellis represents that, to the best of its knowledge, it has the necessary rights to provide the Services to the Client in accordance with the Agreement.
This warranty does not apply to the Client’s Data, third-party services connected to or authorised by the Client, content provided by the Client, the Client’s instructions, or any use of the Services contrary to the Agreement.
11.4 No warranty of compliance
The Services may assist the Client in structuring, documenting, analysing, prioritising, monitoring or managing certain aspects of its compliance, governance, cybersecurity, risk management or data protection programme.
However, Vorellis does not warrant that the use of the Services will ensure the Client’s compliance with any law, regulation, standard, framework, contractual requirement, internal policy, auditor’s expectation or supervisory authority’s position.
Nor does Vorellis warrant that the use of the Services will prevent a complaint, a request for access, an incident, an investigation, a sanction, a loss, a claim, a finding of non-compliance or a failed audit.
11.5 No guarantee of legal or professional accuracy
The Services, including the generated Results and AI Features, do not constitute legal advice, a legal opinion, professional advice, an audit, a certification, an attestation, regulatory validation or a professional decision.
Vorellis does not guarantee that the Generated Results are complete, accurate, sufficient, up to date, suitable for all of the Client’s circumstances, or legally valid for a particular situation.
The Client must review, validate, and approve the Generated Results before relying on, using, transmitting them to a third party, or making a decision based on them.
11.6 No warranty regarding the Client’s Data
Vorellis does not guarantee the accuracy, quality, legality, completeness, relevance, sufficiency or timeliness of the Client Data.
The Results generated may be incomplete, inaccurate or inappropriate if the Client Data is incomplete, inaccurate, out of date, poorly categorised, insufficient, contradictory or misinterpreted by the Client.
The Client remains responsible for verifying the Client Data, correcting errors and keeping their information up to date.
11.7 No warranty regarding AI Features
The AI Features are provided as support tools. They may produce results that are incomplete, inaccurate, ambiguous, unsuitable, out of date or requiring human validation.
Vorellis does not guarantee that the AI Features will always produce a response that is accurate, complete, compliant, relevant or appropriate to the Client’s context.
The Client must not use the AI Features as a substitute for human, legal, professional, technical, security or compliance analysis.
11.8 No guarantee of perfect availability
Unless expressly agreed in Annex A, the applicable Purchase Order or an applicable service level agreement, Vorellis does not guarantee that the Services will be available at all times, without interruption, error, delay, vulnerability, loss of performance or temporary unavailability.
The Services may be affected by maintenance operations, updates, incidents, technical limitations, third-party services, suppliers, networks, the Client’s systems, external events, or other circumstances set forth in the Contract.
11.9 No warranty regarding third-party services
Vorellis does not guarantee any third-party services, systems, accounts, applications, APIs, platforms, infrastructures, models, software, connectors, or tools that the Client chooses to connect to, authorise, or use with the Services.
Vorellis shall not be liable for the acts, omissions, errors, interruptions, changes, data losses, processing, disclosures, terms, policies or decisions of such third-party services, except to the extent that the damage results directly from a breach by Vorellis of its contractual obligations.
11.10 General Exclusions of Warranties
Unless expressly provided for in the Contract, the Services, Documentation, Generated Results, AI Features, integrations, reports, content, models, templates, recommendations, statuses, questionnaires and other elements provided by Vorellis are provided “as is” and “as available”.
To the extent permitted by applicable law, Vorellis excludes any warranty, condition or representation not expressly set out in the Contract, whether express, implied, statutory or otherwise, including any implied warranty of merchantability, fitness for a particular purpose, freedom from error, non-infringement, accuracy, continuous availability, absolute security or a particular result.
11.11 Limits on exclusions
Nothing in the Contract limits or excludes any liability that cannot be limited or excluded under applicable law.
The exclusions set out in this section shall be interpreted to the fullest extent permitted by applicable law.
11.12 Remedies in the Event of Non-Conformity of the Services
If the Services are not provided in a manner substantially in accordance with the Contract, the Client must notify Vorellis in writing within a reasonable time, describing the alleged non-conformity.
The Client’s primary remedy is to allow Vorellis to remedy the non-conformity within a reasonable time, where such a remedy is possible.
If Vorellis does not remedy a material non-conformity within a reasonable period of time following written notice from the Client, the Client’s rights are those set out in the Contract, including, where applicable, the rights of termination expressly provided for in the section relating to duration, suspension and termination.
12. Limitation of Liability
12.1 General Application
To the extent permitted by applicable law, the total aggregate liability of Vorellis, its officers, directors, employees, representatives, suppliers, licensors, service providers and subcontractors in relation to the Contract, the Services, Agent AlexArc, the Generated Results, the AI Features, the Documentation, the Client Data or any Purchase Order is limited to proven direct damages suffered by the Client.
This limitation applies regardless of the nature of the claim, whether based on contract, civil liability, tort, fault, negligence, statutory duty, warranty, indemnity or any other legal basis.
12.2 Limit of Liability
To the extent permitted by applicable law, Vorellis’s total aggregate liability for all claims arising out of the Contract or in connection with the Services shall not exceed the total amount of Fees actually paid by the Client to Vorellis for the relevant Services during the twelve (12) months preceding the event giving rise to the claim.
If the claim arises before twelve (12) months’ Fees have been paid, the liability cap shall correspond to the Fees actually paid by the Client to Vorellis for the relevant Services prior to the event giving rise to the claim.
The existence of multiple claims, events, incidents, invoices, Purchase Orders, Authorised Users, Modules or legal theories does not increase this limit.
12.3 Exclusion of Indirect Damages and Related Losses
To the extent permitted by applicable law, Vorellis shall not be liable for any indirect, special, incidental, punitive, exemplary, aggravated or consequential damages, nor for the following losses or damages, even if Vorellis has been advised of the possibility thereof:
(a) loss of profits, revenue, anticipated savings or business opportunities;
b) loss of goodwill, reputation, clientele or commercial value;
c) business interruption, operating loss or loss of productivity;
d) loss, corruption, alteration or unavailability of data, except to the extent expressly provided for in the Contract;
e) replacement costs, substitution costs or the cost of acquiring an equivalent service;
f) a third-party claim against the Client, except where an obligation to indemnify is expressly provided for in the Contract;
g) fines, sanctions, penalties, investigations, administrative measures or regulatory decisions directed at the Client;
h) consequences arising from a decision taken by the Client based on the Service, the Results generated or the AI Features without appropriate validation.
12.4 Exclusions relating to compliance and the Client’s decisions
Without limiting sections 3.12, 3.13 and 11, Vorellis shall not be liable for any loss, damage, penalty, cost, claim or consequence arising from:
a) the inaccuracy, incompleteness, obsolescence or misclassification of the Client’s Data;
b) any decision, action, omission, priority, classification, validation or interpretation by the Client;
c) the use of the Services as a substitute for legal, professional, technical, cybersecurity, compliance or data protection advice;
d) a lack of human validation of the Results generated;
e) use of the Services in breach of the Agreement;
f) a breach by the Client of its legal, regulatory, contractual, professional or internal obligations;
g) the Client’s communication with an authority, a data subject, an employee, a supplier, a Client or a third party;
h) a failure of the Client’s systems, networks, devices, configurations, access, tools or suppliers.
12.5 Exclusions relating to third-party services
To the extent permitted by applicable law, Vorellis shall not be liable for any acts, omissions, interruptions, errors, vulnerabilities, decisions, modifications, conditions, policies, processing, disclosures, data loss or incidents caused by a third-party service connected to, authorised by, selected by or used by the Client.
This exclusion does not apply to the extent that the damage results directly from a breach by Vorellis of its contractual obligations in respect of a Sub-contractor used by Vorellis to provide the Services.
12.6 Exclusions relating to the Client’s access
To the extent permitted by applicable law, Vorellis shall not be liable for any loss, unauthorised access, disclosure, alteration, deletion, export or use of the Client’s Data arising from:
a) the sharing of Credentials;
b) a weak or compromised password;
c) a compromised Client device, network or environment;
d) poor management of authorised Users;
e) access granted by the Client to an unauthorised person or a third-party service;
f) a delay by the Client in revoking access;
g) incorrect configuration by the Client;
h) a breach by the Client of its security obligations.
12.7 Claims relating to AI Features
To the extent permitted by applicable law, Vorellis shall not be liable for any loss, damage, cost, claim or consequence arising from the use of the AI Features where such loss, damage, cost, claim or consequence results from:
a) a lack of human validation;
b) the use of the generated Results as legal, professional, technical or regulatory advice;
c) incomplete, inaccurate, out-of-date or insufficient Client Data;
d) an instruction, prompt, question or configuration provided by the Client;
e) the use of the AI Features in breach of the Contract;
f) a decision taken by the Client based on an automatically generated result.
12.8 Exceptions to the limit of liability
The limitations set out in sections 12.1 to 12.7 do not limit:
(a) the Client’s obligation to pay the Fees due;
b) a Party’s liability for wilful misconduct or gross negligence, to the extent that such a limitation is prohibited by applicable law;
c) a Party’s liability for personal injury or emotional distress, to the extent that such a limitation is prohibited by applicable law;
d) injunctive relief or other legal remedies available in the event of a breach of confidentiality, intellectual property rights or the security of the Services;
e) any liability that cannot be excluded or limited under applicable law.
12.9 Obligations to minimise damage
Each Party shall take reasonable steps to limit any loss, damage, cost or consequence arising from an incident, breach, interruption, error, unauthorised access, dispute or other event relating to the Contract.
In particular, the Client must cease any problematic use of the Services, preserve relevant evidence, correct configurations under its control, remove unauthorised access, notify Vorellis without undue delay and cooperate with Vorellis where such cooperation is necessary to limit the impact.
12.10 Time limit for claims
To the extent permitted by applicable law, the Client must provide Vorellis with written notice describing any claim relating to the Contract or the Services within a reasonable time after becoming aware of the facts giving rise to such claim.
Such notice must describe the nature of the claim, the relevant facts, the alleged damages and the remedial measures sought.
This section does not affect any mandatory limitation period provided for by applicable law.
12.11 Allocation of Risk
The Parties acknowledge that the Fees, the subscription model, the exclusions of warranties, the limitations of liability and the other terms of the Contract reflect a reasonable commercial allocation of risks between the Parties.
The Client acknowledges that Vorellis would not be able to provide the Services on the same economic terms without the limitations set out in this section.
12.12 Interpretation in accordance with applicable law
The limitations and exclusions set out in this section apply only to the extent permitted by applicable law.
If any limitation or exclusion is held to be invalid, unenforceable or excessive, it shall be interpreted or reduced to have the maximum effect permitted by applicable law, without affecting the validity of the other provisions of the Agreement.
13. Term, Suspension and Termination
13.1 Term of the Agreement
This Agreement shall come into force on the earlier of the following dates:
a) the date of acceptance of the first Purchase Order;
b) the date of activation of a Subscription;
c) the date on which the Client accesses or uses the Services for the first time;
d) any other date expressly stated in a Purchase Order.
The Agreement shall remain in force for as long as a Purchase Order, a Subscription or an outstanding obligation remains in force, unless terminated in accordance with the Agreement.
13.2 Subscription Term
Each Subscription is valid for the Subscription Period specified in the applicable Purchase Order.
Unless otherwise stated in the Order Form, the Subscription commences on the date of activation of the Services by Vorellis. It remains in force for the initial period specified in the Order Form.
13.3 Renewal
The applicable Purchase Order governs the renewal of the Subscription.
Where the Order Form provides for automatic renewal, the Subscription shall be renewed for successive periods of the same duration, unless either Party gives notice of non-renewal within the time limit specified in the Order Form.
In the absence of a timeframe specified in the Order Form, the notice of non-renewal must be given at least thirty (30) days before the end of the current Subscription Period.
Failure to renew a Subscription does not release the Client from their obligation to pay the Fees due for the current Subscription Period.
13.4 Termination at the Client’s discretion
The Client may not terminate a Subscription before the end of the applicable Subscription Period, unless the Order Form expressly provides for this or unless required by applicable law.
Where the Purchase Order permits termination at will, the terms regarding notice, effective date, refunds, credits or applicable fees shall be as set out therein.
Unless otherwise stated in the Purchase Order or required by applicable law, termination at the Client’s convenience shall not entitle the Client to any refund of Fees paid. It shall not cancel Fees incurred or payable for the current Subscription Period.
13.5 Termination for Breach
A Party may terminate the Contract or the relevant Purchase Order if the other Party commits a material breach of the Contract and fails to remedy such breach within thirty (30) days of receiving written notice describing the breach.
The cure period may be shorter if the breach creates a serious risk to the security, confidentiality or availability of the Services, the Client Data, Vorellis’ intellectual property rights, other Clients, Vorellis’ suppliers or the legal compliance of the Services.
13.6 Immediate termination by Vorellis
Vorellis may suspend or terminate all or part of the Services, the Account, the Contract or a Purchase Order immediately if Vorellis reasonably believes that:
a) the Client or an Authorised User is using the Services in an illegal, fraudulent, abusive, dangerous or unauthorised manner;
b) the Client is breaching the usage restrictions set out in the Contract;
c) the Client compromises or attempts to compromise the security, integrity, availability or performance of the Services;
d) the Client infringes Vorellis’ intellectual property rights or attempts to reproduce, extract, circumvent or exploit the Services in an unauthorised manner;
e) the Services are used to process prohibited, unlawful or unauthorised data or content;
f) the continued provision of the Services exposes Vorellis, its suppliers, its Subcontractors, its other clients or a third party to a significant legal, regulatory, operational or security risk;
g) the Client fails to pay an amount due and undisputed in good faith following reasonable notice;
h) the Client makes a false or misleading statement regarding their identity, their authority, their use of the Services or their rights over the Client Data;
i) the law, an order, a competent authority or an essential supplier requires or necessitates such suspension or termination.
Where reasonably practicable, Vorellis shall notify the Client prior to any immediate termination. However, Vorellis may act without prior notice where immediate action is required to mitigate a serious risk.
13.7 Suspension of the Services
Vorellis may suspend all or part of the Services, the Account, a Module, an integration, access or an authorised User where such suspension is reasonably necessary to:
a) prevent or mitigate a security risk;
b) stop any non-compliant use;
c) protect the Client’s Data, other Clients, Vorellis’ systems or Vorellis’ suppliers;
d) investigate an incident, abuse, fraud or suspicious activity;
e) comply with the law, a court order or a legally binding request;
f) to remedy a failure to pay in accordance with the Contract;
g) prevent any damage, loss, breach of confidentiality or infringement of the rights of Vorellis or third parties.
The suspension must be proportionate to the circumstances, as far as possible.
13.8 Effect of suspension
During a suspension, the Client remains bound by the Contract and must continue to fulfil its obligations, including those regarding payment, confidentiality, security, the protection of Credentials, and proper use.
Vorellis may restore access to the Services once the cause of the suspension has been rectified to its reasonable satisfaction.
Vorellis shall not be liable for any loss, interruption, delay, damage, cost or consequence arising from a suspension carried out in accordance with the Contract.
13.9 Suspension requested by the Client
The Client may request the suspension of certain access rights, Authorised Users, Modules or features where necessary for reasons of security, administration, an employee’s departure, an internal investigation, organisational change or Account management.
Vorellis may process this request in accordance with its reasonable procedures, subject to available features, operational lead times, the Administrator’s rights and applicable security obligations.
A suspension requested by the Client does not reduce the Fees payable, unless otherwise stated in the Purchase Order or in a written agreement from Vorellis.
13.10 Termination in the event of insolvency or cessation of business
To the extent permitted by applicable law, Vorellis may terminate the Contract or a Purchase Order if the Client:
a) substantially ceases its business operations;
b) becomes insolvent;
c) makes a general assignment of its assets for the benefit of its creditors;
d) becomes subject to bankruptcy, reorganisation, liquidation, receivership or any similar proceedings;
e) is unable to pay its debts as they fall due.
This clause applies only to the extent that it is valid and enforceable under the applicable laws relating to insolvency, bankruptcy or restructuring.
13.11 Termination of a Specific Purchase Order
The termination of a Purchase Order does not automatically result in the termination of other Purchase Orders or of the Contract as a whole, unless the nature of the breach, the context or the notice of termination clearly indicates otherwise.
Vorellis may limit termination or suspension to the relevant Purchase Order, Module, Account, Authorised User, environment, integration, or element, where such limitation is reasonable in the circumstances.
13.12 Survival of Certain Obligations
The termination or expiry of the Contract, a Purchase Order or a Subscription does not release the Parties from obligations which, by their nature, are intended to survive, in particular obligations relating to:
a) the payment of Fees due;
b) confidentiality;
c) intellectual property;
d) Client Data and its deletion, return or residual retention;
e) restrictions on use;
f) limitations of liability;
g) exclusions of warranties;
h) indemnification, where applicable;
i) dispute resolution;
j) any other provision which is reasonably intended to survive the expiry of the Contract.
13.13 No effect on accrued rights
The termination or expiry of the Contract, a Purchase Order or a Subscription shall not affect any rights, remedies, liabilities or obligations arising prior to the effective date of such termination or expiry.
Amounts due prior to termination or expiry remain payable.
13.14 Notice of termination or non-renewal
Any notice of termination or non-renewal must be given in accordance with the notice provisions set out in the Contract or by such reasonable means as specified by Vorellis.
The notice must identify the Agreement, Purchase Order, Subscription or Services concerned, specify the desired effective date and, in the case of termination for breach, describe the alleged breach in sufficient detail to enable the other Party to respond to it or remedy it where the Agreement provides for a right of remedy.
14. Effects of termination or expiry
14.1 Termination of Access Rights
On the effective date of termination or expiry of a Subscription, the right of the Client and its Authorised Users to access the relevant Services shall cease, unless otherwise provided for in the Purchase Order, the Contract or a written agreement with Vorellis.
Vorellis may deactivate or restrict the Client’s access to the Services, the Account, the Modules, integrations, AI Features, reports, dashboards, exports and other features associated with the terminated or expired Subscription.
14.2 Fees due
The termination or expiry of the Contract, a Purchase Order or a Subscription does not release the Client from its obligation to pay Fees due, incurred or payable prior to the effective date of the termination or expiry.
Unless otherwise specified in the Purchase Order or required by applicable law, Fees paid or payable for the current Subscription Period remain non-refundable.
14.3 Restricted access for export purposes
Unless termination is due to gross negligence, a security risk, misuse, non-payment, breach of usage restrictions or any other situation justifying immediate deactivation, Vorellis may, at its reasonable discretion, allow the Client temporary access to certain export features after the Subscription has ended.
Such limited access, when offered, is intended solely to enable the Client to export Client Data available in the formats then supported by the Services.
Unless otherwise specified in writing by Vorellis, this post-termination access is limited to a maximum period of thirty (30) days from the date of termination or expiry.
14.4 Client’s Responsibility to Export Their Data
The Client is responsible for exporting, downloading or retaining any Client Data they wish to keep prior to the end of the Subscription or during any period of limited access granted by Vorellis.
Vorellis is not obliged to provide a custom export, special extraction, format conversion, assisted migration, data restoration or transition service, unless expressly provided for in a Purchase Order, Statement of Work or separate contract.
14.5 Deletion or deactivation of Client Data
Following the termination or expiry of the Subscription, Vorellis may delete, anonymise, deactivate, archive or render inaccessible the Client Data associated with the relevant Account, subject to:
(a) reasonable technical processing times;
b) routine backups;
c) legal, regulatory, tax, accounting, security or audit obligations;
d) obligations set out in the Addendum relating to the processing of personal information;
e) the need to retain certain information to establish, exercise or defend a legal claim;
f) retention obligations relating to contractual evidence, technical logs, invoices, payments or acceptance histories.
14.6 Residual Backups
Certain Client Data may remain temporarily in backups, logs, technical archives, disaster recovery systems, security environments or ordinary residual copies following the deletion or deactivation of the Account.
Vorellis is not obliged to delete such residual copies immediately if their immediate deletion is not technically feasible or if they are retained in accordance with its normal backup, security, business continuity, compliance or retention practices.
Any Client Data retained in such residual copies remains subject to the applicable confidentiality, security and processing obligations.
14.7 Generated Results and Exported Documents
Subject to full payment of the Fees due and compliance with the Agreement, the Client may retain and use the Generated Results, reports, documents, exports or deliverables produced by the Services prior to termination or expiry, solely for its internal commercial, professional, organisational or institutional purposes.
However, the Client may not use such Generated Results, reports, documents, exports, or deliverables to create, develop, market, or improve any product, service, model, database, tool, or offering that competes with the Services, unless Vorellis has given its prior written consent.
Vorellis reserves all rights to its methodologies, templates, structures, workflows, taxonomies, content, rules, models, interfaces and other underlying elements.
14.8 Termination of licences and authorisations
Upon termination or expiry of the relevant Contract or Subscription, all licences, access rights, authorisations to use and limited rights granted to the Client in relation to the Services shall cease, unless otherwise expressly provided for in the Contract.
The Client must cease all use of the Services, non-public Documentation, access, Credentials, integrations and Vorellis elements to which it is no longer entitled.
14.9 Professional Transition Services
Any post-termination assistance, migration, assisted export, data transfer, replacement configuration, guidance, review, analysis, extended support, or transition service constitutes a separate Professional Service, unless expressly provided for in the applicable Purchase Order.
Vorellis is not obliged to provide these services without a separate written agreement, without operational availability and without payment of the applicable Fees.
14.10 Suspension or termination due to the Client’s fault
Where termination or suspension results from non-payment, non-compliant use, a security risk, fraud, an intellectual property infringement, misuse or a material breach by the Client, Vorellis may limit, refuse or make post-termination access to the Client’s Data, subject to conditions to the extent reasonably necessary to protect the Services, Vorellis, other Clients, its suppliers or its rights.
This clause does not limit Vorellis’ mandatory obligations under applicable law or the Addendum relating to the processing of personal information.
14.11 Data necessary for contractual evidence
Notwithstanding any termination or expiry, Vorellis may retain certain information necessary to demonstrate the existence, performance, acceptance or termination of the Contract, including:
a) Purchase Orders;
b) invoices and proofs of payment;
c) electronic acceptance logs;
d) accepted contract versions;
e) administrative communications;
f) billing information;
g) security or access logs necessary for the defence of Vorellis’ rights;
h) information necessary to comply with legal, tax, accounting or regulatory obligations.
This information remains subject to the applicable confidentiality and security obligations.
14.12 Effect on Subcontractors and Third-Party Services
The termination or expiry of the Subscription may result in the deactivation of integrations, access, connections, synchronisations, APIs or third-party services associated with the Client’s Account.
The Client is responsible for revoking or, where applicable, modifying the access or authorisations they have granted to third-party services connected to the Services.
Vorellis shall not be liable for any processing, storage, deletion, export or use carried out by third-party services controlled or authorised by the Client following termination or expiry.
14.13 Survival of Obligations
The termination or expiry of the Contract, a Purchase Order or a Subscription shall not affect those provisions which, by their nature, are intended to continue to apply, in particular those relating to:
a) the payment of Fees due;
b) confidentiality;
c) intellectual property;
d) Client Data and its deletion, return or residual retention;
e) restrictions on use;
f) exclusions of warranties;
g) limitations of liability;
h) indemnification, where applicable;
i) remedies;
j) the applicable law and dispute resolution;
k) any other provision that is reasonably intended to survive the termination of the Contract.
14.14 No liability for compliant deletion
To the extent permitted by applicable law, Vorellis shall not be liable for any loss, damage, cost, claim or consequence arising from the deletion, deactivation, anonymisation, archiving or inaccessibility of the Client Data carried out in accordance with the Contract, the Addendum relating to the processing of personal information (including its annex on security measures), the Purchase Order or applicable policies.
This clause applies in particular where the Client fails to export its Client Data before the end of the Subscription or during the period of limited access granted by Vorellis.
15. Changes to the Services and Contractual Documents
15.1 General Development of the Services
Vorellis may modify, correct, update, improve, optimise, or develop the Services to enhance their security, reliability, performance, user experience, compliance, maintenance, interoperability, or functional value.
Such modifications may, in particular, relate to:
a) the user interface;
b) the Modules;
c) workflows;
d) questionnaires;
e) reports;
f) AI features;
g) integrations;
h) performance;
i) security;
j) documentation;
k) technical configurations;
l) support or administration mechanisms.
15.2 Changes with no material impact
Vorellis may make changes to the Services that do not materially reduce the essential functionalities to which the Client is entitled under the applicable Purchase Order.
Such changes may be made without the Client’s further consent, provided that they are consistent with the Contract and do not substantially alter the essential commercial commitments of the current Purchase Order.
15.3 Material changes to the Services
During a current Subscription Period, Vorellis shall use reasonable efforts to avoid removing or substantially reducing any essential functionality expressly included in the applicable Purchase Order.
However, Vorellis may modify, suspend, replace or remove a feature where reasonably necessary, in particular for reasons of security, compliance, applicable law, reliance on a third-party supplier, end-of-life of technology, technical stability, performance, prevention of abuse or normal product evolution.
Where reasonably possible, Vorellis shall notify the Client of any material change likely to affect the Client’s normal use of the Services.
15.4 Changes required for security, compliance or emergency reasons
Vorellis may, without prior notice, make an immediate change to the Services, access, integrations, AI Features, Modules, configurations or Documentation where such a change is necessary to:
(a) to address a vulnerability;
b) prevent or limit a security incident;
c) comply with a law, order or legally binding request;
d) protect the Client’s Data, other Clients, Vorellis, its suppliers or its Subcontractors;
e) prevent fraud, abuse or unauthorised use;
f) to rectify a critical fault;
g) maintain the stability, availability or integrity of the Services.
In such cases, Vorellis may notify the Client after the change where reasonable and appropriate.
15.5 Amendments to Contractual Documents
Vorellis may periodically update this Agreement, Appendix A, the Addendum relating to the processing of personal data, including its appendices relating to security measures and sub-processors, the applicable policies and any other document incorporated by reference.
Any amendment to these documents must be identified by a new version number, an effective date or another reasonable means of determining the applicable version.
Amendments shall not apply retroactively to a Subscription Period already in progress, unless:
a) the Client expressly accepts them;
b) they are required by applicable law;
c) they are necessary for reasons of security, compliance, data protection, the operation of the Services or the prevention of abuse;
d) they are favourable to the Client or do not have a material adverse effect on their rights;
e) the Purchase Order or the relevant document expressly provides for a different rule.
15.6 Notice of amendment
Where Vorellis makes a material amendment to the contractual documents that adversely affects the Client’s rights or obligations, Vorellis shall give the Client reasonable notice prior to the amendment coming into effect, except in cases of emergency, security, legal compliance or an essential requirement imposed by a third party.
The notice may be sent by email, via the application, on a portal, on a dedicated contractual page, in the Documentation or by any other reasonable means.
The notice may include a summary of the amendment, the updated version of the document, the effective date and the documents concerned.
15.7 Effective Date of Amendments
Unless otherwise stated in the notice of amendment or in the relevant document, a material amendment to the contractual documents shall take effect on the earlier of the following dates:
a) on the date of the Client’s express acceptance;
b) upon renewal of the Subscription;
c) on the date specified in the notice of amendment;
d) on the date on which the Client continues to use the Services after the amendment comes into effect, provided that the Client has been reasonably notified of the amendment.
Amendments necessary for reasons of security, compliance, applicable law, prevention of misuse or protection of the Services may take effect immediately.
15.8 Amendments to the Purchase Order
A Purchase Order may only be amended by a written document accepted by Vorellis and the Client, or by an electronic amendment mechanism recognised by Vorellis.
Any changes to the plan, Fees, Modules, Usage Limits, Subscription Period, support level or the Client’s specific terms must be reflected in an amended Purchase Order, a new Purchase Order, a written confirmation or an electronic acceptance mechanism approved by Vorellis.
No commercial communication, demonstration, presentation, informal proposal, unauthorised email or statement by a partner shall amend a Purchase Order, unless confirmed in writing by Vorellis.
15.9 Changes to Fees
Vorellis may amend the Fees applicable to the Services for a renewal period, a new Purchase Order, an additional module, an exceedance of Usage Limits or an additional service.
Unless otherwise stated in the Purchase Order, a change to the Subscription Fees shall not apply to the current Subscription Period, unless the Client accepts the change, adds Services, exceeds the Usage Limits or requests an upgrade.
Where the Subscription renews automatically, Vorellis must notify the Client of a material increase in Fees within a reasonable time prior to the renewal, unless the increase results from additional usage, applicable taxes or fees already provided for in the Purchase Order.
15.10 Amendments to the Addendum relating to the processing of personal data
Any amendments to the Addendum on the Processing of Personal Data are governed by the terms set out in this Addendum.
Vorellis may amend this Addendum where necessary to reflect changes to applicable laws, the Services, Sub-processors, security measures, transfers, processing instructions or compliance requirements.
Where the amendment materially affects the Client’s rights or obligations regarding the processing of personal information, Vorellis shall provide reasonable notice to the Client, except in cases of emergency, legal requirement or security necessity.
15.11 Changes to security measures
Vorellis may update the security measures described in the Addendum relating to the processing of personal information, or in its annex relating to security measures, to reflect changes in its technical, organisational, and administrative measures.
Vorellis shall not materially reduce the overall level of security described in the Addendum on the Processing of Personal Information or in its annex on security measures during a current Subscription Period, unless such reduction is offset by reasonably equivalent measures or is necessitated by technical, legal, security or operational reasons.
15.12 Amendments to the List of Sub-processors
Vorellis may update the List of Sub-processors in accordance with the terms set out in the Addendum on the Processing of Personal Information.
Where required by the Contract, the Addendum relating to the processing of personal information or by applicable law, Vorellis shall notify the Client of the addition or replacement of a Sub-processor who processes personal information on behalf of the Client.
The rights to object or terminate in relation to the addition or replacement of a Sub-processor, where applicable, are those set out in the Addendum on the Processing of Personal Information.
15.13 Rejection of a Material Change
If the Client refuses a material amendment applicable to a future period, their primary remedy is not to renew the Subscription or to cease using the Services at the end of the current Subscription Period, unless the Contract, the Purchase Order or applicable law provides for another remedy.
If a material change is to apply during a current Subscription Period and significantly adversely affects the Client’s rights, the Parties shall cooperate in good faith to determine a reasonable solution, which may include a mitigation measure, a transition, an amendment to the Purchase Order or, where applicable, a termination of the relevant Purchase Order in accordance with the terms of the Agreement.
15.14 Applicable Versions and Archiving
Vorellis may retain a copy or history of the applicable versions of the Agreement, Purchase Orders, Annex A, the Addendum relating to the processing of personal data, including its annexes relating to security measures and sub-processors, and other incorporated documents.
The versions applicable to a Client may be determined by reference to the Purchase Order, the date of acceptance, the date of renewal, the version indicated in the document, the electronic acceptance logs or the contractual records retained by Vorellis.
15.15 Administrative Corrections
Vorellis may correct any typographical, administrative, formatting, numbering, reference, link or layout error in a contractual document, provided that such correction does not substantially alter the rights or obligations of the Parties.
15.16 No unauthorised modifications
No employee, representative, partner, affiliate, reseller, consultant, integrator, service provider or other third party is authorised to amend the Contract, a Purchase Order or an incorporated document, unless they have written authorisation from Vorellis or the amendment is accepted through a contractual mechanism approved by Vorellis.
No oral statement, sales presentation, demonstration, marketing document, support response or informal communication shall amend the Agreement, unless such amendment is expressly confirmed in writing by Vorellis in an applicable contractual document.
16. Governing Law, Jurisdiction and Dispute Resolution
16.1 Governing Law
The Agreement, any Purchase Order, the Services and any dispute arising out of or in connection therewith shall be governed by the laws of the Province of Quebec and the applicable federal laws of Canada, without regard to conflict of laws principles that might result in the application of the laws of another jurisdiction.
16.2 Exclusive Jurisdiction
Subject to the urgent remedies provided for in the Contract and the mandatory provisions of applicable law, the Parties agree that any dispute, remedy, claim, proceeding or action arising out of the Contract, a Purchase Order, the Services, Agent AlexArc, the Client Data, the generated Results or the contractual relationship between the Parties shall be submitted exclusively to the competent courts of Quebec, sitting in the judicial district of Montreal, Quebec, Canada.
Each Party irrevocably accepts the jurisdiction of these courts and waives, to the extent permitted by applicable law, any objection based on venue, ‘forum non conveniens’ or the alleged unsuitability of these courts.
16.3 Attempt at prior settlement
Before commencing legal proceedings, except in cases of urgency or where immediate relief is reasonably necessary, the Party wishing to raise a dispute must send written notice to the other Party reasonably describing:
(a) the nature of the dispute;
b) the relevant facts;
c) the relevant contractual provisions, where known;
d) the amounts claimed, if any;
e) the remedial action or desired outcome.
The Parties must then attempt to resolve the dispute in good faith through discussions between their authorised representatives within thirty (30) days of receipt of the notice, unless the Parties agree on a different period.
16.4 Escalation of commercial disputes
If the dispute is not resolved within the time limit set out in section 16.3, either Party may request that the dispute be referred to a director, executive officer or decision-making representative of the other Party.
The designated representatives shall endeavour to resolve the dispute in good faith within a reasonable period of time.
This step does not limit a Party’s right to bring legal proceedings where necessary to preserve its rights, avoid serious harm or meet an applicable deadline.
16.5 Voluntary mediation
The Parties may agree to submit a dispute to voluntary mediation before commencing or continuing legal proceedings.
Mediation is mandatory only if the Parties consent to it in writing after the dispute has arisen, or if required by applicable law or a rule of procedure.
Unless otherwise agreed, each Party shall bear its own costs of participating in the mediation, and the mediator’s fees shall be shared equally.
16.6 Urgent remedies and injunctive relief
Notwithstanding sections 16.3 to 16.5, a Party may immediately apply for a protective order, an injunction, a conservatory measure, a confidentiality order, a measure to protect intellectual property rights, Client Data, personal information, confidential information, trade secrets, the security of the Services or any other right requiring urgent intervention.
Such an application may be made to the competent courts of Quebec or to any other competent court where this is reasonably necessary to ensure the measure is effective.
16.7 Recovery of Outstanding Fees
Vorellis may take any reasonable steps to recover any Fees due, interest, recovery costs and other amounts payable under the Contract.
The pre-litigation procedures set out in sections 16.3 to 16.5 shall not apply where the claim relates primarily to the recovery of an amount due and undisputed in good faith.
16.8 No Restriction on Regulatory Obligations
Nothing in this section shall prevent a Party from responding to a request, investigation, order, inspection, audit or legally binding requirement issued by a competent governmental, judicial, administrative or regulatory authority.
The Client remains responsible for its own communications and obligations towards authorities, data subjects, employees, Clients, suppliers, auditors or any other third party, unless otherwise stipulated in a separate engagement letter.
16.9 Time limits and preservation of rights
A Party’s participation in a discussion, escalation or mediation shall not constitute a waiver of its rights, remedies, defences or limitation periods, unless otherwise agreed in writing.
Each Party remains responsible for taking the necessary steps to preserve its rights within the applicable time limits.
16.10 Continued Performance of Obligations
During any dispute, the Parties must continue to perform their uncontested obligations in good faith, including obligations regarding the payment of uncontested amounts, confidentiality, security, the protection of Client Data, and the proper use of the Services.
Vorellis may, however, suspend or terminate the Services in accordance with the Contract where the conditions for suspension or termination are met.
17. General Provisions
17.1 Notices
Any formal notice required under the Agreement must be in writing and delivered by one of the following means:
a) email to the address designated by the receiving Party;
b) registered post;
c) a recognised courier service;
d) notification via the app or portal, where permitted by the Contract;
e) any other means expressly agreed by the Parties.
Notices to Vorellis must be sent to the following address, unless otherwise specified by Vorellis:
Vorellis Inc.
2572 Daniel-Johnson Boulevard, 2nd floor
Laval, Quebec, H7T 2R3
Canada
Email: info@vorellis.com
Notices to the Client may be sent to the email address, postal address or administrative contact details specified in the Order Form, in the Account or in the Client’s billing information.
A notice is deemed to have been received:
a) at the time of dispatch, if sent by email without a delivery failure notification;
b) at the time of posting or notification, if sent via the application or portal;
c) on the confirmed delivery date, if sent by courier or registered post.
17.2 Operational communications
Vorellis may send the Client operational communications relating to the Services, including maintenance, updates, incidents, security, billing, support, renewals, contractual amendments, availability, features, or the administration of the Account.
These communications may be sent by email, via the app, on a portal, on a status page, via notification or by any other reasonable means.
The Client is responsible for keeping their administrative, technical, security and billing contact details up to date.
17.3 Assignment by the Client
The Client may not assign, transfer or delegate the Contract, a Purchase Order, a Subscription, an Account or its rights and obligations under the Contract without the prior written consent of Vorellis.
Any unauthorised assignment or attempted assignment shall be null and void or unenforceable against Vorellis, to the extent permitted by applicable law.
17.4 Assignment by Vorellis
Vorellis may assign, transfer or delegate the Contract, in whole or in part, without the Client’s consent, in the context of:
a) a corporate reorganisation;
b) a merger;
c) an acquisition;
d) a sale of all or a substantial part of its assets;
e) a transfer of its activities relating to the Services;
f) a financing or restructuring transaction.
Vorellis must, however, ensure that the transferee assumes the contractual obligations applicable to the portion of the Contract being transferred.
17.5 Subcontracting and Delegation
Vorellis may use employees, representatives, suppliers, service providers, subcontractors, hosting providers, processors, advisers or other third parties to provide, operate, maintain, secure, support or improve the Services.
The use of Subcontractors processing personal information on behalf of the Client is governed by the Addendum relating to the processing of personal information, including the List of Subcontractors.
17.6 Relationship between the Parties
The Parties are independent contractors.
Nothing in the Contract creates a partnership, joint venture, general agency, employment relationship, fiduciary relationship, agency, franchise, partnership or exclusive representation between the Parties.
Neither Party is authorised to bind the other Party, to enter into a contract on its behalf or to make a statement binding on the other Party, unless expressly authorised in writing.
17.7 Force Majeure
Neither Party shall be liable for any delay or failure to perform its obligations, other than payment obligations, where such delay or failure results from an event reasonably beyond its control, including:
a) a natural disaster;
b) fire, flood, major breakdown or accident;
c) war, terrorism, riot, civil unrest or major instability;
d) a pandemic, public health emergency or government measure;
e) strike or external industrial dispute;
f) major failure or disruption of the internet, telecommunications, electricity or public infrastructure;
g) failure of a cloud provider, network provider, payment provider or other essential provider beyond the reasonable control of the affected Party;
h) a cyberattack, security incident or vulnerability affecting a third party, where the affected Party has taken reasonable preventative and responsive measures.
The affected Party must notify the other Party within a reasonable time and use reasonable efforts to limit the impact of the event.
17.8 Compliance with applicable laws
Each Party must comply with the laws and regulations applicable to its activities under the Contract.
The Client remains responsible for determining whether its use of the Services complies with the laws, regulations, standards, contractual obligations and internal policies applicable to its activities, its Client Data and its Authorised Users.
17.9 Trade Restrictions, Sanctions and Export
The Client must not use the Services in a manner that contravenes applicable laws relating to economic sanctions, export controls, anti-money laundering, the financing of prohibited activities or trade restrictions.
The Client must not permit access to the Services to any person, entity, territory or jurisdiction subject to a prohibition applicable to Vorellis or the Client.
Vorellis may suspend or refuse the Services where necessary to comply with any applicable legal or regulatory obligation.
17.10 Severability
If any provision of the Agreement is held to be invalid, illegal, void, unenforceable or unenforceable, it shall be interpreted, limited or modified to the extent necessary to render it valid and enforceable, to the extent permitted by applicable law.
If such interpretation, limitation or modification is not possible, the provision in question shall be deemed to have been severed, without affecting the validity of the other provisions of the Contract.
17.11 Waiver
The fact that a Party does not immediately exercise a right, remedy or power provided for in the Contract shall not constitute a waiver of that right, remedy or power.
Any waiver must be in writing and shall apply only to the specific case to which it relates.
No waiver of a breach shall constitute a waiver of any future breach or of any other breach.
17.12 Entire Agreement
The Agreement constitutes the entire agreement between the Parties in relation to the Services. It supersedes any prior or contemporaneous agreement, proposal, statement, discussion, presentation, demonstration, quotation, communication or arrangement relating to the same subject matter, except to the extent that a document is expressly incorporated by reference.
No terms and conditions of purchase, purchase order from the Client, procurement policy, supplier portal, administrative document or unilateral condition of the Client shall amend the Agreement, even if Vorellis receives, accepts, processes or executes a document from the Client, unless expressly accepted in writing by Vorellis.
17.13 Priority of Documents
The order of priority of contractual documents is as set out in section 1.7.
In the event of any conflict between a contractual document and a marketing page, a demonstration, a sales presentation, non-contractual documentation or an informal communication, the contractual documents shall prevail.
17.14 Electronic signature and electronic acceptance
The Contract, a Purchase Order or any other contractual document may be accepted or signed electronically.
An electronic signature, click-through acceptance, in-app acceptance, portal acceptance, electronic confirmation or any other acceptance mechanism recognised by Vorellis shall have the same effect as a handwritten signature, to the extent permitted by applicable law.
Vorellis may retain the logs, metadata, versions, proofs of acceptance, IP addresses, identifiers, dates, times and electronic copies necessary to demonstrate the acceptance and integrity of the contractual documents.
17.15 Copies and Electronic Documents
The Contract and Purchase Orders may be drawn up in one or more electronic or physical copies.
Each copy shall be deemed to be an original, and all copies together shall constitute a single document.
17.16 Interpretation
Headings and subheadings are inserted solely for ease of reference and shall not affect the interpretation of the Contract.
Terms in the singular include the plural and vice versa, where the context permits.
The words “including”, “such as”, “notwithstanding” or similar expressions are deemed to mean “including, without limitation”.
The Contract shall be interpreted in a manner consistent with its commercial purpose, namely the provision of SaaS Services to a business Client.
17.17 Language
The language of the Contract is governed by section 1.8.
Where the Parties validly agree to use an English or bilingual version of the Agreement, the version that prevails is that specified in the Purchase Order or the relevant document.
17.18 No Third-Party Beneficiaries
Unless expressly stated otherwise in the Contract, no provision of the Contract confers any right, remedy or benefit on any third party.
The rights and remedies provided for in the Contract belong exclusively to the Parties and their authorised successors or assigns.
17.19 Cumulative remedies
Unless expressly provided otherwise, the rights and remedies provided for in the Contract are cumulative and are in addition to the rights and remedies available under applicable law.
The exercise of one remedy shall not preclude the exercise of another, unless they are incompatible or otherwise provided.
17.20 Survival
Provisions which, by their nature, are intended to survive the termination of the Contract shall continue to apply after the termination or expiry of the Contract, a Purchase Order or a Subscription.
These provisions include, in particular, those relating to Fees due, confidentiality, intellectual property, Client Data, restrictions on use, exclusions of warranties, limitations of liability, the effects of termination, applicable law, disputes and general provisions.
APPENDIX A
TERMS SPECIFIC TO THE AGENT ALEXARC PRODUCT
Version: 1.0
Effective date: [to be completed]
Publisher: Vorellis Inc.
Product covered: AlexArc Agent
1. Purpose and scope of Annex A
1.1 Purpose of Appendix A
This Appendix A — Terms and Conditions Specific to the Agent AlexArc Product (“Appendix A”) sets out the terms and conditions governing access to, use of and operation of the Agent AlexArc platform.
It supplements the Vorellis SaaS Framework Subscription Agreement, the applicable Purchase Order, the Addendum relating to the processing of personal information, and any other document expressly incorporated by reference.
1.2 Relationship to the Agreement
This Annex A forms an integral part of the Agreement.
Unless otherwise defined in this Annex A, the terms defined in the Vorellis SaaS Subscription Framework Agreement have the same meaning in this Annex A.
In the event of any conflict between this Annex A and the Vorellis SaaS Subscription Framework Agreement, the order of precedence set out in the Agreement shall apply.
1.3 Product in question
Agent AlexArc is a SaaS platform published by Vorellis, which enables the Client, in accordance with the Modules, features, jurisdictional packs, usage limits and conditions set out in the applicable Purchase Order, to structure, document, analyse, monitor and manage certain elements relating to compliance, governance, risk management, cybersecurity and the protection of personal data.
Agent AlexArc may include modules for gap identification, registers, evidence inventory, suppliers, assessments of privacy-related factors, incidents, data subject requests, remediation tasks, sessions, reports, questionnaires, jurisdiction packs, and AI features.
1.4 Access in accordance with the Purchase Order
The Client shall only have access to the Modules, features, jurisdiction packs, environments, service levels, options, volumes and usage limits expressly provided for in the applicable Purchase Order or activated by Vorellis in the Client’s Account.
The availability of a Module, feature, jurisdiction pack, integration, report, AI Feature or option may vary depending on the Subscription plan, usage limits, Account configuration, applicable Documentation, technical constraints or restrictions set out in the Contract.
1.5 Nature of Agent AlexArc
Agent AlexArc is a technological tool for assistance, structuring, documentation, analysis, monitoring and management.
Agent AlexArc does not, in itself, constitute legal advice, a legal opinion, an audit, a certification, a compliance attestation, regulatory validation, or a mandate as a vDPO, vRPRP, RPRP, DPO, CISO, legal adviser, auditor, professional consultant or external officer.
The Client remains responsible for its decisions, validations, legal, regulatory and contractual obligations, internal policies, Client Data, communications with authorities and data subjects, and the compliance measures implemented.
1.6 Mandatory human validation
The Client must review, validate, and approve the Client Data, configurations, responses, logs, reports, tasks, recommendations, classifications, statuses, documents, and Results generated before relying on them, using them, transmitting them to a third party, or making a decision based on them.
The Results generated by Agent AlexArc may depend on the information provided by the Client, the Account configuration, the activated Modules, the applicable jurisdictional packs, the available settings, the AI Features used and the limitations specific to the Services.
1.7 No guarantee of compliance
Agent AlexArc may assist the Client in documenting, structuring, analysing, prioritising and monitoring certain aspects of compliance, governance, cybersecurity, risk management or personal data protection.
However, the use of Agent AlexArc does not guarantee that the Client complies with, or will comply with, any law, regulation, standard, framework, contractual requirement, internal policy, auditor’s expectation, or position of a supervisory authority.
Vorellis does not guarantee that the use of Agent AlexArc will prevent an incident, a complaint, an access request, an investigation, a sanction, a loss, a claim, a finding of non-compliance or a failed audit.
1.8 Excluded Professional Services
This Appendix A does not add any Professional Services to the Client’s Subscription.
Any custom configuration, implementation, training, support, review, drafting, analysis, audit, legal validation, investigation, migration, custom integration or specialist assistance must be expressly provided for in a Purchase Order, a Statement of Work or a separate contract.
1.9 Documentation and Product Development
Vorellis may make available Documentation relating to Agent AlexArc, including guides, help pages, functional descriptions, technical instructions, getting-started guides, and recommended settings or explanations for the Modules.
The Documentation is intended to facilitate the use of Agent AlexArc. It does not amend the Contract unless expressly incorporated into a Purchase Order or a contractual document accepted by Vorellis.
Vorellis may develop Agent AlexArc in accordance with the Contract, in particular to improve the product’s security, reliability, performance, user experience, compliance, maintenance, interoperability, or functional value.
2. General description of Agent AlexArc
2.1 Main Function
Agent AlexArc is a SaaS platform designed to help the Client structure, document, track, and manage certain elements of their compliance, governance, risk management, cybersecurity and personal data protection programmes.
In particular, Agent AlexArc enables the Client to centralise certain information, complete questionnaires, generate or maintain registers, document discrepancies, track tasks, produce reports, manage documentary evidence, use jurisdictional packs and, where available, utilise certain AI Features.
2.2 Support and management platform
Agent AlexArc is a support and management platform. It is designed to assist the Client in organising their information, documenting their practices, prioritising tasks, and monitoring internal or external obligations.
Agent AlexArc does not replace the Client’s own policies, processes, controls, validations, decisions, internal resources, professional advisers or obligations.
2.3 Modular Approach
Agent AlexArc is organised into Modules. Each Module is designed for a specific function or area, including gap identification, registers, inventories, suppliers, assessments, incidents, data subject requests, remediation tasks, Sessions, questionnaires, reports, and jurisdictional packs.
Access to a Module depends on the applicable Purchase Order, the Client’s Subscription Plan, Usage Limits, Account configuration and available features.
2.4 Data, responses and evidence-based approach
Agent AlexArc operates in particular based on the Client’s Data, responses entered by the Client, uploaded documents, selected configurations, information on the Client’s activities, systems, suppliers, incidents, logs, metrics, tasks, or other relevant elements.
The quality, accuracy, completeness, and timeliness of the information entered or uploaded into Agent AlexArc may influence the Results, reports, statuses, recommendations, tasks, documents, or analyses produced by the Services.
2.5 Jurisdictional Pack Approach
Agent AlexArc may provide jurisdiction packs, reference frameworks, structured content, questionnaires, templates, mappings, requirements or controls associated with certain jurisdictions, laws, standards, reference frameworks or compliance areas.
These jurisdictional packs are used to structure the Client’s analysis and documentation. They do not constitute a legal opinion, an exhaustive interpretation of applicable law, a certification of compliance, or a guarantee that the Client complies with the relevant requirements.
2.6 Results-based approach
Agent AlexArc may produce, provide or display generated results, including reports, analyses, statuses, classifications, scores, recommendations, tasks, questionnaires, documents, summaries or other outputs.
These Generated Results are provided as support tools. They must be reviewed, validated and approved by the Client prior to any operational, legal, regulatory, contractual, commercial or organisational use.
2.7 Session-based approach and guided journeys
Agent AlexArc may offer Sessions, guided workflows, questionnaires, workflows, micro-tasks or interactive experiences designed to help the Client or its authorised Users complete certain information, produce certain items, document certain events or make progress on certain tasks.
Sessions and guided workflows do not guarantee that the Client’s responses are accurate, complete, sufficient or compliant. The Client remains responsible for validating the resulting responses, information, documents, decisions and actions.
2.8 Evolving Approach
Agent AlexArc is an evolving product. Vorellis may add, modify, improve, limit, replace, or remove certain Modules, features, content, packs, questionnaires, workflows, Sessions, integrations, or AI Features in accordance with the Contract.
Certain features may be offered progressively, in beta, in pre-release, in early access or subject to specific conditions set out in the Purchase Order, the Documentation or the Contract.
3. Available Modules and Features
3.1 Access to Modules
Agent AlexArc comprises Modules and features which may vary depending on the Subscription plan, the applicable Purchase Order, the Usage Limits, the activated jurisdictional packs, the Account configuration and the available features.
The Client has access only to the Modules, features, reports, registers, packs, Sessions, integrations, options and AI Features expressly provided for in the applicable Purchase Order or activated by Vorellis in the Client’s Account.
3.2 Gap Identification Module
Agent AlexArc may include a Gap Identification Module that enables the Client to compare certain information, responses, evidence, measures, or documented practices against the requirements, controls, criteria, questionnaires, jurisdictional packs, or reference frameworks available on the platform.
This Module may help to identify discrepancies, missing items, remedial tasks, priorities, statuses or items to be completed. The Client must validate any identified discrepancies before any decision or action is taken.
3.3 Register Modules
Agent AlexArc may include Register Modules that enable the Client to centralise, structure, or retain certain information relating to their activities, obligations, measures, or events.
These registers may, in particular, cover:
a) processing activities;
b) documentary evidence;
c) suppliers and service providers;
d) privacy impact assessments;
(e) incidents;
f) requests from data subjects;
g) remedial tasks;
h) any other logs available within the Services.
The logs provided by Agent AlexArc are documentation and monitoring tools. The Client remains responsible for the accuracy, completeness, updating and validation of the information they contain.
3.4 Evidence Inventory Module
Agent AlexArc may include an Evidence Inventory Module that enables the Client to identify, upload, classify, link to, or track certain documents, files, policies, procedures, reports, screenshots, certificates, or other items of evidence.
The existence of an item in the evidence inventory does not imply that such an item is legally valid, sufficient, complete, up to date or compliant. The Client remains responsible for validating the relevance, quality, sufficiency and currency of each piece of evidence.
3.5 Suppliers and Service Providers Module
Agent AlexArc may include a Module relating to the Client’s suppliers, service providers, subcontractors or other third parties.
This Module may be used to document certain information relating to suppliers, including their roles, the services provided, the categories of data concerned, contractual measures, transfers, risks, assessments, associated documents, and required follow-ups.
The Client remains responsible for the accuracy of information relating to its suppliers, for reviewing its contracts, for assessing its risks and for deciding whether to retain, maintain, suspend or replace a supplier.
3.6 Privacy Impact Assessment Module
Agent AlexArc may include a Privacy Impact Assessment Module or a similar assessment module, depending on the jurisdictions or activated packages.
This Module may assist the Client in structuring certain questions, answers, analyses, risks, mitigation measures, decisions, and evidence relating to an activity, project, system, transfer, supplier, or the processing of personal information.
This Module does not constitute a validated PIA, a legal opinion, regulatory approval or a guarantee that the assessment carried out by the Client is complete, sufficient or compliant.
3.7 Incident Module
Agent AlexArc may include an Incident Module that covers, in particular, the creation, documentation, classification, management, or monitoring of security or confidentiality incidents.
This Module may assist the Client in documenting known facts, dates, affected systems, categories of information concerned, potentially affected individuals, measures taken, required follow-up actions and internal decisions.
The Client remains responsible for determining whether an incident must be notified to an authority, a data subject, a client, an insurer, a supplier or any other third party, unless a separate mandate expressly provides for professional assistance in this regard.
3.8 Data Subject Requests Module
Agent AlexArc may include a module for data subject requests, including, in particular, requests for access, rectification, withdrawal, erasure, portability, objection, or other requests recognised by applicable laws.
This Module can assist the Client in documenting the receipt, classification, processing, timeframes, responses, validations, communications and evidence relating to such requests.
The Client remains responsible for determining its applicable obligations, verifying the identity of the data subject, complying with statutory time limits, preparing appropriate responses and retaining the necessary evidence.
3.9 Remediation Tasks Module
Agent AlexArc may include a Remediation Tasks Module that enables the creation, assignment, tracking, prioritisation, and documentation of tasks related to discrepancies, records, evidence, incidents, suppliers, assessments, requests, recommendations, or generated Results.
The tasks proposed or generated by Agent AlexArc are monitoring tools. They do not guarantee that the recommended actions are sufficient, complete, legally required or suitable for all of the Client’s circumstances.
3.10 Sessions Module
Agent AlexArc may include a Sessions Module that enables guided journeys, questionnaires, steps, micro-tasks, collaborative workflows, or interactive experiences to be presented to certain authorised Users.
Sessions may be used to collect responses, supplement information, document an event, support an internal process, generate specific results, or populate specific records, tasks, or reports.
The specific rules applicable to Sessions are set out in section 7 of this Annex A.
3.11 Questionnaires and question templates
Agent AlexArc may include questionnaires, question templates, question variants, help texts, answer choices, conditional rules, flow logic, or structured content to assist the Client in collecting and qualifying certain information.
These questionnaires and templates do not replace the questions, validations, policies, processes or controls that the Client must put in place in accordance with its obligations.
3.12 Reports, dashboards and summaries
Agent AlexArc may include reports, dashboards, summaries, indicators, scores, statuses, consolidated views or visualisations.
These elements are intended to help the Client track certain tasks, discrepancies, risks, evidence, records, incidents, suppliers, requests, tasks or other elements available in Agent AlexArc.
Reports, dashboards, and summaries depend on the Client’s Data, configured settings, activated Modules, and Service-specific limits. They must be validated by the Client prior to any decision-making, legal, regulatory, contractual or external use.
3.13 Document Generation
Agent AlexArc may include tools for generating, preparing or exporting documents, templates, reports, registers, policies, procedures, forms, notices, summaries or other content.
The generated documents are provided as tools for assistance and structuring. They must be reviewed, adapted, completed and approved by the Client prior to use.
No document generated by Agent AlexArc constitutes, in itself, a validated legal document, a legal opinion, a certificate of compliance or sufficient proof of compliance.
3.14 AI Features
Agent AlexArc may include AI Features designed to assist the Client with certain tasks, including analysis, structuring, summarisation, classification, rephrasing, generation, or prioritisation of content.
The specific rules applicable to AI Features are set out in section 6 of this Annex A.
3.15 Evolving Availability of Modules
Vorellis may add, modify, enhance, limit, suspend, replace or remove certain Modules or features in accordance with the Contract.
A Module or feature mentioned in the Documentation, in a presentation, in a demonstration, in a roadmap or in a marketing communication is only included in the Client’s Subscription if it is specified in the applicable Purchase Order or activated by Vorellis in the Client’s Account.
4. Jurisdictional packs and compliance content
4.1 Purpose of Jurisdictional Packs
Agent AlexArc may make available to the Client jurisdiction packs, compliance content, structured repositories, questionnaires, requirements, controls, templates, mappings, statuses, decision rules, help texts or other content associated with certain laws, jurisdictions, standards, reference frameworks or compliance areas.
These jurisdiction packs are intended to assist the Client in structuring, documenting, analysing, prioritising and monitoring certain compliance elements.
4.2 Access in accordance with the Purchase Order
The Client has access only to the jurisdiction packs expressly provided for in the applicable Purchase Order or activated by Vorellis in the Client’s Account.
Access to a jurisdiction pack may be limited depending on the Subscription plan, the activated Modules, the Usage Limits, the Account configuration, the relevant jurisdiction, the available language, the applicable Documentation or the available features.
4.3 Nature of compliance content
The compliance content available in Agent AlexArc is provided as tools for assistance, structuring, documentation and analysis support.
It does not constitute a legal opinion, legal advice, an exhaustive interpretation of applicable law, a certification, an attestation, regulatory validation, an audit or a guarantee of compliance.
The Client remains responsible for determining the laws, regulations, standards, contractual requirements, internal policies, sector-specific obligations and regulatory expectations applicable to its activities.
4.4 Evolving content
Jurisdictional packs and compliance content may be modified, updated, corrected, expanded, replaced or removed by Vorellis in accordance with the Contract.
This content may be subject to change, in particular due to legislative, regulatory, administrative, case-law, doctrinal, normative, operational, or technical changes, or to improve the quality, consistency, security, user experience, or functional value of Agent AlexArc.
Vorellis does not guarantee that all legislative, regulatory, normative or administrative changes will be immediately incorporated into Agent AlexArc.
4.5 Non-exhaustiveness
A jurisdiction pack may cover certain topics, requirements, controls, issues, registers, tasks, evidence or documents deemed relevant by Vorellis for the operation of Agent AlexArc.
However, a jurisdiction pack must not be interpreted as covering all legal, regulatory, contractual, sector-specific, professional or organisational obligations applicable to the Client.
The Client remains responsible for supplementing the analysis where its context, sector of activity, data flows, suppliers, systems, international activities, contractual commitments or specific risks require further analysis.
4.6 Application to a specific organisation or activity
Jurisdictional packs are provided based on structured content and general parameters. Their relevance depends on the information provided by the Client, the responses entered, the activated Modules, the Client’s Data, the Account configurations and the actual context of the Client’s activities.
Vorellis does not guarantee that a jurisdiction pack is fully suited to a Client’s specific organisation, activity, sector, supplier, system, incident, transfer, project, contract, category of personal information or use case.
4.7 Validation by the Client
The Client must review, validate, and approve any analysis, recommendation, task, status, classification, report, document, register, or Result generated from a jurisdiction pack before relying on or using it.
The Client must, where necessary, seek the advice of its legal, professional, technical, security, compliance or data protection advisers before making a decision based on a jurisdiction pack or compliance content.
4.8 Multi-jurisdictional packs
Agent AlexArc may allow the use of multiple jurisdiction packs for the same Client, organisation, activity, supplier, project or register.
When multiple jurisdiction packs are used, the Results generated may reflect requirements, controls, questions, or recommendations arising from different jurisdictions, laws, standards, or frameworks.
The Client remains responsible for determining the jurisdictions that are actually applicable, resolving conflicts between requirements, prioritising relevant obligations and validating the measures to be implemented.
4.9 Educational content and help texts
Agent AlexArc may include educational content, help texts, explanations, examples, definitions, notes, instructions, micro-content, general recommendations or training materials related to a jurisdiction pack or a Module.
This content is intended to help authorised Users understand certain issues, fields, tasks, registers or generated Results.
It does not constitute comprehensive training, professional advice, legal advice or a personalised assessment of the Client’s situation.
4.10 Mappings, checks and statuses
Agent AlexArc may use mappings, controls, statuses, correspondence rules, priority levels, deviation categories, indicators, scores or processing logic to structure certain generated Results.
These elements are classification and decision-support tools. They must not be interpreted as definitive conclusions regarding the Client’s compliance, maturity, adequacy of measures or actual level of risk.
The Client remains responsible for validating the relevance of the statuses, scores, priorities, classifications and recommendations displayed in Agent AlexArc.
4.11 Available languages
Jurisdictional packs and compliance content may be available in one or more languages, depending on the content developed, the jurisdictions covered, the Modules activated and the features available.
In the event of a discrepancy between two language versions of the same content, the Client must verify the applicable version before relying on it, particularly where the language version used is not the official language of the relevant legislative, regulatory, normative or contractual text.
4.12 No attorney-client relationship
The provision of a jurisdiction pack, compliance content, questionnaire, mapping, recommendation, report, template or generated Result does not create any attorney-client, adviser-client, auditor-client, DPO-client, RPRP-client or consultant-client relationship between Vorellis and the Client.
Any separate professional relationship must be expressly provided for in a Purchase Order, a Statement of Work or a separate contract.
5. Deliverables, reports, status updates and recommendations
5.1 Purpose of Generated Results
Agent AlexArc may produce, propose, display or export Generated Results, including reports, summaries, analyses, statuses, scores, classifications, recommendations, tasks, questionnaires, registers, documents, alerts, priorities or other outputs related to the activated Modules.
Generated Results are intended to assist the Client in structuring, documenting, prioritising, monitoring and managing certain elements relating to compliance, governance, risk management, cybersecurity and the protection of personal information.
5.2 Dependence on Client Data
The generated Results depend in particular on:
a) the Client’s Data;
b) the responses entered by the Client or its authorised Users;
c) the documents uploaded;
d) the Account settings;
e) the activated Modules;
(f) the applicable jurisdiction packages;
g) usage limits;
h) the available settings;
i) the rules, mappings, templates or content used by Agent AlexArc;
j) the AI features used, where applicable.
Incomplete, inaccurate, out-of-date, contradictory, mislabelled or insufficient Client Data may produce incomplete, inaccurate, irrelevant or unsuitable generated Results.
5.3 No definitive conclusion
The Generated Results are provided as tools to assist and aid decision-making.
They do not constitute a definitive conclusion, a legal opinion, legal advice, professional validation, an audit, certification, attestation, regulatory approval or a guarantee of compliance.
The Client remains responsible for determining whether a generated Result is accurate, complete, relevant, sufficient, up to date and appropriate to their context.
5.4 Mandatory validation by the Client
The Client must review, validate and approve the generated Results before:
a) relying on them;
b) using them for decision-making purposes;
c) passing them on to a third party;
d) filing them in an internal or external file;
e) using them in communications with an authority;
f) to use them in communications with a data subject, a Client, a supplier, an employee or a partner;
g) to use them as evidence of compliance, governance, cybersecurity, risk management or personal data protection.
5.5 Reports and dashboards
Agent AlexArc can generate or display reports, dashboards, consolidated views, indicators, visualisations, summaries or exports.
These elements are intended to facilitate the understanding and monitoring of certain information available in Agent AlexArc.
They may be incomplete or inaccurate if the underlying information is incomplete, inaccurate, out of date, poorly structured, poorly labelled or not validated by the Client.
5.6 Statuses, scores and classifications
Agent AlexArc may display statuses, scores, priority levels, deviation categories, progress indicators, risk levels, maturity levels, completeness levels or other classifications.
These elements are provided for the purposes of structuring, monitoring and prioritisation.
They must not be interpreted as a definitive measure of compliance, actual risk, organisational maturity, adequacy of controls, legal validity or regulatory compliance.
The Client remains responsible for interpreting, validating and, where necessary, correcting these statuses, scores, priorities or classifications.
5.7 Recommendations and tasks
Agent AlexArc may propose or generate recommendations, tasks, remedial actions, follow-ups, reminders, priorities, or measures to be considered.
These recommendations and tasks are provided as management and monitoring tools. They do not guarantee that the proposed actions are mandatory, sufficient, complete, legally required, proportionate or appropriate to all of the Client’s circumstances.
The Client remains responsible for deciding whether to implement, modify, postpone, ignore or reject a recommendation, task or measure proposed by Agent AlexArc.
5.8 Documents generated or prepared
Agent AlexArc may assist in generating, preparing, structuring or exporting documents, including policies, procedures, registers, reports, forms, notices, tables, summaries, action plans or other documentary content.
These documents are provided as templates, drafts, support tools, or content to be completed.
They must be reviewed, adapted, completed and approved by the Client before use.
No document generated or prepared by Agent AlexArc constitutes, in itself, a final legal document, sufficient proof of compliance, a legal opinion, a certification or a professional validation.
5.9 External use of the generated Results
The Client may use the Generated Results for its internal commercial, professional, organisational or institutional purposes, subject to the Contract, the applicable Purchase Order and this Annex A.
Before any external communication of a Generated Result, the Client must ensure that such Result is accurate, complete, appropriate, authorised and suitable for the relevant recipient.
The Client remains responsible for any communication of Generated Results to an authority, auditor, insurer, client, supplier, employee, data subject or any other third party.
5.10 Generated Results and the Client’s Legal Obligations
Generated Results do not replace the Client’s legal, regulatory, contractual, professional, sector-specific or internal obligations.
The Client remains responsible in particular for:
a) determining its applicable obligations;
b) complying with applicable deadlines;
c) retaining the required evidence;
d) documenting its decisions;
e) communicating with the relevant authorities or persons where required;
f) to obtain the necessary internal approvals;
g) have the results validated by their professional advisers, where applicable.
5.11 Modifications to the generated results
The Client may modify, supplement, adapt or correct the Generated Results for its internal purposes, subject to the Contract and Vorellis’ intellectual property rights in the underlying elements of Agent AlexArc.
The Client remains responsible for any modification, adaptation, interpretation, communication or use of the Generated Results after their production, export or modification.
5.12 Retention and history of generated results
Agent AlexArc may retain certain generated results, histories, versions, logs, exports, statuses, or usage records, depending on available features, the Account configuration, the Usage Limits, and applicable retention rules.
Vorellis does not guarantee that all Generated Results will be retained indefinitely, retrievable at any time, exportable in all formats, or available after the termination or expiry of the Subscription.
The Client remains responsible for exporting, backing up or retaining any Generated Results they wish to keep outside of Agent AlexArc.
5.13 Similar Generated Results
The Client acknowledges that certain Generated Results may be similar or identical to results, templates, recommendations, formulations, reports, tasks, classifications or documents produced for other Clients, particularly where standard content, templates, jurisdiction packs, rules, taxonomies, questions or similar AI Features are used.
Nothing in this Annex A shall limit Vorellis’ right to provide other clients with similar features, templates, reports, content, recommendations, documents, structures, taxonomies, workflows or results, subject to the confidentiality obligations applicable to the Client’s Data.
5.14 No Competitive Use
The Client may not use the generated Results, reports, documents, classifications, mappings, questionnaires, statuses, models, recommendations or other outputs from Agent AlexArc to create, train, feed, improve, market or offer a product, service, model, database, tool, repository or offering that competes with the Services, unless Vorellis has given its prior written consent.
This restriction does not limit the Client’s normal use of the Generated Results for internal commercial, professional, organisational or institutional purposes, in accordance with the Contract.
6. AI Features
6.1 Purpose of AI Features
Agent AlexArc may include AI Features designed to assist the Client with certain tasks involving structuring, analysis, summarisation, classification, reformulation, document generation, prioritisation, comparison or decision support.
The AI Features are provided as support tools. They do not replace human validation, professional judgement, legal advice, compliance analysis, security analysis, auditing, internal approval or the Client’s final decision.
6.2 Available AI Features
Depending on the Subscription plan, the activated Modules, the applicable jurisdiction packs, the Usage Limits and the features then available, the AI Features may, in particular, assist the Client in:
a) summarise certain information entered or uploaded into Agent AlexArc;
b) rephrase responses, findings, descriptions, tasks or texts;
c) suggest classifications, statuses, priorities, or items to be completed;
d) generate draft reports, summaries, policies, procedures, notices, registers or other documents;
e) assist in preparing responses to questionnaires or Sessions;
f) identify inconsistencies, missing information or items requiring validation;
g) propose remedial tasks or courses of action;
h) support the analysis of certain discrepancies or compliance issues;
i) facilitate navigation, searching or understanding of certain content available on Agent AlexArc.
Vorellis may add, modify, limit, suspend or remove certain AI Features in accordance with the Contract.
6.3 Reliance on Client Data and Instructions
The Results generated by the AI Features depend in particular on the Client Data, prompts, instructions, questions, documents, responses, configurations, settings, activated Modules, applicable jurisdiction packs and technical limitations specific to the Services.
Incomplete, inaccurate, ambiguous, out-of-date, contradictory or poorly qualified information may produce incomplete, inaccurate, irrelevant or unsuitable Results.
The Client remains responsible for formulating appropriate instructions, providing accurate information and validating the results obtained.
6.4 Limitations inherent in AI Features
The AI Features may produce results that are incomplete, inaccurate, ambiguous, out of date, irrelevant, overly general, insufficiently contextualised, or require human correction.
They may also propose formulations, classifications, tasks, summaries, recommendations or documents that appear plausible but are not accurate, complete, sufficient or suited to the Client’s actual context.
The Client must not assume that a result generated by an AI Feature is accurate, compliant, legally valid, sufficient or complete.
6.5 Mandatory human validation
The Client must review, validate and approve any Result generated by an AI Feature before relying on it, using it, transmitting it to a third party, incorporating it into a register, filing it in a dossier, communicating it to an authority or making a decision based on it.
This validation must be carried out by a competent person, depending on the nature of the result in question, in particular by a person responsible for compliance, data protection, cybersecurity, legal affairs, operations, human resources, IT or any other relevant function within the Client’s organisation.
6.6 No automated legal or professional advice
The AI Features do not provide legal advice, legal opinions, professional advice, audits, certifications, attestations, regulatory validation or professional decisions.
The Client must not use an Output generated by an AI Feature as a substitute for the advice of its legal, professional, technical, security, compliance or data protection advisers.
Where the context warrants, the Client must obtain separate professional advice before making a decision or acting based on a generated Result.
6.7 Automated decisions and significant effects
The Client must not use the AI Features to make a decision, without appropriate human intervention, that has a legal, contractual, disciplinary, financial, regulatory, operational, or otherwise significant effect on an individual or an organisation.
Without limiting the foregoing, the Client must not rely solely on the AI Features to:
a) decide whether an incident should be reported;
b) respond to a request for access, rectification, erasure, portability or any other request from a data subject;
c) conclude that a processing activity is compliant;
d) conclude that a supplier is acceptable or unacceptable;
e) conclude that a DPIA is complete or sufficient;
f) conclude that a document is legally valid;
g) conclude that a security measure is sufficient;
h) decide an employee, a candidate, a Client, a supplier or any other data subject.
6.8 Data submitted to the AI Features
The Client remains responsible for the Client Data, including prompts, files, documents, responses, information or content submitted to the AI Features.
The Client must avoid submitting to the AI Features any sensitive personal data, highly confidential information, trade secrets, medical information, information relating to minors, usernames, passwords, access keys, sensitive financial data, or other high-risk information, unless this is necessary, proportionate, authorised, and in accordance with the Contract.
Where certain sensitive information is necessary for the use of an AI Feature, the Client remains responsible for ensuring that such use complies with its legal, regulatory, contractual and internal obligations.
6.9 Prohibited use of AI Features
The Client must not use the AI Features to:
a) produce, facilitate or conceal any illegal, fraudulent, deceptive, abusive or harmful activity;
b) generate automated legal advice without human validation;
c) generate a compliance conclusion without appropriate validation;
d) circumvent the rules of use, security, confidentiality, access control or Usage Limits;
e) extract, reproduce, reconstruct, test or circumvent the prompts, models, internal rules, logic, systems or mechanisms used by Vorellis;
f) train, improve, feed, compare or develop a competing product, service, model, database, repository or tool;
g) produce content that is defamatory, discriminatory, harassing, misleading, fraudulent, unlawful or infringes the rights of a third party;
h) generate or facilitate an automated decision that is prohibited or unauthorised under applicable law;
i) submit data that the Client is not entitled to use, process or disclose within the Services.
6.10 Suppliers, models and AI infrastructure
Vorellis may use third-party models, APIs, suppliers, infrastructure, tools or services to provide certain AI Features.
Where such third-party providers or services process Client Data or personal information on the Client’s behalf, the Agreement governs their use, the Addendum relating to the processing of personal information, the applicable security measures and, where applicable, the List of Sub-processors.
The availability, performance, limitations, capabilities or behaviour of certain AI Features may depend on third-party providers, models, APIs or infrastructure.
6.11 Training of AI models
Unless expressly authorised by the Client or otherwise stated in the Purchase Order, Vorellis does not use Client Data to train general artificial intelligence models intended for other clients.
Vorellis may, however, use technical, statistical, aggregated, de-identified, or usage data, in accordance with the Contract, to operate, secure, maintain, measure, correct, and improve the Services.
6.12 Logs, Monitoring and Improvement
Vorellis may log certain uses of the AI Features to provide, secure, maintain, monitor, diagnose, correct, improve, or administer the Services.
These logs may include, in particular, usage metadata, technical information, timestamps, user identifiers, modules used, query types, volumes, errors, limits reached or other information necessary for the operation of the Services.
Where such logs contain Client Data or personal information, they are processed in accordance with the Agreement and, where applicable, the Addendum relating to the processing of personal information.
6.13 AI Usage Limits
The AI Features may be subject to specific usage limits, including the number of requests, content volume, documents processed, tokens, exports, API calls, Modules, users, organisations, jurisdiction packs, or periods of use.
Vorellis may limit, throttle, suspend, or temporarily restrict certain AI Features where necessary to ensure security, stability, availability, performance, prevent abuse, or comply with applicable Usage Limits.
Additional charges may apply where the Client exceeds the AI Usage Limits set out in the applicable Purchase Order.
6.14 Similar AI Results
The Client acknowledges that certain AI Features may produce similar or identical results for different Clients, particularly where similar questions, templates, jurisdiction packs, prompts, structures, requirements or input data are used.
Nothing in this Annex A shall prevent Vorellis from providing other clients with similar features, models, formulations, structures, recommendations, reports, tasks, classifications or generated Results, subject to the confidentiality obligations applicable to the Client’s Data.
6.15 Suspension or Restriction of AI Features
Vorellis may suspend, limit, disable or restrict access to certain AI Features where it reasonably believes that their use:
a) breaches the Agreement;
b) poses a risk to security, confidentiality, misuse or non-compliance;
c) exceeds the applicable Usage Limits;
d) compromises the stability or availability of the Services;
e) contravenes the terms and conditions of a third-party supplier;
f) exposes Vorellis, the Client, another Client, a supplier or a third party to a legal, regulatory, technical or operational risk.
To the extent reasonably practicable, Vorellis shall limit the suspension or restriction to the relevant AI Functionality, Account, usage, Module, user or content.
7. Sessions, questionnaires and guided journeys
7.1 Purpose of the Sessions Module
Agent AlexArc may include a Sessions Module that enables the Client to present to its authorised Users guided tours, questionnaires, steps, micro-tasks, collaborative workflows, or interactive experiences aimed at collecting, structuring, completing, or validating certain information.
Sessions may, in particular, be used to support information gathering, the documentation of internal practices, the classification of situations, the preparation of records, task management, incident documentation, the processing of requests from data subjects, the compilation of evidence, or any other process available in Agent AlexArc.
7.2 Access to Sessions
Access to the Sessions Module depends on the applicable Purchase Order, Subscription plan, activated Modules, usage limits, applicable jurisdictional packs, Account configuration and available features.
Vorellis may restrict certain Sessions to authorised roles, profiles, Modules, organisations, jurisdictional packs, workflows, or User categories.
7.3 Questions, answers, and help texts
Sessions may contain questions, answer options, free-text fields, drop-down lists, validations, help texts, examples, instructions, thresholds, conditional rules, dependencies or educational content.
These elements are intended to assist authorised Users in entering and classifying certain information.
They do not guarantee that the answers provided by the Client or its Authorised Users are accurate, complete, sufficient, relevant, compliant or appropriate to the Client’s actual context.
7.4 Client Responses and Data
Responses, files, comments, choices, validations, documents, information or content entered, uploaded or produced during a Session constitute Client Data.
The Client remains responsible for the accuracy, quality, completeness, legality, relevance and up-to-date nature of the information entered or uploaded during Sessions.
Vorellis is not required to verify the responses or documents provided in a Session, unless a separate mandate expressly provides for this.
7.5 Effects of Sessions on Records, Tasks, and Generated Results
The information entered in a Session may, depending on the available features, populate or modify certain records, reports, tasks, statuses, documents, evidence, workflows, recommendations or other generated Results.
The Client must verify the effects of a Session before approving, using, transmitting or finalising the resulting generated Outputs.
A completed Session does not mean that the underlying process is legally compliant, operationally complete, validated by a competent person or sufficient to satisfy the Client’s obligations.
7.6 Collaborative Sessions
Certain Sessions may allow several authorised Users to participate, in particular to gather information from different teams, assign tasks, request validations, comment on specific elements, or complete a multi-step process.
The Client remains responsible for determining the persons authorised to participate in a Session, the roles assigned, the access rights granted, the information shared, and the internal validations required.
Any act or omission by an authorised User in the context of a Session shall be deemed to constitute an act or omission by the Client, in accordance with the Contract.
7.7 Incident-related Sessions
Where a Session is used to document a security or confidentiality incident or any similar event, its purpose is to assist the Client in collecting, organising and tracking information relating to that event.
Such a Session does not constitute a full investigation, a definitive legal assessment, a decision to notify, a statement to an authority, a communication to a data subject or a validation of the adequacy of the measures taken.
The Client remains responsible for determining, within the applicable timeframes, its obligations regarding notification, documentation, remediation, communication, preservation of evidence and follow-up.
7.8 Sessions relating to requests from data subjects
Where a Session is used to document or process a request for access, rectification, erasure, portability, objection or any other request from a data subject, it is intended to assist the Client in structuring the follow-up to that request.
Such a Session does not replace the verification of the data subject’s identity, the analysis of applicable rights, the assessment of exceptions, the preparation of a response, compliance with statutory time limits, or the retention of the required evidence.
The Client remains responsible for any decision, response, communication or omission relating to a request from a data subject.
7.9 Sessions relating to remediation tasks
When a Session is used to create, assign, complete, validate or track a remediation task, it serves as a management and monitoring tool.
The completion of a task or step within a Session does not necessarily mean that the measure taken is sufficient, complete, compliant, correctly implemented or validated.
The Client remains responsible for confirming that the tasks carried out effectively meet the relevant operational, legal, security, compliance or personal data protection requirements.
7.10 Incomplete, abandoned or modified Sessions
A Session may be incomplete, abandoned, suspended, reassigned, modified or resumed depending on the available features and the Account configuration.
Vorellis does not guarantee that an incomplete Session will produce accurate, complete or usable Results.
The Client remains responsible for monitoring the status of Sessions, following up with the relevant authorised Users, completing any missing information and validating the generated Results prior to their use.
7.11 Deadlines, reminders and notifications
Agent AlexArc may include reminders, deadlines, notifications, progress statuses or indicators relating to Sessions.
These elements are provided as management tools. They do not replace the Client’s obligations regarding applicable legal, contractual, regulatory, operational or internal deadlines.
The Client remains responsible for complying with any applicable deadline, even if a notification, reminder, status or indicator is not generated, is delayed, is incomplete or is not viewed by an authorised User.
7.12 Final Approval
The Client must review, validate, and approve the responses, documents, information, decisions, tasks, statuses, recommendations, reports, or other Outputs generated during a Session before relying on or using them.
Where the Session concerns a legal, regulatory, cybersecurity, data protection, human resources, governance or significant risk matter, the Client must ensure that a competent person carries out appropriate validation.
7.13 Changes to Sessions
Vorellis may add, modify, restructure, limit, suspend, replace or remove certain Sessions, questions, help texts, steps, conditional rules, workflows, micro-tasks or guided journeys in accordance with the Contract.
A Session, question, workflow or guided journey presented in the Documentation, during a demonstration or in a marketing communication is only included in the Client’s Subscription if it is specified in the applicable Purchase Order or activated by Vorellis in the Client’s Account.
8. Product-specific functional limitations
8.1 Purpose of functional limitations
Agent AlexArc may be subject to usage limits, functional limits, technical limits, volume limits, access limits, storage limits, export limits, AI usage limits, integration limits or other product-specific restrictions.
These limits may arise from the applicable Purchase Order, the Subscription plan, the activated Modules, jurisdictional packs, the Account configuration, the Documentation, technical constraints, security measures or the features currently available.
8.2 Limits relating to organisations and entities
Agent AlexArc may limit the number of organisations, entities, subsidiaries, business units, departments, environments, client spaces or organisational scopes that can be created, configured or managed within the Client’s Account.
The addition of an organisation, entity, subsidiary, business unit or environment may require an additional Purchase Order, an amended Purchase Order, a plan upgrade or the payment of additional Fees.
The Client must not artificially create or use multiple Accounts, organisations, entities, or environments to circumvent the applicable Usage Limits.
8.3 Limits relating to authorised Users
Agent AlexArc may limit the number of Authorised Users, Administrators, roles, profiles, invitations, active accounts, suspended accounts or concurrent accesses available to the Client.
The Client is responsible for managing its Authorised Users, revoking access when it is no longer required, and ensuring that only one authorised person uses each access.
Sharing a single access with several people is prohibited unless Vorellis expressly authorises it in writing or a specific feature permits it.
8.4 Module-related limitations
Certain Modules may be included, excluded, limited or offered only with certain Subscription plans.
A Module may have its own limitations, in particular regarding the number of records, activities, incidents, requests, suppliers, assessments, tasks, Sessions, evidence, reports, documents, exports or items that may be created, stored, processed or viewed.
The Client has no right of access to a Module not specified in the applicable Purchase Order or not activated by Vorellis in the Client’s Account.
8.5 Limits relating to records
Agent AlexArc may limit the number, volume, fields, entries, relationships, attachments, histories, exports, views or features available for certain records.
These restrictions may relate, in particular, to records concerning processing activities, evidence, suppliers, assessments, incidents, requests from data subjects, remedial measures or any other available records.
The Client remains responsible for structuring its records in accordance with its internal requirements, applicable obligations and the available capabilities of the AlexArc Agent.
8.6 Limitations relating to evidence and documents
Agent AlexArc may limit the file types, formats, sizes, volumes, number of documents, retention periods, preview capabilities, search capabilities, export capabilities, or classification features applicable to uploaded documents, evidence or files.
Vorellis may refuse, block, delete, quarantine or make a file inaccessible where reasonably necessary for reasons of security, performance, compliance, abuse, unsupported format, prohibited content or technical risk.
The Client remains responsible for retaining an independent copy of any documents, evidence or files that they wish to retain outside of Agent AlexArc.
8.7 Limitations relating to jurisdiction packs
Agent AlexArc may limit the number of activated jurisdiction packs, applicable jurisdictions, pack combinations, available languages, mappings, content, questionnaires, reports, or Modules associated with certain packs.
Adding an additional jurisdiction pack may require an upgrade, an additional Purchase Order, an amended Purchase Order or the payment of additional fees.
The availability of a jurisdiction pack does not mean that this pack applies to all of the Client’s activities, systems, suppliers, contracts, incidents or obligations.
8.8 Session Limits
Agent AlexArc may limit the number of Sessions, guided tours, questionnaires, steps, participants, responses, validations, tasks, reminders, notifications or collaborative workflows.
Certain Sessions may be restricted to specific Modules, jurisdiction packs, roles, Subscription plans, organisations or authorised Users.
The Client remains responsible for managing the use of Sessions, monitoring their progress, completing the required information and validating the resulting Results.
8.9 Limitations relating to generated results and reports
Agent AlexArc may limit the number, format, frequency, volume, time period covered, data included, templates, visualisations, exports or features associated with reports, dashboards, summaries, documents or other generated Results.
Certain reports or exports may only be available in specific plans, Modules, jurisdictional packs or formats.
Vorellis does not guarantee that all Generated Results can be exported, reproduced, retained, restored or accessed indefinitely.
8.10 Limitations relating to AI Features
AI Features may be subject to specific limitations, including the number of queries, text volume, documents processed, tokens, usage per period, eligible Modules, applicable packs, users, organisations, or the types of results available.
Vorellis may limit, slow down, suspend, or restrict certain AI Features where necessary to ensure security, stability, availability, performance, the prevention of abuse, compliance with Usage Limits, or compliance with the applicable terms and conditions of third-party providers.
Additional charges may apply if the AI Usage Limits set out in the applicable Purchase Order are exceeded.
8.11 Export Limits
Agent AlexArc may offer certain export features, including for logs, reports, documents, evidence, tasks, histories, tables or generated results.
Exports may be subject to limitations regarding formats, volumes, frequencies, fields included, periods covered, Modules, packs, data types or applicable access rights.
Vorellis is not obliged to provide customised exports, special extractions, format conversions, assisted migration or data reconstruction, unless expressly provided for in a Purchase Order, Statement of Work or separate contract.
8.12 Limits relating to integrations, APIs and connectors
Where Agent AlexArc offers integrations, APIs, connectors, or synchronisations with third-party services, these may be subject to specific limitations, including the number of calls, volumes, frequencies, synchronised fields, compatible services, access rights, configurations, or technical dependencies.
Certain integrations may only be available on specific Subscription plans or may require additional fees.
The availability of an integration may depend on third-party services over which Vorellis has no control.
8.13 Performance and Fair Use Limits
Agent AlexArc is intended for reasonable use in accordance with the Client’s Subscription Plan.
Vorellis may impose, enforce, or modify reasonable limits to protect the security, availability, performance, integrity, or stability of the Services, particularly in the event of excessive, automated, abusive, unauthorised, or unexpected use, or use likely to affect other Clients or Vorellis’ infrastructure.
Such measures may include rate limits, temporary restrictions, queuing, technical thresholds, blocking, throttling, targeted suspensions or upgrade requirements.
8.14 Exceeding Limits
If the Client exceeds the limits applicable to Agent AlexArc, Vorellis may, in accordance with the Contract and the applicable Purchase Order:
a) notify the Client of the exceedance;
b) limit or suspend certain excess features;
c) require a reduction in usage;
d) propose or require a plan upgrade;
e) charge the applicable additional fees;
f) prevent the creation of new excess items;
g) take any other reasonable steps necessary to protect the Services.
The Client remains responsible for monitoring their use of Agent AlexArc and for managing their organisations, Authorised Users, Modules, packs, Sessions, logs, documents, evidence, reports, exports, AI usage and integrations within the applicable limits.
8.15 Modification of functional limits
Vorellis may modify the functional limits specific to Agent AlexArc in accordance with the Contract.
Any material adverse change applicable to a current Subscription Period must be handled in accordance with the change rules set out in the Agreement, except where an immediate change is reasonably necessary for reasons of security, compliance, stability, performance, prevention of abuse, applicable law or reliance on a third-party supplier.
9. Support, availability and maintenance specific to Agent AlexArc
9.1 Scope of Support
Vorellis may support the Client regarding Agent AlexArc in accordance with the Subscription plan, the applicable Purchase Order, the available features, the then-applicable support hours, and the support channels made available by Vorellis.
Support is primarily intended to assist the Client with access to Agent AlexArc, the general operation of the platform, reasonably reproducible technical issues, general usage queries and operational incidents affecting the Services.
9.2 Support Channels
Vorellis may provide support via one or more channels, including:
a) email;
b) support portal;
c) request form;
d) in-app notifications;
e) online documentation;
f) knowledge base;
g) any other reasonable means specified by Vorellis.
The available support channels may vary depending on the Subscription plan, the applicable Purchase Order, the subscribed support level, and the features offered.
9.3 Support Hours
Unless otherwise specified in the applicable Purchase Order, standard support is provided during Vorellis’ normal business hours, excluding public holidays, announced closure periods or exceptional circumstances.
Vorellis may offer additional, extended, or priority support levels if expressly provided for in a Purchase Order, a statement of work, or a separate contract.
9.4 Support Requests
The Client must submit support requests via the channels specified by Vorellis and provide the information reasonably necessary to process the request, including:
a) the Account identification;
b) the Module concerned;
c) a description of the problem or issue;
d) the steps required to reproduce the problem, where possible;
e) screenshots, error messages, logs or relevant technical information;
f) the alleged level of urgency;
g) known operational impacts.
Any delay, incomplete information, lack of cooperation or inability to reproduce a problem may affect Vorellis’s ability to process a support request.
9.5 Scope of Standard Support
Unless otherwise specified in the applicable Purchase Order, standard support may include reasonable assistance relating to:
a) access to the Account;
b) the general use of the activated Modules;
c) technical issues affecting Agent AlexArc;
d) reasonably reproducible errors;
e) export difficulties, where this functionality is included;
f) issues relating to the general configuration of the Account;
g) operational incidents affecting access to or the normal use of Agent AlexArc.
Standard support does not include Professional Services, unless expressly stated otherwise.
9.6 Exclusions from standard support
Unless otherwise stipulated in a Purchase Order, Statement of Work or separate contract, standard support does not include:
a) the drafting, review or validation of legal documents specific to the Client;
b) a legal opinion, legal advice or a personalised interpretation of applicable law;
c) an audit, certification or attestation of compliance;
d) a bespoke analysis of the Client’s obligations;
e) a full incident investigation;
f) validation of responses, records, evidence, reports, tasks or deliverables produced;
g) a full implementation of the Client’s compliance programme;
h) assisted migration or custom data extraction;
i) advanced configuration, custom integration or specific automation;
j) the resolution of issues caused by the Client’s systems, networks, devices, browsers, configurations, suppliers, integrations or third-party services;
k) bespoke training for Authorised Users, unless expressly provided for.
9.7 Classification of requests
Vorellis may classify support requests according to their nature, urgency, impact, reproducibility, the number of affected Clients, the Module concerned, the applicable support level or any other reasonable operational criteria.
In particular, a request may be treated as:
a) a usage enquiry;
b) an administrative request;
c) a configuration request;
d) a minor issue;
e) a significant technical issue;
f) an incident affecting availability;
g) a potential security incident;
h) a request requiring a separate Professional Service.
Vorellis’s classification of a request serves to organise support handling and does not constitute an admission of liability.
9.8 Response times
Unless expressly agreed in the applicable Purchase Order, Vorellis does not guarantee any specific response time or resolution time.
Vorellis shall use reasonable endeavours to process support requests within a reasonable timeframe, taking into account their nature, urgency, the applicable support level, the information provided by the Client, the availability of teams and operational constraints.
A response time does not constitute a resolution time, unless expressly stated otherwise in the applicable Purchase Order.
9.9 General Availability of Agent AlexArc
Vorellis shall use commercially reasonable efforts to make Agent AlexArc available in accordance with the Contract, the applicable Purchase Order and the platform’s available capacity.
Unless expressly agreed in a Purchase Order or in an applicable service level agreement, Vorellis does not guarantee that Agent AlexArc will be available at all times, without interruption, error, delay, performance degradation or temporary unavailability.
9.10 No Automatic Service Credit
Unless expressly provided for in the applicable Purchase Order, no interruption, degradation, error, slowness, maintenance, suspension, or unavailability of Agent AlexArc shall automatically entitle the Client to a service credit, refund, discount, penalty or any other compensation.
Any service credit, guaranteed service level or financial remedy relating to availability must be expressly provided for in the applicable Purchase Order or in a service level agreement accepted by Vorellis.
9.11 Scheduled Maintenance
Vorellis may carry out maintenance, updates, corrections, improvements, migrations, security measures, backups, optimisations or infrastructure work that may result in a temporary interruption, limitation or degradation of Agent AlexArc.
Where reasonably possible, Vorellis shall use reasonable endeavours to schedule such work to minimise the impact on Clients.
Vorellis may notify the Client of planned maintenance by email, in-app notification, status page, Documentation, portal, or any other reasonable means.
9.12 Emergency Maintenance
Vorellis may carry out emergency maintenance without prior notice where it reasonably believes that immediate action is necessary to protect Agent AlexArc, the Client’s Data, Vorellis’ systems, other Clients, suppliers, or the security, integrity, availability or compliance of the Services.
Emergency maintenance may, in particular, be required in the event of a vulnerability, a security incident, an operational risk, a technical failure, data corruption, a critical outage, abuse, a threat, a legal obligation or a serious risk to Agent AlexArc.
9.13 Product Updates
Vorellis may deploy updates, patches, improvements, new features, interface modifications, workflow changes, package adjustments, questionnaire modifications, improvements to AI Features or other changes relating to Agent AlexArc in accordance with the Contract.
These updates may be rolled out gradually, by environment, by Module, by Subscription plan, by organisation, by jurisdictional pack or by user category.
Certain updates may alter the appearance, operation, availability or presentation of certain features, provided that such changes are made in accordance with the Contract.
9.14 Operational Incidents
Vorellis may monitor, diagnose, classify, prioritise, correct or mitigate operational incidents affecting Agent AlexArc in accordance with its internal procedures.
An operational incident may include, but is not limited to, unavailability, significant slowness, an application error, performance degradation, a Module failure, export difficulty, an integration anomaly, or unexpected platform behaviour.
The handling of an operational incident does not limit the Client’s exclusions, limitations, or liabilities, nor does it affect the rules set out in the Contract.
9.15 Communications regarding incidents
Vorellis may communicate certain information relating to operational incidents by email, in-app notifications, a status page, the portal, Documentation, or any other reasonable means.
Such communications may include, as applicable, a general description of the incident, the affected features, the status of the resolution, available mitigation measures, or confirmation of restoration.
These communications are provided for operational purposes and do not amend the Contract, unless expressly stated in writing by Vorellis.
9.16 Availability Exclusions
Availability commitments, where they exist, do not apply to interruptions, errors, slowdowns, performance degradation or unavailability caused in particular by:
a) the Client’s systems, networks, devices, browsers, configurations or suppliers;
(b) third-party services connected, configured or authorised by the Client;
c) internet, telecommunications, public infrastructure or cloud service providers beyond Vorellis’ reasonable control;
d) scheduled maintenance;
e) emergency maintenance;
f) suspensions carried out in accordance with the Contract;
g) non-compliant, abusive, excessive or unauthorised use of the Services;
h) exceeding the Usage Limits;
i) acts or omissions by the Client or its Authorised Users;
j) events of force majeure;
k) beta, pre-release, experimental or early access features;
l) integrations, APIs, connectors, AI models or third-party providers on which Agent AlexArc relies.
9.17 Client Cooperation
The Client must cooperate reasonably with Vorellis to enable the handling of a support request, an operational incident, a technical issue or a maintenance request.
Such cooperation may include, in particular, the provision of relevant information, the performance of reasonable tests, the verification of configurations, the confirmation of observed behaviour, the designation of a technical or administrative contact, and the implementation of reasonable measures recommended by Vorellis.
9.18 Professional support services
Where the Client’s request goes beyond standard support and requires a bespoke analysis, advanced configuration, training, migration, integration, review, drafting, validation, guidance or other specialist intervention, Vorellis may treat this request as a separate Professional Service.
Vorellis is not obliged to provide such a Professional Service without a Purchase Order, a statement of work, written confirmation, or a separate contract, nor without payment of the applicable Fees.
10. Beta features, pre-release versions and product development
10.1 Purpose of beta or experimental features
Agent AlexArc may include, at Vorellis’s discretion, certain Modules, features, jurisdiction packs, reports, questionnaires, workflows, Sessions, integrations, connectors, AI Features or other elements offered in beta, pre-release, experimental, pilot, lab, early access or limited availability modes.
These features are intended, in particular, to test, validate, improve or gradually roll out new capabilities of Agent AlexArc.
10.2 Access to beta features
Access to a beta, pre-release, experimental, pilot or early access feature may be restricted to certain Clients, Subscription plans, Modules, organisations, jurisdiction packs, authorised Users or environments.
Vorellis may grant, refuse, limit, suspend or withdraw access to these features at its reasonable discretion, in particular for reasons of security, stability, performance, availability, compliance, technical capacity, feedback or product strategy.
10.3 No commitment to general availability
The provision of a feature in beta, pre-release, experimental, pilot or early access does not imply that this feature will be generally offered, maintained, marketed, included in a Subscription plan, made available to all Clients or retained in Agent AlexArc.
Vorellis may modify, replace, suspend, limit or withdraw such a feature without any obligation to make it permanently available.
10.4 Incomplete or unstable operation
Beta, pre-release, experimental, pilot, or early access features may be incomplete, unstable, limited, unfinished, undocumented, less tested, or prone to errors, interruptions, incomplete results, incompatibilities, slowness, changes in behaviour, or loss of functionality.
The Client acknowledges that these features may evolve rapidly and must not be used as critical components of any legal, regulatory, operational, security or compliance process without appropriate validation.
10.5 Prudent Use
The Client must use beta, pre-release, experimental, pilot or early access features with caution.
In particular, the Client must:
a) validate the resulting Outputs;
b) avoid relying on them as the sole basis for decision-making;
c) avoid using them for critical decisions without appropriate human validation;
d) retain, where necessary, independent copies of important information;
e) report to Vorellis any errors, anomalies, unexpected behaviour or significant issues observed.
10.6 Specific Exclusions
Unless otherwise stated in the applicable Purchase Order, beta, pre-release, experimental, pilot or early access features are provided ‘as is’ and ‘as available’.
They are not subject to the same commitments regarding availability, support, performance, stability, documentation, compatibility or maintenance as the generally available features of Agent AlexArc.
No service credits, refunds, discounts, penalties, or compensation shall be due as a result of any error, suspension, limitation, modification, withdrawal, degradation or unavailability of a beta, pre-release, experimental, pilot or early access feature of Agent AlexArc, unless expressly stated otherwise in the applicable Purchase Order.
10.7 Experimental AI Features
Certain AI Features may be offered in beta, pre-release, experimental, pilot or early access mode.
These AI Features may produce results that are incomplete, inaccurate, ambiguous, non-reproducible, unsuitable, out of date or requiring enhanced human validation.
The Client must not use an experimental AI Feature to make a decision that has a significant legal, regulatory, contractual, disciplinary, financial, or operational effect, or is otherwise significant, without appropriate human validation.
10.8 Jurisdictional packs under development
Some jurisdiction packs, compliance content, mappings, questionnaires, templates, articles of association or decision rules may be offered in a preliminary, partial, beta or limited-access version.
Such content may be incomplete, non-exhaustive, subject to validation, limited to certain themes or topics, or subject to change.
The Client must not interpret a jurisdiction pack under development as providing complete or definitive coverage of the obligations applicable in the relevant jurisdiction.
10.9 Client Feedback
The Client or its authorised Users may provide Vorellis with comments, suggestions, reports, ideas, requests for improvement, observations, corrections, or any other feedback regarding beta, pre-release, experimental, pilot, or early access features.
Vorellis may use such feedback in accordance with the Agreement, in particular to correct, improve, develop, test, modify or market Agent AlexArc, without any obligation to compensate the Client.
10.10 Test data and environments
Where reasonably possible, the Client should avoid using highly sensitive, critical, confidential or regulated data in a beta, pre-release, experimental, pilot or early access feature or, unless this is necessary, proportionate, authorised and in accordance with the Agreement.
Vorellis may recommend or impose certain restrictions on the data that may be used in a beta feature, in particular for reasons of security, confidentiality, compliance, performance or stability.
10.11 Transition to General Availability
Vorellis may decide to make a beta, pre-release, experimental, pilot or early access feature generally available.
In such cases, Vorellis may modify its operations, limitations, pricing, name, integration, access conditions, technical requirements, or Documentation.
The general availability of a feature may require an upgrade, an additional Purchase Order, an amended Purchase Order or the payment of additional Fees.
10.12 Withdrawal or Replacement
Vorellis may withdraw, suspend, restrict or replace a beta, pre-release, experimental, pilot or early access feature, in particular where:
a) the feature does not meet Vorellis’ quality, security, compliance or performance objectives;
b) the feature depends on a third-party supplier, model, API or technology that becomes unavailable, costly, limited or incompatible;
c) the feature creates a technical, operational, legal, regulatory or security risk;
d) Vorellis decides to amend its product roadmap;
e) an equivalent or improved feature is rolled out;
f) the feature is no longer justified from either a commercial or technical perspective.
10.13 Continuous Development of Agent AlexArc
Agent AlexArc is an evolving product. Vorellis may modify, improve, restructure, enhance, limit, replace, or remove certain Modules, features, content, web packs, reports, questionnaires, workflows, Sessions, integrations, AI features, interfaces, or elements of Documentation in accordance with the Contract.
Such development may relate in particular to security, reliability, performance, user experience, compliance, maintainability, content quality, workflow efficiency, improvements in generated Results, or adaptation to market needs.
10.14 Roadmaps and product communications
Any roadmap, announcement, demonstration, mock-up, preview, sales presentation, product communication, screenshot, example, prototype or description of a future feature is provided for information purposes only.
These elements do not constitute a contractual commitment to deliver a feature, a Module, a package, an integration, a report, an AI Feature or a specific improvement, unless such a commitment is expressly provided for in a Purchase Order accepted by Vorellis.
10.15 Priority of the Purchase Order
Where a beta, pre-release, experimental, pilot or early access feature is expressly provided for in the applicable Purchase Order, the specific terms of the Purchase Order shall prevail in respect of that feature, in particular regarding its duration, Fees, Usage Limits, scope, support arrangements or access conditions.
Unless otherwise stipulated in the Purchase Order, all limitations, exclusions, mandatory validations and liabilities of the Client set out in the Contract and in this Annex A shall continue to apply.
11. Product-specific final provisions
11.1 Relationship with the Contract
This Annex A supplements the Vorellis SaaS Subscription Framework Agreement and forms an integral part of the Agreement.
Unless expressly stated otherwise, nothing in this Annex A shall limit, replace or modify the obligations, exclusions, restrictions, limitations of liability, intellectual property rights, confidentiality obligations, payment rules, suspension rules, termination rules or other general provisions set out in the Contract.
11.2 Scope limited to Agent AlexArc
This Annex A applies solely to the Agent AlexArc product and to the Modules, features, jurisdictional packs, Generated Results, AI Features, Sessions, reports, questionnaires, functional limitations and related elements provided as part of Agent AlexArc.
It does not apply to any other product, service, mandate, Professional Service, tool, platform, consultation, support, custom integration or separate service provided by Vorellis, unless expressly stated in a Purchase Order or a separate contract.
11.3 No Extension of Services
Nothing in this Appendix A shall be construed as obliging Vorellis to provide any Module, feature, jurisdiction pack, integration, AI Feature, Session, report, support level, service, option or capability that is not included in the applicable Purchase Order or activated by Vorellis in the Client’s Account.
Any general description of a Module, feature or capability of Agent AlexArc in this Annex A does not constitute a commitment to provide that capability to all Clients, in all Subscription plans, in all jurisdictions or for the entire duration of the Subscription.
11.4 No Separate Professional Engagement
This Annex A does not create any professional engagement, consultancy engagement, legal engagement, audit engagement, compliance engagement, or engagement as a vDPO, vRPRP, RPRP, DPO, CISO, external officer, legal adviser, auditor or professional consultant.
Any professional service must be expressly provided for in a Purchase Order, a statement of work or a separate contract accepted by Vorellis.
11.5 Applicable contractual documents
The use of Agent AlexArc remains governed by the Contract, the applicable Purchase Order, this Annex A, the Addendum relating to the processing of personal information, the annexes or documents expressly incorporated, and any specific terms accepted by Vorellis.
In the event of any conflict between this Annex A and any other contractual document, the order of precedence set out in the Contract shall apply.
11.6 Amendments to Annex A
Vorellis may amend this Annex A in accordance with the amendment procedures set out in the Contract.
Any amendment to this Annex A must be identified by a new version number, an effective date or any other reasonable means of determining the applicable version.
Where the amendment materially and adversely affects the Client’s rights or obligations during a current Subscription Period, the rules regarding notice, acceptance, commencement or rejection set out in the Contract shall apply.
11.7 Applicable Version
The applicable version of this Annex A is that specified or incorporated in the relevant Purchase Order, or that otherwise applicable in accordance with the versioning, amendment and acceptance rules set out in the Contract.
Vorellis may maintain a history of the versions of this Annex A, the effective dates, the accepted versions and the applicable evidence of acceptance.
11.8 Documentation, Demonstrations and Marketing Communications
The Documentation, demonstrations, sales presentations, marketing pages, screenshots, mock-ups, roadmaps, examples, product communications or general descriptions of Agent AlexArc are provided for information, support or presentation purposes.
These materials do not modify this Annex A, the Contract or the applicable Purchase Order, unless they are expressly incorporated into a contractual document accepted by Vorellis.
11.9 Survival
The provisions of this Annex A, which, by their nature, are intended to survive the termination or expiry of the Subscription, shall continue to apply after access to Agent AlexArc has ended.
This includes, in particular, the provisions relating to Generated Results, restrictions on concurrent use, AI Features, Client validations, warranty exclusions, functional limitations, compliance content, jurisdiction packs, Vorellis’ intellectual property rights and the Client’s liabilities.
11.10 Interpretation
This Appendix A shall be interpreted in a manner consistent with the Contract and its commercial purpose, namely to set out the terms and conditions specific to the Agent AlexArc product within the framework of a SaaS Subscription provided to a business Client.
Headings and subheadings are included solely for ease of reference and shall not affect the interpretation of this Annex A.
The words “including”, “such as”, “notwithstanding” or similar expressions are deemed to mean “including, without limitation”.
11.11 Acceptance
This Annex A is accepted on the same terms as the Contract, in particular through acceptance of the applicable Purchase Order, electronic acceptance, activation of the Subscription or any other acceptance mechanism recognised by Vorellis in accordance with the Contract.
Acceptance of this Annex A confirms that the Client accepts the terms and conditions specific to Agent AlexArc, including the rules relating to Modules, jurisdictional packs, generated Results, AI Features, Sessions, functional limitations, support, maintenance and beta or experimental features.