POLICY:

2.1 The Contract is deemed concluded when the Company receives notification of the Customer's acceptance of the Offer. To this end, the Customer is required to send the Company all documents forming part of the Contract, duly signed, including with a digital signature. The Company may legitimately suspend performance of the Contract until the date of actual receipt of all documents requested from the Customer, including for compliance with the Privacy Law and the DORA Law, and is exempt from any liability for delays.
2.2 The conclusion of the Contract obliges the Company to provide the Services to the Customer under the terms, conditions, and methods set forth therein. The Customer's requests regarding the characteristics of the Services or the methods of performance of the supply that are not specified in the Contract are deemed not accepted and are therefore irrelevant to the Company's fulfillment of the Contract.
2.3 The Customer declares to have been adequately informed and to have directly become aware, through browsing the Company's websites (www.leanus.it e www.leanuslab.com), of the characteristics and functionality of the Services and therefore waives any dispute regarding the actual knowledge of information, data and elements made known by the Company and accessible online.
2.4 The Customer declares to have carried out all appropriate assessments, prior to the conclusion of the Contract and on the basis of both the information provided by the Company and that acquired independently, regarding the suitability of the Services to satisfy the interests underlying the conclusion of the Contract, expressly exonerating the Company from any liability with regard to the actual achievement of the objectives pursued.

3.1 Following the conclusion of the Contract and the delivery of the documentation provided therein, the Company will create a user profile for the exclusive use of the Customer and corresponding to the identification data resulting from the Offer (hereinafter, respectively, "Primary User" and "Team Leader").
3.2 The Main User will be associated with the Platform access credentials, which will be communicated by the Company to the Client following activation and which will allow the Team Leader to access the areas of the Platform indicated in the Contract, namely: (i) to a reserved area for the exclusive use of the Team Leader, in which he/she may enter data, not resulting from the official databases and provided they are legitimately acquired, relating to a pre-set number of personal data (hereinafter "Reserved Area"); (ii) if provided for in the Offer, to the Leanus database, containing the financial statements extracted from the official databases (hereinafter “Public Area”).
3.3 Under no circumstances may the Credentials be transferred by the Customer to third parties. The Customer undertakes to: (i) safeguard the Credentials by adopting all appropriate measures to guarantee their confidentiality, otherwise remaining responsible, towards the Company and any other party, for the consequences of the improper use made of them by third parties; (ii) do not use the Credentials to attempt to access unauthorized data or areas of the servers that should be considered restricted.
3.4 Even during the execution of the Contract, the Client may submit to the Company – using the methods indicated in the Offer – a request to activate one or more additional and accessory users in addition to the Primary User (hereinafter "Secondary Users"), for the sole benefit of individuals (hereinafter "Team Members") belonging to the Client's organization or to parent, subsidiary, or affiliated companies. The activation of Secondary Users is subject to the Client providing a declaration guaranteeing the existence of one of these specific connection criteria between the Client and the Team Member.
3.5 The Client declares to be aware that the Secondary User will grant the Team Member the right to use the Platform and the Software, as well as to access the Reserved Area used by the Team Leader.
3.6 The relationship between the Company and the Customer regarding Secondary Utilities is governed solely by the Contract, and the activation of one or more Secondary Utilities does not imply the conclusion of a new contract between the Customer and the Company. Requesting activation of a Secondary Utility will oblige the Customer to pay the costs inherent in the activation and provision of this component of the Service, as indicated in the Offer.
3.7 Secondary Users activated during the Contract's term will last from the date of their activation until the Contract's expiration. Automatic renewal of the Contract will determine the continuation of the Secondary User for the duration of the renewal, unless the Customer expressly requests deactivation, which must be received by the Company before the Contract's renewal date.
3.8 The Company grants the Customer the right to request that an already activated Secondary User be transferred to a different Team Member, upon the Customer providing the relevant data and paying the replacement cost indicated in the Offer.
3.9 Under no circumstances may the Contract be interpreted as a contract in favor of a third party pursuant to art. 1411 of the Italian Civil Code, and the Team Leader and Team Members do not acquire any rights against the Company by virtue of the Contract and/or the activation of the Users respectively reserved for them.
3.10 The Software may be used by the Customer via the Platform exclusively according to the Software-as-a-Service (SaaS) model. The Customer does not acquire any rights to the Software and Services. By paying the periodic fee set forth in the Agreement, the Customer acquires only the right to use the Software under the terms, conditions, and for the duration established in the Agreement. Any rights or powers not expressly granted to the Customer by the Company are excluded.
3.11 The Software and all related content are not sold by the Company to the Customer, but are granted to the Customer under a limited, non-transferable license. They remain the exclusive property of the Company, which retains all intellectual property and commercial exploitation rights therein, in accordance with applicable laws regarding the protection of copyright, trade secrets, patents, trademarks, and any other proprietary rights, even if not claimed under a protective title. The Customer has no right to obtain a copy of the Software and is prohibited from decompiling, reverse engineering, disassembling, attempting to derive the source code, decrypting, modifying, or creating derivative works from the Software or any portion thereof.
3.12 The Services and the information provided therewith in execution of the Contract may be used exclusively by the Customer within the scope of the business activity carried out by the same. The Customer undertakes to: (i) not to transfer the Services and the information provided therein to third parties under any circumstances; (ii) not to exploit them commercially for purposes other than those established in the Agreement; (iii) not to use them after the termination of the Contract's effectiveness period.

4.1 The Customer undertakes to pay the Company the fees indicated in the Offer (hereinafter "Fee"), by the due dates set forth therein and reported in the commercial invoice that the Company will send to the Customer via regular email to the address communicated upon conclusion of the Contract or to the address that the Customer is responsible for communicating in the event of a subsequent change, failing which the Company may rely on the original information being up-to-date. The obligation to transmit the invoice is deemed fulfilled by its proper electronic transmission through the Revenue Agency's Exchange System, in accordance with applicable legislation.
4.2 Payment of the Fee must be made in the manner and within the deadline (hereinafter "Deadline") indicated in the Offer. In the event of delay, the Customer will be liable for late payment interest at the rate established by Legislative Decree 231/2002.
4.3 If payment is not made within 10 (ten) business days of the Deadline and the Fee is not received, the Company will have the right to suspend, without further notice, the performance of the Contract and the provision of the Services, barring the Customer from accessing the Platform. In the event of payment by installments, if the delay continues for 20 (twenty) business days, the Customer will be deemed to have forfeited the benefit of the deadline, with the Company consequently having the right to demand immediate and full payment of its credit.
4.4 The Parties expressly agree that, where the Offer provides for advance payment of the Fee, the Company will communicate the Credentials to the Customer only after full collection of the amount due, exempting the Company from any liability for any delays related to the payment system used by the Customer.
4.5 The Customer acknowledges that certain information products may be purchased through the Platform by paying the price indicated in the price list published therein. This price is not included in the Fee paid for access to the Platform and use of the Software and will be progressively deducted from the credit limit paid by the Customer in execution of the Contract and may be increased during the term of the relationship, until it is exhausted. The credit limit constitutes a purchase commitment by the Customer, who may under no circumstances demand reimbursement of the amounts owed to him, which will be definitively acquired by the Company upon expiration of the Contract or its termination for any reason not directly attributable to the Company.
4.6 In the event that the Company and the Customer agree that the collection of the fees set out in the Contract will take place via SEPA Direct Debit Business-to-Business (hereinafter “SDD B2B”), the Customer undertakes to sign a specific mandate (hereinafter “Mandate”) by virtue of which: (i) the Company will be authorised to request the Customer's bank to debit the Customer's current account, identified by IBAN code, and (ii) the Customer's bank will be authorised to proceed with such debit in accordance with the instructions given by the Company, with the understanding that any costs and/or commissions applied by the bank to the Customer will remain exclusively the responsibility of the latter.
4.7 Without prejudice to what is specifically indicated in the Offer, it is expressly agreed between the Parties that: (i) within the deadline indicated in the Offer, the Customer is obliged to pay by bank transfer an amount equal to 1/6 (one sixth) of the Fee; (ii) the Mandate and the related authorization are intended to be extended to the debit via SDD B2B of the price of the Services or Products purchased by the Customer after the conclusion of the Contract, according to the amounts and due dates indicated in the relevant invoices; (iii) in the event of tacit renewal of the Contract, the Mandate and the related authorization are understood to extend to the debit via SDD B2B of the periodic fee owed by the Client to the Company with reference to the duration of the Contact following each renewal.
4.8 In order to guarantee the successful collection via SDD B2B in favour of the Company, the Customer undertakes to: (i) deliver a copy of the Mandate to your bank prior to receiving the direct debit requests from the Company, providing all the authorization data and any related modifications subsequently agreed with the Company; (ii) ensure that the debit account contains sufficient funds to fully satisfy the Company's debit requests; (iii) not to revoke the debit authorization and/or oppose the payment of the related requests before the credit rights accrued by the Company by virtue of the conclusion of the Contract and/or the subsequent purchase of Services by the Customer have been fully satisfied; (iv) promptly implement any further obligations required by the conditions governing the relationship between the Customer and his/her bank, with the consequences of the latter's failure to pay the direct debit requests formulated by the Company remaining, in any case, the sole responsibility of the Customer.
4.9 The amount of payments due from the Customer to the Company and the related due dates will be communicated by the Company to the Customer solely within the invoices issued by the Company pursuant to the Contract and/or the subsequent purchase of Services by the Customer. The Customer therefore: (i) authorizes the Company not to send the same a pre-notification for each charge, accepting and recognizing as fully suitable for satisfying the relevant purposes the indication of the amounts and due dates within the invoices; (ii) accepts that invoices are issued by the Company within the terms established by the applicable legislation and that the notice period, with respect to the date of settlement of the debit requests, may be less than 14 (fourteen) days, waiving from now on the right to raise any dispute in this regard.
4.10 In the event of failure to process the Company's debit requests or in any case failure to collect the amounts due by the due date, regardless of the cause, the Customer will be deemed to have forfeited the benefit of the term, with the consequent right of the Company to take action for the immediate and full payment of the entire fee owed by the Customer pursuant to the Contract and/or the subsequent purchase of Services.

5.1 The Contract has the duration and effective date indicated in the Offer. Upon expiration, it will be automatically renewed for an equal period, unless one Party communicates termination to the other via certified email with no less than 60 (sixty) days' notice. In the event that the Offer requires advance payment of the Fee, failure to pay within 10 (ten) days of the Contract renewal will give the Company the right to suspend, without prior notice, the performance of the Contract and the provision of the Services, blocking the Customer from accessing the Platform.
5.2 The Company reserves the right to withdraw from the Contract in the event that—due to force majeure, a termination of the relationship between the Company and its suppliers, an administrative order, or any other cause not attributable to the Company—the provision of the Services is impossible or excessively burdensome. The withdrawal will become effective when the Company notifies the Customer via registered mail or certified email of its intention to avail itself of this clause.
5.3 In the event that the Company exercises its right of withdrawal, the Customer will be entitled to a refund of the portion of the Fee corresponding to the Services not provided, with the express exclusion of the Customer's right to claim further sums by way of reimbursement, compensation or indemnity.
5.4 Upon termination of the Agreement, the Customer has the right to export the data entered into the Platform, using standard technical methods, within the limits and according to the timeframes indicated in the Technical Appendix. This right does not affect the data retention obligations required by current legislation and does not affect the Company's rights to the Software, the Platform, and databases owned by the Company or third parties.

6.1 To provide the Services and store the data used by the Software, the Company uses the industry-leading cloud provider Amazon Web Services (AWS). The servers used by AWS for Leanus are located in Milan; the risk of data transfer outside the EU is limited to certain ancillary services, such as customer support and incident management. In this regard, AWS assumes stringent contractual obligations regarding data protection and guarantees an adequate level of protection through the EU Standard Contractual Clauses (SCC) and adherence to the EU-US Data Privacy Framework (https://aws.amazon.com/it/service-terms/ and https://www.dataprivacyframework.gov).
6.2 The Company undertakes to notify the Customer in the event that: (i) intends to transfer the Services to a new cloud provider; (ii) wants to change the location where the servers are located, even if AWS indicates the need to change the location of the servers used by the Platform.

7.1 The Customer is aware and accepts that the task of carrying out the development, application management and corrective and evolutionary maintenance activities of the Platform and the Software is entrusted by the Company to Olomedia Srl (with registered office in Palermo, Via Simone Cuccia n. 46, tax code and registration number in the Company Register 05715380829, REA PA-272172, certified email amministrazione@pec.olomedia.it), without prejudice to the Company's responsibility for compliance with contractual and regulatory obligations towards the Customer.
7.2 Olomedia Srl operates according to the specifications, directives, and risk management strategies defined by the Company and under its direct control.
7.3 The Company monitors, including through specific audits, the technological support activities performed by Olomedia Srl and ensures its compliance with applicable provisions and best practices regarding security and risk management.
7.4 The Company undertakes to notify the Customer in advance of the replacement of Olomedia Srl, the introduction of new ICT suppliers, and any further changes to the structure of its technological partners.

8.1 The limitations and exclusions of liability set out in these GTC apply to the extent permitted by applicable law and, in any case, do not apply to: (i) violations of ICT security obligations; (ii) failure to comply with digital operational resilience and business continuity obligations; (iii) ICT incident management that does not comply with the DORA Regulation and the obligations set forth in the Technical Annex.
8.2 The Company guarantees that the data provided in execution of the Contract are up-to-date and consistent with those found in official databases and public registers on the extraction date indicated to the Client. It shall not be held liable in the event that such data is affected by errors or omissions resulting from incorrect or incomplete information in the databases used as a source.
8.3 The Client declares to be fully aware and accepts that the value-added information products—such as, for example, those containing alphanumeric indicators or summary judgments expressed in terms of scoring or rating—and the evaluation operations performed through the Software are purely indicative and orientative and under no circumstances constitute a credit guarantee, being the result of a purely predictive and statistical processing of economic information, implemented by the Company through the application of proprietary or third-party algorithms. The Client therefore expressly exonerates the Company from any liability regarding the successful completion and/or profitability of commercial transactions and contractual relationships that the Client, at its sole discretion, intends to undertake, continue, or terminate. Likewise, the Company cannot be held liable, except in cases of willful misconduct or gross negligence, for any detrimental consequences to the Client or third parties arising from the Client's use of the value-added information products and/or the Software.
8.4 The Company guarantees that the data provided in execution of the Contract have been legitimately acquired and have been legitimately processed in accordance with the Privacy Law.
8.5 The Company guarantees that any information provided by the Customer will be processed exclusively for the purposes related to the execution of the Contract, and undertakes to adopt all precautionary measures to ensure that it is not made accessible to unauthorized third parties.
8.6 The Customer is solely responsible for the truthfulness, reliability, accuracy, congruence and relevance of the data entered by him for the purposes of using the Software.
8.7 Without prejudice to the Company's right to take action against Team Leaders and/or Team Members, any violations of the law and/or the Contract attributable to them will be considered as violations by the Client, who will be jointly liable for all damages suffered by the Company as a result of such violations.
8.8 The Customer declares to be aware that the provision of the Services will result in the assumption by the Customer, with reference to the personal data contained therein, of the status of independent data controller pursuant to the Privacy Law, expressly exonerating the Company from any liability resulting from unlawful data processing and obligating itself to indemnify and hold the Company harmless from any compensation claims made by the interested parties in relation to such unlawful processing.
8.9 The Customer remains solely responsible for the suitability of the IT tools used to access the Platform and obtain the provision of the Services, also exonerating the Company from any liability regarding the malfunctioning of telematic connections provided by third parties.
8.10 The Customer expressly authorizes the Company to monitor the Customer's use of the Software, including by tracking access to the Platform.
8.11 The Company guarantees the Client, upon the Client's request and in compliance with the principles of proportionality, confidentiality, and security, the cooperation necessary to enable documentary and information checks on the aspects governed by the Technical Annex.

9.1 The Services are provided only on weekdays, from 8:00 a.m. to 18:00 p.m., excluding holidays. In the event that maintenance work is required that could compromise access to the Platform and/or use of the Software, the Company undertakes to notify the Customer at least 72 (seventy-two) hours in advance, indicating the start and expected end times of the work, which must be between 18:01 p.m. and 7:59 a.m. on weekdays.
9.2 The service levels (SLA), the incident classification criteria and the performance measurement methods are regulated in the Incident Classification and SLA Annex, which also indicates the maximum response times, the maximum resolution times and the calculation criteria of the KPIs that are the subject of the reports periodically sent to the Customer by the Company.
9.3 The following are excluded from the SLA calculation: (i) the scheduled maintenance periods relating to interventions carried out in compliance with the provisions of the preceding art. 9.1; (ii) accidents caused by force majeure; (iii) malfunctions resulting from the Customer's infrastructure and/or technological equipment or from improper use of the Software or the Platform by the Customer and/or from the Customer's failure to comply with the technical specifications indicated by the Company; (iv) interventions requested by the Customer which involve temporary suspensions of the Service.
9.4 In any case, it is understood between the Parties that: (i) failure to comply with the SLAs does not automatically entail a violation of the DORA Regulation and it remains the Customer's sole responsibility to qualify the event in accordance with this regulation; (ii) the Company will not directly report to the Authorities, which remain the exclusive responsibility of the Customer.
9.5 In the event of an incident related to the Service that impacts the integrity, availability, confidentiality, or continuity of the Service, the Company will promptly inform the Customer, providing a clear description of the event and the related consequences for the Service.
9.6 Within the limits of the available information and the scope of the Service and without any additional cost with respect to the Fee, the Company: (i) guarantees adequate cooperation and support to the Customer in order to enable the latter to fulfil the obligations of management, classification and reporting of incidents required by the DORA Regulation; (ii) undertakes to cooperate with the Customer by promptly providing the necessary information so that the latter can fulfil any communication obligations towards the competent Authorities pursuant to the DORA Regulation; (iii) undertakes to cooperate with the competent authorities and with the supervisory and/or resolution authority, including the designated representatives, for any requests for support and access to relevant information managed within the Service.

10.1 Any dispute regarding any breach, even partial, by the Company, malfunction of the Platform and/or Software, and errors, omissions, delays, or poor service of any kind must be reported by the Customer by registered mail or certified email within 30 days of the date of provision or failure to provide the relevant Service, under penalty of forfeiture of the Customer's right to raise disputes regarding the timely and accurate fulfillment of the Contract by the Company.
10.2 The forfeiture referred to in this article does not apply in the event of Highly Critical ICT incidents or violations of the security, digital operational resilience, business continuity, and incident management obligations governed by the Technical Annex.

11.1 Without prejudice to other remedies provided by law in the event of breach of contract and for compensation for consequent damages, the Company and the Customer may terminate the Contract by operation of law, pursuant to and for the purposes of art. 1456 of the Italian Civil Code, respectively in the following cases: (i) the Customer is subject to insolvency proceedings or the Customer fails to comply with the provisions of Articles 3.3, 3.12, 3.13, and 4.8; (ii) the Company is subject to insolvency proceedings or the Customer fails to comply with the provisions of Articles 8.2, 8.4, 8.5, and 9.5.
11.2 The Contract shall be deemed terminated when the interested Party informs the other Party of its intention to avail itself of this express termination clause.

12.1 Each Party (hereinafter the “Receiving Party”) undertakes the obligation to protect and prevent the unauthorized use of confidential information relating to the other Party (hereinafter the “Disclosing Party”) of which it has become aware for the purposes of concluding or performing the Contract and/or providing the Service, such information meaning in particular financial and commercial data, projects and information of a strategic and/or technical nature, even if not described or claimed in a protection title, but in any case relating to the operations of the Disclosing Party, confidential and relevant in relations with competitors (hereinafter “Confidential Information”).
12.2 Confidential Information also includes information that, not expressly designated as confidential, should reasonably be considered as such under the circumstances.
12.3 For the purposes of this Article, information which has become public knowledge through no fault of the Receiving Party, or which the Receiving Party has become aware of prior to and/or independently of the Contract, or which the Receiving Party is required to disclose by law or by virtue of an administrative or judicial order, within the strict limits of such obligation, does not constitute Confidential Information.
12.4 In particular, the Receiving Party is obliged to: (i) not to disclose or publish, in whole or in part, directly or indirectly, the Confidential Information; (ii) not to use the Confidential Information for purposes other than those set out in the Contract or not expressly authorised by the Disclosing Party, nor to exploit or dispose of it on its own or through third parties; (iii) adopt any precautionary measure suitable to ensure that the Confidential Information remains such, limiting access to the same only to those persons who are entitled to it and who have undertaken to comply with the content of this article or who are already subject to substantially similar constraints as a result of an employment or consultancy relationship with the Receiving Party; (iv) keep the Confidential Information confidential even after the termination of the effectiveness of the Contract for any reason; (v) not use the Confidential Information in a manner that is detrimental to the Disclosing Party; (vi) ensure that the commitments referred to in the previous points are also respected by third parties that the Receiving Party may have involved in any capacity in the execution of the Contract, otherwise it will be liable for any violation pursuant to art. 1381 of the Civil Code.
12.5 The Disclosing Party remains the exclusive owner of its Confidential Information and may freely use it for purposes other than those covered by the Contract.
12.6 Except as expressly provided in the Agreement, the Disclosing Party does not grant or transfer to the Receiving Party any right or license to the Confidential Information.

13.1 The terms and conditions of the Agreement constitute the entire agreement between the Parties and supersede all previous oral or written agreements between them with respect to the same Offer.
13.2 In the event that one or more clauses of the Contract should be annulled or declared null and void or ineffective, the Parties expressly agree that under no circumstances will such invalidity or ineffectiveness have any effect on the remaining clauses, the aforementioned clauses being deemed to have been modified in accordance with the law and/or the presumed common intention of the Parties, to the extent and in the sense necessary for them to be considered valid and effective.
13.3 Any tolerance by one Party of the conduct of the other in violation of the Contract or the applicable law does not constitute a waiver of the rights deriving from the violated provisions nor of the right to demand exact fulfillment of all the terms and conditions established by the Contract.
13.4 Nothing in the Agreement shall constitute a transfer to the Customer of intellectual and industrial property rights in the Software, the Platform and the Services.

14.1 The Contract is governed by Italian law.
14.2 The Court of Milan shall have exclusive jurisdiction over any dispute concerning the validity, interpretation, execution or termination of the Contract.

Pursuant to and for the purposes of Articles 1341 and 1342 of the Italian Civil Code, the Customer declares to have carefully read and expressly and specifically approve the following clauses: Articles 2.1, 4.3, 4.4 and 5.1 (the Company's right to suspend performance of the Contract); Articles 2.3, 2.4 and 4.5 (limitations on the Customer's right to raise objections); Article 4.7 (tacit extension of SDD B2B); Articles 4.3 and 4.10 (forfeiture of the Customer's right to the benefit of the term); Article 4.9 (the Customer's waiver of the right to pre-notification for each charge and the right to raise objections in the event of less than 14 days' notice); Articles 3.7 and 5.1 (tacit renewal of the Contract); Article 5.2 (the Company's right to withdraw); Article 5.3 (waiver by the Customer in the event of withdrawal by the Company); Articles 8.2, 8.3, 8.8, and 8.9 (limitations of the Company's liability); Article 8.7 (joint and several liability of the Customer); Article 10.1 (forfeiture of the Customer's right to raise complaints); Article 14.2 (Competent Court).