a. Scope of license: This license granted to the member for the Licensed Application by Application Provider is limited to a non-transferable license to use the Licensed Application for a term on any device that the member own or control. This license does not allow the member to use the Licensed Application on any device that the member do not own or control, and the member may not distribute, share or make the link to Licensed Application available over a network where it could be used by unintended parties without the consent of the Application Provider. The member may not rent, lease, lend, sell, redistribute or sublicense the Licensed Application. the member may not copy (except as expressly permitted by this license and the Usage Rules), decompile, reverse engineer, hack code, disassemble, attempt to derive the source code of, modify, or create derivative works of the Licensed Application, any updates, or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by the licensing terms governing use of any open sourced components included with the Licensed Application). Any attempt to do so is a violation of the rights of the Application Provider and its licensors. If the member breaches this restriction, the member may be prosecuted and damages applicable or punishable by law. Further, the license may be revoked or terminated prematurely without any refund for paid amounts. The terms of the license will govern any upgrades provided by Application Provider that replace and/or supplement the original Product, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern. The license will be assigned is to specific person, signing on behalf of the organization they are working for and is not transferrable and should not be shared. The Member agreed that the information provided is accurate and complete. The Member is aware that any changes, requiring your approval, may be subject to additional costs.

b. Consent to use of data: The member agree that Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to the member (if any) related to the Licensed Application. Application Provider may use this information, as long as it is in a form that does not personally identify the member, to improve its products or to provide services or technologies to the member.

c. Termination. The license is effective until terminated by the member or Services Provider. Your rights under this license will terminate automatically without notice from the Application Provider if the member fail to comply with any term(s) of this license. Upon termination of the license, the member shall cease all use of the Licensed Application, and destroy all copies, full or partial, of the Licensed Application.

d. Services: Third Party Materials. The Licensed Application may enable access to Application Provider’s and third party services and websites (collectively and individually, "Services"). Use of the Services may require Internet access and that the Member accepts additional terms of service. The member agrees to use the Services at their sole risk and that the service provider shall not have any liability to the member for content that may be found to be offensive, indecent, or objectionable.

e. Subject to the terms hereof, Company will provide Member with reasonable technical support services in accordance with the terms set forth. For a paying Member technical support is extended via online medium and phone medium only. Direct on-site Member support is not applicable unless it has been agreed mutually between the member or the organization.

f. NO WARRANTY: LEAN STATION DOES NOT GUARANTEE THAT THE PROGRAMS WILL PERFORM ERROR-FREE OR UNINTERRUPTED OR THAT LEAN STATION WILL CORRECT ALL PROGRAM ERRORS. TO THE EXTENT PERMITTED BY LAW, THESE WARRANTIES ARE EXCLUSIVE AND THERE ARE NO OTHER EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR PURPOSE. THE MEMBER EXPRESSLY ACKNOWLEDGE AND AGREE THAT USE OF THE LICENSED APPLICATION IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH THE MEMBER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED APPLICATION AND ANY SERVICES PERFORMED OR PROVIDED BY THE LICENSED APPLICATION ("SERVICES") ARE PROVIDED "AS IS" AND “AS AVAILABLE”, WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND, AND APPLICATION PROVIDER HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH RESPECT TO THE LICENSED APPLICATION AND ANY SERVICES, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. APPLICATION PROVIDER DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE LICENSED APPLICATION, THAT THE FUNCTIONS CONTAINED IN, OR SERVICES PERFORMED OR PROVIDED BY, THE LICENSED APPLICATION WILL MEET YOUR REQUIREMENTS, THAT THE OPERATION OF THE LICENSED APPLICATION OR SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE LICENSED APPLICATION OR SERVICES WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLICATION PROVIDER OR ITS AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY. SHOULD THE LICENSED APPLICATION OR SERVICES PROVE DEFECTIVE, THE MEMBER ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON APPLICABLE STATUTORY RIGHTS OF A CONSUMER, SO THE ABOVE EXCLUSION AND LIMITATIONS MAY NOT APPLY TO THE MEMBER.

g. Limitation of liability. LEAN STATION WILL NOT BE LIABLE FOR ANY DAMAGES RESULTING IN THE USE OF ITS FEATURES OR SERVICES OR FROM THE USE OF DATA OR INFORMATION FROM THE LICENSED APPLICATION TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT SHALL APPLICATION MANUFACTURER, PROVIDER OR DISTRIBUTOR BE LIABLE FOR PERSONAL INJURY, OR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, OR ATTORNEY’S FEES. ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE LICENSED APPLICATION, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE) AND EVEN IF APPLICATION PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY FOR PERSONAL INJURY, OR OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY TO THE MEMBER. IN NO EVENT SHALL APPLICATION PROVIDER’S TOTAL LIABILITY TO THE MEMBER FOR ALL DAMAGES EXCEED THE AMOUNT OF ONE DOLLAR ($1.00). THE FOREGOING LIMITATIONS WILL APPLY EVEN IF THE ABOVE STATED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

h. Member may not remove or export from Singapore or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of any governing authority.

i. The laws of the Singapore, excluding its conflicts of law rules, govern this license and your use of the Licensed Application. Your use of the Licensed Application may also be subject to other local, state, national, or international laws.

j. Lean Station will manufacture and sell the Products in compliance with the state, and local laws applicable to each Product. Member will comply with the state, and local laws applicable to the handling, transportation, storage, use, processing, disposal, distribution, sale, and resale of Products and to any of Member’s products that contain or are made by using Products. Under no circumstances will either party offer or make any payment or give anything of value to another person or entity where such payment or action would violate an applicable law or regulation, including, but not limited to, any applicable anti-bribery, anti-corruption, or anti-kickback law.

a.to take reasonable precautions to protect such Proprietary Information, and

b.not to use (except in performance of the Services or as otherwise permitted herein) or

c.divulge to any third person any such Proprietary Information.

a.is or becomes generally available to the public, or

b.was in its possession or known by it prior to receipt from the Disclosing Party, or

c.was rightfully disclosed to it without restriction by a third party, or

d.was independently developed without use of any Proprietary Information of the Disclosing Party

e.is required to be disclosed by law.

a.the Services and Software, all improvements, enhancements or modifications thereto,

b.any software, applications, inventions or other technology developed in connection with Implementation Services or support, and

c.all intellectual property rights related to any of the foregoing.

a.use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and

b.disclose such data solely in aggregate or other de-identified form in connection with its business.

1.Information you provide to us: When you register to use the Services, communicate with our customer service team, send us an email, or post on our blog, you’re giving us personal information that we collect. That personal information may include your IP address, name, physical address, email address, phone number, credit card information, and other details like gender, occupation, and other demographic information. By giving us this information, you consent to your information being collected, used, disclosed, and stored by us, only as described in our Terms of Use and Privacy Policy.

2.List and email information: When you add a collaborator to the project or create an email with the Services, we have access to the data on your list and the information in your email.

3.Information from your use of the service: We may get information about how and when you use the Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application. Also, project data gathered from the use of services.

4.Cookies: When you register to use Lean PlanDo, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our Website, when you use the Services, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block our cookies, it may be more difficult (and maybe even impossible) to use the Services.

5.Construction related information: All data that are added to the websites are captured including the names of the activities, the type of activities, the duration, constraints, site photos, drawings, layouts, permits, images, videos etc. When the member or any invited collaborator updates this information again real-time data is captured through information such as task progress or variance etc. These are all considered as personal data to the member and all this data is captured and stored securely.

6.Information from other sources: We may get more information about you, like name, age, and participation in social media websites, by searching the internet or querying third parties (we’ll refer to that information as Supplemental Member Information). We only collect data that’s publicly available or provided by a third party according to its terms of use.

1.To promote use of our services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking whether you want to sign up. And if you use any of our Services, and we think you might benefit from using another Service we offer, we may send you an email telling you about it.

2.For R&D of our products and services. For example our automated systems will analyze your data provided when you use our products and services to improve them, develop new, secure, maintain and provide stable operations consistently.

3.To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 7 below.

4.To send you system alert messages. For example, we may let you know about temporary or permanent changes to our Services, like planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.

5.To enforce compliance with our terms of use and applicable law. This may include developing tools and algorithms that help us prevent violations.

6.To provide customer support. This may include providing project level support from a representative from the company who can access your project data upon your approval.

7.To protect the rights and safety of our members and third parties, as well as our own.

8.To meet legal requirements like complying with court orders and valid subpoenas.

9.To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.

10.To prosecute and defend a court, arbitration, or similar proceeding.

11.To support and improve the services we offer.

12.To communicate with you about your account for informational, not promotional, reasons.

13.To transfer your information in the case of a sale, merger, consolidation, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Web site.

14.To send you informational and promotional content that you may choose (or "opt in") to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.

1.Blog. We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you’d like it to be removed, contact us at support@leanstation.com. If we’re not able to remove your information, we’ll let you know why.

2.Social media widgets. Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.

3.Links to third-party sites. Our Websites include links to other websites, whose privacy practices may be different from Lean PlanDo’s. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Website you visit.

4.Service providers. If it is necessary to provide you a service you've requested, like send you a T-shirt or enable a feature like Social Profiles, then we may provide your personal information to a service provider. We will restrict any service provider's use of your personal information. We will tell you whenever reasonably possible and you may request at any time the name of our service providers.

“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.

“Authorized Affiliate” means any of Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.

“Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.

“Controller” means an entity that determines the purposes and means of the processing of Personal Data.

“Customer Data” means any data that Lean Station and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.

“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, PDPA or the EU Data Protection Law.

“EU Data Protection Law” means (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).

“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law

“Privacy Shield” means the EU-US and Swiss-US Privacy Shield Frameworks, as administered by the U.S. Department of Commerce.

“Privacy Shield Principles” means the Privacy Shield Framework Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision of 12 July 2016 pursuant to the Directive, details of which can be found at www.privacyshield.gov/eu-us-framework.

“Processor” means an entity that processes Personal Data on behalf of the Controller.

“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

“Services” means any product or service provided by Lean Station to Customer pursuant to and as more particularly described in the Agreement.

“Sub-processor” means any Processor engaged by Lean Station or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or any Lean Station Affiliate.

2.1 This DPA applies where and only to the extent that Lean Station processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of Singapore, the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.

2.2 Role of the Parties. As between Lean Station and Customer, Customer is the Controller of Personal Data and Lean Station shall process Personal Data only as a Processor on behalf of Customer. Nothing in the Agreement or this DPA shall prevent Lean Station from using or sharing any data that Lean Station would otherwise collect and process independently of Customer's use of the Services

2.3 Customer Obligations. Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to Lean Station; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Lean Station to process Personal Data and provide the Services pursuant to the Agreement and this DPA.

2.4 Lean Station Processing of Personal Data. As a Processor, Lean Station shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Agreement; (ii) processing to perform any steps necessary for the performance of the Agreement; and (iii) to comply with other reasonable instructions provided by Customer to the extent they are consistent with the terms of this Agreement and only in accordance with Customer’s documented lawful instructions. The parties agree that this DPA and the Agreement set out the Customer’s complete and final instructions to Lean Station in relation to the processing of Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Lean Station.

2.5 Nature of the Data. Lean Station handles Customer Data provided by Customer. Such Customer Data may contain special categories of data depending on how the Services are used by Customer. The Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to Customer; (ii) to provide customer and technical support to Customer; and (iii) disclosures as required by law or otherwise set forth in the Agreement.

2.6 Lean Station Data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Customer acknowledges that Lean Station shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered personal data under Data Protection Laws, Lean Station is the Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.

3.1 Authorized Sub-processors. Customer agrees that Lean Station may engage Sub-processors to process Personal Data on Customer's behalf. The Sub-processors currently engaged by Lean Station and authorized by Customer are listed in Annex A.

3.2 Sub-processor Obligations. Lean Station shall: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Lean Station to breach any of its obligations under this DPA.

3.3 Changes to Sub-processors. Lean Station shall provide Customer reasonable advance notice (for which email shall suffice) if it adds or removes Sub-processors.

3.4 Lean Station engages Cloudalio Technologies Pvt Ltd, India d.b.a, Lean Station India to as a sub-processor.

3.5 Objection to Sub-processors. Customer may object in writing to Lean Station’s appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying Lean Station promptly in writing within five (5) calendar days of receipt of Lean Station’s notice in accordance with Section 3.3. Such notice shall explain the reasonable grounds for the objection. In such event, the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by Lean Station without the use of the objected-to-new Sub-processor.

4.1 Security Measures. Lean Station shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with Lean Station's security standards.

4.2 Confidentiality of Processing. Lean Station shall ensure that any person who is authorized by Lean Station to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

4.3 Security Incident Response. Upon becoming aware of a Security Incident, Lean Station shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

4.4 Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that Lean Station may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.

5.1 Lean Station shall maintain records of its security standards. Upon Customer's written request, Lean Station shall provide (on a confidential basis) copies of relevant external ISMS certifications (if available), internal audit report summaries and/or other documentation reasonably required by Customer to verify Lean Station's compliance with this DPA (on a Confidential basis). Lean Station shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Lean Station's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.

Available upon request (confidential information)

7.1 Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent Lean Station is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data Lean Station shall securely isolate and protect from any further processing, except to the extent required by applicable law.

8.1 To the extent that Customer is unable to independently access the relevant Personal Data within the Services, Lean Station shall (at Customer's expense) taking into account the nature of the processing, provide reasonable cooperation to assist Customer by appropriate technical and organizational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. In the event that any such request is made directly to Lean Station, Lean Station shall not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Lean Station is required to respond to such a request, Lean Station shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

8.2 To the extent Lean Station is required under Data Protection Law, Lean Station shall (at Customer's expense) provide reasonably requested information regarding Lean Station's processing of Personal Data under the Agreement to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.

9.1 Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.

9.2 This DPA is a part of and incorporated into the Agreement so references to "Agreement" in the Agreement shall include this DPA.

9.3 In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.

9.4 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.