End User License Agreement

2. Background

1. You or your organisation have entered into a Client Agreement with Emesent (or the Emesent Reseller, if applicable) for the use and licence of the Software owned or licensed by us.
2. In consideration for payment under the Client Agreement, we will grant you the right to access and use the Software on the terms set out in the Client Agreement and this EULA. Subject to any other restrictions agreed separately between you and Emesent (or the Emesent Reseller, if applicable) or as set out in this EULA, the Software may be suitable for use:
   1. on Products supplied by us; or
   2. on any compatible devices you own or use.
3. By installing, downloading and/or using the Software by any means, you agree to this EULA and you enter into a legally binding agreement with us. It is important that you carefully read this EULA.
4. By installing, downloading and/or using the Software, you acknowledge that you have read and understood this EULA and that you have the authority to enter into a legal agreement with us on your own behalf and on behalf of any person you may authorise to use the Software.
5. If you do not accept this EULA, as amended from time to time, you must not access and/or use the Software and must delete the Software from any device you own or use.

3. Definitions

In this EULA, the following definitions apply:

Confidential Information means any information in any form or media which is by its nature confidential or is identified by a party as being confidential, including any of the source code or other parts of the Software not in the public domain but does not include information which can be proved by written evidence:

1. to be rightfully known by the receiving party as a consequence of the information being disclosed from an independent source without any limitation on its use or disclosure;
2. at the time of its disclosure, or at the time the receiving party becomes aware of it, to be in the public domain, or which subsequently enters the public domain otherwise than as a result of a breach of this EULA; or
3. to be independently developed by an employee or officer of the receiving party while having no knowledge of the disclosing party’s Confidential Information.

Client Agreement means the subscription, or other licensing or services agreement entered into between Emesent or the Emesent Reseller and the client (which may be you or your organisation) and which sets out additional terms relevant to your access to the Software, including subscription terms and number of permitted users where applicable and the payment of relevant licensing fees and charges.

Emesent Reseller means the official reseller that is licensed by Emesent to resell the Software and Products. References in this EULA to the Emesent Reseller will only be applicable to you if you or your organisation purchased the Software through an Emesent Reseller.

IPR means any patent, trade mark, service mark, copyright, moral right, right in a design, know-how and any other intellectual or industrial property rights, anywhere in the world whether or not registered.

Marks means any name, logo or trade mark owned by, or licensed to, us.

Open Source Code means individual software components that are provided with the Software or Product, for which the source code is made generally available without charge for use, modification or distribution.

Personal Information has the meaning prescribed by section 6 of the Privacy Act 1988 (Cth).

Privacy Laws means the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth), and any other legislation, principles, industry codes and policies relating to the handling of Personal Information.

Product means the products purchased from us or otherwise supplied to you by us.

Software means the software made available to you by us. The Software may include Open Source Code, firmware, operating systems, drivers, associated media, printed materials, and online or electronic documentation and other software which is owned or licensed by us.

Term means the period from the date of your acceptance of this EULA until the first to occur of the following:

1. you cease to be provided with access to the Software for any reason (which may include due to termination or expiry of the related Client Agreement); or
2. this EULA is terminated in accordance with clause 16.

Third Party Supplier means any third party supplier of data which is accessed and used in connection with the Software. you or your means the person who installs and/or uses the Software and who, by so doing, accepts this EULA.

Your Data means:

1. any data concerning you or any user of the Software authorised by you; and
2. any data that you or any person with your authority inputs into the Software by any means; and
3. any outputs generated by the Software as a result of your use of the Software.

4. Interpretation

In this EULA:

1. an obligation or liability assumed by, or a right conferred on, two or more parties binds or benefits them all jointly;
2. a reference to a person includes a natural person, partnership, body corporate, association, governmental or local authority or other entity;
3. no provision of this EULA will be construed to the disadvantage of a party merely because that party was responsible for preparing this EULA or including the provision in this EULA; and
4. parties must perform their obligations on the dates and times fixed by reference to Brisbane, Queensland.

5. Right to use the Software

1. Subject to your compliance with the terms of this EULA and all applicable laws, you are granted a revocable, non-transferable, non-sublicensable, non-assignable, non-exclusive licence to use and access the Software for your personal purposes or your organisation’s internal business purposes only for the Term.
2. You may use the Software on Products or any compatible devices, subject to any rules and restrictions separately agreed between you and us or under a Client Agreement, for example number of installations.
3. Your use of the Software during the Term may also be subject to the related Client Agreement, which may for example restrict the number of permitted users in your organisation.
4. You are responsible for ensuring that any devices, including Products supplied by us, on which you use the Software are in good, up-to-date working order and operating condition.You agree that we may track and monitor usage and audit your use of the Software for compliance with this EULA and any applicable Client Agreement and to assist us to provide you with support.
5. In the event that such audit reveals any use of the Software by you otherwise than in compliance with this EULA then, in addition to any other rights or remedies available to us under this EULA or at law, you shall indemnify us for:
   1. all reasonable expenses related to such audit; and
   2. other liability or loss of revenue that we incur as a result of such non-compliance.
6. In the event that such audit reveals any use of the Software by you otherwise than in compliance with any applicable Client Agreement, we may take steps to enforce the terms of the relevant Client Agreement in accordance with its terms, which may impact your licence to use and access the Software under this EULA.
7. You shall comply with all applicable trade-related laws and regulations to assure that the Software is not exported, imported or otherwise transferred, directly or indirectly, in violation of those trade-related laws, or used for any purpose prohibited by applicable trade-related laws.

6. Limitations

1. You must not, in relation to the Software or any part thereof:
   1. make or distribute copies of the Software, or electronically transfer the Software from one device to another or over a network not within your organisation;
   2. alter, digitise, merge, modify, adapt or translate the Software;
   3. reverse engineer, decompile disassemble or otherwise attempt to discover the source code of the Software or otherwise reduce the Software to a human-perceivable form;
   4. sell, transfer, rent, lease, license or sub-license the Software;
   5. attempt to undermine the security or integrity of our computing systems or networks or, where the Software is hosted by a third party, that third party’s computing systems and networks;
   6. use or misuse the Software in any way which may impair the functionality of the Software, or other systems used to deliver the Software or impair the ability of any other user to use the Software;
   7. attempt to gain unauthorised access to any materials other than those to which you have been given express permission to access or to the computer system on which the Software is hosted;
   8. provide or make the Software available to any other person or use the Software for another person’s benefit, other than as contemplated by this EULA;
   9. transmit, or input into the Software, any files that may damage any other person’s computing devices or software, content that may be offensive, or material or data in violation of any law (including data or other material protected by copyright or trade secrets which you do not have the right to use);
   10. broadcast, transmit or otherwise display in a public forum the Software or screenshots of the Software;
   11. post the Software or screenshots of the Software on any website;
   12. assign and/or novate any rights or obligations created by this EULA;
   13. modify the Software or create derivative works based upon it;
   14. use the Software for commercial purposes other than the purpose for which it is supplied to you; or
   15. use the Software to develop copycat or functionally equivalent software or derivative software.
2. You acknowledge and agree that:
   1. the Software may include technical inaccuracies or errors; and
   2. any person/entity permitted to make changes to the Software (including us or a third party authorised by us) may make improvements or other changes in and to the Software at any time without notice to you.
3. The provision of, access to, and use of the Software is on an “as is” basis and your access and use of the Software is at your own risk.
4. We do not warrant that the use of the Software will be uninterrupted or error free. The operation and availability of the systems used for accessing the Software, including computer networks and the internet, can be unpredictable and may from time to time interfere with or prevent access to the Software. You agree that we are not in any way responsible for any such interference or prevention of your access or use of the Software.
5. You are solely responsible for determining that the Software meets your needs and that it is suitable for the purposes for which it is used by you.
6. You are solely responsible for complying with all applicable laws as they pertain to you and your use of the Software. It is your responsibility to check that storage of, and access to Your Data via the Software will comply with laws applicable to you (including any laws requiring you to retain records).
7. We have no responsibility to any person other than you and nothing in this EULA confers, or purports to confer, a benefit on any person other than you. If you use the Software on behalf of or for the benefit of anyone other than you, you remain responsible for ensuring that you have the right to do so.

7. Your Data

1. Your Data remains your property.
2. You hereby grant to us a non-exclusive licence to use, copy, transmit, store and backup Your Data to the extent necessary for the purposes of providing you support and performing our obligations under this EULA.
3. You acknowledge and agree that we do not edit or control Your Data and we will not be responsible in any way for the content of Your Data.
4. We may but are not obliged to, make copies of Your Data and you therefore must maintain copies of Your Data.

8. Analytics

1. Despite anything to the contrary in this EULA or elsewhere, we may monitor, analyse and compile information based on and/or related to your use of the Software (“Analytics”).
2. We and our licensors own all right, title and interest in and to the Analytics and all related software, technology, documentation, and content provided in connection with the Analytics, including all IPR in the foregoing.

9. Privacy

1. To the extent that Your Data or Analytics comprise Personal Information, we may collect your Personal Information through your use of the Software and Products for the purpose of providing services and support to you, monitoring usage and auditing your use of the Software, and otherwise in accordance with the Emesent Privacy Policy.
2. Each party must:
   1. comply with all Privacy Laws; and
   2. not do any act, engage in any practice, or omit to do any act or engage in any practice that would cause the other party to breach or be taken to breach any Privacy Law.
3. We may disclose Your Data to:
   1. any duly authorised law enforcement officer;
   2. any other person as authorised or required by law; and
   3. any third party to whom you have authorised us to disclose Your Data.
4. If we are required to disclose Your Data under clause 9.c to provide assistance in relation to any inquiry, complaint, hearing or other form of investigation or proceedings regarding you, you must reimburse us for any costs we directly or indirectly incur in providing such disclosures.
5. If we disclose Your Data to third-party applications for use in connection with the Software, you acknowledge that we may, in accordance with clause 9.c, disclose Your Data to the providers of those third-party applications for the inter-operation of such third-party applications with the Software.
6. You may access Your Data you input into the Software, including without limitation, any of Your Data input into the Software by any person you have authorised to use the Software.
7. You are responsible for authorising any person who is given access to Your Data input to the Software, and you agree that we have no obligation to provide any person access to Your Data without your authorisation and may refer any such requests to you for your determination.
8. You indemnify us against any claims or loss relating to:
   1. our refusal to provide any person access to Your Data in accordance with this EULA; and
   2. our making available Your Data to any person with your authorisation.

10. Links to third party sites

1. You acknowledge and agree that you may be linked to third party sites through your use of the Software. The third party sites are not under our control and we are not responsible for the content of any third party sites, any links contained therefrom, or any changes or updates to third party sites from time to time.
2. We are not responsible for any form of transmission received from any third party sites.
3. Any link to a third party site from within the Software is provided for convenience only and the inclusion of any such link does not imply an endorsement of the site, or its content, by us.

11. Open Source Software

1. You acknowledge and agree that the Software includes various Open Source Code open source software which are licensed under and governed by the terms of various published open source software license agreements or copyright notices accompanying such software components.
2. You must not modify or derive works from the Open Source Code, or take any other action, if doing so would infringe or violate the terms on which the Open Source Code is licensed.

12. Additional content, services and/or updates

The terms and conditions of this EULA apply to any updates, supplements, add-on components or internet-based service components of the Software that we may provide to you or make available to you after the date you obtain or use your initial copy of the Software, unless we provide other terms along with the update, supplement, add-on component or internet-based service component.

13. Intellectual property

1. Title to, and all IPR in the Software and any documentation relating to the Software remains the property of us (or our licensors) and nothing in this EULA operates to grant you any IPR in the Software or any party thereof.
2. You must not:
   1. remove or modify any copyright notice on the Software or register or attempt to register any IPR in the Software or any aspect of the Software or any derivation thereof; and
   2. use any Marks without our prior written consent or register or attempt to register rights in relation to the Marks, any derivative of the Marks or anything similar to them.

14. Security

1. We will take reasonable steps to ensure access to the Software is secure, however we do not guarantee that access will be secure at all times.
2. You acknowledge and agree that you are solely responsible for:
   1. the security, confidentiality and integrity of all information or data uploaded, downloaded or otherwise communicated while accessing the Software;
   2. keeping all passwords and usernames required to access the Software secure and confidential;
   3. ensuring that you have adequate software protection in place for the Software under your control; and
3. You must immediately notify us of any unauthorised use of your passwords or any other breach of security, whereupon we may reset your password and you must take all other actions that we reasonably deem necessary to maintain or enhance the security of our computing systems and networks and your access to the Software.

15. Confidentiality

If you receive or become aware of any Confidential Information, you must not use or disclose that Confidential Information except to the extent required to:

1. fulfil your obligations and exercise your rights under this EULA;
2. disclose that Confidential Information to your employees, directors and officers, and legal and financial advisors, who have a need to know for the purposes of this EULA (and then only to the extent that each has a need to know), and provided the disclosure is made on a confidential basis; or
3. comply with the requirements of the law, but before making any disclosure you must:
   1. notify us in writing as soon as reasonably practicable; and
   2. only disclose that part of the Confidential Information as is necessary to comply with relevant requirements.

16. Termination

1. You may terminate this EULA by notice in writing to us in which case the termination takes effect at the end of the month in which you terminate.
2. We may exercise any of our rights under clause 16.c if:
   1. in relation to a breach of this EULA that is capable of remedy, you fail to remedy such breach within 14 days of notice of the breach; or
   2. you commit a breach of this EULA that is not capable of remedy; or
   3. the Client Agreement applicable to your use of the Software expires or is terminated for any reason.
3. Upon the occurrence of any event in clause 16.b, we may:
   1. immediately terminate this EULA and use of the Software by you; and/or
   2. suspend for any definite or indefinite period of time, your use of the Software.
4. For the avoidance of doubt, if this EULA is terminated or expires for any reason, your right to use the Software immediately ceases and the licences granted by us under this EULA terminate.
5. On termination or expiry of this EULA, it is your obligation and responsibility to ensure that:
   1. you immediately cease to use the Software; and
   2. you delete all copies of the Software installed from any device used to access the Software.
6. Termination of this EULA is without prejudice to any rights and obligations of the parties accrued up to and including the date of termination. On termination of this EULA, you will remain liable for any accrued charges and amounts which become due for payment before or after termination.

17. Warranties and liability

1. You acknowledge that you are solely responsible for navigating any equipment that utilises the Software and that you (or the person in charge of navigating that equipment) is solely responsible for any damage or injury caused by such equipment, whether or not that damage or injury was caused in whole or in part by the Software.
2. We hereby exclude all express and implied conditions and warranties in relation to the Software and this EULA, except those conditions or warranties that cannot be excluded by law.
3. To the absolute extent permitted by law, we will not be liable to you or your representatives for any liability, claim, loss or damage of any kind whether arising in contract or tort (including negligence) or under any statute or for any other common law or equitable cause of action (including but not limited to any special, incidental, indirect or consequential damages whatsoever, or loss of actual or anticipated profits, revenue, savings, business, opportunity, access to markets, goodwill, reputation, publicity or use or loss or data, collectively, “Consequential Loss”) arising from or in connection with your use of the Software, except to the extent that the liability, claim, loss or damage is directly attributable to our negligence or wrongful act or omission.
4. To the fullest extent permitted by law, our total aggregate liability for all claims relating to this EULA is limited to the total fees paid by you in respect of the Software in the 12 months before the liability accrued.
5. You hereby acknowledge and agree that we shall not be liable to you or any other person for any liability, loss or damage of any kind (including but not limited to Consequential Loss) arising directly or indirectly from or in connection with the acts or omissions of any Third Party Supplier.
6. You warrant to us that:
   1. you have the authority to grant the licence pursuant to clause 7.b of this EULA;
   2. you have attended to all backups, and have maintained copies of, Your Data and you acknowledge that we are not responsible for maintaining or storing Your Data;
   3. the use by us of Your Data will not result in any unauthorised use of the rights of any person;
   4. you have the authority to enter into, perform and observe your obligations and rights under this EULA; and
   5. you have the authority to agree to this EULA and you acknowledge and agree that, by using the Software, you bind anyone who accesses the Software with your authority to the performance of any and all obligations that you become subject to by virtue of this EULA without limiting any of your obligations under this EULA.
7. We provide no warranty:
   1. that any result or objective can or will be achieved or attained at all by expiry or termination of this EULA (whichever is the earlier) or by any other date; and
   2. that the Software will be fit for purpose, continuous, uninterrupted, accurate, fault-free, virus-free, secure or accessible at all times.
8. If you acquired the Software as a consumer within the meaning of the ‘Australian Consumer Law’ under the Australian Competition and Consumer Act 2010 (Cth), then despite any other provision of this EULA:
1. the Software comes with guarantees that cannot be excluded under the Australian Consumer Law;
2. nothing in this EULA excludes, restricts, or modifies any right or remedy, or any guarantee, warranty, or other term or condition implied or imposed by the Australian Consumer Law which cannot be lawfully excluded or limited; and
3. the benefits provided to you by the warranties in this EULA are in addition to other rights and remedies available to you under applicable law in relation to the goods or services to which the warranty relates.
9. If you acquired the Software as a consumer within the meaning of relevant consumer legislation in your country, state or territory, then despite anything to the contrary in this EULA, nothing in this EULA affects any non-excludable statutory rights or remedies that you may have under such consumer legislation.

18. Indemnity

You are liable for and must indemnify us, our directors, employees, contractors and agents (together, the “Indemnified Party”) from and against all damages, losses, claims and expenses incurred or suffered by the Indemnified Party arising as a direct result of:

1. breach of this EULA;
2. any unlawful or negligent act or omission; or
3. use of the Software, including but not limited to any modification of the Software by you (whether done with our consent or otherwise) which causes the Software to infringe the IPR of a third party, by you or by anyone directly or indirectly authorised or allowed to use the Software by you.

19. Technical problems

1. We may require you to install such upgrades and supplements to the Software as may be reasonably required from time to time.
2. We shall have no obligation to provide support for any version of the Software for which you have not complied with clause 19.a or for which we have issued an end-of-life notification at least 3 months prior.

20. Updates and amendments

1. You acknowledge that from time to time as we determine it necessary or desirable to do so we may update any aspect of the Software.
2. You acknowledge that, in the event of an update of any aspect of the Software or for such other reasons as we may determine, we may amend this EULA in whole or part in our sole discretion with notice to you.
3. Any amendments to this EULA will be effective immediately upon notifying the revised terms to you. By continuing to use the Software following any amendments, you will be deemed to have agreed to such amendments.

21. Dispute resolution

1. The parties must use their reasonable endeavours to resolve through negotiation all disputes, conflicts (including, without limitation, conflicts of interest) differences or questions between them arising out of or in connection with this EULA.
2. If, within 14 calendar days, the dispute cannot be resolved following negotiation between the parties, either party may refer the dispute for arbitration in accordance with, and subject to, the Resolution Institute Arbitration Rules of the Resolution Institute, Australia. Each party agrees to submit to such arbitration as a precondition to the commencement of litigation. During such arbitration, both parties may be represented by a duly qualified legal practitioner.

21. Dispute resolution

1. The parties must use their reasonable endeavours to resolve through negotiation all disputes, conflicts (including, without limitation, conflicts of interest) differences or questions between them arising out of or in connection with this EULA.
2. If, within 14 calendar days, the dispute cannot be resolved following negotiation between the parties, either party may refer the dispute for arbitration in accordance with, and subject to, the Resolution Institute Arbitration Rules of the Resolution Institute, Australia. Each party agrees to submit to such arbitration as a precondition to the commencement of litigation. During such arbitration, both parties may be represented by a duly qualified legal practitioner.

22. General

1. The failure, delay, relaxation or indulgence on the part of a party in exercising, in part or whole, any power, right or remedy conferred upon that party by this EULA shall not operate as a waiver of that power, right or remedy.
2. You must not assign or otherwise deal with all or any part of your rights or obligations under this EULA without our prior written consent. We may assign our rights under this EULA at any time by notice in writing to you.
3. All rights not specifically granted in this EULA are reserved by us, for us and for our suppliers.
4. Any notice given under or pursuant to this EULA by either party to the other must be in writing by email and will be deemed to have been given on transmission. Notices to us must be sent to info@emesent.io or by any other method notified by email to you by us. Notices to you will be sent to the email address you have provided to us as part of your registering to use the Software or as otherwise advised and confirmed by us.
5. The terms of this EULA are subject to the Emesent Standard Terms as agreed between Emesent and you or your organisation.
6. If any term of this EULA is invalid or not enforceable by a court of competent jurisdiction, it is to be read down and shall otherwise be capable of being severed to the extent of the invalidity or unenforceability without affecting the remaining provisions of this EULA.
7. Any clause of this EULA that is by its nature intended to survive termination does so, including clauses 5.f, 13, 15, 16.e, 17, 18, 22.e, 22.f and 22.g.
8. This EULA is governed by and is to be construed in accordance with the laws in force in Queensland, Australia. Each party irrevocably and unconditionally submits to the exclusive jurisdiction of the courts of Queensland and waives any right to object to proceedings being brought in those courts or courts of appeal therefrom.

1. Status and Relationship to the EULA

1.1  This Addendum supplements and forms part of the Emesent End User Licence Agreement published at emesent.com/end-user-license-agreement (EULA). It does not amend, replace, or vary any provision of the EULA, except as expressly stated in this Addendum and only in respect of Aura Cloud.
1.2  This Addendum applies only to Aura Cloud, and only to the extent that Emesent processes Personal Data to which the GDPR applies in the course of providing Aura Cloud. The EULA continues to govern all other Software, and all other aspects of your use of Aura Cloud.
1.3  Aura Cloud is “Software” for the purposes of the EULA. The terms of the EULA that apply to the Software apply to Aura Cloud, as supplemented by this Addendum.
1.4  Capitalised terms used but not defined in this Addendum have the meaning given to them in the EULA. To the extent of any conflict, in respect of Aura Cloud and the processing of Personal Data subject to the GDPR: (a) this Addendum prevails over the EULA; and (b) the EULA prevails over this Addendum on all other matters. The order of precedence in clause 22.e of the EULA (Emesent Standard Terms) and any applicable Client Agreement otherwise continues to apply.
1.5  This Addendum takes effect on the date Aura Cloud is first made available to you and continues for so long as Emesent processes Personal Data on your behalf through Aura Cloud.
1.6  By accessing or using Aura Cloud, you agree to this Addendum in addition to the EULA. If you accept this Addendum on behalf of an organisation, you represent that you have authority to bind that organisation.

2. Definitions

In this Addendum, the following definitions apply. Terms defined in the GDPR (such as processing, controller, processor, data subject, personal data breach, and supervisory authority) have the meaning given to them in Article 4 of the GDPR.

Aura Cloud — means Emesent’s browser-based SaaS application for uploading, managing, visualising, and sharing 3D point cloud and geospatial data, being “Software” as defined in the EULA.
Customer Content — means all point cloud files, 360° panoramic images, scan trajectories, and associated files uploaded to Aura Cloud by you or on your behalf, to the extent they contain Personal Data.
Data Protection Laws — means the GDPR, the UK GDPR, the Privacy Laws as defined in the EULA, and any other laws applicable to a party relating to the processing of Personal Data.
GDPR — means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) as it applies in the European Economic Area.
Personal Data — means any information relating to an identified or identifiable natural person within the meaning of Article 4(1) of the GDPR that is processed under or in connection with Aura Cloud. For the purposes of Aura Cloud, the definition of “Personal Information” in clause 3 of the EULA is extended to include Personal Data.
Public Viewer — means an unauthenticated individual who accesses a point cloud via a public share link generated by an authenticated user of Aura Cloud.
Restricted Transfer — means a transfer of Personal Data from the European Economic Area or the United Kingdom to a country or recipient not subject to an adequacy decision.
Standard Contractual Clauses (SCCs) — means the standard contractual clauses for the transfer of personal data to third countries approved by the European Commission in Decision (EU) 2021/914, and, for transfers subject to the UK GDPR, the International Data Transfer Addendum issued by the UK Information Commissioner (UK Addendum).
Sub-processor — means any third party engaged by Emesent to process Personal Data on your behalf in the course of providing Aura Cloud, as listed in Schedule C.
UK GDPR — means the GDPR as retained in the law of the United Kingdom by the European Union (Withdrawal) Act 2018 and as supplemented by the Data Protection Act 2018.
Your Data — has the meaning given in clause 3 of the EULA, to the extent it contains Personal Data.

3. Roles of the Parties

3.1  In respect of Personal Data contained in Customer Content and Your Data that Emesent processes through Aura Cloud on your behalf, you (or the controller on whose behalf you act) are the controller and Emesent is the processor.
3.2  Each party must comply with the obligations that apply to it under Data Protection Laws, and must not act or omit to act in a way that causes the other party to breach any Data Protection Law. This clause supplements clause 9 of the EULA.
3.3  Where Emesent determines the purposes and means of processing — including product-usage analytics under clause 8 of the EULA, account administration, security monitoring, and billing — Emesent acts as an independent controller for that processing and handles that Personal Data in accordance with the Emesent Privacy Policy at emesent.com/privacy-policy.
3.4  Where a Public Viewer accepts the cookie policy presented at the point of access, Emesent collects that Public Viewer’s IP address for internal analytics purposes and acts as a controller in respect of that data. Emesent does not collect or store IP-address data from Public Viewers who decline or do not interact with the cookie policy.
3.5  You warrant that: (a) you have a lawful basis under the GDPR for the processing you instruct Emesent to carry out; (b) your instructions, and your upload and public sharing of Customer Content, comply with Data Protection Laws; and (c) you have provided all notices and obtained all consents necessary in respect of Personal Data captured in Customer Content, including the incidental capture of identifiable individuals or vehicles in 360° panoramic imagery.

4. Emesent’s Obligations as Processor (Article 28)

Where Emesent acts as a processor in respect of Personal Data processed through Aura Cloud, Emesent will:

(a)    process Personal Data only on your documented instructions, including with regard to transfers of Personal Data to a third country, unless required to do so by a law to which Emesent is subject, in which case Emesent will inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(b)    ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, consistent with clause 15 of the EULA;
(c)    implement and maintain the technical and organisational measures set out in Schedule B, as required by Article 32 of the GDPR;
(d)    comply with the conditions for engaging Sub-processors set out in clause 6 of this Addendum;
(e)    taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, in fulfilling your obligation to respond to requests to exercise data-subject rights under Articles 12 to 23 of the GDPR;
(f)    assist you in ensuring compliance with your obligations under Articles 32 to 36 of the GDPR (security of processing, notification of a personal data breach, communication of a breach to data subjects, data protection impact assessments, and prior consultation), taking into account the nature of the processing and the information available to Emesent;
(g)    at your choice, delete or return all Personal Data processed on your behalf on termination, in accordance with clause 8 of this Addendum;
(h)    make available to you all information necessary to demonstrate compliance with Article 28 of the GDPR, and allow for and contribute to audits in accordance with clause 7 of this Addendum; and
(i)    immediately inform you if, in its opinion, an instruction from you infringes Data Protection Laws.

5. Security (Article 32)

5.1  Emesent will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as set out in Schedule B. This clause supplements clause 14 of the EULA.
5.2  Emesent may update the measures in Schedule B from time to time, provided that the updated measures do not materially reduce the overall level of security of Aura Cloud.

6. Sub-processors

6.1  You grant Emesent general written authorisation to engage the Sub-processors listed in Schedule C to process Personal Data on your behalf in providing Aura Cloud.

7. Records and Audit Rights

7.1  On your reasonable written request and subject to reasonable notice, Emesent will make available to you all information necessary to demonstrate compliance with this Addendum and Article 28 of the GDPR.
7.2  Emesent may satisfy its obligations under this clause 7 in whole or in part by providing you with up-to-date third-party audit certifications (such as ISO 27001 or SOC 2) relevant to Aura Cloud.

8. Return and Deletion of Personal Data

8.1  On termination or expiry of the EULA in respect of Aura Cloud (see clause 16 of the EULA), Emesent will, at your choice, delete or return all Personal Data processed on your behalf and delete existing copies, unless a law to which Emesent is subject requires continued storage of that Personal Data.
8.2  You should export any Customer Content you wish to retain prior to termination. Emesent cannot guarantee the availability of Your Data following account closure. On your written request, Emesent will certify deletion of the Personal Data.
8.3  You acknowledge that data deletion initiated by you or your Users within Aura Cloud Release 1.0 is permanent, as described in the EULA and the Documentation.

9. Personal Data Breach (Articles 33-34)

9.1  Emesent will notify you without undue delay, and where feasible within 72 hours, after becoming aware of a personal data breach affecting Personal Data processed on your behalf.
9.2  The notification will describe, to the extent known at the time: the nature of the breach, including the categories and approximate number of data subjects and records concerned; the likely consequences of the breach; and the measures taken or proposed to address it. Where the information cannot be provided at the same time, it may be provided in phases without undue further delay.
9.3  Emesent will cooperate with you and take reasonable steps as directed by you to assist in the investigation, mitigation, and remediation of the breach.

10. International Transfers (Articles 44-49)

10.1  Your Data is hosted in the AWS region you select at onboarding. The available regions for Aura Cloud Release 1.0 are: Sydney (ap-southeast-2), Ohio (us-east-2), Ireland (eu-west-1), and Singapore (ap-southeast-1).
10.2  Where Personal Data is transferred outside the European Economic Area or the United Kingdom in the course of Emesent providing Aura Cloud (including through the Sub-processors listed in Schedule C), Emesent ensures that the transfer is made subject to appropriate safeguards in accordance with Data Protection Laws, including the Standard Contractual Clauses or the UK Addendum where required. Schedule D identifies the transfer mechanism that applies to each relevant transfer.
10.3  Where the SCCs apply, the parties are deemed to have entered into them, and they are incorporated into this Addendum by reference, with the data exporter being you and the data importer being Emesent. Details of the safeguards applicable to transfers by each Sub-processor are available on request.

11. Data Subject Rights

11.1  If Emesent receives a request from a data subject in relation to Personal Data processed on your behalf, Emesent will, where it is able to identify the relevant controller, promptly forward the request to you and will not respond directly except on your documented instructions or as required by law.
11.2  You are responsible for authorising any person’s access to Your Data within Aura Cloud, consistent with clauses 9.f and 9.g of the EULA. Emesent has no obligation to grant any person access to Your Data without your authorisation.

12. Liability

12.1  Each party’s liability arising out of or in connection with this Addendum is subject to the exclusions and the aggregate liability cap set out in clause 17 of the EULA. This clause does not limit any liability that cannot be limited or excluded under Data Protection Laws.

13. Governing Law and Supervisory Authority

13.1  This Addendum is governed by the laws of Queensland, Australia, in accordance with clause 22.h of the EULA.
13.2  Nothing in this Addendum or the EULA limits any right a data subject may have to lodge a complaint with a supervisory authority, or to bring proceedings before a court in their jurisdiction, under Data Protection Laws including the GDPR.

14. General

14.1  This Addendum is incorporated into and subject to the general provisions of the EULA, including those relating to notices (clause 22.d), waiver (clause 22.a), and severability (clause 22.f).
14.2  The provisions of this Addendum survive termination of the EULA to the extent, and for so long as, Emesent continues to process Personal Data on your behalf.

Schedule A - Details of Processing (Article 28(3))

Schedule B - Technical and Organisational Measures (Article 32)

Emesent maintains the following technical and organisational measures for Aura Cloud. 

Access control and authentication
•    Authenticated access via a managed identity provider (Auth0 / Okta), with role-based access for Admin users, standard Users, and Support Engineers.
•    Principle of least privilege applied to internal personnel access to production systems and Customer Content.

Encryption
•    Encryption of Personal Data in transit using current industry-standard protocols (TLS).
•    Encryption of Personal Data at rest within the selected AWS storage region.

Infrastructure and resilience
•    Hosting on Amazon Web Services within the customer-selected region, with workflow orchestration via Temporal Cloud.
•    Logical separation of customer environments and data.
•    Back-up and recovery processes operated as part of standard operations.

Monitoring and logging
•    Application error monitoring and logging (Sentry) and product-usage analytics (Amplitude), excluding the content of point clouds.
•    Audit logging of authentication and administrative actions.

Organisational measures
•    Confidentiality obligations binding personnel authorised to process Personal Data.
•    Personal data breach response and notification procedures.
•    Vendor and Sub-processor due-diligence and contracting controls.

Schedule C - Sub-processors

Schedule D - Transfer Mechanisms