CallCompany Oy — Terms of Service

1. Definitions

“Affiliate” means any entity that controls, is controlled by, or is under common control with a party.

“Customer Data” means data and content submitted to, collected by, or generated within the Services by or for Customer, including prompts, scripts, call targets, audio, recordings (if enabled), transcripts, metadata, configuration, settings, and outputs, but excluding Service IP and Usage Data.

“Documentation” means our technical and user documentation made available in the Services or on our website.

“DPA” means our Data Processing Agreement (including any transfer terms such as SCCs, where applicable).

“End Users” means Customer’s authorized users and any persons Customer contacts using the Services (including call recipients).

“Order” means the checkout page, order form, or online plan selection that specifies subscription term, fees, included limits, usage pricing, pass-through costs, start date, and any special terms.

“Service IP” means the Services and all related software, APIs, models, configurations, workflows/templates, designs, know-how, and intellectual property provided by or on behalf of CallCompany, including improvements and derivatives.

“Services” means CallCompany’s hosted software and related services, including dashboards, APIs, voice/AI calling features, telephony connectivity (where offered), integrations, mobile/web apps, and support/maintenance.

“Usage Data” means service telemetry and operational metrics about use of the Services (for example: feature usage, performance logs, counts, latency, error rates), excluding Customer Data content.

"AUP" means our Acceptable Use Policy, as updated from time to time.

"Policies" means the DPA, the AUP, and the SLA, each as published on our website and incorporated by reference.

"AI Output" means content, recommendations, summaries, transcripts, intents, classifications, and other results generated by the AI components of the Services in response to inputs.

"Confidential Information" means non-public information disclosed by one party to the other that is marked confidential or that a reasonable person would understand to be confidential under the circumstances.

"Personal Data" has the meaning given in the GDPR (Regulation (EU) 2016/679).

2. Formation; Order of Precedence; Entire Agreement

2.1 Formation. The Agreement is formed when you accept via clickwrap, complete checkout, sign an Order, create an account, or first use the Services (whichever occurs first).

2.2 Order of precedence. If there is a conflict between documents, the order of precedence is:

(a) the applicable Order;

(b) the DPA, but only with respect to data protection and privacy matters;

(c) these Terms;

(d) the AUP, the SLA, and any other Policies.

2.3 Entire Agreement. This Agreement replaces prior terms relating to the Services. A separate written NDA between the parties (if any) remains in effect for pre-contract discussions unless expressly superseded.

3. Services; Scope; AI Limitations

3.1 Provision of Services. During the Subscription Term (defined in Section 5), we will make the Services available to Customer in accordance with this Agreement and the applicable Order.

3.2 Product scope (illustrative). Depending on your plan and configuration, Services may include: (i) setup/configuration, (ii) conversation flows and routing logic, (iii) knowledge base and integration connectors, (iv) hosting/maintenance, and (v) a dashboard for analytics, transcripts, call management, and updates.

3.3 AI limitations and safety. AI and speech systems can make mistakes  (including misrecognising names, accents, emails, and numbers). Outputs  are assistive and may be inaccurate. You must independently review and  validate outputs before relying on them.

3.4 Not for emergencies / life-critical uses. The Services are not  designed for emergency calling, dispatch, or life-critical systems, and  must not be used where failure could lead to death, personal injury, or  severe physical/environmental harm.

3.5 Third-party services. The Services may interoperate with third-party platforms (for example: carriers, cloud providers, calendars, CRMs, or booking systems). Third-party services are not under our control. We are not responsible for third-party availability, security, pricing, or changes. We will use commercially reasonable efforts to mitigate material adverse impacts within our control.

4. Access Rights; Accounts; Restrictions

4.1 License / access right. Subject to payment and compliance with this Agreement, we grant Customer a limited, non-exclusive, non-transferable right to access and use the Services for Customer’s internal business purposes during the Subscription Term. No source code is transferred.

4.2 Users and accounts. Customer must ensure each user has unique credentials (no shared logins). Customer is responsible for (i) user activity, (ii) maintaining credential security, and (iii) promptly notifying us of suspected unauthorized access.

4.3 Restrictions. Customer must not (and must not allow others to):
a) reverse engineer, decompile, or attempt to derive source code or underlying ideas (except to the extent such restriction is prohibited by mandatory law);
b) copy, modify, create derivative works of, frame, mirror, or scrape the Services except as permitted by Documentation;
c) resell, sublicense, rent, lease, or provide the Services to third parties (except contractors and Affiliates acting on Customer’s behalf under Customer’s control and confidentiality obligations);
d) use the Services to build or benchmark a competing product, or to extract models or prompts at scale;
e) bypass or disable security or access controls;
f) use the Services in violation of the AUP or applicable law.
g) use the Services to generate synthetic voices of identifiable individuals without their documented consent, or to impersonate any person or organization;
h) use AI Outputs of the Services to train, fine-tune, or develop any machine learning model, except for use within Customer's own configuration of the Service;
i) use the Services to make threatening, harassing, deceptive, fraudulent, or unlawful communications, including communications that constitute prohibited practices under Article 5 of the EU AI Act;
j) circumvent or disable any safety filter, rate limit, content moderation system, or AI disclosure mechanism in the Services.

4.4 Contractors and Affiliates. Contractors/Affiliates may use the Services solely on Customer’s behalf. Customer remains responsible for their compliance.

5. Term; Monthly Renewal; Trials; Betas

5.1 Subscription Term. Subscriptions begin on the start date shown in the Order. The subscription term is the term stated in the Order (the “Subscription Term”). If no term is stated, the Subscription Term is one (1) month.

5.2 Auto-renewal; cancellation. Unless the Order states otherwise, subscriptions automatically renew for successive Subscription Terms at the then-current rates unless Customer cancels renewal through the account settings (or by written notice to support) before the renewal date. If Customer cancels, the subscription will remain active until the end of the then-current Subscription Term and will not renew.

5.3 No refunds; annual commitments. Fees are non-refundable and there are no credits for partially used periods, except as required by law or expressly stated in the Order. If Customer purchases an annual (or other multi-month) Subscription Term, cancellation prevents renewal but does not end the then-current Subscription Term early, and no pro-rata refunds apply unless the Order expressly provides otherwise.

5.4 Trials. We may offer free trials. Trial length and eligibility are shown at checkout or in-product. Unless Customer cancels before the trial ends, the subscription will automatically convert to a paid subscription and billing will start at the then-current price and plan shown at checkout or in the Order. Trials are provided AS IS and may be modified or discontinued at any time.

5.5 Betas/Previews. Beta or preview features are optional, provided AS IS, may change or end at any time, and are excluded indemnities unless the Order states otherwise.

6. Customer Responsibilities; Compliance

6.1 Customer inputs and approvals. Customer will provide timely access, information, and approvals required for setup and ongoing operation. Customer is responsible for reviewing and approving configurations, conversation flows, call scripts, routing, and downstream actions prior to production use.

6.2 Legal compliance (Customer-controlled use). Customer is solely responsible for compliance with laws applicable to its use of the Services and its communications with End Users, including privacy, marketing, telecom, consumer protection (where applicable), employment, and sector-specific rules. This includes ensuring: lawful basis/consent (as required) for calling/recording/transcription/messaging; caller ID requirements; notices and disclosures; honoring opt-outs and do-not-call lists; time-of-day and geographic restrictions; and maintaining records where required.

6.3 Prohibited data and instructions. Customer must not provide Customer Data that Customer lacks rights to use, or instructions that require unlawful activity. Customer must not use the Services to target vulnerable persons unlawfully, to deceive recipients, or to impersonate others.

7. Fees; Usage; Pass-through Costs; Taxes; Payment

7.1 Fees. Customer will pay all fees and charges described in the applicable Order (together, “Fees”). Fees may include, as applicable: subscription or term fees, per-user/seat fees, usage-based fees, add-on or feature fees, one-time setup/professional services fees, overage fees, and pass-through costs (including carrier/regulatory/telecom fees, surcharges, and number rental). Unless expressly stated in the Order, pass-through costs are charged at cost and may change based on third-party pricing.

7.2 Billing cadence. Unless the Order states otherwise: subscription fees are billed in advance; usage and pass-through costs are billed monthly in arrears. Payment terms are Net 14 from invoice date (or immediate for card payments at checkout).

7.3 Payment method; suspension. Customer must maintain a valid payment method and authorization for charges. We may suspend Services for non-payment after providing notice (where practicable).

7.4 Taxes. Fees are exclusive of taxes. Customer is responsible for all applicable taxes, duties, and similar governmental charges (excluding our income taxes). If withholding is required, Customer will gross-up payments so we receive the full amounts due unless prohibited by law.

7.5 Price changes. We may change fees effective at renewal by giving at least 30 days notice (email and/or in-product), unless the Order states otherwise.

7.6 Invoice disputes. Customers must notify us of any invoice dispute in writing within 7 days of invoice date and pay all undisputed amounts on time.

7.7 Late payments. Overdue amounts will accrue interest at the rate set out in the Finnish Interest Act (korkolaki 633/1982), being the European Central Bank reference rate plus eight (8) percentage points, or the maximum rate permitted by applicable law if lower. Customer will also reimburse reasonable collection costs.

7.8 Non-refundable. Except as required by mandatory law or explicitly stated in the Order, fees are non-refundable.

7.9 Order controls. If website copy and checkout/Order differ, the Order controls.

Any discounts, promotional pricing, coupons, or free/credited periods apply only for the period and scope stated in the Order, at checkout, or in the promotion terms. Unless expressly stated otherwise, discounts do not apply to renewals and the subscription will renew at the then-current standard rates and applicable usage/pass-through charges. We may change prices effective at renewal by providing at least 30 days’ notice (email and/or in-product), unless the Order states otherwise.

If you start a trial with a payment method on file, you authorize us to charge the payment method when the trial converts to a paid subscription unless you cancel before the trial ends.

8. Availability; Maintenance; Changes

8.1 Maintenance. We may perform scheduled and emergency maintenance. We will use commercially reasonable efforts to provide advance notice for planned maintenance.

8.2 Service modifications. We may add, remove, or modify features. During a paid term, we will not materially reduce core functionality without providing a commercially reasonable alternative. If we cannot, Customer’s sole remedy is a pro-rata refund of prepaid, unused subscription fees for the affected portion.

8.3 API deprecation. For breaking changes to stable API endpoints, we will provide at least 90 days deprecation notice, except where an urgent security or legal issue requires faster action.

8.4 Service availability. Service availability targets, planned maintenance procedures, support response times, and (where applicable) service credits are set out in our Service Level Agreement (SLA).

9. Data; Privacy; Security

9.1 Ownership. Customer owns Customer Data. We own Service IP and Usage Data.

9.2 License to process Customer Data. Customer grants us a non-exclusive, worldwide license to host, process, transmit, display, and use Customer Data solely to provide, secure, maintain, support, and improve the Services and to fulfill our obligations under this Agreement.

9.3 Aggregated/anonymized insights. We may create and use aggregated and/or anonymized insights derived from Customer Data and Usage Data to operate and improve the Services, provided such insights do not identify Customer or End Users.

9.4 DPA. To the extent we process personal data on Customer’s behalf, the DPA applies and controls for privacy/data protection matters.

9.5 Security. We will maintain administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, use, alteration, or disclosure. No system is 100% secure; Customer is responsible for its own access management, credential security, and use controls.

9.6 Sub-processors. We may use subprocessors as described in the DPA and remain responsible for their performance consistent with the DPA.

10. Voice, Telephony, Recording & Messaging (Product-Specific Terms)

This Section applies if Customer uses calling/SIP/numbering/recording/transcription/messaging features.

10.1 Carriers and numbering. Telephony connectivity, phone numbers, SIP trunks, and routing may be provided via third-party carriers. Availability, quality, and lawful use requirements vary by region.

10.2 Pass-through fees and rate changes. Customer pays carrier/regulatory fees, surcharges, and number rental as pass-through costs. Carrier/regulatory rates may change. We will use commercially reasonable efforts to provide advance notice of material increases where practicable.

10.3 Fair use; concurrency; abuse. Plans include limits (for example: minutes, messages, concurrency, or throughput). Excess usage may result in overage fees, throttling, required plan changes, or suspension where needed to protect the Services or carriers.

10.4 Recording and transcription. If recording/transcription is enabled, Customer is responsible for any legally required notices, disclosures, and consents, including jurisdiction-specific “two-party consent” rules, and for disabling features where not permitted.

10.5 AI transparency. (a) CallCompany's role as Provider. CallCompany is the Provider of the AI voice agent under Regulation (EU) 2024/1689 (the "AI Act"). The Service is designed and developed so that the AI agent identifies itself as an AI system to the natural person at the outset of each interaction, in compliance with Article 50(1) of the AI Act.

(b) Customer's role as Deployer. Customer is the Deployer of the AI system under the AI Act and is responsible for compliance with Article 26 obligations, including human oversight, monitoring, and informing data subjects where Customer is the controller. Where applicable (for example, emotion recognition or biometric categorisation), Customer is responsible for the disclosures required under Article 50(3)–(4).

(c) Additional disclosures. Customer is responsible for any further disclosures required by applicable law beyond Article 50, including sector-specific or jurisdictional requirements.

(d) Opt-out. Customer must provide a practical method to opt out of future contact, must honour opt-out requests without undue delay, and must maintain suppression and do-not-call lists as required.

10.6 Automated marketing calls. Where applicable law requires prior consent for automated calling systems used for direct marketing (including Article 13 of Directive 2002/58/EC and §200 of the Finnish Information Society Code 917/2014), Customer must obtain and document such consent before initiating calls and must not configure the Services to make such calls without verifiable consent. The Services provide tools to capture, record, and verify consent; Customer js responsible for using them. Customer must maintain records of consent and opt-outs as required by applicable law.

10.7 Downstream actions. AI outputs and automated actions (for example: bookings, orders, messages, CRM updates) are assistive. Customer remains responsible for validating high-risk actions and for downstream systems receiving AI-initiated events.

10.8 Caller Memory. Where Customer enables Caller Memory or Personalisation  features, Customer instructs CallCompany to store and use caller information within Customer's tenant to recognise returning callers and personalise interactions. Customer is responsible for providing notice to its callers  and ensuring an appropriate lawful basis. CallCompany provides notice  templates and caller rights tooling to assist Customer. The processing of Caller Memory data is governed by Appendix 4 of the DPA, including the  cross-tenant restriction set out there.

10.9 Outbound Communications. Customer is responsible for ensuring an  appropriate lawful basis exists before initiating outbound communications  to End Users, including (where required by applicable law) prior consent  for automated marketing communications under Directive 2002/58/EC and  §200 of the Finnish Information Society Code (917/2014). The Service  provides tools to capture, record, and verify caller consent; Customer is responsible for using them appropriately.

11. Intellectual Property; Customer Materials; Feedback; Open Source

11.1 Service IP. We and our licensors own the Service IP. No rights are granted except as expressly stated.

11.2 Customer materials. Customer represents it has all rights necessary to provide Customer Data and other materials to us, and grants us the rights needed to provide the Services.

11.3 Feedback. If Customer provides suggestions or feedback, we may use it without restriction or obligation, and Customer grants us a perpetual, irrevocable, royalty-free license to do so.

11.4 Open source. The Services may include open-source components governed by their applicable licenses, which control to the extent they conflict with this Agreement.

11.5 AI Outputs. As between the parties, and to the extent we have any rights in AI Outputs generated by the Services in response to Customer's inputs, we assign such rights to Customer. Customer acknowledges that similar or substantially similar AI Outputs may be generated for other customers, and we make no warranty that AI Outputs are unique to Customer. AI Outputs are assistive; Customer is responsible for determining whether they are suitable for Customer's purposes and for any human review required before relying on them.

12. Warranties; Disclaimers

12.1 Limited warranty. During a paid subscription, we warrant that the Services will materially conform to the Documentation under normal use.

12.2 Disclaimer. EXCEPT AS EXPRESSLY STATED, THE SERVICES (INCLUDING AI OUTPUTS) ARE PROVIDED “AS IS” AND “AS AVAILABLE.” WE DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ACCURACY OR RELIABILITY OF AI OUTPUTS. CUSTOMER IS RESPONSIBLE FOR ITS USE OF OUTPUTS AND FOR HUMAN REVIEW WHERE APPROPRIATE.

12.3 Customer's exclusive remedy. If we breach §12.1, Customer's sole and exclusive remedy is, at our option, (i) correction of the non-conformity within a reasonable time, or (ii) termination of the affected Services and a pro-rata refund of prepaid, unused subscription fees for the affected portion. Customer must notify us of any claimed breach within thirty (30) days of discovery.

Some jurisdictions do not allow certain disclaimers; in such cases, disclaimers apply to the maximum extent permitted by law.

13. Indemnities

13.1 Customer indemnity. Customer will defend, indemnify, and hold harmless CallCompany and its Affiliates from and against third-party claims, damages, penalties, and reasonable costs (including attorney fees) arising from: (i) Customer’s or its End Users’ unlawful use of the Services, including violations of telecom/marketing/privacy rules and required consents/notices/opt-outs; or (ii) Customer Data or materials infringing or misappropriating third-party rights.

13.2 Our IP indemnity. We will defend and indemnify Customer against third-party claims alleging the Services, as provided by us, infringe third-party intellectual property rights. This does not apply to claims arising from: (i) Customer Data or Customer materials; (ii) combinations with items not provided by us; (iii) use contrary to Documentation or the Agreement; or (iv) modifications not made by us.

13.3 Remedies. If an IP claim arises, we may: procure the right for continued use, modify the Services to avoid infringement, or terminate the affected portion and refund pro-rata prepaid, unused subscription fees for the terminated portion.

13.4 Process. The indemnified party must promptly notify the indemnifying party and reasonably cooperate. The indemnifying party controls the defense and settlement, provided no settlement admits liability or imposes obligations on the indemnified party without consent (not unreasonably withheld).

14. Limitation of Liability

14.1 Exclusion of indirect damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY.

14.2 Liability cap. (a) General cap. Subject to Sections 14.2(b) and 14.3, each party's total aggregate liability arising out of or related to this Agreement will not exceed the total Fees paid or payable by Customer for the Services in the twelve (12) months preceding the event giving rise to the claim.

(b) Increased cap. Each party's total aggregate liability for: (i) breach of confidentiality obligations; (ii) infringement, misappropriation, or unauthorised use of the other party's intellectual property; (iii) the indemnity obligations under Section 13; or (iv) a data security breach caused by a party's negligence, will not exceed two (2) times the amount in Section 14.2(a).

14.3 Exceptions. Sections 14.1–14.2 do not limit liability for:
a) death or personal injury caused by negligence;
b) fraud or fraudulent misrepresentation;
c) willful misconduct; or
d) Customer’s payment obligations.

Nothing in this Agreement limits liability that cannot be limited under applicable law.

15. Confidentiality

15.1 Confidential Information. “Confidential Information” means non-public information disclosed by one party to the other that is marked confidential or should reasonably be understood as confidential.

15.2 Protection and use. The receiving party will protect Confidential Information using reasonable care and will use it only to perform under this Agreement.

15.3 Exclusions. Confidential Information does not include information that is: publicly available without breach; independently developed without use of the other party’s Confidential Information; or rightfully received from a third party without duty of confidentiality.

15.4 Compelled disclosure. Compelled disclosure is permitted if the receiving party provides prompt notice (where lawful) and cooperates in seeking protective treatment.

15.5 Duration. The obligations in this §15 apply during the term of this Agreement and for three (3) years after termination or expiration, except that obligations relating to trade secrets and Personal Data continue for as long as the information remains a trade secret or Personal Data, respectively, under applicable law.

16. Suspension; Termination; Effects; Data Retention

16.1 Suspension. We may suspend access to the Services (with notice where practicable) if: (i) fees are overdue; (ii) Customer violates the AUP or applicable law; (iii) there is a security risk, legal requirement, or carrier/regulatory requirement; or (iv) Customer’s use threatens the Services or others. We will restore access when the issue is resolved.

16.2 Cancellation (termination for convenience). Customer may cancel the subscription at any time through the account settings (or by written notice to support). Cancellation is effective at the end of the then-current Subscription Term and the subscription will not renew. Customer remains responsible for all fees incurred up to the effective cancellation date, including usage and pass-through costs billed in arrears. No refunds for unused time unless required by law or expressly stated in the Order.

16.3 Termination for cause. Either party may terminate this Agreement immediately upon written notice if the other party: (i) materially breaches a payment obligation and fails to cure within fourteen (14) days after written notice; (ii) materially breaches any other provision of this Agreement and fails to cure within thirty (30) days after written notice; or (iii) becomes insolvent or unable to pay its debts as they fall due.

16.4 Effect of termination. Upon expiration/termination:
a) Customer’s access ends at the end of the applicable term (or immediately for termination for cause where appropriate);
b) any unpaid amounts become immediately due;
c) Customer may export Customer Data during the term and (if available) during a limited post-termination access period stated in the DPA.

16.5 Deletion. We will delete or return personal data in accordance with the DPA and our backup cycles. Aggregated/anonymized data that does not identify Customer or End Users may be retained.

16.6 Wind-down. If we materially discontinue the Services or cease operations, we will use commercially reasonable efforts to provide Customer with at least sixty (60) days' prior written notice and reasonable assistance to export Customer Data in standard formats during that period. We may, in our discretion, refund a pro-rata portion of prepaid, unused subscription fees.

17. Changes to These Terms and Policies

We may update these Terms and Policies from time to time. If changes are materially adverse to Customer, they take effect at the next renewal, unless required sooner for law or security. We will provide notice of materially adverse changes by email to the account admin and/or in-product notice at least 30 days before they take effect where practicable. Continued use after the effective date constitutes acceptance.

The current version and a version archive are published at the websites.

If a change is materially adverse to Customer, Customer may terminate the affected Services by written notice given before the change takes effect, in which case we will refund any prepaid, unused subscription fees on a pro-rata basis. If Customer does not terminate, the change takes effect on its stated effective date and continued use constitutes acceptance.

18. Publicity

With Customer’s prior written consent (email sufficient), we may use Customer’s name and logo in customer lists. Any quotes, case studies, or metrics require Customer’s prior written approval.

19. Assignment; Subcontractors; Export & Sanctions; Electronic Communications

19.1 Assignment. Customer may not assign this Agreement without our prior written consent (not unreasonably withheld). Either party may assign to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets, with notice.

19.2 Subcontractors. We may use subcontractors and remain responsible for their performance consistent with this Agreement and the DPA.

19.3 Export and sanctions. Customer will comply with applicable export control and sanctions laws and will not use the Services in violation of such laws.

19.4 Electronic communications. Customer agrees that notices and records may be provided electronically and that clickwrap acceptance and electronic signatures are binding.

20. Force Majeure

Neither party is liable for delay or failure due to events beyond reasonable control (for example: strike, war, pandemic, major cloud or carrier outage). If a force majeure event continues for more than 60 days, either party may terminate the affected Services upon written notice.

21. Governing Law; Dispute Resolution; CISG

21.1 Governing law. Finnish law applies, excluding conflict-of-laws rules.

21.2 Arbitration. Any dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one. The seat of arbitration shall be Helsinki, Finland, and the language shall be English.

21.3 Interim relief. Nothing prevents either party from seeking interim or injunctive relief in any court of competent jurisdiction.

21.4 CISG excluded. The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply.

22. Notices; Survival; Waiver; Severability

22.1 Notices. Legal notices must be in writing and sent to:

• CallCompany Oy: admin@callcompany.ai and Lapinlahdenkatu 16, 00180, Helsinki, Finland

• Customer: the admin email and address provided at checkout or in the account profile
  Operational notices (billing, product updates) may be sent by email or in-product.

22.2 Survival. Sections that by their nature should survive do survive, including Sections 6–7, 9–15, 16.4–16.6, and 17–22

22.3 Waiver. Failure to enforce a provision is not a waiver.

22.4 Severability. If any provision is unenforceable, the remainder remains effective, and the provision will be modified to best effect the original intent to the extent permitted.

23. Policies Incorporated by Reference

The following are incorporated by reference and form part of this Agreement:

• Data Processing Addendum (DPA): dpa