Terms of Service - Scan2x Online

“Charges” – the total fees payable to Avantech by the Customer for the Service, which may include monthly service charges, a la carte charges and other fees as applicable.

“Content” - Means software, data, text, images, PDF files, other content.

"Compatible Software" means software which is integrated and is compatible with the Software as indicated in the Software Specification;

“Content” – means software (including machine images), data, text, audio, video, images and other content;

“Customer” – The party subscribing to the Service

“Customer Administrator” – The user that has privileged access to manage the Customer instance of the Service including adding users and access permissions

"Documentation" - means the documentation for the Software produced by Avantech and installed on the Customer’s equipment or otherwise made available by Avantech to the Customer;

"Effective Date" means the date upon which the Customer first gives express consent to this ToS;

“End User” – A Customer being an employee or consultant at the Customer entitled to use the Service that is granted access by the Customer to use the Services in the Customer’s day to day operations; excludes Administrators.

"Force Majeure Event" means an event, or a series of related events, that is outside the reasonable control of the party affected;

“Incident” – Any event that is not part of standard operation of the Service and that causes or may cause an interruption to, or reduction in, the quality of the Service.

"Intellectual Property Rights" means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights and these "intellectual property rights" include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs;

"Licensor" means Avantech Ltd, a company incorporated in Malta (registration number C9357, having its registered office at Avantech Buildings, St. Julians Road, San Gwann SGN2803, Malta;

“Licensor’s Business Hours” means 9am to 5pm Central European Time;

"Maintenance and Support Services" means support in relation to the use of the Software and the identification and resolution of errors in the Software, but shall not include the provision of training services whether in relation to the Software or otherwise;

“Maintenance Window” – Pre-planned periods during which Avantech will implement system upgrades or updates

"Minimum Term" means, in respect of this ToS, the period of 12 months beginning on the Effective Date;

“Problem” – An error or other non-conformance in the Service that is causing Incidents

“Product” – The Service

“SaaS” – Software as a Service, being the functionality of software delivered as a service via the Internet

“Service” – refers to the Scan2x Online application and associated functions

"Services" means any services that Avantech provides to the Customer, or has an obligation to provide to the Customer, under these ToS;

“Service Activation” – Email or other communication sent from Avantech to the Customer contact listed in the order for the Service, indicating completion of initial configuration and availability of the Service

"Software" means the software identified as Scan2x which is available to use on a subscription basis from the Website;

"Software Defect" means a defect, error or bug in the Software having an adverse effect on the performance of the Software, but excluding any defect, error or bug caused by or arising as a result of:

any act or omission of the Customer or End User;

any use of the Software contrary to the Documentation by the Customer or End User or any person authorised by the Customer to use the Software;

a failure of the Customer to perform or observe any of its obligations in these ToS;

and/or an incompatibility between the Software and any other system, network, application, program, hardware or software not specified as compatible in the Software Specification;

“Software Features” means any of the features one can use whilst using the Scan2x Software except for those items that are specifically listed as Third-Party Add-Ons and/or third-party cloud services.

"Software Specification" means the specification for the Software set out in the Documentation;

"Source Code" means the Software code in human-readable form or any part thereof in human-readable form, including code compiled to create the Software or decompiled from the Software;

“Subscription Fee” means the fee payable on an annual basis by the Customer to Avantech or its authorised resellers for the use of the Software as indicated on the Website;

“Tenant” – The Customer-dedicated instance of the Service and the functions supporting the Service

"Term" means the term of this ToS;

“Third Party Add-Ons” means software components which can be integrated into to the Software and which are provided by a third party; A list of the third-party services currently in use are provided below together with a description and links to the relative EULAs and ToSs.

“ToS” means this Terms of Service document.

"Update" means a hotfix, patch or minor version update to the Software;

"Upgrade" means a major version upgrade of the Software which results in additional functionality;

“Website” means https://www.scan2x.com or https://www.scan2xonline.com

“Workaround” – A plan to restore functionality of the Service (which could include changes) or to reduce the impact of an Incident

OVERVIEW & KEY FEATURES

SERVICE OVERVIEW

The Service described in this document delivers a cloud-hosted intelligent document capture platform that allows customers to capture metadata from uploaded documents. This data, together with the uploaded documents, can then be transmitted to an upstream application as configured by the Customer.

KEY FEATURES & SERVICES

Scan2x Online consists of an intelligent document capture service that can be configured to create a solution tuned to the Customer’s document capture requirements.

The solution is designed to provide a simple, intuitive interface to the End User, allowing them to execute complex document scanning tasks using pre-configured buttons, requiring no previous scanning experience to create consistent document scans and accurate metadata to describe each document.

Scan2x Online also features multiple scan enhancement technologies to allow for image clean-up, automatic de-skewing, auto-rotation and more. Full Optical Character Recognition technology (OCR) enables Scan2x to extract meaningful metadata from each document in order to help with splitting of document batches, extract metadata, link to external third-party applications and facilitate output of the scanned document and associated data to downstream repositories.

Scan2x Online is also able (via a separate optional licence) to monitor folders and email boxes for incoming documents. These documents are automatically processed by Scan2x Online as though they were submitted manually by an End User.

To configure Scan2x Online, a downloadable version of Scan2x for Windows is required. This runs on the Microsoft Windows operating system and allows for the configuration of job buttons and more.

Other optional downloadable components include the following:

-A Scan2x MEAP component designed to run inside Canon’s imageRUNNER multifunctional print/scan/copy devices. This is downloadable direct to the device via Canon’s CDS.

-A local folder watcher agent, installed on the local network to provide a secure, SSL-encrypted line of communication between the Customer’s locally shared folders and the Customer’s Scan2x Online tenant.

-A Scan2x Android and iOS app, downloadable to personal devices via Google’s Play Store or Apple’s App Store, allowing authorised End Users to securely scan documents into the Customer’s Scan2x Online tenant via their device.

More detailed information is available in the Scan2x user guide available online at https://help.scan2xonline.com.

SERVICE DELIVERY METHOD

The Scan2x Online software distribution model is Software as a Service (SaaS). Avantech hosts, manages and makes the application available to the customer over the Internet.

In addition, there are some components that are installed in the customer environment such as:

Included in the service

-Scan2x Windows Client/Configuration Tool

Optional (licence purchase required)

-Watched folder service

-Watched email service

Each tenant is provisioned by Avantech and provided to the Customer via the appropriate sales channel in a ready-to-use state. The on-premise software components are made available as part of the online service onboarding and need to be downloaded and installed in the Customer environment.

SERVICE UPDATES

The Service includes regular automatic Updates to the cloud services. The maintenance windows are published on the Scan2x Online website and can be subscribed to via the Scan2x Online status page:

https://status.scan2xonline.com

ACCESS

The Customer has the right to access their own environment and their data.

CONTENT OWNERSHIP

The Customer retains ownership and responsibility of Customer’s Content hosted by Avantech during processing as part of the Service.

Ownership of each party’s respective Content remains with its respective owners and no rights to Avantech Content are transferred via access to the Service or by any other means.

CONTENT LOCATION

The application, database, temporary documents held while processing and related information are all hosted and stored in datacentres located in the UK and/or European Union. Datacentre processing and hosting are configured at implementation stage as per Customer’s requirements.

EXCLUSIONS

Products and Services that are not expressly set forth in this Service Description are excluded from the Service, including without limitation, the following:

-Customer’s connectivity to the Internet, connectivity between Customer sites or any equipment necessary for Customer to establish such connectivity

-Any equipment on a Customer’s premises

-All third-party software and equipment

-All third-party software and equipment such as scanner, web browser, firewalls etc. correct installation and configuration to allow traffic to the Service and to be able to send e-mail (if applicable).

-All 3rd party systems with Customer data that is fed into the Service (i.e. customer ERP system). Customer is responsible for setting up potentially needed channel between Scan2x Online and integrated systems and for all ERP system cleanouts and updates

-Those items listed as Customer responsibility in this Service Description.

-Performance by Avantech of any on-site services

SERVICE REQUIREMENTS

A minimum broadband Internet connection commensurate with the amount of data being transferred to and from the Scan2x Online cloud service. It is the sole responsibility of the Customer to ensure that their communication channels are resilient and capable of hosting the traffic being generated by the Customer when using the Scan2x Online service.

CHANGES TO THE SERVICE

Avantech may change the Service provided that such change does not materially reduce the features or functionality of the Service.

COMPONENTS

INFRASTRUCTURE AND SOFTWARE

Avantech will:

-Provide the Service as described herein

-Operate, maintain and monitor the Service infrastructure

-Grant administrator access only to the appropriate Avantech employees and contractors responsible for managing the service

-Provide and secure the relevant nodes for the Service servers

-Ensure backups of Customer Content on a scheduled basis

-Implement updates and upgrades to the online environment of the Service (SaaS) to ensure the highest possible level of security and robustness

-Provide functionality such that Customer’s Content will be hosted on a commercial and secure cloud service platform

-Implement reasonable and appropriate measures designed to help secure Customers Content against accidental or unlawful loss, access or disclosure.

-Provide access for customers to the latest releases of the on-premise software tools related to the Service.

SERVICE ACTIVATION AND SERVICE SUPPORT OPERATIONS

Avantech will:

-Provision the Service and give access to the Customer’s Administrator, directly or via Authorised Resellers.

-Provide training materials for Customer Administrators and End Users via online documentation.

-Provide the opportunity to export Customers Content for the Customer upon termination or expiry of the Service.

-Use commercially reasonable efforts to ensure that the Service’s infrastructure is current to industry standard security patches.

INFRASTRUCTURE AND ADMINISTRATION

Responsibilities for infrastructure and administration of the Service are outlined in the table below:

INFRASTRUCTURE

Responsibility or Task	Customer	Avantech or nominated subcontractor
Managed components and system monitoring		X
Managed components incident management		X
Managed components problem management		X
End User support	X
Customer support		X
Change management		X
Software support		X

SYSTEM ADMINISTRATION

Responsibility or Task	Customer	Avantech or nominated subcontractor
Customers connectivity to the Internet, between sites and/or customer infrastructure necessary to establish such connectivity	X
Administer End User access	X
Provide certificate-based HTTPS channels		X
Manage Customer Administrator access to the Service	X
Define infrastructure-level Service roles		X

SERVICE CHANGE MANAGEMENT

Avantech has established change management processes and will plan and implement changes to the Service accordingly. Responsibilities and Tasks for Service Change Management of the Service are outlined in the table below:

Responsibility or Task	Customer	Avantech or nominated subcontractor
Notify the other party of changes to the environment that could materially impact the Customers or End Users. Avantech will use commercially reasonable efforts to notify Customer at least 48 hours in advance of changes outside the Normal Maintenance Window. Customers are responsible for notifying End Users.	X	X
Create change plan with elements such as change classification, anticipated benefits, risk identification, assessment and mitigation, rollback/contingency plans if the change results in material issues, and similar elements		X
Notify Avantech of Service updates, material changes to the Service or changes that require Customer action or support	X
Notify Customer of new functionality, steps required to set up new capabilities, usage instructions and benefits/advantages.		X
Notify Customer of new functionality, steps required to set up new capabilities, usage instructions and benefits/advantages.	X
Generate notification of scheduled maintenance windows to customer from Avantech		X
Reporting on the Service Availability (SLA reporting)		X
General communications to Customer about the Service		X
General communications with End Users	X

SERVICE ACTIVATION AND SERVICE SUPPORT OPERATIONS

SERVICE ACTIVATION

Service Activation is the process to make the Service ready for use by the Customer. Responsibilities and Tasks for Service Activation are outlined in the table below:

Responsibility or Task	Customer	Avantech or nominated subcontractor
Monitor the performance of the Service and respond to alerts generated by the operating environment		X
Investigate alerts when triggered during applicable support hours. If required, log the issue as an incident and begin the incident management process		X
Inform Avantech if the Service is not working correctly or is unavailable, if a notice from Avantech is not received	X
Confirm the issue is not related to Customers network, infrastructure or End User action or Customers third-party service providers	X
Provide up-to-date contact channels by which to submit incidents		X
Verify and update incident report based on impact and urgency.		X
Troubleshoot the incident		X
Communicate incident status to Customer		X
Communicate incident status to End Users	X
Make commercially reasonable efforts promptly to implement Incident resolution or workaround plan		X
Close the incident once resolved and update Incident report		X

SERVICE SUPPORT OPERATIONS – INCIDENT MANAGEMENT

Responsibility or Task	Customer	Avantech or nominated subcontractor
Monitor the performance of the Service and respond to alerts generated by the operating environment		X
Investigate alerts when triggered during applicable support hours. If required, log the issue as an incident and begin the incident management process		X
Inform Avantech if the Service is not working correctly or is unavailable, if a notice from Avantech is not received	X
Confirm the issue is not related to Customers network, infrastructure or End User action or Customers third-party service providers	X
Provide up-to-date contact channels by which to submit incidents		X
Verify and update incident report based on impact and urgency.		X
Troubleshoot the incident		X
Communicate incident status to Customer		X
Communicate incident status to End Users	X
Make commercially reasonable efforts promptly to implement Incident resolution or workaround plan		X
Close the incident once resolved and update Incident report		X

SERVICE SUPPORT OPERATIONS – PROBLEM MANAGEMENT

Responsibility or Task	Customer	Avantech or nominated subcontractor
Analyse incident trend to identify patterns and group recurring incidents into Problem(s)		X
Provide reasonably requested additional detail on incidents (eg. Other activities occurring at time of incident, third party software interactions etc)	X
Conduct a root cause analysis of Problem(s)	Assist	X
Conduct testing to determine the root cause of Problem(s)	Assist	X
Propose and create Workaround solutions or patches for the Service		X
Create maintenance releases and make them available to Customer		X
Implement updates or maintenance releases to the application		X
Schedule and make available an ad hoc Maintenance Window to implement changes to resolve Problem(s) with Customers instance/tenant	X	X
Implement changes to the Service to resolve Problems with the Service		X

SERVICE AVAILABILITY

The Service is considered “Available” when the Service is available for access by the Customer, expressed as a percentage of the total number of contracted minutes in a contract month, minus the total number of minutes of “Downtime” (as defined below) in that month, divided by the total number of contracted minutes in that month.

“Downtime” shall be defined as the total accrued contracted minutes where the Customer is unable to access the Service as confirmed by the Service system logs.

“Access” means an End User can log in to the Service with valid credentials and interact with the main user interface of the Service following a successful logon.

Avantech provides the Service based on a 99.5% availability of the Service for the contracted minutes in the “Agreed Service Time”. The Agreed Service Time is the contracted minutes during 7-days per week, 24 per day, excluding Christmas Day and New Year’s Day (the “Availability Target”). Support is available from 08:00 until 17:00 CET during business days.

SERVICE AVAILABILITY EXCLUSIONS

The Availability Target excludes any partial or complete non-availability of the Service due to, but not limited to:

-Scheduled or announced downtime to perform maintenance activities or upgrades

-The Customer’s acts or omissions or failure to use of service

-The failure of the Customer’s hardware, network, software or issues resulting from inadequate Internet bandwidth or related to third-party software or services out of Avantech’s control

-Networks not under Avantech’s direct control, including the Internet

-Unsupported browsers, devices, drivers

-Denial of service or other attacks (unless Avantech fails to take reasonable preventative precautions to prevent such attacks)

-Security incidents caused by the Customer

-Due to factors outside Avantech’s reasonable control (eg natural disaster, war, acts of terrorism, riot, government action, or a network or device failure external to Avantech data centres, including at Customer’s site or between Customer’s site and Avantech’s data centre)

-Avantech’s exercise of its rights to terminate or suspend the Service

-One particular End User of the Customer, or group of them, cannot access the Service while others can

-Degraded Service

The foregoing Availability Target does not apply to any trial or no-charge Services.

GENERAL CUSTOMER RESPONSIBILITIES

-Customer shall supply Avantech with all reasonably requested and reasonably necessary information and assets to allow Avantech to supply the Service to the Customer

-Customer shall not have administrative access to the Service infrastructure. Accordingly, Customer will not be able to upgrade or patch or add third-party software to the core system. Customer shall have limited administrative access (Customer Administrator) to the application in support of managing user privileges, system configuration and log viewing.

-Customer has control of the Content uploaded to the Service. Customer is responsible for assigning End Users the proper roles and moderating access to Content.

-Customer is solely responsible for obtaining the necessary permits and authorisations to use the Service.

OTHER CLAUSES

TERM

This ToS shall come into force upon the Effective Date.

The Software is licensed to the Customer on a subscription basis for the Minimum Term from the Effective Date as defined elsewhere in this ToS, which period is automatically renewed for successive equal periods subject to the subscription not being cancelled and the continued payment of the Subscription Fee and provided that this agreement is not terminated as provided for within the ToS.

LICENCE

Avantech hereby grants to the Customer from the Effective Date until the end of the Term a licence to their subscription to the Software, subject to the limitations and prohibitions set out and as referred to in this ToS.

The User may not sub-license and must not purport to sub-license any rights granted under this ToS without the prior written consent of Avantech, provided that employees of a Customer may make use of the Software as necessary for the Customer’s business.

Save to the extent expressly permitted by this ToS or required by any applicable law, any licence granted under this ToS shall be subject to the following prohibitions:

The Customer must not sell, resell, rent, lease, loan, supply, publish, distribute, redistribute, alter, edit or adapt, decompile, de-obfuscate or reverse engineer the Software.

ACCEPTABLE USE POLICY

Avantech expects that the Customer will use Scan2x in an ethical, legal, authorized, and otherwise proper manner.

Any illegal, unauthorized, or improper use of Scan2x could be harmful to Avantech, its licensors, its customers, the technological integrity of its infrastructure, Scan2x or other services, or may otherwise damage Avantech’s reputation.

This Acceptable Use Policy (this “AUP” or “Policy”) describes prohibited uses of Scan2x. The examples described in this Policy are not exhaustive, and Avantech may modify this Policy at any time by issuing a revised Policy and posting a revised version of the Policy on the Scan2x webiste or a related website or on any other access portal after reasonable notice to affected Customers.

By using Scan2x or accessing the Scan2x system, the Customer (as defined in the ToS) agrees to comply with the latest version of this Policy, as notified by Avantech to the Customer. If the Customer violates this Policy or authorizes or permits others to do so, Avantech may immediately suspend some or all of the affected Scan2x system or terminate the Customer’s use of Scan2x (where relevant, in accordance with this ToS). This Policy forms part of the terms of the ToS. The Customer is solely responsible for violations of this Policy by the Customer or anyone using the Scan2x tenant made available to the Customer, whether or not authorized by the Customer, including, without limitation, the Customer’s employees, the Customer’s contractors, or the Customer’s customers and end users.

Obligation to Report

In delivering Scan2x, Avantech provides or makes available to the Customer the physical or virtual servers, related storage, and other resources, support, and optional services according to the terms of the ToS. In the course of delivering Scan2x, unless otherwise specified in the ToS, Avantech does not monitor, and may not be aware of, the Customer’s use of Scan2x, including the Customer’s loading and managing of its data (including, without limitation, Customer Data), or its content. Except as reasonably needed to deliver Scan2x, as authorized by the Customer, contemplated by the ToS, or as required by law, Avantech will not have access to the Customer Data, or other content.

Therefore, if the Customer becomes aware of any violation of this Policy, the Customer agrees to notify Avantech immediately and cooperate in any efforts to stop or remedy the violation. Avantech may investigate any violation of this Policy or misuse of Scan2x (or any related portal or access), although Avantech is not obliged to do so. Avantech may deem it necessary to report any activity that it suspects violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties, without necessarily advising the Customer. Such reporting may include disclosing appropriate Customer information, and network and systems information related to alleged violations of this AUP or the ToS. Avantech may cooperate with appropriate public agencies or other appropriate third parties to assist with the investigation and prosecution of illegal conduct related to alleged violations of this Policy.

Accurate Information Required

The Customer agrees to provide accurate and complete information as reasonably required by Avantech when the Customer purchases or uses Scan2x, and the Customer agrees to keep such information accurate and complete during the entire time that the Customer uses the Scan2x system.

No Illegal, Harmful, or Offensive Usage or Content

The Customer will use Scan2x only in accordance with the terms of the ToS and with all applicable laws and regulations in all relevant jurisdictions.

The Customer may not use, or encourage, promote, facilitate, or instruct others to use Scan2x for any use that Avantech reasonably believes to be illegal, harmful, or offensive, or to transmit, store, or otherwise make available any content that Avantech reasonably believes to be illegal, harmful, or offensive. These prohibited activities and content include, but are not limited to:

Illegal activities, including disseminating, promoting, or facilitating illegal pornography, or any activity that is likely to be in breach of, or does breach, any applicable laws or regulations including data protection;

Any offensive content that is defamatory, obscene, deceptive, abusive, an invasion of privacy, objectionable, or otherwise inappropriate.

Any content that infringes or misappropriates the intellectual property or proprietary rights of others or assists others in infringing any such rights.

Any activities that may be harmful to Scan2x or to Avantech’s reputation, including engaging in any fraudulent or deceptive practices.

No Security Violations

The Customer may not use Scan2x to violate, or attempt to violate, the security or integrity of any network, computer, or communications system, software application, or network or computing device (individually or collectively “System(s)”). These prohibited activities include (but are not limited to) the Customer taking, or attempting to take, any of the following actions:

Gaining unauthorized access to Scan2x or any other accounts or Systems, whether through high-volume, automated, or electronic processes, hacking, password mining, reverse engineering, or any other means.

Probing, vulnerability scanning, or penetration testing of any System, or breaching any security or authentication measures without obtaining prior written approval from Avantech. In particular, social engineering, denial of service, destructive, and password sniffing or cracking tests are not permitted.

Monitoring data or traffic on any System without such permission. (The Customer may, however, monitor data or traffic on resources dedicated to the Customer’s exclusive use.)

Falsifying the origin of any TCP-IP packet headers, email headers, or any part of a message.

No Interference or Disruption of Scan2x or Others’ Networks, Systems, or Internet Connections

The Customer may not make network connections to any users, hosts, or networks unless the Customer has permission to communicate with them. The Customer may not take any action, or attempt any action, that interferes with or disrupts the proper functioning of any System. These prohibited activities include the Customer taking, or attempting to take, any of the following actions:

Engaging in any activity that interferes with or adversely affects other Avantech customers’ use of Scan2x.

Collecting information by deceit, under false pretenses, or by impersonating any person or entity or otherwise misrepresenting the Customer’s affiliation with a person or entity.

Using any content or technology that may damage, interfere with, intercept, or take unauthorized control of any system, program, or data, including viruses, worms, or time bombs.

Using Scan2x in any manner that appears to Avantech to threaten Avantech’s infrastructure. This includes the Customer’s providing inadequate security, allowing unauthorized third party access, or attempting to circumvent Avantech’s measures for controlling, monitoring, or billing usage.

Uploading or otherwise using viruses, worms, corrupt files, Trojan horses, or other malware, or any other content which may compromise the Service, Avantech’s operations, or its performance for other Avantech customers.

Interfering with the proper functioning of any System, including any deliberate attempt to overload a System by any means.

Monitoring or crawling a System so that such System is impaired or disrupted.

Conducting or condoning denial of service attacks.

Avoiding any use limitations placed on a System, such as access and storage limitation (including without limitation Usage Parameters referred to in the Agreement).

FAIR USE POLICY

Avantech monitors usage of each tenant to ensure that no tenant uses more than its fair share of resources. Processing is limited according to licences purchased.

SOURCE CODE

Nothing in this ToS shall give to the Customer or any other person any right to access or use the Source Code or constitute any licence of the Source Code.

NO ASSIGNMENT OF INTELLECTUAL PROPERTY RIGHTS

Nothing in this ToS shall operate to assign or transfer any Intellectual Property Rights whatsoever from Avantech to the Customer, or from the Customer to Avantech.

ACKNOWLEDGEMENTS AND WARRANTY LIMITATIONS

The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of this ToS, Avantech gives no warranty or representation that the Software will be wholly free from defects, errors and bugs and security vulnerabilities. Subject to the other provisions of this ToS, Avantech gives no warranty or representation that the Software will be entirely secure.

Avantech does not warrant or represent that the Software will be compatible with any software other than the Compatible Software.

The Customer accepts that by accepting this agreement as the user of the Software, that they also agree to and abide by the relative EULAs or ToSs of Third-Party components being utilised by the Software in the provision of its functionality. The Customer further agrees to indemnify and keep Avantech indemnified against any and all liabilities, damages, losses, costs and expenses including legal expenses and amounts reasonably paid in settlement of legal claims arising as a result of any Third Party component breach or failure to provide a service.

INDEMNITIES

The Customer shall indemnify and shall keep Avantech indemnified against any and all liabilities, damages, losses, costs and expenses including legal expenses and amounts reasonably paid in settlement of legal claims suffered or incurred by Avantech and arising directly as a result of any breach by the Customer of this ToS.

LIMITATIONS AND EXCLUSIONS OF LIABILITY

To the extent permitted by law, Avantech’s liability in any situation (except grievous personal injury or death) is limited to the Subscription Fee for one (1) year as payable by the Customer. In no event shall Avantech be liable for any special, indirect or consequential damages including, without limitation, damages for lost profits, loss of data, costs of procurement of substitute goods or services, loss of use of equipment or facilities, or interruption of business, arising in any way out of this agreement under any theory of liability, whether or not Avantech has been advised of the possibility of such damages. These limitations shall apply notwithstanding the failure of the essential purpose of any limited remedy.

PRODUCTS PROVIDED BY THIRD PARTIES

Avantech may integrate the Software with other Third-Party Add-Ons for additional functionality. Although these components can be integrated into the Software, each Third-Party Add-On is separate and independent of the Software and functions in its own right, and may be subject to an additional fee. The Customer specifically understands that a Third-Party Add-On is not covered by Avantech, and accordingly each component is subject to terms and conditions and to the privacy notice of the provider of the chosen Third-Party Add-On. In choosing to subscribe to and use a Third-Party Add-On within the Service and/or Software, the Customer expressly agrees to the terms and conditions and to the privacy notice relating to the chosen Third-Party Add-On separately as may be in force from time to time and may be subject to review and amendment by said Third Party. The Customer expressly agrees and recognises that in subscribing to and using a Third-Party Add-On, the Customer’s data and documents will be processed by the said Third Party.

THE CUSTOMER ALSO SPECIFICALLY UNDERSTANDS THAT AVANTECH IS NOT RESPONSIBLE FOR EXAMINING OR EVALUATING, AND DOES MAKE ANY WARRANTIES WITH REGARD TO THE THIRD-PARTY ADD-ONS (INCLUDING THE CONTENT OF THE WEBSITES FROM WHERE THESE CAN BE PURCHASED). AVANTECH SHALL NOT BE RESPONSIBLE OR LIABLE FOR THE ACTIONS, PRODUCT, AND CONTENT OF ALL THE THIRD-PARTY ADD-ONS, NOR FOR THE MANNER IN WHICH THE PROVIDERS OF SUCH THIRD-PARTY ADD-ONS MAY PROCESS OR STORE THE CUSTOMER’S DATA. IN NO EVENT SHALL AVANTECH BE HELD LIABLE ON BEHALF OF ANY THIRD PARTY OR LICENSEE FOR ANY DAMAGES WHATSOEVER, WHETHER DIRECT OR INDIRECT, ARISING FROM OR IN ANY WAY RELATED TO THE THIRD PARTY ADD-ONS. AVANTECH DOES NOT ASSUME RESPONSIBILITY OR LIABILITY FOR ANY ISSUE ARISING FROM ANYTHING OTHER THAN THE SOFTWARE FEATURES AS DESCRIBED ON THE SCAN2X WEBSITE.

The Customer accepts that Avantech shall not be responsible in any manner for any claims or damages caused directly or indirectly by Third-Party Add-Ons and generally by any third parties that are not Avantech. Any such claims are to be directly solely against the said third party/ies.

The Software is hosted on Microsoft Azure, a third-party cloud service. The Customer specifically understands that the third-party cloud services are not purchased from Avantech, and accordingly, such cloud services are subject to the terms and conditions and to the privacy notice of the cloud service provider. In subscribing to the Software, the Customer expressly agrees to terms and conditions and to the privacy notice of the cloud service provider as may be in force from time to time and may be subject to review and amendment by said third party. The Customer expressly agrees and recognises that in subscribing to and using the Software, the Customer’s data and documents will be transferred to, hosted and processed by the said third party. Avantech reserves the right to change the third-party cloud service provider at its discretion, or to host the Software in another manner.

Avantech shall not be responsible for any interruption or termination of Services in whole or in part, caused by an interruption or termination of services by third-party providers.

TERMINATION

Avantech shall terminate this TOS and the use of the Software by the Customer with immediate effect should Subscription Fee not be paid when due.

Either party may terminate this TOS and the Services immediately by giving written notice of termination to the other party if the other party commits a material breach of the TOS, and the breach is not remediable; or the breach is remediable, but the other party fails to remedy the breach within the period of fifteen (15) days following the giving of a written notice to the other party requiring the breach to be remedied.

Either party may terminate these ToS immediately by giving written notice of termination to the other party if the other party:

.is dissolved;

.ceases to conduct all or substantially all of its business;

.is or becomes unable to pay its debts as they fall due;

.is or becomes insolvent or is declared insolvent;

.convenes a meeting or makes or proposes to make any arrangement or composition with its creditors; or

.enters a process of administration.

GENERAL

This Agreement supersedes all other written and oral proposals, purchase orders, prior agreements, and other communications between the Licensee and Avantech concerning the Software. Avantech reserves the right, in its sole discretion, to add, remove, modify or otherwise change any part of these Terms and Conditions, in whole or in part, at any time.

In acceding these ToS, the Customer shall bind all individual users of the Software with these ToS and all referenced terms and conditions as in force from time to time.

Avantech reserves the right to change these ToS at any time and at its sole discretion, effective immediately.

This ToS shall be governed by the Laws of Malta.

Any question or difference which may arise concerning the construction, meaning or effect of this ToS or concerning the rights, duties, obligations and liabilities of the Parties hereunder or any other matter arising out of or in connection with this ToS shall be referred to and settled by arbitration. The venue of such arbitration shall be Malta. The language of the arbitration shall be English. The award of the arbitrators shall be final and binding upon the parties. Any reference under this Clause shall be deemed to be a reference to arbitration within the meaning of Part IV of the Arbitration Act (Chapter 387 of the Laws of Malta).

BY INSTALLING, COPYING, OR OTHERWISE USING THE SERVICE OR SOFTWARE YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD AND HAVE AGREED TO BE BOUND BY THESE TERMS AND CONDITIONS.

DATA PROCESSING AGREEMENT

BACKGROUND
Whereas:

(A) Avantech licenses its own developed software, sells licenses for Third-Party owned software, makes available other software as a subscription service, and provides services related to such software, including support and software maintenance services, consulting services, and other general IT, networking, and security-related services to the Customer, collectively known as the Services.

(B) In providing the Services, Avantech may collect, use, or otherwise process Personal Data within the meaning of Data Protection Laws.

(C) The Parties are aware of the EU legislation on data protection namely Regulation (EU) 2016/679 (General Data Protection Regulation), hereinafter referred to as GDPR.

(D) The Parties agree to enter into this Data Protection Agreement, hereinafter referred to as the DPA, which regulates the data protection obligations of the Parties when processing the Customer's Personal Data and governs the relationship between the Parties in respect of the processing of Personal Data.

(E) The Parties have one or more separate agreements, written or verbal, (hereinafter referred to as the Principal Agreement) which currently govern their relationship including that related to the protection and management of data.

(F) The conditions contained within this DPA supplement any Principal Agreement in respect of the aspects related to data processing and supersede any provisions of the Principal Agreement in the event of a conflict.

(G) Any terms not defined in this DPA shall have the meaning set forth in the Principal Agreement.

NOW THEREFORE BOTH PARTIES AGREE AS FOLLOWS:

DEFINITIONS & INTERPRETATIONS

The following definitions and rules of interpretation apply within this agreement:

a) Affiliate means an entity that owns or controls, is owned or controlled by, or is under common control or ownership of either Party, during the Subscription Term.
b) Anonymous Data means Personal Data that has been processed in such a manner that it can no longer be attributed to an identified or identifiable natural person without additional information unavailable to any Third-Party other than Authorized Sub-Processors.
c) Authorized Staff means an Authorized Employee or contractor of either Party who has a need to know or access Personal Data to perform their obligations under this DPA or the Principal Agreement.
d) Authorized Sub-Processor means a Third-Party appointed by or on behalf of Avantech who needs access to Customer Data, including Personal Data, to provide a service to Avantech to fulfill obligations under this DPA or the Principal Agreement.
e) Customer Data means data inputted into the Software, including but not limited to Personal Data.
f) Data Breach means accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure of, or access to, Personal Data.
g) Terms such as Data Controller, Data Subjects, Data Processor, etc., have the same meanings as those in the GDPR.
h) Data Protection Law consists of the Maltese Data Protection Act and the General Data Protection Regulation.
i) Data Protection Officer means the individual appointed for ensuring data protection compliance.
j) Data Subject refers to an identifiable person to whom Personal Data relates.
k) Effective Date is when the DPA has been electronically signed by the Customer or in the event of a Cloud Subscription, Effective Date is defined as the date on which the Customer commences their subscription.
l) Instruction means a direction by the Customer regarding Personal Data.
m) Personal Data refers to any data identifying an individual.
n) Process means any operation performed on Personal Data.
o) Sensitive Personal Information includes government IDs, financial account details, genetic and biometric data, and information revealing racial, political, or sexual details.

TERM

This Agreement begins on the Effective Date and continues for as long as:

a) Avantech provides services for On-Premises Software.
b) A Subscription Agreement remains in force for SaaS Software.
c) Network Services are provided.

TYPE AND PURPOSE OF USE OF DATA

Avantech processes Personal Data on the instructions of the Customer as Data Controller under the following grounds:
a) Performance of a contract with the Data Subject.
b) Legitimate Business Interests or compliance with legal obligations.

Avantech processes the following Personal Data:

Customer contact data, used to manage the Customer/Supplier relationship.

Audit and User Data from the Scan2x suite of applications.

The Customer authorizes Avantech to generate aggregated Anonymous Data.

RELATIONSHIP BETWEEN PARTIES

The Customer is the Data Controller.
Avantech is the Data Processor of the Customer’s Personal Data for:
a) Customer’s use of Avantech SaaS Software.
b) Access granted by the Customer to support or troubleshoot systems.
c) Use of Customer Personal Data for administrative purposes.

PROCESSING OF PERSONAL DATA

The Parties authorize processing for:
a) Legitimate Business Interest or performance of a contract.
b) Compliance with legal obligations.

Avantech will act only upon the instructions of the Customer.

The Data Processor implements Technical and Organisational Measures to protect Personal Data.

AVANTECH’S OBLIGATIONS

Avantech, acting as a Data Processor, must ensure:
a) Persons authorized to process Personal Data have confidentiality commitments.
b) The Customer is notified of any changes regarding Authorized Sub-Processors.

TECHNICAL AND ORGANISATIONAL MEASURES

Avantech ensures processing is in line with Technical and Organisational Measures published below.

AUTHORISED SUBCONTRACTORS

Subcontractor	Nature of Services Sub-Contracted	Location of Hosting
Microsoft	Hosting, network services on Microsoft Azure https://www.microsoft.com/en-us/trust-center	The Netherlands & UK Microsoft data centres
Microsoft	Document Intelligence https://www.microsoft.com/en-us/trust-center	The Netherlands & UK Microsoft data centres
Nutrient	Component used in processing and displaying images and PDFs https://www.nutrient.io/api/terms/	The Scan2x Online Azure installation
RabbitMQ	Message broker used for internal processing and inter-thread messaging https://www.rabbitmq.com/	The Scan2x Online Azure installation
I.R.I.S. iDRS and iHQC libraries	Optical Character Recognition library (iDRS) and PDF compression library (iHQC) https://www.iris.co.uk/general-terms-and-conditions/	The Scan2x Online Azure installation
Google Inc	Tesseract OCR used under an Apache 2 Open Source licence https://www.apache.org/licenses/LICENSE-2.0	The Scan2x Online Azure installation
Scikit-learn	Machine learning libraries used by Scan2x Online under a BSD Open Source licence https://opensource.org/license/bsd-3-clause	The Scan2x Online Azure installation
MongoDB	Database licenced under the Server Side Public Licence (SSPL) https://www.mongodb.com/legal/licensing/server-side-public-license/faq	The Scan2x Online Azure installation
PayPal	Third Party Payment Processor	USA
Stripe	Third Party Payment Processor	USA
ApCo	Third Party Payment Processor	Malta
Avantech Task Manager	Incident Management	Avantech
Avantech Licence Manager	Scan2x Licence Management	Avantech

TRANSFERRING DATA OUTSIDE THE EEA

Avantech stores Personal Data in data centres within:
a) The European Economic Area (EEA).
b) United Kingdom.

DATA RETENTION

Personal Data will be retained by Avantech in accordance with the Data Retention Policy of Avantech as defined in the table below as it relates to different data types:

Data Type	Retention Policy
Customer’s Personal Data shared with Authorised Staff for the purposes of the provision of implementation and support services.	30 days
Data managed in Scan2x On-Premises Software	Managed by the Customer
Data Managed within Scan2x Online and other Software-as-a-Service.	60 days following termination of the Subscription agreement
Personal Data stored related to contracts, billing, procurement and similar administrative processes to enable the on-going relationship between Avantech and the Customer	10 years from termination of the relationship.
Personal Data related to correspondence, proposals, actions and opportunities.	Up to 6 years after termination of the relationship with Customer
Personal Data of users registered on Help Desk services.	3 years from last contact on Help Desk.

Avantech shall hold the Customer’s Personal Data only as long as is necessary to provide the Services, including administration, accounting, marketing and reporting in the context of a Legitimate Business Interest, and subject to:

.the rights of a Data Subject in terms of the Data Protection Law, such as requests for data access or deletion;

.any legal requirement for data retention as specified in any other law of the Republic of Malta, including laws including but not limited to Social Security, Income Tax, Value Added Tax, Employment and Industrial Relations etc.

.a request by an authorised Governmental or regulatory authority for an additional retention period

Modifications to this data retention policy can be effected by Avantech publishing the new policy at this page and giving the Customer 10 days’ notice of such change. as long as, in the event that the Customer is not in agreement with such change, the Customer shall have the right to terminate the Services without penalty.

RIGHTS OF DATA SUBJECTS

The Parties acknowledge data subjects’ rights, such as access, rectification, and erasure.
Avantech will promptly notify the Customer of requests from data subjects.

THIRD-PARTY REQUESTS FOR DISCLOSURE OF PERSONAL DATA

Avantech shall notify the Customer of any requests for disclosure of Personal Data from third parties.

DELETION OR RETURN OF PERSONAL DATA

On termination, Avantech will furnish the Customer with their Personal Data and delete existing copies in line with the Retention Policy.

RELIABILITY OF PERSONNEL

Avantech ensures Authorized Employees are reliable and have committed to confidentiality agreements.

SECURITY

Avantech maintains appropriate Technical and Organisational Measures to ensure data security.

MODIFICATIONS & NOTICES

Notices are to be sent to the registered office of the Party concerned.

PERSONAL DATA BREACH AND NOTIFICATION

Avantech must notify the Customer in the event of a Data Breach.

PROPRIETARY RIGHTS

This DPA does not grant the Customer any additional rights to intellectual property owned by Avantech.

FORCE MAJEURE

The Parties shall have no liability if prevented from performing obligations due to events beyond their control.

WAIVER

A waiver of any right under this Agreement is only effective if in writing.

SEVERANCE

If any part of this Agreement is found invalid, the other provisions shall remain in force.

ASSIGNMENT

The Customer shall not assign or subcontract any rights without prior written consent from Avantech.

GOVERNING LAW, JURISDICTION AND DISPUTE RESOLUTION

This Agreement is governed by the laws of the Republic of Malta.

Any dispute shall be settled by arbitration at the Malta Arbitration Centre.

DATA PROTECTION POLICY

TECHICAL AND ORGANISATIONAL MEASURES

Avantech is conscious of its obligations to its Customers to ensure the security, confidentiality and availability of its own infrastructure and of the infrastructure provided by its Sub-contractors and Sub-Processors. In addition to hosting either internally or with reputable Sub-Processors, Avantech’s software is designed with security features in mind and ensuring the correct configuration of the environment to assure this security.

This section provides an overview of the Technical and Organisational Measures that are in effect to ensure a level of security appropriate to the risk of processing of Personal Data. The measures vary dependent on the nature of the service provided related to the use of the Avantech SaaS Software, the Avantech On-Premises Software and other services and each of these situations is outlined below.

1. General Technical and Organizational Measures at Avantech

Avantech implements a stringent set of measures to ensure the security and availability of its systems to enable us to manage our own operation as well as to enable us to support the use of our software and services by our Customers. These general measures are listed below:

Granular User and Group level access control on all servers, virtual machines and systems

Physical access control to our offices including individual Smartcard access control, burglar alarm and recorded CCTV facilities at office entrance.

Locked access to server rooms.

Off-site encrypted data backup for disaster recovery

2. Measures Applicable when using Avantech On-Premises Software

Since by definition the Avantech On-Premises Software is located on the Customer’s own network and infrastructure, or a 3^rd party hosted environment subcontracted by the Customer to a 3^rd Party other than Avantech or one of its Subcontractors, the security and the Technical and Organisational Measures to protect the Personal Data are the responsibility of the Customer or their Subcontractor.

3. Measures Applicable when using Avantech SaaS Software

In addition to the Technical and Organisational Measures applicable in general at Avantech, the following measures are applicable to the Scan2x software:

Data Safety & Security in Scan2x

a) Data storage – All Scan2x data is stored electronically in a Microsoft SQL Azure database, hosted on the Microsoft Azure Platform in The Netherlands or UK, and is replicated to a secondary server in each respective jurisdiction.

b) Data access and backup – We use SQL Azure Database pools to keep your data safe in the case of system failure. We also keep a point in time recovery backup of the environment for the last thirty (30) days.

c) Data Collection & Transmission:

Application is hosted as a platform using Azure Application Services

All data sent to Scan2x is encrypted in transit. Our API and application endpoints are TLS/SSL only

Transport Layer Security (TLS) provides protection of data in transit on SQL Database connections.

Database Firewall – Only IP’s of the App Server & Avantech IP Addresses (Only authorised Avantech personnel which require such access to perform their job efficiently are given access) are white listed.

We also use Transparent Data Encryption which protects data at rest by encrypting the database, associated backups, and transaction log files at the physical storage layer. This encryption is transparent to the application, and uses hardware acceleration to improve performance.

d) Auditing & Threat Detection

We use Auditing for SQL Database and SQL Server audit to track database events and write them to an audit log. Auditing enables us to understand ongoing database activities, as well as analyse and investigate historical activity to identify potential threats or suspected abuse and security violations.

Application Security

a) Scan2x Users

.Locking of user accounts

.Filters for users – Can set filters on Scan2x jobs visible to users

.User self-service PIN resets

b) Roles & Permissions

.All Functions and screens are tied to either a role or a permission or both

.Permissions are organised in groups and allocated to a user

c) Audits

.Every successful/unsuccessful login in the system is audited

.Every URL visited in the system is audited

.Every record in the system maintains the created on, created by , modified on, modified by

Penetration Testing

Avantech periodically commissions independent 3^rd party, specialist companies to undertake penetration testing of its Scan2x environment.

These tests, referred to in the industry as Penetration Tests, consist of reviewing the practices, software and settings and in attempts to circumvent any security provisions in the infrastructure or the application software. The findings of these tests are reported to Avantech Software which, if appropriate, do involve modifications to address any appropriate issues prior to a re-test being undertaken.

DATA HANDLING AND PRIVACY POLICY

Avantech takes your privacy very seriously. We have implemented systems and processes that place privacy at the forefront of our work and these have been further strengthened in line with the General Data Protection regulations (GDPR).

This Privacy Policy is designed to help you understand what information we collect and how we use and share that information as well as how we ensure the rights of data subjects as these relate to their personal data and specifically to put you in control of your own personal data.

As used in this Privacy Policy, “Avantech” or “Us” refers to any company in the Avantech Group consisting of subsidiaries, associate companies and affiliates, although this currently consists of Avantech Software Limited and Avantech Limited. The “Customer”, “You”, “Your” and the “User” means an existing Avantech Customer, or a user of one of Avantech’s applications or Web Sites.

The term “Web Sites” means Avantech’s principal websites (including but not limited to www.Avantech.com.mt, avantechsoftware.com, Scan2x.com, Scan2xOnline.com).

Avantech never sells personal data and we commit to process personal data strictly in compliance with the EU General Data Protection Regulation (“GDPR”) as well as the Laws of Malta (together the “Applicable Law”).

Avantech will not sell, rent, or loan our email lists or personal data to any 3^rdparty.

We will store and/or process your personal data in any of the following circumstances:

Where it is necessary for Avantech’s Legitimate Business Interests to manage the relationship with you as a Customer, prospective Customer, employee or supplier or your legitimate interests, provided that this processing does not override the Data Subject’s fundamental rights.

Where our Customer, as the Data Controller, needs to process this Personal Data for the performance of a contract with the Data Subject as per (Art 6(1)(b) of GDPR). e.g. where a Avantech Software product is used to manage the Personal Data of data subjects.

Where the processing is necessary for the performance of a contract between Avantech and the you;

Where Avantech needs to comply with a legal or regulatory obligation.

We use the information we collect from all of our services to provide, protect, maintain, support, administer and improve our products/services. When you contact Avantech for sales, software and support services we keep a record of your contact to help solve any issues you might be facing or to provide the requested service to you as well as to administer our relationship with you.

We may use your email address to inform you about our services and products such as letting you know about upcoming changes or improvements and/or new product modules. You will always give you the right to opt out. We will request specific consent (Opt-In) to allow us to communicate with you for purposes other than those related to our relationship.

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used.

If you receive emails from us, we may use certain analytics tools, to capture data such as when you open our email or click on any links or banners our email contains. This data helps us to gauge the effectiveness of our communications and marketing campaigns.

Contacting Avantech

You may choose to contact Avantech for pre-sales or post-sales services, support or other type of enquiries either via telephone, messaging services, email, a contact form on a website or even through real-time chat facilities made through our software or web sites.

These types of contact may result in us asking you for certain information to allow us to respond and provide you with our services including your name, address, phone number, email address. In the case of the chat facility this will also result in the storage of the contents of the chat sessions including the company name, and the chat activity. We will retain and process this personal data in our systems to allow us to service your request and the ongoing relationship with you whether you are a Customer, prospective Customer or supplier. Your rights as data subject, as defined below, will of course be preserved.

We may also collect Personal Data such as name, email and physical addresses and even credit card information, where necessary, to support our licensing and billing processes.

We collect information in the following ways:

Information you give us like your name, email address, telephone number and the company / individual with whom you work.

Information we get from your use of our services. We collect information about the version numbers of the software that your use, serial numbers, number of users and number of companies.

In some of the licensing procedures, we maintain a list of companies which are required to enable us to generate software activation keys.

In the software hosted by use, we maintain log information and this includes:

details of how you used our service, such as your browsing pages history.

Login and logout date and time

Name and company

device event information, such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.

cookies that may uniquely identify your browser.

Location information from where you are using our services

We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Payment Information

When you purchase a good or services on-line through one of our Web Sites, we utilize 3rd party providers of payment processing and the data related to your credit card is processed by the 3rd party provider and we do not have access to that credit card information.

Avantech web sites utilize cookies to process user usage and behaviour information in a bid to improve user experience.

If your browser has been enabled by you to allow this, Avantech will store Cookie information onto the device used by you to access these sites. You will be able to use your browser’s capabilities to view and delete these cookies. The functionality of the web site may change based on the ability of Avantech to utilise these cookies.

On-Line Help

Use of the on-line help facilities that may be made available on the Web sites will record the details of the user name accessing the on-line help facility, the help centre activity related to the documents accessed and the location.

e-mail Contact

Should you consent to be contacted by Avantech, we shall use the Personal Data provided by you to communicate with you regarding those services for which you have consented to be contacted. This shall be on an opt-in basis.

If you are a user of our software or services, or an end-user of one of our Customers, who is obtaining support or needs to be notified of technical or commercial aspects of the use of our software or services, we shall retain the right to communicate with you as a result of a legitimate business interest provision as defined under GDPR.

Server logs

Like most websites, our servers automatically record the page requests made when you visit our Web Sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

Firewall Logs

Accessing of our systems and network is controlled through security infrastructure including firewall protection. As is industry practice, the firewall automatically logs traffic requests made when you access our systems. These “firewall logs” typically include details such as your Internet Protocol address, request type, and the date and time of your request. These logs are maintained for 1 year.

Where do we store & transmit your data?

Unless with explicit, prior, written consent, Avantech shall only store Personal Data either within the European Economic Area (EEA) or UK datacentres, or in a manner which is undertaken by Avantech through one of the following mechanisms:

As a result of the recognition by the European Commission, on the basis of article 45 of GDPR, of the country where the data is stored and processed offers an adequate level of data protection, whether by its domestic legislation or of the international commitments it has entered into.

Avantech’s data retention policy varies according to the nature of data itself and details of this policy can be located in Avantech’s Data Retention Policy found above.

Your Data Subject Rights

DPR provides a data subject with the following rights:

The right to be informed

The right of access

The right to rectification

The right to erasure

The right to restrict processing

The right to data portability

The right to object

Rights in relation to automated decision making and profiling.

Avantech of course respects these rights, subject to our obligations to retain and process data under other laws. For instance, while we might receive a request for erasure of data from a Data Subject related to that subject, we may not be able to erase data related to that subject which is necessary for the performance of our legal obligations for record keeping. A simple example is that we could erase non-critical correspondence but we are obliged to retain details of the purchase orders, invoices etc which relate to that Data Subject for period as required by laws related to accounting and business record keeping.

Should you wish to exercise any of these Data Subject Rights please send a request to info@Avantechsoftware.com.

APPENDIX A

HOW DOES SCAN2X AI FUNCTIONALITY PROCESS DATA?

Scan2x features a Document AI cloud-based service to provide powerful and simplified document metadata extraction from virtually any document. This involves no template-based configuration.

This service requires processing power and scale that only cloud datacenters can provide and for this reason the service is exclusively cloud-based. This document serves to address any concerns and provide more information related to the Scan2x Document AI operation and security.

SCAN2X AI OPERATIONS

Scan2x Document AI is a set of features that can be accessed and utilised by both on-premise and cloud-based versions of Scan2x. In the case of on-premise implementations, the utilization of Scan2x Document AI features is only possible if Scan2x is able to access the Document AI service over the internet.

To make use of a Scan2x Document AI service, there must exist a pre-purchased number of page scans attached to the Scan2x licence. These page scans are forward-purchased in batches and are valid for one year from date of purchase. Once the year is up, a new batch will need to be purchased and unused page scans will not carry over into subsequent years. Additional page scans can be purchased as top-up if required, and those top-up page scans will also last one full year.

Once page scans are purchased it is then possible to select Document AI services from the Scan2x Jobs Manager configuration tool. A number of pretrained models are listed, to be used depending on the document type you wish to process (eg invoices, receipts, ID documents, legal contracts). In addition, a number of generic options are also listed for those documents for which Scan2x does not yet have specific training. For generic documents, Scan2x will attempt to pull any information of interest from the document (irrespective of format). This retrieved metadata can then be saved as is, or it can be normalized into a defined metadata list for onward transmission to a repository like a DMS or some other downstream application that expects specific metadata.

The use of Scan2x Document AI is completely optional and is an additional feature-set to the powerful range of document analysis features Scan2x has built-in. Documents are not processed through Scan2x Document AI unless they are specifically set to do so by the Scan2x administrators at the Customer site.

SCAN2X AI PROCESSING

Documents to be processed by Scan2x Document AI are scanned or imported by the Scan2x system and sent to the Scan2x Document AI processor in the cloud. The cloud recognition server is hosted in a Microsoft Azure datacenter, as is the Scan2x Document AI processor. After processing, the extracted metadata is sent from the recognition server back to the Scan2x Document AI processor before being returned to the Customer Scan2x environment. All transmission of data back and forth between the above components is carried out as separate, distinct, encrypted calls (Transport Layer Security (TLS) 1.2) to ensure no leakage of data, including across Scan2x tenants.

The Scan2x Document AI services leverage artificial intelligence services run on a recognition server hosted in Microsoft Azure, a leading cloud infrastructure provider. The services are operated by a trusted and vetted technology partner under contract with Avantech Ltd, the producers of Scan2x.

The services are currently hosted in the Netherlands and UK. The possibility of hosting services in other jurisdictions may also be possible. Please contact us to discuss this requirement if needed.

This document provides a description of the Scan2x Document AI service and is not intended to provide legal advice. Please ensure you remain within local laws and regulations related to the transmission of data online.

Avantech and Scan2x are fully committed to ensuring compliance with GDPR. By running the service in EU- and UK-based datacentres, the AI service provider is equally bound by and subject to GDPR.

Document/data retention:

The standard retention period of documents sent to the recognition server is twenty-four hours, and any document remaining in temporary storage beyond the twenty-four-hour period is automatically purged. Documents and metadata are encrypted both while in transit and at rest. More information can be found at https://learn.microsoft.com/en-us/legal/cognitive-services/language-service/data-privacy