1. General

1.1 HMD Global Oy, with address at Bertel Jungin aukio 9, 02600 Espoo, Finland, including its subsidiaries (“HMD”), provides the HMD FOTA described under section 2.2 below (“Services”) based on the following General Terms and Conditions (“Terms”) exclusively to enterprise customers (each, a “Customer”). A Customer that acquires the right to use the Services directly from HMD is referred to as “Direct Customer” and a Customer that acquires the right to use the Services through one of HMD’s authorized resellers is referred to as an “Indirect Customer”.

1.2 Customer will adhere to these Terms and any and all applicable laws when using the Services. By registering for or using the Services, Customer unconditionally accepts these Terms. If Customer does not agree to be bound by these Terms, it may not use the Services.

1.3 Unless otherwise agreed between HMD and Customer in writing, any change to these Terms (“Change”) shall be communicated by HMD by e-mail at least thirty (30) days before becoming effective to (i) Direct Customers and (ii) authorized resellers that will be in charge of further communicating them to Indirect Customers.

1.4 Any document concerning the Services that modifies or complements these Terms is not enforceable without HMD’s prior written acceptance. Standard purchase terms or other similar documents issued by Customer are not automatically applicable to the purchase of Services.

2. Services provided by HMD

2.1 HMD reserves the right to adjust the scope of the Services at any time by modifying, adding or, in rare cases, removing functionalities of the Services. Said adjustments to the scope of the Services are not considered Changes to these Terms and therefore will not be communicated to Customers as described in section 1.4. Adjustments to the scope of the Services will be deployed once they are ready. HMD may, at its discretion, use subcontractors for providing the Services.

2.2 Through the Services, Customer can use a management console made available via the internet (“HMD FOTA Management Console”) to (i) define under which circumstances over-the-air updates will be installed on the enrolled devices, (ii) deploy the installation of over-the-air firmware updates in accordance with the policies defined by Customer, and (iii) test firmware updates on a small number of devices beforehand. HMD can share upon request the minimal technical specifications devices need to fulfil in order to be enrolled.

2.3 Customer agrees that the acquisition of the Services is not contingent on the deployment of any future functionality or feature, or dependent on any oral or written public representations made by HMD or any third party (including authorized resellers) regarding any future functionality or feature. HMD does not commit to and cannot be held responsible for providing any future functionality or feature.

2.4 The Services may include links to other websites, content and resources that are owned or provided by third parties (“Third Party Content”). When accessing such Third Party Content, Customer shall review and agree to any applicable terms of use before using such Third Party Content. Customer also agrees that HMD has no control over the Third Party Content and cannot assume any responsibility for material created or published by such third parties. In addition, a link to a non-HMD site does not imply that HMD endorses the site or the products or services referenced in such third-party site.

3. Term and Cancellation of the Services

3.1 The Services start being provided when Customer’s first device is enrolled by Customer or by an authorized reseller or other third party that provides managed services to Customer.

3.2 Services acquired for a fixed period (“Fixed-Term Services”) will be provided for the agreed period and automatically renewed for subsequent periods of the same length as the initial term for devices that remain enrolled after the fixed period ends. Charging for each automatic renewal will follow the same logic as the initial period.

3.3 Services acquired on a monthly basis (“Open-Ended Services”) will continue being provided and charged for as such until cancelled as described below.

3.4 Cancellation of Open-Ended Services by HMD. HMD can cancel the provision of Open-Ended Services at any time by sending an e-mail at least sixty (60) days in advance to Direct Customers and authorized resellers. Authorized resellers are responsible for informing Indirect Customers accordingly.

3.5 Cancellation of Fixed-Term Services by HMD. HMD can cancel the provision of Fixed-Term Services at any time by sending an e-mail to Direct Customers and authorized resellers (which will be in charge of informing Indirect Customers accordingly) informing them that the provision of Services will not be automatically renewed for currently-enrolled devices and no new device can be enrolled on the Services. Services will be available for each enrolled device until the end of the period they were paid for.

3.6 Cancellation of Open-Ended Services by Customer. Customers can cancel the provision of Open-Ended Services in relation to any specific device by unenrolling said device by the end of the last calendar month they want Services to be provided.

3.7 Cancellation of Fixed-Term Services by Customer. Customers can cancel the provision of Fixed-Term Services in relation to any device by unenrolling said device by the end of the fixed term.

3.8 Cancellation in case of Suspension. In case Customer doesn’t revert within thirty (30) days any circumstance that has given cause to a Suspension, HMD can cancel the Services effective immediately.

3.9 The provisions of the Terms that are intended to survive the cancellation of the Services shall remain valid.

4. Customer Obligations

4.1 Customer shall carefully select which employees and/or contractors (including the authorized reseller that provides managed services to Indirect Customer, if applicable) shall use the Services on its behalf as IT admin. Customer may not transfer, lend, lease or otherwise transfer the right to use the Services to any third party. Customer shall contact HMD to cancel the accounts of IT admin users who have changed roles or are no longer part of the organization, and is responsible for the unauthorized use of usernames and passwords. Any abuse or breach of the rules and restrictions set forth by HMD or any applicable laws is Customer’s responsibility and Customer will indemnify and hold harmless HMD from and against any and all third party claims that arise out of such abuse or breach.

4.2 Customer will retain all right, title and interest in and to any of its data, code or other materials that interact with, is uploaded to, or is managed by the Services. Customer is solely responsible for any data uploaded to the Services.

4.3 Customer is solely responsible for correctly identifying the devices it desires to enroll on the Services. Customer shall be responsible for any and all liability, damage or loss arising from the incorrect enrollment of any device.

4.5 Customer acknowledges that, depending on the policies defined by Customer as part of the Services, (i) it might not be possible to access and use certain features of the enrolled devices, (ii) said devices might not receive regular updates and upgrades (including critical security updates and OS upgrades) and/or (iii) users of those device might not be able to download and install certain updates. Customer is solely responsible for informing users about said limitations.

5. Suspension

5.1 Without prejudice to its other rights under these Terms or the applicable law, HMD is entitled to suspend wholly or partly Customer’s use of the Services (“Suspension”) if one of the following material breaches occurs:

(i) Customer defaults or is late on any payments; or

(ii) HMD obtains information that the Services were or are being used in violation of any applicable law or regulation.

5.2 In case of Suspension, Customer is responsible for any charges that accrue until the date that HMD fully processes the Suspension. To the extent permitted by applicable law, Customer shall reimburse HMD for any reasonable costs incurred to collect fees owed by Customer to HMD, including attorneys' fees. If a Direct Customer has failed to pay any fees due, HMD may require that the Direct Customer pays a deposit and/or a fee to restore the Services.

6. Fees

6.1 Fees charged by HMD to Direct Customers will be announced separately.

6.2 Indirect Customers shall pay the fees agreed with the relevant authorized reseller. In case an authorized reseller defaults on any payment to HMD, its Indirect Customers might be asked to start acquiring Services from another authorized reseller or directly from HMD.

6.3 The Services fee cannot be prorated and is due for the total number of devices enrolled on the Service during each calendar month or fixed period, as the case may be, regardless of how many days each device remained enrolled during the relevant month or fixed period.

7. Authorization to use the Services

7.1 Subject to Customer being in compliance with the Terms, HMD grants to Customer a personal, limited, revocable, non-exclusive, worldwide, non-transferable and non-assignable right to use the Services as provided by HMD on the number of devices enrolled on the Services.

7.2 Unless expressly permitted by law, Customer shall not copy, reproduce, modify, reverse engineer, disassemble, decompile or otherwise attempt to derive the source code of the Services, or permit others to do so.

8. Intellectual Property

The Services, any content and software are protected under international copyright laws. HMD claims copyrights in the Services, their content, and software to the maximum extent permitted by the law. Subject to the Terms, HMD retains all right, title and interest in the Services, their content, software and in all other products, software and other services provided to Customer or used by Customer through the Services. All corporate names, service marks, logos, trade names, trademarks, websites and domain names in the Services (collectively “Marks”) are and shall remain the exclusive property of HMD or its licensors and nothing in these Terms shall grant Customer any license to use any Marks without HMD’s prior written permission.

9. Data protection

9.1 Customer agrees that the provisions of (i) Directive 2002/58/EC on Privacy and Electronic Communications; (ii) Regulation (EU) 2016/679 (the “GDPR”) on the protection of natural persons with regard to the processing of personal data; and (iii) all local laws or regulations implementing or supplementing the EU legislation mentioned in (i)-(ii) above and any subsequent amendments thereof (“Data Protection Laws”) and relevant international, regional and national data protection and privacy legislation shall apply to the transfer and processing of personal data hereunder and agrees to comply with such legislation.

9.2 Section 9 of these Terms shall apply in cases where HMD is processing personal data on behalf of the Customer. For the purposes of these Terms, the following definitions shall have the following meanings: “Customer Personal Data” shall mean the Personal Data (i) supplied to HMD by or on behalf of the Customer and/or (ii) obtained by or created by HMD on behalf of the Customer in the course of provision of the Services, and which in each case is processed by HMD in connection with Services; “Controller”, “Data Subject”, “Processing”, “Processor”, “Personal Data” and “Personal Data Breach” shall have the same meaning as defined in the GDPR.

9.3 HMD (and its subcontractors) may be required to access, receive, store or otherwise process Customer Personal Data in order to provide the Services.

9.4 The following shall apply to (i) the appointment of HMD as the Processor by the Customer and (ii) the appointment of sub-processors by HMD:

(a) Where the Services comprise Processing of Customer Personal Data by HMD, HMD shall be the Processor and the Customer shall be the Controller with respect to such Customer Personal Data. Each Party shall comply with the applicable Data Protection Laws with regard to such Processing in connection with the Services;

(b) If a party considers that the relationship between them no longer corresponds to the intention of the parties stated in Clause 9.4(a) above then it shall notify the same to the other party. The parties shall negotiate in good faith a document that correctly reflects such changed circumstances;

(c) Notwithstanding any other provision of these Terms, HMD shall be entitled to engage sub-processors in relation to any part of Services requiring the Processing of Customer Personal Data. HMD shall (i) impose the same data protection obligations as set out in these Terms on each sub-processor; and (ii) remain fully liable to the Customer for the performance of the sub-processors; obligations;

(d) Customer acknowledges that (i) HMD makes the current list of sub-processors available online at www.hmd.com/terms/subprocessors and (ii) Customer has approved the use of the listed sub-processors; and

(e) HMD shall notify Customer as described in section 1.3 about changing an existing or engaging a new sub-processor, thereby giving Customer sufficient time to object to such changes if relevant for the Services. If Customer does not object to a Change as described there, Customer is deemed having approved the change.

9.5 HMD’s obligations:

(a) HMD shall (i) process Customer Personal Data in compliance with the GDPR, good data processing practices, and these Terms, (ii) follow the instructions by Customer regarding the Processing of Customer Personal Data, unless prescribed otherwise by a provision of the Data Protection Laws to which HMD is subject to, and (iii) not process Customer Personal Data for any purpose other than providing the Services to Customer under these Terms, unless otherwise required by the applicable law or regulations.

(b) HMD shall ensure that any persons authorized by it to process Customer Personal Data are subject to confidentiality obligations.

(c) HMD shall adopt, maintain and enforce appropriate security policies as well as data protection and safeguarding arrangements for the lawful protection of Personal Data, communications and systems (including appropriate technical and organisational measures as required in Article 32 of the GDPR).

(d) HMD shall notify Customer immediately after becoming aware of any Personal Data Breach impacting Customer Personal Data as well as provide the required information to the Customer.

(e) Taking into account the nature of the Processing, HMD will assist Customer by appropriate technical and organisational measures with responding to the Data Subjects' requests under the GDPR.

(f) Taking into account the nature of the Processing and the information available to HMD, HMD shall assist the Customer with regard to its obligations under the following Articles of the GDPR: (i) Article 32 (Security of processing); (ii) Articles 33 and 34 (Notification and communication of a personal data breach); (iii) Article 35 (Data protection impact assessment); and (iv) Article 36 (Prior consultation with the supervisory authority).

(g) Upon termination of Services that required the Processing of Customer Personal Data (in whole or in part), HMD shall, as requested by Customer, return or destroy such Customer Personal Data which is in the possession or under the control of HMD, unless the Data Protection Laws require HMD to store such Customer Personal Data.

(h) HMD shall, upon Customer’s request, provide Customer with all information necessary to demonstrate its compliance with HMD’s obligations under this Clause 9.5. To the extent the compliance documentation is not sufficient for accountability purposes, HMD shall allow and contribute to audits and inspections conducted by or on behalf of Customer.

(i) Where required to do so by the GDPR, HMD shall maintain written records of its Processing of Customer Personal Data and make them available to a supervisory authority upon request.

9.6 HMD is entitled to charge the Customer for costs and expenses that were incurred as a result of complying with the above clause 9.5 (e), (f) and (h).

9.7 Customer’s obligations:

(a) Customer is responsible for fulfilling all obligations that apply to it as Controller under the applicable Data Protection Laws, including but not limited to identifying and establishing its independent legal basis for Processing of Personal Data, and fulfilling transparency requirements regarding the Processing.

(b) Customer shall ensure that: (i) the supply to HMD of Customer Personal Data by or on behalf of Customer for the purposes of Processing undertaken in compliance with these Terms by HMD and its sub-processors shall comply with the Data Protection Laws; and (ii) the instructions given by Customer to HMD for Processing Customer Personal Data shall comply with the Data Protection Laws.

(c) Customer is responsible for filing any necessary registrations in relevant countries, where applicable, in accordance with applicable Data Protection Laws.

9.8 Description of the Processing of Customer Personal Data:

(a) The data subjects are users of the HMD FOTA Management Console and users of the devices managed through the HMD FOTA Management Console. Customer determines who the data subjects are when Customer grants access to the Services to its users in accordance with these Terms.

(b) HMD processes the following types of personal data on behalf of Customer:

• Automatically generated log data, such as device ID and information related to the enrollment and update events.

• Model, IMEI, and serial number of the enrolled device.

• Firmware and operating system of an enrolled device and defined circumstances to deploy updates.

• Login credentials to HMD FOTA Management Console.

(c) HMD processes Personal Data of the HMD FOTA Management Console or device user as long as Customer uses the Services in relation to such user. Log details of unenrolled devices will be retained for 12 months after a device has been unenrolled.

9.9 In the event that the exchange and Processing of the Customer Personal Data requires further written specification of the rights and obligations of the Parties, the Parties shall enter into a separate Data Processing Agreement.

9.10 HMD may process Personal Data for advertising, marketing and research purposes but only when the Data Subjects have given their explicit consent in this respect.

10. Indemnification

Customer will, at its cost and expense, defend and indemnify HMD and its affiliates from and against all third party claims and all liabilities, assessments, losses, costs or damages resulting from or arising out of (i) Customer’s breach of the Terms, (ii) Customer’s infringement or violation of any intellectual property rights, other rights or privacy of a third party, or (iii) misuse of the Services by a third party where the misuse was made possible by the Customer’s failure to take reasonable measures to protect its username and password against misuse; or (iv) Customer’s use of the Services.

11. Limitation of Liability

THE SERVICES ARE PROVIDED ON “AS IS” AND “AS AVAILABLE” BASIS. HMD DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR OR VIRUS-FREE OR MEET CUSTOMER’S REQUIREMENTS. NO WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE, IS MADE IN RELATION TO THE AVAILABILITY, ACCURACY, RELIABILITY, INFORMATION OR CONTENT OF THE SERVICES. CUSTOMER EXPRESSLY ACKNOWLEDGES AND AGREES THAT BECAUSE SOME OF THE SERVICES MAY BE PROVIDED OVER MOBILE AND INTERNET NETWORKS OUTSIDE OF HMD’S CONTROL, THEY ARE SUBJECT TO OUTAGES, DISRUPTIONS, AND INTERCEPTION, AND THAT HMD HAS NO LIABILITY FOR ANY SUCH OUTAGES, DISRUPTIONS OR INTERCEPTIONS. CUSTOMER EXPRESSLY AGREES AND ACKNOWLEDGES THAT THE USE OF THE SERVICES IS AT CUSTOMER’S SOLE RISK AND THAT THERE MIGHT BE EXPOSURE TO CONTENT FROM VARIOUS SOURCES WHICH HMD IS NOT RESPONSIBLE FOR. IN ADDITION, UNDER NO CIRCUMSTANCES WILL HMD BE LIABLE FOR DAMAGES ARISING OUT OF OR RELATED IN ANY WAY TO CUSTOMER’S INABILITY TO ACCESS, OR YOUR DIFFICULTY IN ACCESSING, THE SERVICES TO THE MAXIMUM EXTENT PERMITTED BY LAW.

EXCEPT WHERE PROHIBITED BY LAW, HMD WILL NOT BE LIABLE FOR DAMAGES THAT EXCEED THE AMOUNT OF (I) HMD’S CHARGES TO DIRECT CUSTOMER FOR THE SERVICES DURING THE PRIOR ONE MONTH PERIOD (II) AUTHORIZED RESELLER’S CHARGES TO INDIRECT CUSTOMER FOR THE SERVICES DURING THE PRIOR ONE MONTH PERIOD. TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXCEPT FOR LIABILITY FOR DEATH OR PERSONAL INJURY CAUSED BY ITS GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT, IN NO CASE WILL HMD BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES RESULTING FROM CUSTOMER’S USE OF OR INABILITY TO USE THE SERVICES.

12. Governing Law and Dispute Settlement

Unless otherwise agreed in writing between the parties, the Terms shall be governed by the laws of Finland. The application of uniform sales law, in particular the application of the Convention of the United Nations on Contracts for the International Sale of Goods (CISG) is expressly excluded. Any dispute, controversy or claim arising out of or relating to the Terms, or the breach, termination or validity thereof shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finnish Central Chamber of Commerce in Helsinki, Finland, in English. The award shall be final and binding on the parties. Any dispute, controversy or claim arising out of or relating to the Terms and the final award shall be deemed confidential information. Nothing shall limit the parties' rights to seek interim injunctive relief or to enforce an arbitration award in any court of law.

13. Other Provisions

13.1 Force Majeure: A Force Majeure Event is an event beyond the reasonable control of the Party concerned. The causes may include, but are not limited to, acts of God, acts of the government, fires, natural disasters, epidemics, quarantine restrictions, strikes, lock-outs, industrial disputes, riots or civil commotion, acts of terror or imminent threats of terrorist activity, transportation or energy shortages, freight embargoes, power failures, unforeseen shortages of components and production constraints or failure of the postal or logistics system. Neither Party is liable (other than in respect of any payment obligations) for any delay or failure to perform its obligations, loss or damage due to a Force Majeure Event. Each Party will inform the other of any Force Majeure Event within a reasonable period of time following its occurrence. In the above instances, time for performance will be extended for the period of the delay.

13.2 Assignment: HMD may assign its rights and obligations hereunder to its corporate parent, any of its subsidiaries, or to any company under common control with HMD. Additionally, HMD may assign its rights and obligations hereunder to a third party in connection with a merger, acquisition, sale of assets, by operation of law or otherwise.

13.3 Severability: These Terms shall not exclude nor limit any mandatory rights of the Customer that cannot by law be waived. If a provision of these Terms is found to be invalid, the remaining provisions will not be affected and the invalid provision will be replaced with a valid provision that comes closest to the result and purpose of the Terms. In the event one or more provisions of these Terms are not relevant to Customer’s use of the Services, it shall not impact the validity or enforceability of any other provision of the Terms or the Terms as a whole.

13.4 Feedback: By submitting any ideas, feedback and/or proposals ("Feedback") to HMD through the Services or other means, Customer acknowledges and agrees that: (1) HMD may have similar development ideas to the Feedback; (2) Feedback does not contain confidential or proprietary information of Customer or any third party; (3) HMD is not under any obligation of confidentiality with respect to the Feedback; (4) HMD may freely use, distribute, exploit and further develop and modify Feedback for any purpose; and (5) Customer is not entitled to any compensation of any kind from HMD.

13.5 Confidentiality (applicable only to Indirect Customers): The parties undertake to treat confidentially all confidential information exchanged hereunder. Both parties may make use of confidential information only for purposes defined herein. Neither party may publish any confidential information received from the other party, or pass it on to third parties, without the prior consent of the other party. Information is considered confidential if the party that has produced the information has marked it confidential or if the confidentiality of certain information derives from the circumstances. In case of doubt, all information is confidential. Information that was (i) already known to the receiving party at the time of the receipt, (ii) made known by a third party without the obligation to keep confidential, or (iii) already publicly known at the time of the transfer is not considered confidential. The foregoing confidentiality obligations apply to the duration of the Services and for a period of three (3) years after their end.

13.6 Claims by Customer: Customer shall notify HMD of any possible claim it may have against HMD hereunder within a reasonable time, however no later than in three (3) months after Customer became aware of an event that may give reason for such claim.

13.7 Prohibited Use: Customer may not use or attempt to use the Services in connection with any use which is prohibited by any applicable export control and economic sanctions regulations, including those of the US, UK, and EU. Customer shall immediately notify HMD in writing upon becoming aware of or suspecting any such use. In the event that HMD reasonably believes that any prohibited use might have happened, Customer shall cooperate fully with any investigation and HMD reserves the right to suspend the Services during the investigation at its reasonable discretion without any penalty or liability.