Skip to main content

Terms and Conditions

These General Terms and Conditions of Sale are up to date as of 21 July 2023.

1. INTRODUCTION‚Äč

1.1. These general terms and conditions of sale of services (hereinafter ‚Äúthe GTCS‚ÄĚ) are proposed by ENIBLOCK (hereinafter ‚Äúthe Service Provider‚ÄĚ), a French simplified joint-stock company with capital of 200,700 euros, registered with the Nanterre Trade and Companies Register under the number 847 672 250, having its registered office at TOUR W - 02 Terrasse Boieldieu, PUTEAUX (92800)., France. Telephone: +33 1 40 07 58 01 email: contact@eniblock.com; website: www.eniblock.com.

1.2. The Service Provider is a computer engineering services company specialised in supporting companies in the use of information storage and transmission technology without a control body called blockchain.

The Service Provider is in particular the publisher of a computer platform based on blockchain technology (hereinafter, ‚Äúthe Solution‚ÄĚ) allowing the issuance of financial securities in a shared electronic registration system (so-called ‚ÄúSecurity Token Offering‚ÄĚ or ‚ÄúSTO‚ÄĚ platform).

1.3. The Service Provider offers the customer (hereinafter, ‚Äúthe Customer‚ÄĚ), having the status of professional within the meaning of the provisions of the French Consumer Code, the possibility of ordering various services related to blockchain technology, including access to the Solution (hereinafter, ‚Äúthe Services‚ÄĚ).

1.4. The order for Services under the conditions hereof is exclusively reserved for professionals.

2. APPLICATION AND ENFORCEABILITY OF THE GTCS‚Äč


2.1. The purpose of these GTCS is to define all the conditions under which the Service Provider markets the Services as offered for sale to the Customer referred to in its quote, purchase order, technical and/or commercial proposal or special terms and conditions (hereinafter, indistinctly referred to as ‚Äúthe Quote‚ÄĚ).

2.2. The Service Provider shall draw up a Quote after contacting the Customer. The GTCS are systematically sent by email or delivered personally to each Customer with the Quote. The signature or acceptance of the Quote by the Customer formalises the order (hereinafter, ‚Äúthe Order‚ÄĚ). The GTCS and the accepted Quote govern the entire contractual relationship between the Parties (hereinafter the ‚ÄúContract‚ÄĚ).

2.3. Consequently, placing an Order (signature or acceptance of the Quote) implies the Customer’s full and unreserved acceptance of these GTCS, to the exclusion of any other documents in its possession such as prospectuses, catalogues or advertising brochures issued by the Service Provider, which will only have an indicative and non-contractual value.

2.4. In the event of contradiction between the provisions of the Quote and the GTCS, the relevant provisions of the Quote shall prevail over those of the GTCS.

2.5. Any reservation concerning the GTCS put forward by the Customer will therefore, in the absence of express acceptance by the Service Provider, be unenforceable against the latter, regardless of when it may have been brought to its attention.

2.6. Any provisions derogating from these GTCS must result from an express agreement of the Parties, contained in the special terms and conditions included in the Quote by the Service Provider or in any other document evidencing the agreement of both Parties, such as a specific service contract.

3. DESCRIPTION OF SERVICES‚Äč


3.1. The Service Provider offers a range of services developed around blockchain technology uses including, but not limited to:

  • - Consulting: training, consulting, technical and commercial analysis services and presentation of the of opportunities offered by the use of blockchain technology;
  • - Developments: specific application development services based on blockchain technology;
  • - Solutions: services for licensing, software components or applications based on blockchain technology, including, where applicable, the Solution.

3.2. Given the specific needs of each Customer, the Services specifically ordered by the Customer will be specified and described in detail in the Quote.

4. TERM OF THE CONTRACT

4.1. The Contract is entered into by the Parties for the duration indicated in the Quote.

4.2.¬†Unless otherwise indicated in the Quote, the continuous and/or successively performed Services shall be deemed to have been concluded for a period of one year (hereinafter, the ‚ÄúInitial Term‚ÄĚ) as from the date of signature or acceptance of the Quote by the Customer (hereinafter, ‚Äúthe anniversary date‚ÄĚ).

At the end of the Initial Term, the Contract shall be automatically renewed by tacit agreement on each anniversary date of the Contract for a further period of one year (hereinafter, ‚Äúthe Renewed Term‚ÄĚ).

The relevant initial or renewed Term shall be referred to hereinafter as the ‚ÄúPeriod‚ÄĚ.

4.3. In the event that the Customer wishes to terminate the Contract, the latter must notify its intention to terminate the Contract by registered letter with acknowledgement of receipt sent to the Service Provider’s registered office at least three months before the anniversary date of renewal of the current Period, with the postmark serving as evidence.

The termination will take full effect, in particular it will make it impossible for the Customer to benefit from the Services and in particular to access the Solution at the end of the Period.

In the event of termination of the Contract by the Customer, no credit note and no reimbursement for the Period will be granted by the Service Provider.

5. PRICES AND INVOICING‚Äč


5.1. The Service Provider’s pricing conditions relating to the supply of the Solution and the Services are provided in the Quote, validated by the Order.

5.2. The retail prices are given for information purposes and may therefore vary.

The prices invoiced are those in force at the time of validation of the

Order by the Customer by signing or accepting the Quote.

5.3. The prices of the Solution and the Services are expressed and payable in Euros and are expressed exclusive of value added tax and excluding all other taxes, with the Customer being responsible for paying said taxes.

5.4. Invoices shall be payable by bank transfer thirty (30) days end of month after the invoice date.

5.5. Without prejudice to any damages, failure by the Customer to pay an invoice on its due date shall automatically result in:

  • The payment of late payment penalties, which will be calculated from the due date indicated on the invoice until the day of actual payment, at a rate equal to the interest rate applied by the European Central Bank to its most recent refinancing operation plus 10 percentage points;
  • In accordance with Article D. 441-5 of the French Commercial Code, the payment of the lump-sum compensation for recovery costs fixed at a minimum of 40 euros, without prejudice to additional compensation upon justification;
  • The suspension of the subscribed Services and access to the Solution, after prior formal notice has remained without effect at the end of a period of fifteen (15) business days, without this suspension being able to incur the Service Provider‚Äôs liability.
  1. No discount will be made by the Service Provider for payment before the date shown on the invoice or within a period of time less than that mentioned in these GTCS or, where applicable, in the Quote.
  2. The Parties expressly exclude the legal frustration of purpose provided for in Article 1195 of the French Civil Code for the application of the Contract.
  3. Any request by the Customer for additional services or modifications, of any kind whatsoever, will be the subject of a new Quote by the Service Provider.

6. GENERAL OBLIGATIONS OF THE PARTIES‚Äč


6.1. Obligations incumbent upon the Customer‚Äč

6.1.1. The Customer undertakes not to adversely affect, under any circumstances and in any way whatsoever, the Solution or the other services provided under the Services. The Customer is not authorised to decompile or analyse the Solution or other services provided for under the Services, or to attempt to discover or modify all or part of their source code.

6.1.2. The Customer expressly declares that it has received from the Service Provider all the information and advice necessary for the use of the Solution or other services provided under the Services, and thus waives the right to seek the Service Provider’s liability for this reason.

6.1.3. The Customer undertakes to work closely with the Service Provider and provide all information, documentation, services and all means useful for the performance of the Services and the use of the Solution and undertakes to provide the Service Provider with all the elements necessary to meet its obligation, including staff dedicated to the proper performance of the Services.

6.1.4. Where applicable, before each intervention by the Service Provider, the Customer undertakes to carry out all the backup procedures necessary for the protection and backup of its data, programs and computer files.

6.1.5. The Customer undertakes not to harm, under any circumstances and in any way whatsoever, the reputation of the Service Provider, the Services provided and the Solution.

6.2. Obligations incumbent upon the Service Provider‚Äč

6.2.1. Within the framework of this Contract and the performance of the Services, the Service Provider undertakes to give itself all the necessary means and to make every effort to carry out its mission in accordance with best practice. This obligation shall not constitute an obligation of result, as the Service Provider shall only provide the Services and the Solution within the framework of an obligation of means.

6.2.2. The Services ordered by the Customer will be performed within the deadlines and under the conditions indicated in the Quote.

These deadlines do not constitute strict deadlines and may be modified by the Service Provider, particularly according to the constraints of third parties that may be involved in the performance of the Services. In this case, the Service Provider shall make its best efforts to reschedule the Services as soon as possible and shall not, in any event, be held liable with regard to the Customer in the event of a delay in the provision of the Services not exceeding 6 months from the initially scheduled deadline or if the Customer refuses to accept new performance dates proposed within this 6-month period. Failing this, the Customer may either agree to reschedule the Services within new deadlines proposed by the Company, or request reimbursement of the sums paid, excluding any other compensation.

6.2.3. The Service Provider warrants that it holds the intellectual property rights relating to the Solution or any other content licensed under the Contract, or that it has obtained permission from their respective owners to license them under the conditions hereof.

7. PROVISION OF THE STRIPE PAYMENT SOLUTION

7.1. The Service Provider has entered into an agreement with Stripe allowing the deployment and use of its payment services in connection with the use of the Solution.

7.2. The Service Provider therefore allows the Customer to offer Stripe’s payment services to End Users (qualifying as corporate entities located in France) in the context of the deployment of the Solution.

7.3. In order to validly offer the Stripe’s services to End Users on the Solution, the Customer shall ensure compliance with the systems put in place by the Service Provider and in particular:

7.3.1 that End Users have the capacity to enter into legally binding contracts;

7.3.2. by implementing a risk management and security system for End Users’ accounts, and undertakes in the event of a breach of the data of its End Users or any other security incident to notify the Service Provider as soon as possible and continue to provide accurate and up-to-date information throughout the duration of the security breach. The Customer may suspend, restrict or terminate End Users’access to all or part of the payment services offered by Stripe and/or disable or cancel the accounts of End Users, without reason, by giving them one month’s notice;

7.3.3. by obtaining End-Users’ consent to store card details for future use and ensuring that no processing may be carried out until End Users have agreed to such storage of data;

7.3.4. by obtaining End Users’ consent for the purposes of accessing, processing and storing all personal information that End Users provide to receive payment services;

7.3.5. that End Users create a strong password and maintain adequate security and control of all login details, passwords, clues, personal identification numbers (PINs), API keys or any other code that End Users use to access payment services;

7.3.6. the provision by End Users of a certain amount of information requested as part of the account opening procedure to verify their identity and detect money laundering, terrorist financing, fraud or any other financial crime and their authorisation to keep a record of such information so that they can benefit from the proposed Solution. In this respect, the provision of information by End Users must be verified, before they can benefit from the payment services offered on the Solution and in particular: surname, address, telephone number, email address, date of birth, tax identification number, bank information, etc. The Customer undertakes to ensure that any change in the situation of End Users is the subject of an update of the information concerning them.

7.3.7. by carrying out, either directly or through third party providers, such investigations as it deems necessary to verify the identity of End Users against fraud or other financial offences, as well as by implementing remedial measures deemed reasonably necessary based on the results of such investigations.

8. LICENCE TO USE SOFTWARE SOLUTIONS‚Äč


8.1. The provisions of Articles 7 to 9 only apply to Customers who have specifically ordered a licence to use the Solution and/or another software solution proposed by the Supplier.

8.2. In return for the payment of the price provided for in the Quote, the Service Provider grants the Customer a non-exclusive licence to use the related solution worldwide and for the duration of the Contract, allowing it to access and use said solution in accordance with its intended purpose, its documentation and the regulations.

8.3. The Customer undertakes to comply with the licence scope of the solution granted under these GTCS and the Order.

8.4. The Customer may not transfer, assign in any way whatsoever, sub-licence, make available to any third party, even temporarily and/or free of charge, the solution and/or the related user licence, unless it has obtained the prior and express authorisation of the Service Provider, or when access by a third party is specifically provided for and organised in the documentation.

9. PROVISION OF SOFTWARE SOLUTIONS‚Äč


9.1. The software solutions are made available to the Customer under the conditions indicated in the Quote.

9.2. When made available in SaaS mode, the solutions are accessible via the Internet 24 hours a day and 7 days a week, with the exception of maintenance periods. As far as possible, the Customer will be notified in advance of periods of service interruptions for maintenance.

9.3. The Customer shall be notified of technical incidents and any access interruptions that may occur. Consequently, the Service Provider may not be held liable for any unavailability or accidental slowdowns in the solutions.

Unless a more restrictive service commitment appears in the Quote, the Service Provider guarantees a 99% provision and availability rate of the solutions.

The Service Provider undertakes to put in place regular checks in order to provide reasonable assurance so that the Customer can access and use the solutions under the conditions set out in the Contract.

10. MAINTENANCE OF SOFTWARE SOLUTIONS‚Äč


10.1. The Service Provider is responsible for corrective maintenance and, only when they are made available in SaaS mode, the evolutionary maintenance of software solutions, throughout the term of the Contract.

The Service Provider undertakes to provide the following level of service:

Telephone and email support: 9 am to 6 pm, Monday to Friday excluding public holidays (times for Paris, France)

10.2. The Service Provider is not responsible for maintenance in the following cases:

  • Refusal by the Customer to work with the Service Provider to resolve anomalies and in particular to respond to questions and requests for information;
  • Use of a software solution in a manner that does not comply with its intended purpose, documentation or regulations;
  • Breach by the Customer of its obligations under the Contract;
  • Installation of all software packages, software or operating systems not compatible with the solutions;
  • Failure of the Customer‚Äôs electronic communication networks;
  • Deliberate act of degradation, malicious intent, sabotage or similar;
  • Deterioration due to force majeure within the meaning of Article 1218 of the French Civil Code or due to misuse of the Solution.

10.3. Interventions relating to the usual maintenance of the solutions may make certain features temporarily unavailable. Whenever possible, such interventions are carried out outside working days and hours, with a notice period of at least 3 days.

11. CUSTODY SOLUTION: ENIBLOCK WALLET‚Äč


11.1. The Service Provider provides the Customer with a noncustodial blockchain account management solution to be used by End Users (the "Eniblock Wallet SDK")

The Eniblock Wallet SDK is a digital assets wallet using cryptographic algorithm, accessible to Customer in SaaS mode using SDK (software development Kit) between Services Provider and Customer and allowing an End User to securely perform transactions on the blockchain. Technically, the cryptographic algorithm is replacing the private key of the End User by generating a secret (key) share on a distributed manner using multi-party-computation.

11.2. End Users are creating Eniblock Wallet SDK using their Google accounts (or any other point of access) following authentication scheme. The secret (key) share is created and backed-up using Cloud Drive storage (or applying any recovery secret (QR Code)). The communication between the End User and the server are running through a secure communication channel.

11.3. The secret (key) share is generated through a generation cryptographic protocol. The secret (key) share is generated for the End User and stored in the End User's Google Drive account space. The server stores the secret (key) share in an encrypted vault backed-up in a second remote server geographically distant.

11.4. The Service Provider is offering technical support and trainings to Customers in order to manage implementation of the Eniblock Wallet SDK to End Users.

11.6. The Service Provider is liable for the provision of the Eniblock Wallet SDK under the conditions and limits led down under Clause 17 of the present General Terms and Conditions.

11.7 Should the Service Provider terminate the provision of the Eniblock Wallet SDK, it shall provide a reasonable time-period to allow the End Users to transfer their digital assets to another wallet. The Service Provider will also maintain technical skills allowing the End Users to transfer their digital assets from the Eniblock Wallet SDK to another wallet. In any case, the Service Provider will not incur any liability for the loss of digital assets occurring during the transfer of digital assets from the Eniblock Wallet SDK to another wallet.

12. INTELLECTUAL PROPERTY‚Äč


12.1. The Solution and all the deliverables provided in the context of the performance of the Services shall remain, under all circumstances, the exclusive property of the Service Provider who is the sole owner thereof and/or holds all the rights necessary to ensure the marketing and use thereof.

12.2. Consequently, the Customer may not pledge them, assign them for consideration or free of charge, sub-licence them or lend them for consideration or free of charge. Furthermore, the Customer undertakes to inform the Service Provider of any infringement of which it may become aware.

12.3. The software, data, documentation, processes, methodologies, technologies and documents belonging to the Service Provider (hereinafter ‚ÄúIntellectual Property Rights‚ÄĚ) used, where applicable, in the context of the provision of the Solution and the Services, shall remain the exclusive property of the Service Provider.

To the extent strictly necessary for the provision of the Solution and the Services, the Service Provider grants to the Customer, on a personal, non-exclusive and non-transferable basis, the right to use said Intellectual Property Rights for the term of the Contract.

12.4. The Service Provider shall remain the holder of all the Intellectual Property Rights attached to the specific developments and updates, whatever they may be, that it may carry out in the context of the provision of the Solution and the Services, without the Customer being able, at any time, to claim any right to these specific developments.

13. OWNERSHIP OF DATA‚Äč


13.1. The Customer shall remain the owner of all the data collected by it in the context of the use of the Solution and the provision of the Services.

13.2. Unless otherwise stipulated, it is expressly agreed that during the provision of the Services by the Service Provider, the latter, which does not have subcontractor status within the meaning of the regulations applicable in this area, shall not carry out any processing on the data collected by the Customer, since the Service Provider has no access to said data.

14. REGULATIONS RELATING TO PERSONAL DATA‚Äč


14.1. In the context of the performance of the Contract, each Party undertakes (i) to comply with all applicable legal and regulatory provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the ‚ÄúGDPR‚ÄĚ) and (ii) to impose identical obligations on its staff and any third parties under its control (including its affiliates and subcontractors, if any).

14.2. Each Party agrees that the other party, within the framework or on the occasion of the implementation of the Contract may collect, process, store, communicate or archive personal data (within the meaning of the GDPR) concerning its contacts (names, email addresses and telephone numbers), in the context of or during the implementation of the Contract, but only to the extent that such collection, processing, storage, communication or archiving is necessary to perform the Contract.

14.3. The Parties guarantee that all personal data that they may hold and disclose to each other, or to which they may have access in the context of or during the implementation of the Contract, has been obtained and is used in such a way so as to ensure appropriate security and confidentiality, including with regard to the prevention of unauthorised access to such data.

14.4. Each Party therefore undertakes to (i) implement the technical and organisational provisions to guarantee the protection of the personal data held by the Party concerned against any unauthorised access, as well as against any breach, loss, unauthorised disclosure or accidental destruction, and (ii) alert the other party if any of these hypotheses materialise, so that it can alert the individuals concerned.

14.5. As data controller within the meaning of the GDPR of the personal data collected from the Customer under the Contract, the Service Provider guarantees that it is in full compliance with the provisions applicable to any processing of personal data carried out under the Contract and guarantees the individuals concerned by the processing of personal data the right to be informed and to access their personal data, the right to rectification and erasure, the right to restrict and to object to processing, the right not to be the subject of automated data processing intended to define their profile or to evaluate certain aspects of their personality, as well as the right to portability, which must be strictly understood as personal data collected directly from the individuals concerned. The rights and obligations of the Service Provider and the Customer in this regard are described in Appendix I. In order to exercise these rights, the individuals concerned may contact the Company’s Data Protection Officer at this email address: dpo@eniblock.com.

14.6. Notwithstanding the foregoing, the right to object shall not apply in case of processing required under a legal obligation.

14.7. Unless otherwise stipulated, the Customer shall be personally responsible for compliance with the regulations when implementing its own processing with third parties, including through the Solution or other deliverables and/or developments provided by the Supplier.

15. FINANCIAL REGULATIONS‚Äč


15.1. The Solution and, more generally, all the deliverables and/or developments provided by the Service Provider are technological tools for which the Customer is solely responsible for the use in compliance with the applicable regulations.

The Service Provider thus does not itself provide any investment service within the meaning of Directive 2014/65/EU of 15 May 2014 on markets in financial instruments, nor any services on digital assets within the meaning of Law no. 2019-486 of 22 May 2019 on the growth and transformation of companies (known as the ‚ÄúPACTE‚ÄĚ Law), or any other regulated activity within the meaning of the French Monetary and Financial Code.

15.2. The Customer’s attention is specifically drawn to the fact that the provision of services on digital assets within the meaning of Article L. 54-10-2 of the French Monetary and Financial Code, namely:

  • The custody service on behalf of third parties of digital assets or access to digital assets, where applicable in the form of private cryptographic keys, in order to hold, store and transfer digital assets (custody services);
  • Purchase or sale services for legal tender digital assets;
  • Digital asset exchange services for other digital assets;
  • Operating a digital asset trading platform;
  • Receiving and transmitting orders on digital assets on behalf of third parties;
  • Digital asset portfolio management on behalf of third parties;
  • Advising digital asset subscribers;
  • Digital asset underwriting;
  • Guaranteed investment of digital assets; - Non-guaranteed investment of digital assets;

is subject to obtaining prior approval as a digital asset service provider (known as ‚ÄúDASP‚ÄĚ) issued by the AMF if the Customer provides at least two of the aforementioned services in France, or if it provides custody and/or purchase or sale services for legal tender digital assets.

15.3. In addition, the registration of financial securities in a shared electronic registration system, as authorised by Article L. 211-3 of the French Monetary and Financial Code, also remains subject to all applicable financial regulations regardless of the medium used.

In accordance with Article L. 420-1 of the French Monetary and Financial Code, any multilateral system must in particular apply for authorisation to operate a trading platform, i.e. a regulated market within the meaning of Article L. 421-1 (hereinafter, ‚ÄúRM‚ÄĚ), a multilateral trading system within the meaning of Article L. 424-1 (hereinafter, ‚ÄúMTS‚ÄĚ) or an organised trading system within the meaning of Article L. 425-1 (hereinafter, ‚ÄúOTS‚ÄĚ).

15.4. The Customer therefore undertakes to request and obtain DASP approval prior to any provision of services on digital assets by means of the solutions provided by the Service Provider (particularly to establish relations between buyers and sellers, in the event of receipt and transmission of orders on behalf of third parties, execution of orders on behalf of third parties or of non-guaranteed investments) and, where applicable, authorisation as a market operator or an appropriate investment services provider before any use of the Solution as an RM, MTS or OTS trading platform within the meaning of the aforementioned regulations.

15.5. The Customer also remains solely responsible for compliance with the regulations on the fight against money laundering and the financing of terrorism within the meaning of Articles L. 561-1 et seq. of the French Monetary and Financial Code, regardless of the possible integration of compliance and internal control mechanisms within the Solution, which remain simple technical tools for which the Service Provider cannot ensure the proper use by the Customer.

16. GUARANTEES‚Äč


16.1. Guarantee of peaceful enjoyment‚Äč

16.1.1. The Service Provider guarantees the Customer the peaceful enjoyment of the rights granted to it under this Contract against any disturbances, claims and evictions of any kind arising from its own actions or the actions of third parties.

16.1.2. In particular, the Service Provider guarantees to the Customer that it has all the rights and authorisations necessary to grant the licence provided for in Article 7 and that the Solution and, more generally, the Services, do not contain anything that may fall under the laws and regulations relating in particular to infringement, unfair competition, privacy, image rights, personality rights and, more generally, contravene the rights of third parties.

16.1.3. The Service Provider guarantees to the Customer that if software elements integrated into the Solution or other deliverables fall under so-called free or open-source licences, these free or open-source licences do not contaminate the ownership of the intellectual property rights of the deliverables if ever the Service ordered includes a transfer of these rights in favour of the Customer. In this case, the Service Provider undertakes to list and provide the Customer with a list of the software elements covered by free or open-source licences, as well as the names of the free or open-source licences applicable at the time of delivery of the deliverables concerned.

16.1.4. The Service Provider guarantees the Customer against any complaints, claims and/or objections whatsoever by a third party that the Customer may suffer as a result of the Service Provider’s breach of the above guarantees. It undertakes to compensate the Customer for any damage it may suffer and to pay it for all costs, indemnities, charges and/or penalties that it may have to bear as a result.

16.1.5. The Service Provider is personally responsible for subscribing to the licence and supply contracts necessary to make the Solution available or to produce any deliverables and in particular any licences to use third-party software necessary for the proper functioning of the Solution or any deliverables.

16.2. Guarantee of contractual and regulatory compliance‚Äč

16.2.1. The Service Provider guarantees that the Services, the Solution and, more generally, all the deliverables and/or developments provided by the Service Provider are provided substantially in accordance with the Order, and that their functionalities comply with their presentation in the Quote.

16.2.2. The Service Provider guarantees that the Solution and, more generally, all the deliverables and/or developments provided by the Service Provider are fully compliant, as far as they are concerned, with the general cybersecurity requirements required by the AMF for the purpose of obtaining DASP approval, as they result from Article 721-4 of the AMF General Regulation and from the AMF Instruction referenced DOC-201924, in that they may allow, as appropriate:

  • The tracing and custody of any activity generated by the service on digital assets for a period of 5 years by means of a device making it possible to ensure the availability, confidentiality, integrity and non-repudiation thereof, in accordance with ANSI best practices for logging traces (JRNANSSI);
  • The identification and maintenance of technical components, as well as the tightening of configurations in accordance with the risk analyses

carried out by the Customer;

  • Compliance with OWASP application security standards SPM;
  • Authentication of domain names by the DNSSEC extension;
  • Authentication of the services displayed on the Internet by means of an X.509 certificate signed by a publicly recognised certification authority;
  • In the event of the provision of a mobile application, the implementation of a certificate pinning measure in order to strongly authenticate the remote technical service (PIN);
  • The possibility for users to authenticate with a second factor in addition to the usual password;
  • Strong authentication of administrators by means of a dual-factor mechanism;
  • Systematic encryption of the communications flows involved using robust encryption algorithms and protocols that comply with the RGS reference framework, Appendix B1;
  • The guarantee of the confidentiality and integrity of user data.

When the Solution or, more generally, the deliverables and/or developments provided are intended to be used as part of a custody service, services on specific digital assets for custody, purchase or sale for other legal tender digital assets, exchange of digital assets for other digital assets, operating a digital asset trading platform, receiving and transmitting orders on digital assets on behalf of third parties and/or digital asset portfolio management on behalf of third parties, the Service Provider guarantees that they are also fully compliant with the specific technical requirements of the AMF specific to all or part of said services.

16.2.3. The Service Provider also guarantees that the Solution and, more generally, all the deliverables and/or developments provided by the Service Provider are fully compliant, as far as they are concerned, with the requirements of Article R. 211-9-7 of the French Monetary and Financial Code relating to the characteristics of shared electronic registration systems used to register financial securities.

As such, the Service Provider warrants that its components have been designed and implemented in a manner that:

  • ensures the recording and integrity of the registrations;
  • allows, directly or indirectly, the identification of the owners of the securities, the nature and number of securities held;
  • enables the implementation of an updated business continuity plan including, in particular, an external periodic data retention system;
  • allows the owners of registered securities to have records of their own transactions.

Moreover, in the event of use of a shared electronic registration system specifically designed by the Service Provider, the Customer may request, in the event of an AMF requirement, that this system be the subject of security certification in a recognised scheme (CSPN, CCC, etc.).

16.2.4. Notwithstanding the foregoing, the Service Provider’s guarantee relates only to the technical compliance of the components supplied with regard to the AMF’s regulatory requirements in terms of cybersecurity.

In the event of the supply of one or more isolated components (excluding SaaS), the regulatory compliance guarantee only applies on the date of supply of the components, without any upgradeable maintenance obligation incumbent on the Supplier.

In the event of concomitant use of other components supplied by third parties, it is the sole responsibility of the Customer to ensure the regulatory compliance of the whole.

Unless all or part of these specific services are expressly provided for in the Quote, it is also the responsibility of the Customer to comply with all other organisational requirements of the AMF for obtaining DASP approval, in particular for the definition, formalisation, implementation and control of its continuous cybersecurity program (including its impact analysis relating to the protection of personal data and the potential compliance of its data processing with the GDPR), providing security advice to users and notifying security incidents to the AMF.

16.2.5. The Service Provider cannot be held liable for the content used by the Customer in the context of the implementation of the Solution and the Services.

The Service Provider cannot be held to any guarantee, in particular when the Customer has modified or had the Solution and/or the Services modified or has used services other than the Services provided by the Service Provider, without its prior written consent or when the Customer or third parties have intervened on the hardware and/or software and systems to which the Services are dedicated or on which they are performed.

17. LIABILITY‚Äč


17.1. The Service Provider’s liability is limited solely to proven direct damage resulting from a defect in the Services, the Solution or the breach of the Contract.

Under no circumstances shall the Service Provider be held liable for indirect, incidental or special damages as defined by the case law of the French courts.

17.2. The Service Provider cannot be held liable for the non-performance of the Contract in the event of force majeure as defined by the case law of the French courts, and in the event of damage caused by a third party or attributable to misuse or non-compliant use by the Customer of the Services and/or the Solution, in breach of the Service Provider’s requirements or best practice.

In particular, the Service Provider may not be held liable for i) damage and loss caused by non-compliant use of the Solution and/or Services by the Customer and/or any third party, ii) for any malfunction, error, inaccuracy or improper result, attributable to the incorrect, unauthorised or incompatible use of the Solution and/or

Services by the Customer and/or by third parties.

17.3. The Customer declares that it is aware of the characteristics and limitations of the Internet, in particular its technical performance, the response times for viewing, querying or transferring data and the risks related to the security of communications. The risks of corruption or destruction of data by viruses inside the network are limited by anti-virus software. It is the Customer’s responsibility to protect itself against these risks.

The Customer is solely responsible for relations with its partners and customers. In the event of a dispute, the Service Provider may under no circumstances be held liable.

17.4. Apart from personal injury or death, and except in the event of gross negligence or wilful misconduct causing direct proven damage or in the event of a breach of an essential obligation under the Contract emptying it of its substance, the Customer acknowledges that the Service Provider’s liability is limited to the amount paid by it for the Order in question.

18. TERMINATION‚Äč


18.1. In the event of a breach by one of the Parties of its contractual obligations, the Contract may be automatically terminated by the other Party thirty (30) days after sending a letter of formal notice sent by registered letter with acknowledgement of receipt which has remained ineffective.

The letter of formal notice must indicate the shortcoming(s) noted.

In particular, the following shall be considered as breaches giving rise to a right of termination:

  • failure to pay the price;
  • the use of the Solution or Services in breach of the licence conditions or the applicable regulations;
  • breach of the confidentiality or non-solicitation of staff obligations.

18.2. Once the Contract is terminated, the Customer shall cease to access the Services and the Solution.

18.3. The Parties have agreed that Articles 1224 et seq. of the French Civil Code relating to contractual termination shall not apply to the Contract. Each Party waives the provisions, and all related rights, of the aforementioned Articles of the French Civil Code.

19. CONFIDENTIALITY‚Äč


19.1. The Service Provider and the Customer undertake to ensure that their employees and other relevant agents keep confidential any information obtained or to be obtained in connection with the performance of this Contract. The existence of a commercial relationship between the Parties does not constitute confidential information.

19.2. The obligations set out in this Article shall continue to apply for a period of three years after the end of the Contract.

The obligations set out in this Article do not apply to information:

  • - which can be shown to have been brought to the attention of or made available to the recipient of the information before it was communicated to it by the other Party;
  • - which can be shown to have been lawfully disclosed by a third party not bound by an obligation of confidentiality after being communicated to the recipient by the other Party;
  • - the disclosure of which is required by law, a court order or by any other authority with adequate powers.

20. INSURANCE‚Äč


Each of the Parties undertakes to maintain in force, throughout the term of the Contract, with an insurance company known to be solvent, an insurance policy covering damage that may occur to its property and staff, as well as a policy covering its professional liability (tort and contractual liability), so as to cover the financial consequences of bodily injury, material and immaterial damage for which they may have to respond, caused by any event and which is attributable to its employees and/or potential partner companies during the performance of the Contract.

21. SUPERVISION OF STAFF‚Äč


The Service Provider’s staff assigned to the performance of the Contract shall remain under the administrative supervision and the sole hierarchical and disciplinary authority of the Service Provider throughout the term of the Contract. The Service Provider shall supervises and controls its employees, including when the Services are performed at the Customer’s premises.

22. UNDECLARED WORK‚Äč


The Service Provider represents that it is registered with the Trade and Companies Register, as well as with the URSSAF and that its registrations expressly cover all its activities for the performance of the Services defined in the Order.

In accordance with Articles L 8221-1 et seq. of the French Labour Code and in accordance with Article D 8222-5 of the same code, the Service Provider undertakes to submit, at the Customer’s request, when the Contract is concluded, and every six months until the end of its performance, the following documents:

  • - A K bis company registration certificate evidencing the registration with the Trade and Companies Register;
  • - A certificate of provision of social declarations issued by the social protection body responsible for collecting social security contributions and contributions dated less than six months old;
  • - A sworn statement of the filing with the tax authorities, on the date of the certificate, of all mandatory tax declarations;
  • - A sworn statement drawn up by the Service Provider, certifying that the work is carried out by lawfully employed employees in respect of Articles D. 8222-5, D. 8222-7 and D. 8222-8 of the French Labour Code.

23. NON-SOLICITATION OF STAFF‚Äč


23.1. The Parties waive the right to hire or have work directly, or through an intermediary, any employee of the other Party assigned to the performance of the Services, regardless of their specialisation, and even if the initial request is made by the employee. This waiver is valid for the entire term of the Contract, increased by a period of twenty-four (24) months from its expiry or termination for any reason whatsoever.

23.2. In the event that one of the Parties fails to comply with this agreement, it undertakes to compensate the other Party (in particular for selection and recruitment expenses, training costs, damage resulting from its personal reputation or commitments already made on its behalf, etc.) by immediately paying it a lump sum equal to the gross annual remuneration that this employee received or should have received before his/her departure.

24. DUTY OF LOYALTY‚Äč


The Parties agree, throughout the term of the Contract, to faithfully perform their respective obligations and to seek in good faith all possible solutions likely to achieve a rapid and balanced resolution of any problems or difficulties that may arise during the performance of the Contract.

25. REFUSAL‚Äč


The Service Provider reserves the right not to accept an Order from the Customer when the Service Provider has already encountered payment problems (non-payment or late payment) with the Customer for one or more previous Orders.

26. MODIFICATION OF THE SOLUTION AND SERVICES‚Äč


The Service Provider reserves the right to make any modification or development to the Solution and/or the Services with the aim of improving the Solution and/or the Services or made mandatory due to legislative or regulatory texts.

27. COMMUNICATION‚Äč


The Customer authorises the Service Provider exclusively throughout the term of the Contract to mention its name and logo on a list of references that it may distribute on its communication media.

28. FORCE MAJEURE‚Äč


The Parties agree to recognise as a case of force majeure any event meeting the criteria defined by the case law of the Court of Cassation pursuant to Article 1218 of the French Civil Code. It is understood that force majeure shall not be invoked for late payment or non-payment by the Customer.

29. SUBCONTRACTING‚Äč


The Service Provider is entitled to subcontract all or part of the performance of the Services to subcontractors. In this case, the Service Provider remains responsible for the performance of the Services vis-à-vis the Customer.

30. TITLES OF ARTICLES‚Äč


The titles of the articles and appendices, if any, are inserted herein for practical reasons only. Under no circumstances shall they be considered as an integral part hereof nor interpreted as a limitation of the scope of the articles to which they refer.

31. NO WAIVER/EXERCISE OF RIGHTS‚Äč


31.1. The fact that one of the Parties does not exercise any of the rights it enjoys hereunder, as well as any period of time taken by one of the Parties in exercising said rights, shall not constitute a waiver thereof.

31.2. Similarly, the partial exercise of a right or of only one of the legal remedies made available to one of the Parties shall not prevent the latter from fully exercising this right or from exhausting all legal remedies made available to it.

32. APPLICABLE LAW‚Äč

The Contract is governed exclusively by French law.

33. DISPUTES‚Äč


33.1. In the event that a dispute arises between the Parties regarding the validity, interpretation, performance, non-performance or consequences of this Contract, the Parties agree to attempt to resolve it amicably in confidence.

33.2. If the disagreement persists, in the event that the dispute is brought before the civil courts, to the knowledge of the Commercial Court of the Service Provider’s registered office, unless expressly stated otherwise in the Quote.

34. GENERAL CLAUSES‚Äč


34.1. The Contract expresses all the agreements and commitments of the Parties with regard to their subject matter and replaces any previous written or oral agreement or commitment, for any information, whatever its nature, provided prior to them, having the same purpose, which shall be deemed null and void.

34.2. In the event that one or more of the provisions of this Contract are, for any reason whatsoever, deemed invalid, this invalidity shall not affect any other contractual provision.

The Parties shall replace said provision with a valid and enforceable provision, in accordance with the legal or regulatory provisions, the effect of which shall be as close as possible to the economic result or any other result expected by the Parties.

34.3. The Contract is drafted in French. A translation into a foreign language may be provided for information purposes. In case of contradiction, only the French version shall prevail between the Parties.

34.4. The Customer acknowledges that it has the status of professional under the French Consumer Code.

34.5. The Service Provider and the Customer agree that all written documents, particularly electronic documents, exchanged between them as well as all data, particularly technical data, are authentic and validly prove the content of their exchanges and commitments. The electronic signature of the Contract shall be deemed original between the Parties.

APPENDIX 1: PRIVACY POLICY‚Äč


1.1. In order to enable the Customer’s employees to be able to order the Services, the Service Provider acting as data controller collects the following personal data relating to the Customer’s employees:

  • Surname and first name;
  • Position; -¬†¬†¬†¬†¬†¬†¬†¬†Email address; -¬†¬†¬†¬†¬†¬†¬†¬†Telephone number.
  1. The Service Provider uses the personal data of the Customer’s employees for the following purposes:

Purpose

Legal basis for processing

Taking into account Orders

The processing is necessary for the performance of the Contract entered into with the Customer

Order Management and Processing

The processing is necessary for the performance of the Contract entered into with the Customer

Invoicing

The processing is necessary for the performance of the Contract entered into with the Customer

Information on the

Service Provider, the Services and

the Service Provider’s activities

The processing is necessary for the purposes of the legitimate interests pursued by the Service Provider: commercial prospecting

Response to any questions/complaints from the Customer’s employees

The processing is necessary for the performance of the Contract entered into with the

Customer

Management of requests for rights of access, portability, erasure, rectification and

objection by the Customer’s employees

The processing is necessary for the performance of the Contract entered into with the Customer and is a legal obligation

Management of unpaid accounts and litigation

The processing is necessary for the performance of the Contract entered into with the Customer

  1. The personal data of the Customer’s employees is kept only for the time necessary to achieve the purpose for which the Service Provider holds this data, in order to meet the needs of the Customer’s employees or to fulfil its legal or regulatory archiving obligations.
  2. To establish the retention period of the personal data, the

Service Provider applies the following criteria:

  • in the event of an Order for services, personal data is stored for the duration of the contractual relationship and three years after collection or last contact with the Customer, for the purposes of commercial prospecting;
  • the Service Provider may keep certain data in order to fulfil its legal or regulatory obligations regarding archiving in order to enable it to exercise its rights and/or for statistical or historical purposes.
  1. At the end of the periods mentioned above, the personal data will be deleted or the Service Provider will anonymise it.
  2. The Service Provider ensures that it secures the personal data of the Customer’s employees in an adequate and appropriate manner and has taken the necessary precautions in order to preserve the security and confidentiality of the data and

GENERAL TERMS AND CONDITIONS OF SALE‚Äč


(SERVICES) in particular to prevent it from being distorted, damaged or communicated to unauthorised persons.

1.7. Rights of the Customer‚Äôs employees‚Äč

‚ąí The Customer‚Äôs employees have a right of access, rectification, deletion (erasure), portability of their personal data, of restriction of processing, as well as a right to object to the processing of their data collected and processed by the Service Provider, by contacting the Service Provider directly at the following email address: dpo@eniblock.com

‚ąí The Customer‚Äôs employees may also, at any time, withdraw their consent to the processing of their personal data by the Service Provider, as well as by any subcontractors, by contacting the Service Provider at the following email address: mailto:dpo@eniblock.com¬†, who must inform them.

1.8. In the event of a complaint, the Customer’s employees may contact the CNIL, which is the competent authority for the protection of personal data, whose contact details are as follows: 3 place de Fontenoy, 75007 Paris, France, telephone: 01 53 73 22 22.