IDENTIFICATION OF THE PARTIES

Service Provider: DEPASIFY S.L. (hereinafter, "DEPASIFY" limited company with NIF B-67823831, domiciled in calle Álvaro de Bazán 10, 46010 Valencia (Valencia), Spain, registered in the Mercantile Registry of Valencia in electronic Volume, electronic Folio, Page V-221845, current registration, with IRUS code: 1000309399078 and duly registered in the register of service providers on Cryptoassets of the Bank of Spain with the number D705 and contactable through the email or the form in .

Client (hereinafter, "CLIENT" or "THE CLIENT"), any individual or legal entity that, complying with the requirements established in these General Conditions, registers in the platform , accepts the present terms and contracts the services offered by DEPASIFY, including, among others, the purchase, sale or exchange of cryptoassets.

Both parties, hereinafter jointly referred to as the "Parties" or individually as the "Party", acknowledge sufficient capacity to accept these General Terms and Conditions (hereinafter referred to as the "Terms and Conditions"), which govern the provision of DEPASIFY Services in compliance with Regulation (EU) 2016/679 ("GDPR"), Regulation (EU) 2023/1114 (MiCA), Regulation (EU) 2022/2554 ("DORA"), Law 34/2002 ("LSSI"), Law 10/2010 on the Prevention of Money Laundering, and other applicable regulations.

DEFINITIONS

"Blockchain": the decentralized and distributed public network that has been chosen as the supporting registry for the provision of the Service.

"Business Day" means any day that is not a Saturday, Sunday or public holiday in Madrid, Spain.

"Confidential Information" means confidential information of the other party relating to the other party's business, plans, CLIENTs, technology, services and products and other information held in confidence by the other party, including all information in tangible or intangible form which is marked or designated as confidential or which, given the circumstances of its disclosure, should be considered confidential. Information shall not be considered Confidential Information if such information (i) becomes known to the receiving party prior to its receipt from the disclosing party directly or indirectly from a source that does not have a confidentiality obligation to the disclosing party; (ii) becomes known (independently of disclosure by the disclosing party) to the receiving party directly or indirectly from a source that does not have a confidentiality obligation to the disclosing party; (iii) becomes publicly known or otherwise ceases to be secret or confidential, except for breach of these Terms by the receiving party; or (iv) is independently developed by the receiving party. The receiving party may disclose Confidential Information pursuant to the requirements of a governmental agency or by operation of law, provided that it gives reasonable advance written notice to the disclosing party that allows the disclosing party to contest such disclosure and that it is not itself unlawful to give such notice.

"Cryptoassets": any digital representation of a security or right that uses cryptography to safeguard security and takes the form of currency, token or other digital medium and that can be transferred and stored electronically using decentralized registry technology or similar technology. For the purposes of these General Terms and Conditions, Crypto Assets shall mean the list specified in Annex III.

"End User" or "User", indistinctively: any natural or legal person who is a CLIENT of the CLIENT and uses the services described herein. The End User is the final recipient of the Services provided under these General Terms and Conditions and is distinct from the CLIENT.

"Exchange": a digital marketplace that allows its users to trade between different currencies, whether digital assets and/or fiat or traditional Money.

"Fiat Money": fiat currencies admitted under Annex III.

"Funds": banknotes and coins, scriptural money or electronic money, as defined in point (2) of Article 2 of Directive 2009/110/EC. It includes fiat money.

"Intellectual Property Rights" means all intellectual property rights in and relating to the Platforms, the Services, the Platform Usage Data and any modifications, enhancements and derivative works thereof, including but not limited to copyrights (including rights in software), user interface designs, architecture, documentation, network designs, data rights, know-how, trade secrets, trademarks, service marks, trade names, trade names, domain names, logos, get-ups, patents, inventions, registered and unregistered design rights, semiconductor topography rights, database rights and all other similar rights anywhere in the world, including, where such rights are obtained or enhanced by registration, any registrations of such rights, applications and rights to apply for such registrations.

"KYC": for Know Your CLIENT, a process of formal identification of the end user through the request of reliable documents under the obligation established in Law 10/2010, of April 28, 2010, on the prevention of money laundering and terrorist financing. In the case of end-user identification, it shall be understood that this process includes, where appropriate, the identification of legal entities or KYB.

"Losses" means all losses, liabilities, fines, fines, charges, damages, actions, costs and expenses, professional fees (including attorneys' fees actually incurred) and disbursements and costs of investigation, litigation, settlement, judgment, interest and penalties.

"MiCA Regulation": Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on Cryptoasset markets and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937.

"Transfer Regulation": Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain Cryptoassets and amending Directive (EU) 2015/849.

"Wallet": set of cryptographic elements that allow the custody of the balance of Cryptoassets deposited therein by a single user.

FIRST - OBJECT

1. These General Conditions establish the manner in which DEPASIFY will provide the CLIENT with access to the Crypto as a Service Solution (hereinafter, "CaaS Solution") which, in the context of these General Conditions, facilitates certain Service(s) including, if applicable, through an application programming interface (API) and other processes that THE CLIENT may request, provided that DEPASIFY has agreed on their provision, implementation and corresponding performance in relation to or in the context of the CLIENT. In order for such Services to be concluded, it is necessary the conclusion of the relevant agreement between the Parties.
2. The object of these General Conditions is also the determination of the consideration that DEPASIFY will receive for the provision of the applicable Services.
3. The contract for the provision of Services, including the General Conditions, its Appendix, Annexes and Special Conditions, regulates the use of the Services provided by DEPASIFY and constitutes the legal relationship between the Parties.
4. The capitalized terms of these General Conditions are defined in the "Definitions" at the beginning of these General Conditions.

SECOND - DURATION

1. These General Terms and Conditions shall enter into force (hereinafter referred to as the "Effective Date") on the earlier of:
1. the day of its signature by both Parties; or
2. the date on which the CLIENT tacitly accepts the present General Conditions by executing the first transaction on the Platform.
2. These General Conditions shall remain in force for an initial term of one (1) year, and may be tacitly renewed for identical periods, unless either Party expresses to the other, in writing, its desire not to renew it, provided that such communication is made at least two (2) calendar months prior to the expiration date of the initial term or successive extensions.
3. Notwithstanding the foregoing, both Parties agree that all those clauses expressly intended to survive the termination or expiration of these General Conditions, shall remain in force and shall continue to bind both Parties as provided, even after these General Conditions have been terminated, shall survive after termination and, especially, the obligations of confidentiality and liability.

THIRD - SERVICES

1. DEPASIFY offers services on Cryptoassets (the "Services", details of which are set out in the Schedule).
2. THE CLIENT needs to be a Member to access the Services set forth in Annex I.
3. The use of the Services is subject to and governed by these General Terms and Conditions and DEPASIFY's Acceptable Use Policy.
4. All those clauses that may be applicable, even after the termination of the contract for the provision of Services, shall survive the termination and, in particular, the obligations of confidentiality and liability.

FOURTH - ACCEPTANCE AS A MEMBER

1. The obligations arising from these General Terms and Conditions are conditioned to the acceptance of the CLIENT as a Member, which is at DEPASIFY's sole discretion. DEPASIFY reserves the right to refuse to provide the Services or part thereof without specifying the reason.
2. CLIENT acknowledges that all regulatory eligibility requirements must be met before Services are provided.
3. Before the Services are provided, and at all times during the provision of the Services, THE CLIENT agrees to cooperate with DEPASIFY and to provide all information and documents and to perform all acts that DEPASIFY requires (i) by law, regulation or in accordance with DEPASIFY's internal policies, (ii) to comply with requests from local and foreign regulatory authorities, (iii) to verify the identity of the CLIENT or the identity of an End User, as well as its activities and objectives, and (iv) to explain the reasons for the (intended) use of a Service, the origin of the Funds used for a Service or transaction, and the economic nature of (the use of) a Service or transaction.
4. THE CLIENT undertakes to promptly notify DEPASIFY in writing of any change in its information or that of an End User and to provide DEPASIFY with any other information that may be required from time to time for the purposes of the general policies or the provision of the Services.
5. For the avoidance of doubt, the Services shall not commence until (i) DEPASIFY has completed the compliance checks, (ii) the Parties have agreed to be bound by these General Conditions, and (iii) DEPASIFY is satisfied that THE CLIENT meets the eligibility conditions to become a Member.

FIFTH - RESPONSIBILITY OF THE END USERS

1. DEPASIFY provides the Services only to the CLIENT. DEPASIFY shall not provide any Services to an End User or treat an End User as a CLIENT of DEPASIFY for the purpose of providing the Services.
2. CLIENT is solely responsible for complying with all regulatory obligations to End Users with respect to the provision of Services by CLIENT to any End User, including without limitation:
1. any Know Your CLIENT ("KYC") and/or CLIENT due diligence ("CDD") requirements relating to End Users and onboarding of End Users;
2. all operational matters relating to end users, including the allocation of Funds to end users, the handling of support inquiries and the collection of additional compliance information for specific payments; and
3. all sales, marketing and account management in relation to end users, including the promotion and marketing of services to end users and the management of end user accounts.
3. CLIENT acknowledges that DEPASIFY shall not be the principal of any payment transaction nor shall it be liable for or otherwise guarantee the performance of any payment transaction made by CLIENT with an End User.
4. THE CLIENT shall provide DEPASIFY with any information reasonably required in connection with any End User, including transaction information related to the purchase and sale of Cryptoassets.

SIXTH - CONSIDERATION

1. The fees corresponding to the Services shall be as set forth below:
1. DEPASIFY, as consideration for the Services, shall receive from the CLIENT the amount resulting from applying to the Funds transferred by the Users the fees indicated in the Particular Conditions of Fees Applicable to the Services.
2. DEPASIFY will issue monthly invoices to the CLIENT, with the amounts due in accordance with the above.
2. All fees are stated exclusive of all levies, duties, tariffs, customs duties that may arise from the performance of the Services, and similar fiscal charges currently in force or to be enacted in the future, for all of which THE CLIENT shall be responsible and shall pay in full. DEPASIFY's fees do not include taxes.
3. THE CLIENT shall pay a non-refundable Setup Fee, as specified in the Special Conditions of Fees Applicable to the Services (the "Setup Fee"), at the beginning of the Know Your Business (KYB) onboarding process. An invoice for the Setup Fee will be issued at the beginning of the process of joining KYB.
4. THE CLIENT shall pay a Monthly Service Fee as specified in the Particular Conditions of Fees Applicable to the Services (the "Monthly Service Fee"), which shall be due as of:
1. the date of entry into operation; or
2. two (2) months from the Effective Date of these General Conditions.
5. Prorated Monthly Service Fee: If the Monthly Service Fee is due for the first time during a partial month, the amount payable for that first month will be calculated on a prorated basis, based on the number of days remaining in the month in relation to the total number of days in that month. This prorated amount shall be included in the invoice issued at the end of that month and shall be payable in accordance with the terms set forth in these General Conditions.
6. For the purposes of these General Terms and Conditions, the "Go Live Date" shall mean the date on which the first transaction made by THE CLIENT or its End Users is executed on the DEPASIFY Platform.
7. Invoicing Terms:
1. Invoices for all fees, including the Monthly Service Fee, shall be issued at the end of each calendar month.
2. CLIENT shall settle each invoice within fifteen (15) days of the invoice date, unless otherwise agreed in writing.
8. Overdue payments shall accrue interest at 2% per annum above the prime rate of the Central Bank of Spain and this interest shall accrue daily or at the maximum rate permitted by law, whichever is lower, until paid in full. When an outstanding payment remains unpaid for 90 days or more, DEPASIFY reserves the right to suspect access to the CLIENT's Account and to stop providing the Services.
9. CLIENT agrees that DEPASIFY may set off any amount owed against any amount owed by DEPASIFY to CLIENT.
10. DEPASIFY reserves the right to change the fees for any part of the Services with a written notice of not less than 1 month. By continuing to use the Services, THE CLIENT shall be deemed to accept such modifications to the fees. If THE CLIENT does not agree to the revised fees, DEPASIFY shall be notified in writing of the termination of the contract or, if the fee increase relates to a particular Service or part thereof, the provision of the Service in question, or part thereof.
11. DEPASIFY may apply changes in interest or exchange rates immediately and without prior notice when (i) the changes in interest or exchange rates are based on the information on reference interest or exchange rates already provided; or (ii) the changes are more favorable to the CLIENT.
12. The obligation of the CLIENT to pay fees and expenses to DEPASIFY is independent of any right that may correspond to the CLIENT against third parties due to the Services provided. Therefore, and among other possible assumptions, in litigation or judicial matters, the conviction in costs of the counterparty does not exempt or release the CLIENT from the payment to DEPASIFY of the corresponding fees and expenses.
13. Likewise, without prejudice to other rights that may correspond to it, in case of non-payment by the CLIENT of the invoices issued, DEPASIFY may (i) suspend the provision of the Services to the CLIENT until the CLIENT pays the invoices owed; or (ii) terminate the contract for the provision of Services and terminate the contractual relationship with THE CLIENT, waiving any claim for damages that may arise from such termination based on the provisions of this clause.

SEVENTH - LICENSE AND INTELLECTUAL PROPERTY

1. DEPASIFY owns all rights, titles and interests over its patented technology, including its software (in source and object form), user interface designs, architecture and documentation (both printed and electronic), network designs, know-how and trade secrets, as well as any modifications, improvements and derivative works thereof.
2. DEPASIFY is the sole owner of all Intellectual Property Rights in relation to its payment management gateway and/or KYC management. However, DEPASIFY grants a revocable, non-exclusive and non-transferable license of use to the CLIENT for the development of its activity in the manner agreed in the contract for the provision of Services and for this purpose it may use, via API and Widget, the technological systems owned by DEPASIFY.
3. THE CLIENT may not, during or at any time after the termination of the Conditions, directly or indirectly use the rights derived from these General Conditions to dispute or contest the validity of DEPASIFY's Intellectual Property Rights (or those of its partners and affiliates).
4. DEPASIFY authorizes the use of the necessary technology, including any type of platform enabled and made available by THE CLIENT for the provision of the Services, and of any Intellectual Property Rights necessary for such purpose, under the conditions agreed only in the contract for the provision of Services, not being understood in any case authorized for its reproduction and public dissemination, assignment, sale, rental or loan, undertaking not to assign its partial or total use in any way, and not to disclose it, publish it or make it available to third parties in any other way.
5. Said transfer of rights shall always be understood to be limited in favor of DEPASIFY.
6. On the other hand, THE CLIENT is the sole owner of all Intellectual Property Rights corresponding to the Platform, without any license or concession of rights by THE CLIENT to DEPASIFY.
7. Both parties allow the use of its trademark for commercial and marketing purposes until the end of the provision of the Services.
8. DEPASIFY shall review its Acceptable Use Policy on a quarterly basis and shall be entitled to introduce the modifications it deems appropriate. In addition, DEPASIFY has the right, at any time, to modify its Acceptable Use Policy, effective immediately, when, in its reasonable judgment, it is required to do so by Applicable Law or ordered by a banking partner. In each of these cases, the modified Acceptable Use Policy shall be notified to the CLIENT and shall become effective as established in such notification, which may be immediate when DEPASIFY reasonably requires it. Any use not in accordance with the Terms may result in immediate termination of the Terms and legal action against the CLIENT.
9. CLIENT shall not interfere with, disrupt or cause damage to other Members using the Services.
10. Unless otherwise expressly agreed, DEPASIFY may develop or acquire, in connection with the provision of the Services, general experience, skills and knowledge and ideas that may be used and disclosed by DEPASIFY.

EIGHTH - SECURITY

1. THE CLIENT must ensure that any Account provided in connection with the Services is only accessed by THE CLIENT or its Authorized Persons and that login details, API access credentials, passwords or other security features associated with access remain safe and secure. If CLIENT becomes aware or suspects that any such security features have been stolen, misappropriated, improperly disclosed to a third party or used without authorization or otherwise compromised, CLIENT should immediately contact CLIENT Support.
2. When an End User gives instructions to initiate a payment, and THE CLIENT processes it through DEPASIFY, where required by regulation, a two-factor authentication check must be applied on the End User before accepting the instruction and instructing DEPASIFY to make the payment.
3. THE CLIENT has implemented appropriate technical and organizational information security measures, including an industry-recognized Information Security Management System (ISMS). CLIENT shall demonstrate this ongoing commitment to information security with an annual attestation to an applicable information security standard as determined by DEPASIFY and by providing a SOC2 report and/or appropriate certification as determined by DEPASIFY. CLIENT shall engage a third party to conduct an annual information security review and CLIENT shall share the results or reports derived from such reviews with DEPASIFY.
4. CLIENT's platform shall successfully pass any information security testing and due diligence assessment DEPASIFY deems appropriate. Failure of this platform to address any critical or elevated findings following any relevant IT security test or due diligence assessment may result in immediate termination of these Terms and Conditions.

NINTH - SUSPENSION OF ACCESS

1. DEPASIFY has the right to suspend the provision of all or part of the Services to the CLIENT at any time with immediate effect and without prior notice if:
1. THE CLIENT has breached these General Terms and Conditions;
2. the CLIENT's independent KYC processes result in significant regulatory breaches, AML/CTF violations or other related legal violations.
3. any of the data provided by THE CLIENT during his/her Membership application was materially incorrect (at DEPASIFY's reasonable discretion); or
4. to avoid suspicion of unauthorized or fraudulent use of the Account(s) or any security information related to the Account(s);
5. in DEPASIFY's professional opinion it is necessary for security reasons;
6. THE CLIENT ceases to comply with the membership conditions;
7. any legal or regulatory obligation requires DEPASIFY to do so, or DEPASIFY considers, in its reasonable discretion, that it is necessary or appropriate to do so in order to comply with such obligations;
8. there is reason to believe that CLIENT has used, or intends to use, the payment account(s) negligently or for fraudulent or other unlawful purposes, including but not limited to financial crime, tax evasion, bribery or corruption; or
9. if DEPASIFY is unable to process any transaction due to actions of third parties.
2. In case of suspension of any of the Services, DEPASIFY will make every effort to notify the CLIENT before suspending them. In addition, any person involved in the transaction may be contacted if a suspension has occurred.
3. DEPASIFTY may keep the Services, or any part thereof, suspended until such time as DEPASIFY reasonably determines.
4. CLIENT shall remain liable for all relevant fees for any suspended or partially suspended Services.
5. DEPASIFY reserves the right to block payments to, or on behalf of, End Users suspected of being fraudulent. CLIENT shall take all measures reasonably required by DEPASIFTY to ensure that such End User is not allowed to perform transactions through DEPASIFY.

TENTH - PROCESSING OF PERSONAL DATA

1. Processing of the personal data of the signatories of these General Terms and Conditions
1. In accordance with the provisions of EU Regulation 679/2016 RGPD and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter, "LOPDGDD"), the parties inform each other that the identification data, ID number, position and signature of the signatories will be processed by DEPASIFY and THE CLIENT accordingly (whose identification and contact details appear in the heading of these General Conditions) for the purposes of these General Conditions, the position and signature of the signatories will be treated by DEPASIFY and THE CLIENT accordingly (whose identification and contact details appear in the heading of the present General Conditions) for the purpose of managing the maintenance of the contractual relationship, authorizing the treatment of the data in the terms indicated.
2. In this sense, the interested parties are informed that the basis that legitimizes the processing of the data is based on the consent given by the CLIENT, in the execution of the contract and the maintenance of the contractual relationship regulated herein, as well as in compliance with the corresponding legal obligations and the legitimate interest of the Parties, in accordance with art. 19 of the LOPDGDD. The personal data of the signatories will be kept until the end of the contractual relationship between the Parties. Notwithstanding the foregoing, their data will be kept duly blocked for as long as liabilities may arise from the execution of these General Conditions, as well as for the fulfillment of other legal obligations.
3. Each Party informs the other that its Personal Data may be made available to third parties, for the purposes of compliance with legal obligations and the legitimate interest of each Party, whether they are companies located in the European Economic Area or in countries outside the European Economic Area. In the event that the Personal Data of the other Party is made available to companies located in countries that do not offer a level of protection considered adequate by the European Commission, this will be done in compliance with the applicable regulations by adopting the appropriate measures in accordance with Article 46.2 of the GDPR and in accordance with the provisions of Clause Eleven of these General Conditions. In any case, detailed information will be provided regarding such transfers, as well as the guarantees on which the Party will base such transfers.
4. At any time, the signatories may exercise the rights conferred on them by the applicable data protection regulations (access, rectification, deletion, limitation, portability, opposition and the right not to be subject to automated individual decisions) by providing a photocopy of their ID card or equivalent document and identifying the right they are requesting, by means of a letter addressed to the address of the respective data controller, which depending on the specific case will be DEPASIFY or THE CLIENT, listed in the heading of its contract for the provision of Services, including in the communication the Reference "Personal Data Protection" or through the channels indicated in Clause Twenty-Third. In the event that THE CLIENT considers that any of the aforementioned rights have not been respected, THE CLIENT shall have the right to file a claim before the Spanish Data Protection Agency (
2. Access to personal data for which THE CLIENT is responsible.
1. In order to provide the Services that are the object of these General Conditions, DEPASIFY will have to access personal data for which THE CLIENT is responsible. Therefore, DEPASIFY undertakes and undertakes to respect and comply with the legislation in force on the matter and especially with the RGPD, the LOPDGDD and any other regulation in force or that may be enacted in the future on the matter, with respect to the personal data that may be processed by DEPASIFY (jointly, the "Data Protection Regulation").
2. For this purpose, the Parties undertake to enter into the data protection agreement attached hereto as Annex I, expressly agreeing that the agreement for the provision of Services shall form, together with the aforementioned data processor agreement, an indissoluble unit.
3. In connection with the provision of the Services, DEPASIFY shall process the personal data to which it may have access during the provision of the Services in accordance with the provisions of Article 28 of the GDPR: that it will only process the data in accordance with the instructions of the CLIENT; that it will not apply or use them for a purpose other than that provided for in the Services and that it will implement and maintain in the files and processing systems containing personal data, owned by the CLIENT to which it has access, the technical and organizational measures to achieve the required level of security in accordance with the provisions of the RGPD, and any other regulation that complements, amends or repeals it in the future.
4. DEPASIFY, has implemented the technical and organizational measures referred to in the RGPD so that the data are processed in a lawful, fair, transparent, adequate, relevant, limited, accurate and updated manner, undertaking to take all reasonable measures to ensure that they are deleted or rectified without delay when they are inaccurate, as well as to comply with the security measures of the RGPD and apply any other security measures that may be legally required in the future.
5. THE CLIENT expressly authorizes DEPASIFY to subcontract on its behalf with third parties the custody of the backup copies of the data and the maintenance of the servers where the information is kept, which shall be subject to compliance with the same security measures mentioned in the previous paragraph.
6. Once the Services have been completed, DEPASIFY shall proceed to the deletion or return of the personal data obtained during its execution, regardless of the support or document in which they are contained, unless the conservation of the personal data is required by virtue of the applicable regulations. Nevertheless, DEPASIFY is authorized to keep those data strictly necessary to justify the provision of the Services in case it is questioned, as well as during the prescription periods of the legal actions to face the possible liabilities that may arise from the contractual relationship.
7. Likewise, THE CLIENT authorizes DEPASIFY to use the CLIENT's reference in the presentations and proposals of services that DEPASIFY makes to third parties.

ELEVENTH - CONFIDENTIALITY

1. The contents of these General Conditions shall be confidential and the Parties undertake not to disclose them, except:
1. expressly permitted by, or (at its reasonable discretion) required to enable it to perform its obligations under these General Conditions;
2. such disclosure is required or desirable in the reasonable discretion of the relevant party by Applicable Law or by order of any court of competent jurisdiction, or by any competent judicial, governmental, supervisory or regulatory body;
3. such information has become publicly available as a result of a breach of these confidentiality obligations;
4. is already in the possession of the receiving party, except for breach of confidentiality obligations.
5. If necessary, to comply with reporting requirements to the competition authorities.
6. Providing information to directors, auditors, external advisors and when reasonably required by financial institutions, provided that, in both cases, they are legally or conventionally bound to maintain the confidentiality of the information received;
7. it is subsequently created independently; or
8. If mutually agreed by the Parties.
2. All communications between the Parties and all information and other material supplied or received by either Party which is considered confidential, or which by its nature is intended for the exclusive knowledge of the addressee, as well as all information concerning the business operations and financial condition of the Parties, and of affiliates or related entities of any person with whom either Party has a confidential relationship with respect to the subject matter which comes to the knowledge of the addressee can reasonably demonstrate that any such communications, information or material, or any part thereof, is, without cause attributable to it, in the public domain. This obligation shall cease at such time as it enters the public domain or must be disclosed by operation of law or employment obligations.
3. The Parties agree to take reasonable precautions to protect the confidentiality of such information, which precautions shall be at least as strict as those taken to protect their own Confidential Information.
4. The confidentiality obligation contained in this Clause shall survive even after the expiration of these Terms and Conditions, or until such time as such Confidential Information becomes publicly available.
5. The Services are provided exclusively for the benefit of the CLIENT. Therefore, the mere receipt by third parties of any result of DEPASIFY's work or recommendation shall not give rise to any duty of care, professional relationship or obligation between such third parties and DEPASIFY, DEPASIFY being exempted from any duty of care or obligation with respect to such third parties.

TWELFTH - AML AND PENALTY REQUIREMENTS

1. In compliance with the applicable regulations regarding the prevention of money laundering, DEPASIFY is obliged to identify its clients and to verify the identity of the persons acting on its behalf, as well as their powers of attorney. The CLIENT undertakes to provide DEPASIFY with all the necessary information required for this purpose (both concerning the CLIENT and its partners, administrators, representatives, related persons, etc.). If DEPASIFY does not obtain the necessary information, it will not be able to provide the Services, without this entailing any kind of liability for DEPASIFY.
2. Likewise, DEPASIFY is subject, and under the terms established in the applicable legislation, to communicate to the Executive Service for the Prevention of Money Laundering (SEPBLAC) any fact or operation, even the mere attempt, with respect to which there is an indication or certainty that it is related to money laundering or the financing of terrorism and shall refrain from executing any operation in which such circumstances are evident. DEPASIFY shall not be liable to the CLIENT for any damages that the CLIENT may suffer as a consequence of DEPASIFY's compliance with its obligations.
3. DEPASIFY may make requests for information from time to time in response to requests from banking partners, regulators and in compliance with its own supervisory requirements in order to comply with regulatory requirements relating to financial crime (such as money laundering, terrorist financing, fraud, bribery and corruption and tax evasion). THE CLIENT shall respond to any request for information within the specified timeframe.
4. THE CLIENT shall comply with all regulatory and suspicious transaction reporting processes required by the Applicable Legislation.
5. DEPASIFY reserves the right to impose restrictions on the Services for certain Members in order to ensure that access to the associated Services can be maintained for all Members.
6. THE CLIENT has established controls to prevent the platform from being used as a conduit for financial crimes, in particular in connection with fraudulent activities. At a minimum, it must have rules in place to identify and block both fiat and cryptographic transactions considered fraudulent. Where a high rate of fraud (percentage of fraudulent transactions compared to overall total transactions) is detected compared to its peers, or where a sustained period of increased fraudulent activity is identified, DEPASIFY reserves the right to put in place additional controls to manage the risk of fraud associated with THE CLIENT if, in DEPASIFY's reasonable opinion, the risk of fraud is determined to be at an unacceptably high level.
7. When DEPASIFY considers that a transaction does not conform to its risk propensity, it may block the transaction and return it to the sending party. In some cases, a delay may occur while DEPASIFY carries out certain internal and regulatory processes.
8. When any of its partners refers a fraud report to DEPASIFY regarding a member or its end users, DEPASIFY may forward the report to the member for investigation and response. Members are obligated to provide a prompt and timely response to such notifications so that the relevant partner can be contacted.
9. If any notifications are received from law enforcement with respect to an End User, DEPASIFY will direct them to the CLIENT as permitted by Applicable Law. DEPASIFY expects THE CLIENT to provide reasonable assistance as permitted by Applicable Law.

THIRTEENTH - AUDIT

1. THE CLIENT shall allow DEPASIFY to carry out an audit at the time of incorporation to assess whether it can be approved as a Member.
2. During the term of the contract for the provision of Services, THE CLIENT, including its subcontractors, permits itself to be audited annually by DEPASIFY, its appointed representatives and any regulator with jurisdiction over DEPASIFY and, if DEPASIFY reasonably believes that THE CLIENT is in breach of these Terms and Conditions or if an audit is required by Applicable Law, as DEPASIFY may reasonably request from time to time, in each case to confirm THE CLIENT's compliance with this contract for the provision of Services.
3. CLIENT shall cooperate fully with DEPASIFY or its authorized audit partner in any such investigation, inspection, audit or review. This cooperation may include access to the premises and delivery of information required by DEPASIFY to confirm compliance with DEPASIFY's standards and applicable laws and regulations.
4. THE CLIENT shall be responsible for all reasonable costs arising from the annual audit described in these General Terms and Conditions.

FOURTEENTH - REPRESENTATIONS AND WARRANTIES

1. Because the current state of knowledge does not fully guarantee the absence of errors in the system, THE CLIENT shall not hold DEPASIFY liable for any damage attributable to the operation of the Blockchain or to the inefficient operation of third party providers through which Cryptoasset transactions are carried out.
2. DEPASIFY shall notify the CLIENT by email of any incident occurring in the provision of the Services.
3. Both Parties have obtained all necessary consents, approvals, waivers or authorizations (a) to enable the other Party to perform its obligations and enforce its rights under these Terms and Conditions, including all consents to disclose identifying information to the other Party for purposes of CLIENT knowledge verification and identity verification, and (b) to ensure that such disclosure described in (a) complies with all applicable laws, including all privacy laws and money transfer and remittance laws.
4. CLIENT warrants and represents that it is at all times in compliance with all applicable AML and CTF laws in connection with transactions made to DEPASIFY. CLIENT further represents and warrants that all transaction requests submitted to DEPASIFY will not violate the sanctions of the major sanctioning agencies around the world (including but not limited to OFAC - Office of Foreign Assets Control of the U.S. Treasury Department, the United Nations, the European Commission and the U.K. Treasury), and will be consistent with the recommendations of the Financial Action Task Force.
5. In accordance with the KYT Service that THE CLIENT will unilaterally provide to End Users when Ticket Holders require the exit ramp, THE CLIENT shall hold DEPASIFY harmless from any claim or penalty arising directly or indirectly from the CLIENT's failure to comply with the KYT Service.
6. THE CLIENT shall not request or agree, directly or indirectly, to hire DEPASIFY personnel during the term of the Services and for a period of one year from its termination or expiration of its contract for the provision of Services, shall remain in force and shall continue to bind both Parties in the manner provided for without the prior written consent of DEPASIFY. Failure to comply with this prohibition shall give rise to a penalty equivalent to twice the gross annual salary that the employee or contracted personnel has been receiving and shall be paid by THE CLIENT within thirty days after being required to do so by DEPASIFY.
7. THE CLIENT declares, guarantees and undertakes at all times to:
1. comply with these General Conditions and to see to it that all Authorized Persons, agents and employees comply with these General Conditions;
2. to comply with all applicable laws, rules and regulations in connection with the processing of End User data and the Services, to procure that all Authorized Persons, agents and employees comply with all applicable laws, rules and regulations in connection with the processing of End User data and the Services;
3. comply at all times with applicable laws, rules and regulations in all jurisdictions in which it operates, including but not limited to consumer protection laws and financial conduct rules;
4. ensure that all Authorized Persons, agents and employees use the Services only for lawful purposes;
5. have full power and authority to enter into and comply with these Terms and Conditions;
6. the title to all monies and assets transferred to DEPASIFY under these General Terms and Conditions is not subject to any encumbrances or other rights of third parties;
7. be in possession of all licenses, registrations and permits necessary to carry out its activity;
8. all information provided to DEPASIFY is complete, accurate, up-to-date and truthful in all material respects;
9. not to use the Services other than in accordance with such operational processes and procedures as DEPASIFY may prescribe from time to time;
10. use the Services only for lawful purposes.
8. DEPASIFY represents and warrants at all times that:
1. DEPASIFY complies with these General Terms and Conditions and all applicable laws, rules and regulations in connection with the Services;
2. the Services, when used in accordance with these General Terms and Conditions, will not infringe the Intellectual Property Rights of any third party; and
3. DEPASIFY has full power and authority to enter into and comply with these General Conditions.
9. THE CLIENT shall cooperate with DEPASIFY in the provision of the Services, which includes, but is not limited to, the obligation to provide DEPASIFY with the information, resources and assistance (including, where necessary, access to records). systems, personnel and facilities) that DEPASIFY reasonably requires for such purpose.
10. THE CLIENT shall be solely responsible for:
1. The management and direction of its own business and interests.
2. The adoption of decisions related to the execution or implementation of the Services, as well as the implementation or decision making on the result of the Services aimed at achieving any benefit directly or indirectly related to the same. Although the Services may include DEPASIFY's advice, opinions and recommendations, THE CLIENT and/or the Other Recipients shall decide at their sole discretion on their adoption and compliance and shall be exclusively responsible for their consequences. Therefore, it shall be up to the CLIENT and/or the Other Recipients to determine the degree of influence in the decision making they assign to the advice, recommendations or Reports. DEPASIFY shall not be liable for the results for third parties of the decisions made by the CLIENT and/or Other Recipients based on the Services.
3. The work performed by its personnel and agents and the accuracy, truthfulness and completeness of all data and information of any kind (including financial information and financial statements) provided to DEPASIFY for the provision of the Services. The provision of such information shall not infringe any copyright or intellectual property rights or any other rights of any third party. DEPASIFY shall base its work on the information provided by THE CLIENT and, unless otherwise expressly agreed in the Proposal, DEPASIFY shall not be under any obligation to verify or evaluate the aforementioned information. Likewise, DEPASIFY's work shall depend on the CLIENT's compliance with its obligations within the terms established in these General Conditions and on the decisions and approvals of the CLIENT that are necessary in relation to the Services.
11. THE CLIENT shall designate one or more persons with the necessary professional qualifications and training who shall act as interlocutors during the provision of the Services, who shall be responsible for assessing that the Services, and the results thereof, are in accordance with its interests and the persons authorized to give instructions, make requirements and/or notifications, as well as to provide information to DEPASIFY. In the event that THE CLIENT does not expressly designate one or more interlocutors, DEPASIFY may consider valid the instructions, requirements, notifications and/or information provided by those persons that DEPASIFY knows or reasonably believes are authorized to communicate with DEPASIFY in connection with the Services.
12. Both Parties assume their most firm commitment to strictly comply with their labor, Social Security and Occupational Risk Prevention obligations, as well as to closely collaborate in the development of the provision of the Services through the representatives appointed by each of them for such purpose.

In cases where all or part of the Services are provided in a workplace/work center owned by the CLIENT, prior to the commencement of the Services, the CLIENT shall: (i) provide the appropriate working environment for the provision of the Services by DEPASIFY's personnel; (ii) provide information to DEPASIFY on the risks inherent to the workplace, the risks of the workstations, the prevention measures and emergency measures, as well as any information required by the current legislation on prevention. of occupational risks; and (iii) provide the appropriate instructions on the aforementioned risks. The aforementioned information shall be provided prior to the commencement of the provision of the Services, or when a relevant change occurs, and shall be provided in writing when the risks are serious or very serious.

Likewise, in the event that other companies concur with DEPASIFY in the place/work center owned by the CLIENT, THE CLIENT and DEPASIFY (together with the aforementioned concurrent companies) shall cooperate in the application of the provisions related to occupational health and safety, coordinate in order to protect and prevent occupational risks, as well as inform each other of such risks and inform their workers respectively and/or their representatives for the purposes of compliance with their duty to collaborate in the application of the precautionary measures.

1. In those cases in which DEPASIFY uses material, equipment, computer systems or telecommunications networks of the CLIENT, the CLIENT will provide or complete all the necessary accesses, security requirements, virus checks, installations, licenses or consents and, all this, at no cost to DEPASIFY. Likewise, in these cases, THE CLIENT shall be exclusively responsible for (i) the correct operation of such equipment, systems or networks, (ii) the security of the data under its control, including, if applicable, the Reports, and (iii) ) the consequences that may arise for the development of the Services due to deficiencies, shortcomings and failures in its equipment, systems or networks. THE CLIENT guarantees that the use of the aforementioned means by DEPASIFY does not constitute any violation of the Intellectual or Industrial Property Rights of third parties.
2. THE CLIENT shall be responsible for the compliance by its employees and representatives of the aforementioned obligations.

FIFTEENTH - LIABILITY

1. Except to the extent that, in each case, the Losses are due to negligence, willful misconduct or fraud on the part of DEPASIFY, THE CLIENT will be liable to DEPASIFY, and on demand shall pay without delay, all Losses arising from or in connection with:
1. DEPASIFY's performance following instructions or apparent instructions (including, where applicable and without limitation, by email, fax, instant communication tools used by DEPASIFY or telephone), regardless of whether the instructions are sent due to an error in the CLIENT's system; and
2. anything related to such instructions made by or on behalf of THE CLIENT (including, if applicable and without limitation, written instructions via email, fax, instant communication tools used by DEPASIFY or through DEPASIFY's website);
2. THE CLIENT shall be liable for all Losses suffered by DEPASIFY arising from the action or omission of any End User in connection with the use of the DEPASIFY Platform.
3. DEPASIFY shall not be liable for any damages that may arise for the CLIENT, nor for any claims that may be filed by a third party, which have their cause in:
1. errors not directly attributable to DEPASIFY, or to its personnel;
2. breach of the agreement by the CLIENT; or
3. Lack of diligence on the part of the CLIENT.
4. damages caused by the ineffective operation of third party providers through which DEPASIFY provides the Escrow Service, unless the error is directly attributable to DEPASIFY, in which case it shall be liable for a maximum of 100 Euros (or the equivalent of this amount in Fiat Money) per end user.
4. DEPASIFY shall not be liable for the actions performed by End Users nor for any claims arising from the incorrect or ineffective operation of the CLIENT's Platform, who guarantees at all times the correct operation of the environment and the platform.
5. DEPASIFY is entitled to treat any instruction from or on behalf of the CLIENT (whether manually, electronically, via API or otherwise) as fully authorized and binding, and is entitled (but not obliged) to take any action in relation to, or in reliance on, such instruction that DEPASIFY, in its absolute discretion, may deem appropriate, and notwithstanding any error or misunderstanding or lack of clarity in the terms of such instruction.
6. If DEPASIFY receives what it considers to be contradictory or ambiguous instructions, it may, in its absolute discretion and without any liability on its part, refuse to act while it seeks clarification of such instruction, as it deems appropriate.
7. THE CLIENT shall provide such information as may be reasonably required. DEPASIFY is entitled to rely on all information provided by THE CLIENT and DEPASIFY shall have no liability if it does so.
8. DEPASIFY shall only be liable for Losses upon events directly attributable to it, up to the market value of the Cryptoassets lost at the time the loss occurred.

SIXTEENTH - EXCLUSIONS OF LIABILITY

1. THE CLIENT and, if applicable, any other individual or legal entity that is also a recipient of the Services and to whom DEPASIFY expressly assumes liability ("Other Recipients"), accept that DEPASIFY (including subcontracted entities, and/or members of its work team or employees) shall only be liable for the damages that THE CLIENT and, if applicable, the Other Recipients, suffer as a direct consequence of the breach or defective fulfillment of the obligations assumed. In the Proposal, up to an amount that, together for all of them, will amount to a maximum amount equivalent to the fees actually paid by THE CLIENT to DEPASIFY, unless by a final judgment it is declared that it is a consequence of fraud or gross negligence of DEPASIFY, in which case the aforementioned limit will not be applicable. If the Services are recurrent or periodic, the fees for the purposes of setting the limit described above shall be those actually paid during the last year of the Proposal's validity.
2. DEPASIFY shall not be liable to THE CLIENT for any Loss when it has been caused by DEPASIFY's performance in accordance with these General Conditions. If a Loss is incurred due to its own negligence or breach of contract, DEPASIFY will try to correct the error as soon as possible. Without prejudice to the provisions of this Clause, DEPASIFY shall be liable for any direct loss, such as bank charges and interest, incurred as a result of its own negligence or breach of contract.
3. In no event shall DEPASIFY be liable for the following:
1. any indirect, consequential, unforeseeable or incidental loss, such as loss of opportunity;
2. any financial loss whose amount exceeds the sum of the fees paid by THE CLIENT under these General Terms and Conditions;
3. any Loss suffered due to the action or omission of third party Service providers on which DEPASIFY relies for the provision of the Services, provided that DEPASIFY can demonstrate that it acted with full diligence; or
4. any loss resulting directly from any gain and/or financial loss associated with the issuance, trading, safekeeping or ownership of any Cryptoasset (including, but not limited to, any form of cryptocurrency).
4. Nothing in these Terms and Conditions excludes the liability of either party for any Loss to the extent caused by fraud, dishonesty or deceit, death or personal injury caused by the negligence of a party or the negligence of its employees or agents or any other liability which cannot be excluded by law.
5. DEPASIFY's liability (including subcontracted entities, and/or members of its work team or employees) shall be limited to direct damages actually caused to the CLIENT (thus excluding, among others, loss of profits, loss of business and reputational damage).
6. THE CLIENT and, if applicable, Other Recipients accept that DEPASIFY (including subcontracted entities, and/or members of its work team or employees) shall not be liable for bankruptcy or penalties of any kind if the information provided by THE CLIENT turns out to be incomplete, incorrect or insufficient for the execution of the Services, or is provided with a temporary delay such as to make the normal execution of the Services impossible or difficult.
7. Likewise, it is accepted and acknowledged that the Services provided by DEPASIFY are not binding for tax authorities or courts and should not be considered as a representation or guarantee that they will share the opinion, or recommendations expressed by DEPASIFY.
8. DEPASIFY's liability towards the CLIENT and/or other Recipients of the Services, derived from these General Conditions or in relation to the Services, for the damages to which any other persons have contributed, shall not be joint and several, but shall be strictly limited to the proportion attributable to it in relation to its effective contribution to the total damages caused. The fact that the other co-responsible parties have agreed or imposed exemptions or limitations of liability to the CLIENT shall not alter in any way the scope of DEPASIFY's proportional liability. Likewise, such proportional liability of DEPASIFY shall not be altered by the existence of transactional agreements, difficulties in the execution of any claim against such other co-responsible parties, death, dissolution or bankruptcy of creditors or similar situation of total or partial cessation in the situation of co-responsibility.

SEVENTEENTH - INDEMNITIES

1. THE CLIENT agrees to fully defend DEPASIFY, upon request, against any third party claim (i) alleging that the actions of the CLIENT in connection with the use of the Services by the CLIENT violate the privacy rights of any third party or infringe any privacy law; and (ii) arising from or related to the End Users' data. THE CLIENT shall, in either case, indemnify DEPASIFY (and its directors, employees and agents) for all damages awarded against DEPASIFY or agreed to in a written settlement agreement signed by THE CLIENT arising out of such claim. DEPASIFY shall: (a) promptly notify CLIENT in writing of any such claim; (b) authorize CLIENT to control the defense and all related settlement negotiations; (c) provide CLIENT with assistance and information reasonably necessary to defend and/or settle any such claim; (d) in no event compromise, settle or admit liability with respect to any such claim without CLIENT's prior written consent; and (e) use reasonable efforts to mitigate any such claim.
2. DEPASIFY undertakes to provide reasonable assistance against any third party claim alleging that the use of the Platform and the Services in accordance with these General Terms and Conditions infringes the Intellectual Property Rights of a third party, provided that there is no obligation to assist the CLIENT if the claim is in any way attributable to any use that infringes these General Terms and Conditions. DEPASIFY will indemnify the CLIENT for all damages awarded against the CLIENT or agreed in a written settlement agreement signed by DEPASIFY arising from such claim, provided that the indemnity does not exceed an amount equal to the lesser of (a) EUR 50,000 or (b) the Commissions paid during the calendar year prior to the event giving rise to any liability. THE CLIENT shall (a) immediately notify DEPASIFY in writing of any such claim; (b) authorize DEPASIFY to control the defense and all related settlement negotiations; (c) provide DEPASIFY with the assistance and information reasonably necessary to defend and/or settle any such claim; (d) in no event compromise, settle or admit liability with respect to any such claim without the prior written consent of DEPASIFY; and (e) make reasonable efforts to mitigate any such claim.

EIGHTEENTH - CLIENT SUPPORT AND SERVICE LEVELS

1. THE CLIENT shall notify the incidents that require DEPASIFY's assistance by sending an e-mail which shall be acknowledged during office hours. The reported incidents will be assigned to a customer support representative, who will coordinate the support efforts until the reported problem is solved. The response time will depend on the severity of the incident and the CLIENT's membership level. DEPASIFY has established more details on the levels of customer support in Annex I.
2. DEPASIFY has no obligation, under these General Terms and Conditions, to provide assistance services in connection with any failure or error caused by an improper use of the Services by the CLIENT, its Authorized Persons or End Users.
3. Any communication (whether by telephone, videoconference, electronic communication or otherwise) with THE CLIENT or the Authorized Persons may be monitored and recorded and DEPASIFY may also keep records of emails and instant messages sent by or to THE CLIENT and its Authorized Persons. DEPASIFY may use these telephone and video recordings and any transcripts or records of emails and instant messages for training and quality control purposes or to resolve any litigation, as well as in the prevention and detection of crime. However, DEPASIFY may not make or keep such recordings or records for the CLIENT, nor may it make them available to the CLIENT.

1. Further details on the availability of the Services are contained in the Particular Conditions of Fees Applicable to the Services. Although DEPASIFY maintains high availability for all Membership levels, the exact level of availability is determined by the CLIENT’s Membership tier.

NINETEENTH - COMPLAINTS

1. If THE CLIENT considers that DEPASIFY has not met his/her expectations in the provision of the Services or if THE CLIENT considers that DEPASIFY has made a mistake, he/she shall inform DEPASIFY without delay. DEPASIFY has internal procedures in place to handle complaints fairly and promptly. You may request a copy of DEPASIFY's complaint procedure. Complaints will be processed within 15 Business Days from the day they are received. If, for reasons beyond DEPASIFY's control, DEPASIFY is unable to respond within 15 Business Days, the claim will be processed within 35 Business Days from the date of receipt.

TWENTIETH - TERMINATION OF THE CONTRACT

1. In addition to the legally foreseen causes, the non-fulfillment by any of the Parties of the material obligations assumed by virtue of the contract shall be cause for early termination of the contract for the provision of Services.
2. The following shall be causes for early termination of the contract for the provision of Services:
1. The lack of understanding or constant disagreement between the Parties in the development of the same.
2. The impossibility of continuing to comply with the terms and conditions set forth in these General Conditions in the event of tightening of the regulations applicable to the activity developed by each Party and the consequent difficulty for its compliance, indemnifying in any case the other Party for such circumstance.
3. Breach of any of the provisions of the General Conditions.
4. the other Party is the subject of a voluntary or involuntary petition for bankruptcy or any proceeding relating to insolvency, receivership, liquidation or composition for the benefit of creditors, if such petition or proceeding is not dismissed within sixty (60) days of its filing.
3. DEPASIFY may terminate the agreement to provide Services, or the provision of any particular Service or part thereof, at any time without notice if:
1. a financial regulator, regulatory or governmental agency, or law enforcement agency issues a warning with respect to any Party;
2. any governmental, regulatory or judicial authority orders or requests any Party to suspend or terminate these Terms and Conditions;
3. a governmental, regulatory or professional body or an entity with legislative power approves a law, regulation, interpretation or decision or the modification of any of the foregoing;
4. when DEPASIFY has reason to believe that THE CLIENT or an End User is involved in fraud, money laundering, terrorist financing or card acquisition rules, or when DEPASIFY has reason to believe that THE CLIENT or an End User may be in breach of DEPASIFY's internal risk policy or applicable laws and regulations or is involved in activities considered illegal or unethical under applicable laws;
5. a change in circumstances external to DEPASIFY (including, but not limited to, a change in control of the CLIENT or its affiliates), the execution by DEPASIFY of any part of the General Terms and Conditions becomes illegal or illegitimate or conflicts with DEPASIFY's independence or professional standards or incompatibility; or
6. where a third party supplier relied upon by DEPASIFY to provide Services ceases to be available. In the circumstances set out in (vi) above, DEPASIFY will endeavor to find a suitable replacement third party supplier as soon as possible. If DEPASIFY is unable to do so, it may terminate these General Terms and Conditions.
4. The termination of the contract for the provision of Services does not extinguish or modify the rights and obligations of the Parties born prior to the termination. In particular, the fees and expenses accrued by DEPASIFY up to the effective date of the termination shall be considered due and therefore payable, together with the corresponding taxes according to the applicable regulations in force, from the moment the termination becomes effective.
5. A change of control by the CLIENT shall be notified to DEPASIFY reasonably in advance to allow DEPASIFY to carry out due diligence on the potential acquirer prior to the acquisition. If after DEPASIFY has completed its due diligence, it has reasonably concluded that DEPASIFY does not wish to continue providing the Services, then if the acquisition proceeds, DEPASIFY may terminate the contract for the provision of Services with immediate effect.
6. On the effective date of termination:
1. any payment obligations under these General Terms and Conditions shall become immediately due and payable;
2. DEPASIFY will return, upon request, the Funds retained by THE CLIENT to the extent permitted by the Applicable Legislation; and
3. all rights of use or access to the Platform and the Services shall be immediately extinguished and THE CLIENT shall return or destroy any copies of the Platform or Intellectual Property Rights in its possession or under its control.
7. Within thirty (30) days of termination, each party shall return all Confidential Information of the other party in its possession, or otherwise confirm the destruction of such Confidential Information, and shall not make or retain any copies of such Confidential Information, except as necessary to comply with any applicable legal, regulatory or accounting requirements.
8. Termination by either party shall not relieve either party of any outstanding obligations under these Terms and Conditions.
9. Termination or rescission of these Terms and Conditions shall not affect the terms and conditions of Intellectual Property Rights, confidentiality, data protection, liability, indemnification, termination and applicable law and jurisdiction, which shall remain binding between the Parties.
10. The Parties shall perform their obligations until the day on which the early termination of their contract for the provision of Services takes effect.
11. In case of breach of the obligations by the CLIENT on three (3) or more occasions within a period of 30 calendar days, DEPASIFY shall have the right to terminate the contract for the provision of Services in advance, and to provide the Services only until the day on which the early termination of its contract for the provision of Services is communicated, and may also demand the relevant damages as a consequence thereof.

TWENTY-FIRST - DEPASIFY'S PERSONNEL

1. Notwithstanding the fact that, during the rendering of the Services, DEPASIFY may appoint specific personnel for the rendering of the Services, DEPASIFY may, when it deems it appropriate or convenient according to the needs of the CLIENT, substitute any of them or modify the number of professionals or employees assigned in the Proposal.
2. THE CLIENT shall not request or agree, directly or indirectly, to hire DEPASIFY personnel during the term of the contract for the provision of Services and for a period of one year from its termination without the prior written consent of DEPASIFY.
3. Failure to comply with this prohibition shall give rise to a penalty equivalent to twice the gross annual salary that the hired employee or personnel has been receiving and shall be paid by THE CLIENT within thirty days after being requested to that effect by DEPASIFY.

TWENTYSECOND - OTHER SERVICES AND CONFLICTS OF INTEREST

1. THE CLIENT accepts that DEPASIFY may provide Services to a third party whose interests compete or conflict with the interests of the CLIENT ("Client in Conflict"). If CLIENT's interests conflict with CLIENT's interests directly in connection with the subject matter of the Services, the work team assigned to CLIENT will not provide the Services to CLIENT in Conflict. However, other DEPASIFY personnel may provide such Services provided that appropriate measures are put in place to protect the conflicting interests. The effective application of these measures shall be considered sufficient to avoid any real risk or breach of DEPASIFY's duty of confidentiality towards THE CLIENT.
2. THE CLIENT may not demand, foresee or assume that the work team assigned to THE CLIENT knows information that is in possession of other personnel of any of the DEPASIFY Firm's Entities, nor require the work team to obtain the information from them.

1. DEPASIFY, before signing the Proposal, has followed its internal procedures to try to identify possible conflicts of interest. However, if THE CLIENT becomes aware of any actual or potential conflict of interest, he/she shall inform DEPASIFY as soon as possible.
2. In the event that a third party had previously contracted a Service with DEPASIFY and, due to a change of circumstances, a conflict of interests arises, and DEPASIFY considers that -even with the activation of the appropriate protection measures- the interests of any of its CLIENTs could be harmed, DEPASIFY shall be entitled to terminate the Service provision contract, taking effect from the same day of the delivery of the communication. DEPASIFY shall inform the CLIENT prior to the adoption of this measure.

TWENTY-THIRD - USE OF THE CLIENT'S NAME

1. Unless expressly denied by the CLIENT, DEPASIFY may use, with the appropriate diligence in each case, exclusively the name of the CLIENT and/or the Group to which it belongs and make a generic reference to the nature or character of the services provided in advertising and marketing materials as a reference to the client's experience, as well as in DEPASIFY's internal client lists, in order to carry out promotional actions for its Services.

TWENTY-FOURTH - MISCELLANEOUS

1. The fact that one of the Parties fails at any time to require the other Party to comply with any of the provisions of these General Terms and Conditions shall in no way affect the right of such Party to require compliance with the same provision at a later time. The waiver by either Party of a breach of any provision of these Terms and Conditions shall also not be construed as a waiver of any subsequent breach of such provision, nor as a waiver of the provision itself.
2. The headings used in these Terms and Conditions are for reference purposes only and shall not affect the meaning of any provision of these Terms and Conditions.
3. The provisions of these General Conditions are severable, and the invalidity or unenforceability of any one of them shall not affect the validity or enforceability of any other part hereof.
4. DEPASIFY reserves the right to modify and introduce changes in the provision of the Services at any time if deemed necessary to comply with applicable laws and regulations or business needs. Whenever possible, DEPASIFY will notify such modification as soon as reasonably practicable after its determination to make such modification.
5. THE CLIENT consents that DEPASIFY assigns its rights under the General Terms and Conditions at any time to (i) one or more of its group companies and/or (ii) any person by virtue of a merger, consolidation or sale of a substantial part of its business to which the contract for the provision of Services refers. THE CLIENT may not assign its rights or obligations under these Terms and Conditions without prior written consent, which shall not be unreasonably withheld, conditioned or delayed.
6. Nothing in these General Conditions confers or purports to confer a benefit enforceable by a person who is not a party hereto. Without prejudice to the generality of the foregoing, THE CLIENT (and not any End User) shall be the recipient of the Services.

TWENTY-FIFTH - NOTIFICATIONS

1. THE CLIENT accepts unencrypted electronic mail as a convenient means for the flow and exchange of documentation, information and, in general, as a communication channel with DEPASIFY for the provision of the Services. The CLIENT exempts DEPASIFY from any liability for the interception or access to the e-mails by unauthorized persons, as well as for any damage or harm that may be caused to the CLIENT as a consequence of computer viruses, network failures or similar cases, except for causes attributable to DEPASIFY.
2. By mutual agreement, and for those documents or information of special relevance or sensitivity that so require and previously defined, DEPASIFY and THE CLIENT may establish additional procedures and security measures for the transmission and exchange of information and documentation.

TWENTY-SIXTH - FORCE MAJEURE

1. In the event that one of the parties is delayed, hinders or prevents the performance of any required act due to strikes, lockouts, labor problems, power outages, riots, acts of terrorism, insurrection, war, mudslides, fire, earthquake, tsunami, pandemic, or when such act or omission is due to obligations derived from legal provisions, or other similar reasons of the same nature which are not the fault of the party delayed in the performance of the work or in the performance of the acts required under these General Conditions, such party shall, as soon as reasonably practicable, notify the other party of such delay, and the performance of such act shall be excused for the period of delay and the time for the performance of any such act shall be extended for a period equal to the period of such delay. DEPASIFY shall have no liability when it is unable to perform its obligations due to factors beyond its control. If an event of force majeure affecting one of the parties lasts for a period exceeding 30 days, the other party may terminate these General Terms and Conditions.

1. In the event of unavailability of the CLIENT's or DEPASIFY's website/platform, as the case may be, due to force majeure (understood as that which meets the characteristics provided for in article 1.105 of the Civil Code), either Party shall notify the other, describing in detail the circumstances that motivate the non-compliance and identifying the problems arising from the force majeure.
2. In this case, the non-fulfillment of the obligations shall not be considered attributable to the defaulting Party, and therefore Clause 20.5 shall not apply.

TWENTY-SEVENTH - APPLICABLE LAW & COMPETENT JURISDICTION

1. Any doubt, discrepancy or controversy that may arise from the interpretation or execution of these General Conditions or any of their possible modifications, as well as any breach thereof, shall be interpreted in accordance with Spanish common law.
2. The Parties expressly submit, waiving any other jurisdiction, to the jurisdiction and competence of the Courts and Tribunals of Valencia.

TWENTY-EIGHTH - COMPLETENESS OF THE AGREEMENT

1. These General Conditions, together with the Privacy Policy (https://www.depasify.com/privacy-policy), the Cookies Policy (https://www.depasify.com/cookie-policy), the Data Protection Annex, and, if applicable, the specific agreements signed with the Business Partner (for example, co-responsibility agreements or service provision contracts), constitute the complete framework that regulates the contractual relationship between DEPASIFY and THE CLIENT for the provision of the Cryptoasset Services.
2. These General Terms and Conditions supersede any prior agreement, statement or commitment, whether oral or written, relating to the Services described, unless otherwise expressly stated in a specific contract signed between DEPASIFY and the Business Partner. Any modification of these General Terms and Conditions shall be published on https://www.depasify.com/cookie-policy and notified to the CLIENT by email or through the platform, coming into force on the date indicated in the notification.
3. Acceptance of these General Terms and Conditions shall be made by ticking the corresponding box in the registration process on the platform https://www.depasify.com/cookie-policy or, in the case of the Business Partner, by signing a specific contract, in accordance with Law 34/2002 and Law 7/1998 on General Contracting Terms and Conditions.

SCHEDULE

SERVICES

1. Crypto-as-a-Service Solution (CaaS)
   1. Subject to the terms of these General Conditions, its Appendix, Annexes and Particular Conditions, as well as the CLIENT's continuous compliance with its obligations under them, for the duration of the Services, DEPASIFY shall provide the CLIENT with access to the CaaS Solution, as it may be modified or updated from time to time.
   2. For the purposes of these General Terms and Conditions and the Schedules, DEPASIFY provides to the CLIENT, elements and information for the purposes of (i) interconnection (such as IT-connected interfaces) of the CLIENT and/or the CLIENT's Platform with DEPASIFY and (ii) interaction and cooperation with THE CLIENT.
   3. Provided that CLIENT has satisfied all necessary internal onboarding requirements of DEPASIFY and in relation to each of the Additional Data in the Appendix, and has met or satisfied any other requirements prior to being provided access to the CaaS Solution, DEPASIFY will provide CLIENT with the relevant data and credentials to make use of the CaaS Solution. DEPASIFY may, in its absolute discretion, refuse to provide the data and credentials and shall have no liability to CLIENT for such refusal, regardless of whether either Party has been notified that CLIENT has incurred/will incur costs and fees in connection with its contract for the provision of Services and/or any Addendum.
   4. Commencement of operations (first live Service and transaction) under any particular Addendum may only be initiated by THE CLIENT upon receipt of formal written approval from DEPASIFY.
   5. DEPASIFY grants the CLIENT the right to use the CaaS Solution subject to the terms of these General Terms and Conditions. The use shall allow the transmission of information to/from DEPASIFY by the CLIENT and/or the CLIENT's Platform and the management by the CLIENT of the permitted Services subject to the present General Conditions its Appendix, Annexes and Special Conditions.
   6. Subject to the permitted Services of the CLIENT under these General Conditions, its Appendix, Annexes and Particular Conditions, the CaaS Solution has the capability of enabling the CLIENT to:
      1. Access, receive and process information from its Users, in particular for the purpose of making it available to Users through the Platform and providing the corresponding service, such as:
      • User information and data
      • User wallets (such as details, status, balance, etc.)
      • User transaction records (such as details, status, fees and charges, etc.)
      • Information to/from User (such as communications, notices and requests)
      2. Transmit/receive from/in relation to the User, such Transactions/instructions/information from the User
      3. Perform certain activities through the Platform for the performance of the User Services.
      4. Have access to the provisions and functionalities that DEPASIFY may allow to the Users or the CLIENT.
   7. The CaaS Solution may be modified or limited by DEPASIFY at any time based on these General Terms and Conditions, the function of the CLIENT and DEPASIFY's Requirements.
   8. The right to use the CaaS Solution and the accesses granted to the CLIENT do not comprise (unless otherwise explicitly agreed by the Parties in a relevant Annex):
   1. Any functionality beyond that described in this section:
   2. Any connection to other DEPASIFY platforms, systems, functionalities or Services:
   3. Any access to payment counterparties, including entering into respective agreements, registrations and participation in payment systems;
   4. Any execution of transactions or payment instructions;
   5. Any handling of money, Funds or cash;
   6. Any decision making or modifications with respect to or affecting Users, contracts with Users, payment processing, processed payments, Transactions, records, Accounts or Services.
2. Right of Use
   1. The right to use the CaaS Solution is neither exclusive nor transferable.
   2. Access to the CaaS Solution is reserved solely to the CLIENT. This right of use is limited to the right to connect to the CaaS Solution and, subject to its contract for the provision of Services, in accordance with the General Conditions, its Appendix, Annexes and Particular Conditions, to make available through the CLIENT and/or the CLIENT's Platform to Users for their use of the respective DEPASIFY Services through the corresponding integration of the CLIENT with DEPASIFY, and to perform certain Customer Services.
   3. The right of use granted to THE CLIENT is strictly limited to the provisions of this Agreement and its Annexes. Under no circumstances shall such right be understood to entitle THE CLIENT to develop, offer, sublicense, or allow third parties or their End Users to access, connect, or integrate—whether through technological interfaces (including APIs) or by any other means—with DEPASIFY and/or the DEPASIFY Platform, except with the prior, express, and written authorization of DEPASIFY. Likewise, it is expressly prohibited for any access or integration to give rise to the transmission of instructions, the execution of transactions, or the exchange of information by third parties or End Users who have not been previously and expressly authorized by DEPASIFY.
   4. DEPASIFY is entitled to modify and further develop the CaaS Solution from time to time with respective new versions, in which case the right of the CLIENT to use the previous version shall be extinguished.
   5. The CaaS Solution (including any APIs) shall be operated by DEPASIFY and any software from/of DEPASIFY shall remain the property of DEPASIFY.
   6. CLIENT does not acquire any right to install and/or use DEPASIFY's/from software in its own hardware/software environment (reverse engineering, copying, modifying, duplicating, creating derivatives, etc.). THE CLIENT shall not have any rights with respect to DEPASIFY's Intellectual Property (such as other copyrights, know-how, database rights, patent rights, etc.).
   7. The right of use granted to the CLIENT is further subject to the following restrictions on use by the CLIENT:
   1. The use of the CaaS solution shall only be in accordance with the present contract;
   2. THE CLIENT shall not make copies, distribute, resell or sublicense any property or software (CaaS Solution or property of DEPASIFY or any aspect thereof), including the performance of actions that could give rise thereto;
   3. THE CLIENT shall not copy any property or software of DEPASIFY or make it available on public or external networks;
   4. THE CLIENT shall not allow access to the software on an intranet; access shall only be restricted to authorized personnel of the CLIENT and in accordance with DEPASIFY's effective process (including IP address limitations and any other measures) for authorizing access to the CLIENT's computer systems to DEPASIFY's computer systems;
   5. CLIENT shall not modify, reverse engineer, disassemble, decrypt, decompile or make copies or derivative works of the software or property owned by DEPASIFY and DEPASIFY Intellectual Property.
3. Connection to the Platform
   1. DEPASIFY provides the necessary specifications to carry out the connection to the CaaS Solution. The programming and other technical work necessary for the connection and interoperability with the CaaS Solution are the responsibility of the CLIENT.
   2. DEPASIFY reserves the right to periodically publish and/or modify the procedures, requirements, conditions and other documents governing access to and use of the CaaS Solution.
   3. Access to the CaaS Solution: DEPASIFY may interrupt the use of the CaaS Solution for maintenance upon reasonable notice, provided that the urgency does not require immediate interruption. The Parties shall cooperate so that the Users are notified as soon as possible by THE CLIENT.
4. Use of DEPASIFY Property
   1. The right to use the specifications, any documentation and software, or any property of DEPASIFY granted to the CLIENT by DEPASIFY is limited to the Term and to the terms of these General Conditions and Annexes and is revocable, non-exclusive and non-transferable. THE CLIENT is entitled to use the specifications and documentation provided (such as that relating to the connection and use of the CaaS Solution), to store this data on its own system and to make backup copies of it. DEPASIFY's proprietary specifications, documentation and software applications may be used only in accordance with DEPASIFY's latest specifications, conditions and requirements from time to time.
   2. With respect to any specifications, documentation and software, any DEPASIFY property, THE CLIENT is not entitled to:
      1. Grant third parties any form of access to the specifications, documentation and software made available, the respective source code or object code (if provided) or product documentation or any DEPASIFY property without DEPASIFY's prior written consent;
      2. To process, copy, alter, combine or compile the source code or object code of the software (if provided) or any part thereof, or any DEPASIFY property, unless otherwise expressly provided for in these Terms and Conditions;
      3. To decompile, disassemble or reverse engineer in object code form any part (if provided);
      4. To disclose the source code to any natural or legal person;
      5. To make copies, including any documentation that may be obtained online, except for your own backup copies.
5. Brokerage Service (Execution or Reception and Transmission of Orders).
   1. DEPASIFY shall make available to the CLIENT its Service for managing the conversion of Fiat Money into Crypto-assets or the conversion of Crypto-assets into Crypto-assets (Exchange). DEPASIFY will transmit or execute the fiat-crypto or crypto-crypto trading orders, on behalf of the CLIENT, either by transmitting them to third party intermediaries or by executing them on dedicated platforms.
   2. The Services provided by DEPASIFY through the Brokerage Service are:
      • Receipt and transmission of orders: the receipt of a person's order to buy or sell one or several Cryptoassets, or to subscribe one or several Cryptoassets, and the transmission of that order to a third party for its execution;
      • Execution of orders: the execution of agreements, on behalf of clients, for the purchase or sale of one or several Cryptoassets, or for the subscription on behalf of clients of one or several Cryptoassets, and includes the execution of contracts for the sale of Cryptoassets at the time of their public offering or admission to trading.
   3. Through this Service, DEPASIFY provides the necessary technological infrastructure to carry out operations with the main brokers or trading platforms. In this regard, THE CLIENT is hereby informed of the following:
      1. DEPASIFY does not use its own liquidity, since it depends on these third parties for the provision of the Service.
      2. In case of bankruptcy of the intermediary or trading platform, DEPASIFY assumes no liability to THE CLIENT, who is aware through these General Conditions that he/she assumes the risk of bankruptcy of these third parties and DEPASIFY shall not be liable in any case for the lost Funds.
      3. The processing time of transactions does not depend solely on DEPASIFY, so it is possible that there may be delays in the execution of transactions in certain cases. Therefore, DEPASIFY does not guarantee maximum transaction execution times.
      4. The Fiat Money-Cryptoasset exchange rate, or Cryptoasset to Cryptoasset, used by DEPASIFY to determine the price will depend on the market offer, so DEPASIFY may choose, according to its policy of best execution and selection of intermediaries, depending on the different platforms or intermediaries, the best execution taking into account elements such as lowest cost, execution time, reliability and liquidity.
   4. THE CLIENT will ensure that it has all the necessary licenses and permits to carry out this activity or will formalize any contract with third parties that have the necessary regulatory requirements to carry out such activity.
   5. Upon receipt of the Cryptoassets or fiat Funds from the End Users by the CLIENT, DEPASIFY receives and executes the purchase of the Cryptoasset ordered by THE CLIENT, unless DEPASIFY reasonably does not want to give access to such Cryptoasset. This operation can be carried out in two ways:
      1. When THE CLIENT receives fiat Funds from its End Users, it will transfer them to the fiat account that DEPASIFY has enabled for such purpose. DEPASIFY shall receive and execute the purchase order against such fiat money for the acquisition of such Cryptoassets and shall keep them in the wallet in accordance with the Wallet Service.
      2. When THE CLIENT receives from its End Users Funds in the form of Cryptoassets it will receive them directly into the wallet in accordance with the Wallet Service. DEPASIFY, in this case, may also receive and execute sale transactions of such Cryptoassets for the purchase of others.
   6. Once the Funds have been contributed by the Users through any of the means of payment listed in Annex IV in favor of DEPASIFY through the payment service provider:
      1. Firstly, DEPASIFY executes the change from Fiat Money to Cryptoassets.
      2. Secondly, DEPASIFY provides the CLIENT with access to these Funds through the liquidity provider chosen by DEPASIFY.
      3. Deliveries of Cryptoassets to the CLIENT will be made as soon as possible with the joint effort of both Parties, with no specific binding deadline.

   The Best Execution and Intermediary Selection Policy, is available on our website and will be delivered to the CLIENT together with its contract for the provision of Services. Through this policy we will guarantee a fast and adequate transmission of the orders, as well as the best possible results in the execution of the orders.

   In accordance with the MiCA Regulation regarding the provision of Services on Cryptoassets and its complementary regulations, DEPASIFY does not accept any type of remuneration, economic incentive, discounts or benefits in kind as consideration for channeling orders to a specific Cryptoasset trading platform or to a specific provider for their execution.

   Likewise, DEPASIFY continuously monitors the effectiveness of the mechanisms it uses to execute orders, as well as the execution policy and selection of intermediaries. This includes verifying whether the trading platforms or brokers mentioned, if any, in such policy are achieving the best possible results for you. If we identify that it is necessary to modify any of these mechanisms, DEPASIFY will inform the CLIENT in a timely manner about any significant change in the processes or policies of execution of orders and selection of intermediaries.

6. External Wallet or Smart Contract Payment Service
   1. THE CLIENT may request the Checkout Service, in order to check out the Cryptoassets to the external Wallets or Smart Contracts requested by THE CLIENT.
   2. In case THE CLIENT chooses the Checkout Service in favor of an external Wallet, DEPASIFY shall not assume any responsibility (i) in case of error in the introduction of the corresponding keys; (ii) nor as a consequence of errors that may prevent the Cryptoassets from reaching the destination requested by THE CLIENT, who shall assume all responsibility towards the User.
   3. In case THE CLIENT chooses the checkout Service in favor of a Smart Contract, THE CLIENT shall ensure that the latter has been previously audited and does not involve any risk with respect to the User's Cryptoassets. In any case, THE CLIENT shall be liable for any damage or breach or vulnerability arising from the sending of Funds to the Smart Contract selected and managed by THE CLIENT, even in the event of an unforeseeable event on the part of THE CLIENT.
   4. In both cases DEPASIFY shall not assume any liability for damages or defaults arising from the sending of the User's Funds to either of the two options by the CLIENT. DEPASIFY only assumes the liability indicated in these General Conditions.
7. Payment Management Service through Regulated Partners
1. DEPASIFY shall make available to the CLIENT the Fiat Money payment management service provided by DEPASIFY's Regulated Partners so that THE CLIENT or its Users may transfer their Fiat Money Funds.
2. THE CLIENT acknowledges that payment services are regulated activities and that DEPASIFY does not hold any license to provide such services. Therefore, payment services shall be Third Party Services and DEPASIFY shall facilitate the technical integration of such services within its Platform. This Third Party Service that manages the transfer of Funds in favor of DEPASIFY will be provided by an electronic money institution, a payment institution or a financial institution authorized to provide this service (hereinafter, the "Regulated Partner") and will provide the services under its own license, holding all the necessary licenses and permits to carry out its payment activity.
3. The Funds may be contributed by THE CLIENT or by its Users through any of the payment methods listed in Annex IV and transferred in favor of DEPASIFY by a Regulated Partner.
4. In this regard, if the Funds are provided directly by the Users, the Parties agree as a control mechanism that the complete due diligence package of each underlying User originating the Funds will be shared by THE CLIENT to DEPASIFY, so that DEPASIFY can perform its own checks and verify the compliance standards of the CLIENT.
5. In the event that Funds arrive and DEPASIFY has not received due diligence, the Funds will be blocked until the process is successfully completed and the origin of the Funds can be unequivocally verified.
6. DEPASIFY will provide Services exclusively to the CLIENT and will not maintain any relationship or responsibility with its User, even in the event that payments are made directly from the User in favor of DEPASIFY through an account provided by a Regulated Partner. Therefore, Users shall not be considered customers of DEPASIFY and THE CLIENT assumes full responsibility for the due diligence and verification of its users, customers and associated entities, in line with applicable Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CTF) regulations, as well as other relevant legal requirements. THE CLIENT warrants and represents that it is regulated under AML/CFT law in its jurisdiction and that any and all KYC processes it undertakes will adhere to the highest standards of compliance with AML/CTF regulations and applicable laws. CLIENT will establish robust procedures to verify the identity of individuals and companies, detect politically exposed persons (PEPs) and monitor suspicious activities. Users will always operate from the same virtual environment of the CLIENT, so users will not be registered as DEPASIFY users either.
7. THE CLIENT, together with the rest of representations and warranties, as detailed in these General Terms and Conditions, warrants that it holds all the necessary licenses and permits to carry out this activity or formalizes any contracts with third parties that have the necessary regulatory requirements to carry out such activity and complies with all the necessary verification requirements and processes. Likewise, THE CLIENT represents and warrants that all transactions and requests for transactions sent to or received by DEPASIFY, either directly by THE CLIENT or by its Users, will not violate the applicable sanctioning regulations, including those of the main sanctioning bodies worldwide.
8. DEPASIFY will not assume in any case the penalties derived from the breach or lack of diligence of the CLIENT with respect to the services not performed by DEPASIFY. In this sense, DEPASIFY does not assume in any case the End User AML Service (also known as KYC) or the transaction monitoring at any time. Regardless of any technological solution that DEPASIFY may provide to the CLIENT, these responsibilities and all those arising therefrom shall be assumed by THE CLIENT.
9. THE CLIENT agrees to indemnify and hold DEPASIFY harmless from any claims, damages, losses, liabilities, fines, penalties, sanctions, legal costs or other expenses arising from THE CLIENT's failure to perform adequate AML procedures, or from any violation of AML/CTF regulations and related laws resulting from THE CLIENT's actions or omissions.
10. In the event that CLIENT fails to perform its obligations to carry out adequate and compliant AML procedures, and such failure leads to violations of AML/CTF regulations or legal requirements, CLIENT shall be solely responsible for rectifying such failures and any associated consequences.
11. THE CLIENT agrees to promptly notify DEPASIFY of any suspected or confirmed violation of AML/CTF regulations or any relevant legal requirements that may arise from the CLIENT's independent KYC processes. This includes, but is not limited to, cases where THE CLIENT identifies possible money laundering, terrorist financing or other illicit activities.
12. In the event of any investigation, audit or inquiry by regulatory authorities or law enforcement agencies regarding the CLIENT's compliance with AML/CTF regulations, THE CLIENT agrees to cooperate fully with DEPASIFY. This cooperation includes providing necessary documentation, information and access to relevant systems to facilitate any investigation.
13. The inclusion of these clauses does not relieve the Parties of their responsibility to comply with the AML/CTF regulations, nor does it constitute a waiver of DEPASIFY's right to enforce other provisions of these General Terms and Conditions.
14. THE CLIENT shall be responsible for initiating the withdrawal process, either in its own name or on behalf of its Users, and DEPASIFY shall transfer the Funds the following day to the Fiat or Crypto Monedero account indicated by THE CLIENT, or to the same bank account through which the Funds were deposited. In case of an off-ramp mechanism, the User shall provide the CLIENT with proof of ownership. The fees for the Services will be communicated by THE CLIENT and will be charged as indicated in the Consideration of its contract for the provision of Services.
15. DEPASIFY will charge a fee for the management of the payment process, which will include the transfer of the User's Funds in Trust Money.
16. The support function with the Users will be handled directly by THE CLIENT. In case the User has modified his/her bank account, he/she shall previously notify the CLIENT of such modification, and the CLIENT shall notify DEPASIFY and provide the corresponding information in order to validate the identity of the User and ownership of the account, in a similar way as if the CLIENT changed his/her own bank account.
17. Both Parties shall be connected via API so that they are aware of the payment process carried out by each User and the identification thereof, always prioritizing the identification of the Users through a unique pseudonymized identifier ("User_ID") and not through identifying data, such as name, surname or ID number.
18. After a term or any of the milestones specified in Annex II, or whenever the Funds can be withdrawn (deducting the commissions corresponding to the CLIENT and DEPASIFY).
19. DEPASIFY shall hold the CLIENT harmless from any liability arising from the loss, theft, diversion or limited access to the same, provided that the error is attributable to DEPASIFY and not to the third party through which DEPASIFY provides the Service; and as long as the Funds are in favor of DEPASIFY, unless otherwise agreed in these General Conditions.
20. In case THE CLIENT formally requests it in writing, DEPASIFY may make Virtual IBANs available to THE CLIENT in the name of the End Users. THE CLIENT acknowledges and accepts that DEPASIFY will resort to Regulated Partners for the provision of Virtual IBANs.
21. In the event that, by virtue of the CLIENT's business model, a nominative account in the name of the CLIENT is necessary, the CLIENT will assume any responsibilities derived from such nominative account such as compliance requirements, liquidity capacity and response to Users, releasing DEPASIFY from any liability, regardless of the role played by DEPASIFY during the creation of the nominative account held by the CLIENT.
22. In any case, the guarantees specified in these General Conditions must be complied with by THE CLIENT, who will assume the responsibilities arising from the services not provided by DEPASIFY under the selected Service (AML verification of the User, among others).
23. In case THE CLIENT formally requests it in writing, DEPASIFY may make available to THE CLIENT Card Acquiring Services, allowing the acceptance and processing of card payments initiated by THE CLIENT's End Users for the purchase of Cryptoassets and related Services, in strict compliance with the terms set forth herein. CLIENT acknowledges and agrees that DEPASIFY will rely on Regulated Partners for the provision of Card Acquiring Services.
24. CLIENT acknowledges that the ramp merchant widget provided for the Card Acquiring Services may only be used in connection with the specific website(s) owned by CLIENT, as disclosed and verified during the Know Your Business (KYB) process and have been pre-approved by DEPASIFY as part of the KYB process.
25. Any use of the on-ramp widget outside of the disclosed and approved website(s) constitutes a material breach of these Terms and Conditions and will result in immediate suspension or termination of the Services.
26. THE CLIENT represents and warrants that it will offer Cryptoasset purchase Services exclusively under a direct seller model, whereby THE CLIENT acts as the direct counterparty to the End User in all Cryptoasset purchase transactions and retains full control and responsibility for the entire transaction lifecycle, including, but not limited to, pricing, execution and delivery of Cryptoassets.
27. CLIENT agrees that the Card Acquiring Services will not support any intermediary or marketplace model unless expressly agreed to in writing by DEPASIFY.
28. In order to receive Card Acquiring Services, THE CLIENT shall ensure compliance with all applicable card network rules, including those of Visa, Mastercard and any other relevant card networks. CLIENT acknowledges that failure to comply with card network rules or applicable laws may result in penalties, suspension of Services or termination of its Service Agreement.
29. DEPASIFY reserves the right to refuse to process transactions flagged as suspicious under AML/CFT procedures, suspend the Card Acquiring Services in case of suspicion of non-compliance with the conditions relating to the use of the ramp merchant widget, these General Terms and Conditions, the card network rules or applicable laws and regulations.
30. THE CLIENT shall pay DEPASIFY a transaction fee of the percentage indicated in the Consideration of these General Terms and Conditions for each successful transaction, as well as any applicable chargeback, refund or other administrative fees. Settlement of the Funds shall be on a net basis after deduction of all applicable fees.
31. CLIENT assumes all liability for any chargebacks resulting from disputed transactions and for any losses or claims arising from unauthorized use of cards, fraud or other unlawful activity. DEPASIFY will cooperate with the Client to mitigate risks, but is not responsible for fraud arising from the CLIENT's systems or the actions of its End Users.
8. Wallet Service (Custody and Administration of Cryptoassets)
1. The Wallet Service consists of the safekeeping or control, on behalf of clients, of the Cryptoassets in distributed register addresses, through the private cryptographic keys or access means that control such distributed register addresses.
2. DEPASIFY shall perform the storage and control Services, on behalf of the CLIENT, of Cryptoassets or means of access to such Cryptoassets, in the form of private cryptographic keys, as the case may be, in accordance with its Custody Policy, which is available on DEPASIFY's website and shall be delivered to the CLIENT together with its contract for the provision of Services. Therefore, DEPASIFY will open to the CLIENT an electronic urse where the Cryptoassets resulting from the Intermediation Service will be kept on behalf of the CLIENT. Said electronic Wallet will be opened in the name of the CLIENT, who will be the holder thereof, although DEPASIFY will provide a tool that allows the individualized registration of the positions of the CLIENT's End Users through an identifier per position.
3. DEPASIFY shall make available to the CLIENT the Wallet Service so that THE CLIENT may leave Cryptoassets under DEPASIFY's custody. DEPASIFY will provide the following Services:
1. Custody of the CLIENT's Cryptoassets.
2. Administration of Cryptoassets
3. Settlement of operations
4. Maintenance of records and reports
5. Application of security measures
4. The Custody Service offered is centralized, which implies that DEPASIFY will have access and control over the CLIENT's Cryptoassets through advanced security technologies, such as MPC (Multi-Party Computation), HSM (Hardware Security Module) and Threshold Recovery. DEPASIFY shall maintain all private keys associated with the CLIENT's Cryptoassets, and shall manage the security of such assets through robust cybersecurity systems and distributed storage.
5. DEPASIFY will be responsible for:
1. Asset Security: Implementing advanced cybersecurity measures, such as key compartmentalization, distributed storage and protection through TEE (Trusted Execution Environment).
2. Segregation of assets: Keeping the Clients' Cryptoassets separate from DEPASIFY's own assets, implementing adequate registration systems to guarantee a clear identification of ownership and making accounting entries for the separate accounting of all transactions and the individualized registration of the End Clients' positions through an identification number. DEPASIFY shall maintain strong accounting and operational controls to ensure the integrity of client assets and prevent any unauthorized access, use or commingling of such assets with DEPASIFY's own resources.
3. Transparency and reporting: Maintain transaction history and provide the CLIENT with clear and updated information on its positions in Cryptoassets, accessible through secure platforms; periodic declarations of holdings; and assistance in tax reporting.
4. Security and Risk Management: Implement robust cybersecurity protocols, maintain multiple backup systems, implement incident response procedures, and maintain monitoring and auditing systems to ensure the integrity of Cryptoassets and report any security incidents as required by DORA.
5. Business Continuity Plan: Develop a contingency plan to mitigate Service interruption risks and ensure asset recovery in emergency situations.
6. CLIENT shall be responsible for:
1. Maintain the confidentiality of the access credentials provided by DEPASIFY.
2. Immediately report any security incident that may affect the custody of the Cryptoassets or any unauthorized transaction.
3. Comply with the applicable regulatory provisions and DEPASIFY's instructions regarding the security of the Cryptoassets.
7. THE CLIENT shall have the right to:
1. Return of Cryptoassets: request the partial or total return of its Cryptoassets at any time with reasonable notice, according to the procedures established by DEPASIFY.
2. Transparency: Receive periodic reports and statements with complete and non-misleading information about the status of your Cryptoassets, the risks associated with them and security incidents.
3. Compensation for Losses: In case of Losses due to negligence or breach by DEPASIFY, THE CLIENT may claim compensation in accordance with the applicable legislation, up to the market value of the Cryptoassets lost at the time the loss occurs.
8. DEPASIFY shall apply the following measures to protect the CLIENT's Cryptoassets:
1. Encryption and Compartmentalization: Private keys and associated data will be kept encrypted using MPC, which ensures that no entity has full control over the keys.
2. Monitoring and audits: Periodic internal and external audits will be conducted to ensure compliance with MiCA and DORA regulations.
3. Business continuity: Asset recovery plans will be established in the event of cybersecurity incidents or custodial system failures.
9. In case of incidents affecting the security or availability of the Cryptoassets, DEPASIFY shall immediately, and within no more than 24 hours, notify the CLIENT and shall take the necessary measures to mitigate the impact, and shall implement the established recovery plans to return the Cryptoassets to the CLIENT safely.
10. DEPASIFY shall not carry out any transaction or activity with the CLIENT's assets without the explicit prior written consent of the CLIENT. Any violation of this clause shall be deemed a material breach of the escrow agreement. DEPASIFY acknowledges and agrees that all assets in its custody are held solely for safekeeping and administration purposes. Under no circumstances DEPASIFY may use these assets for any activity beyond the execution of the custody obligations on behalf of the CLIENT. DEPASIFY is strictly prohibited from using the CLIENT's assets for:
1. Investment purposes, including, but not limited to, transactions with securities or in the financial markets.
2. Loan or indebtedness operations with third parties or any internal operation of DEPASIFY.
3. Any commercial activity that goes beyond the custody and administration of assets agreed with the client.
11. THE CLIENT acknowledges and accepts that DEPASIFY will rely on Third Party Wallet Service Providers for the provision of the Wallet Services, provided that such sub-custodians comply with the established security norms and standards. Delegations will be subject to the following controls:
1. Evaluation of sub-custodians: Conducting due diligence on external providers, including periodic audits and verifications of their technological infrastructure.
2. Ongoing monitoring: Implementation of tracking systems to monitor compliance with sub-custodian obligations.
3. Review of SLAs: Establishment of Service Level Agreements (SLAs) to guarantee the performance and security of the sub-custodians.
12. DEPASIFY shall record any movement in the position register and shall send a quarterly position statement of the Cryptoassets under custody in electronic format.
13. When appropriate, DEPASIFY shall facilitate the exercise of the rights associated to the Cryptoassets.

However, when there are changes in the underlying distributed registry technology or any other event that may create or modify the rights of the Cryptoassets held in custody (such as forks or airdrops), the CLIENT accepts and acknowledges that DEPASIFY will not guarantee to be able to access any Cryptoasset or any newly created rights based on its positions in the face of these events.

Therefore, in cases of forks, airdrops or similar events, DEPASIFY:

• will not acquire any right, title or interest in the Cryptoasset forked or launched from an airdrop; and.
• shall not handle instructions in respect of a Cryptoasset forked or launched from the airdrop and shall have no liability in respect thereof.
14. In connection with the return of Cryptoassets, DEPASIFY provides the Transfer Service which consists of the provision of Transfer Services, on behalf of a natural or legal person, of Cryptoassets from one address or distributed register account to another.

The Client will be able to make withdrawals from his wallet. DEPASIFY is not responsible if the destination or reception address indicated by the CLIENT is incorrect, since the transfers of Cryptoassets are irreversible.

DEPASIFY shall comply in any case with the European Regulation of information that must accompany the Crypto-assets transfers.

The deadlines for executing transfers may vary according to the type of Cryptoassets in question. DEPASIFY will act with the utmost diligence to make the transfer as quickly as possible and, in any case within a maximum period of 5 Business Days, provided that all relevant information has been provided in accordance with the regulatory framework in force and, in particular EU Travel Rule. The transfer time will depend on:

1. The receipt of the information you have to provide;
2. The AML/CFT checks to be made by DEPASIFY;
3. The actual execution time of the transfer in the relevant DLT network (the confirmations that a DLT network requires are available on the DEPASIFY website).

In any case, in order for the transfer to be executed, the following minimum information must be indicated:

• The name of the beneficiary or recipient;
• The distributed registry (Blockchain) address of the wallet where you want to transfer the Cryptoassets and the Cryptoasset account number to which you want to transfer them, where such an account exists and is used to process transactions;
• The Cryptoasset account number where you want to transfer the Cryptoassets, in cases where a transfer of Cryptoassets has not been registered in a network using distributed registration technology or a similar technology;
• The address, including the country;
• The official identity card number and customer identification number or, alternatively, the date and place of birth; and
• Where applicable, the current LEI or, in the absence thereof, any equivalent official identifier of the recipient that is available.

If this data is not transmitted or not transmitted in full, no transmission may take place for legal reasons. It is also important that you enter the data correctly as a transfer to a different Blockchain address or to a different Blockchain can no longer be reversed and will result in an irreversible loss.

In the case of a transfer of Cryptoassets to a self-hosted or self-custodied wallet, the total amount of which exceeds the legally defined limit (€1,000), DEPASIFY will additionally carry out a legally prescribed technical verification procedure to determine whether the wallet is owned or controlled by you.

Before transferring the Cryptoassets:

• we will advise whether and when the transfer of Cryptoassets will be irreversible or sufficiently irreversible in case of probabilistic settlement;
• we will inform about any expenses to be assumed by the transfer of Cryptoassets.

Additionally, after each transfer we will give the following information:

• the names of the payer and the payee;
• the address of the distributed ledger or the Cryptoassets account number of the originator and the beneficiary;
• a reference enabling the customer to identify each Cryptoasset transfer;
• the amount and type of Cryptoassets transferred or received;
• the debit or credit value date of the Crypto-asset transfer;
• the amount of any charges, fees or commissions related to the transfer of Cryptoassets and, if applicable, a breakdown of the amounts of such charges.
9. User Verification Service (KYC)
1. DEPASIFY shall not assume in any case the penalties derived from the omission or lack of diligence of the CLIENT in terms of onboarding of End Users (also known as KYC), continuous monitoring or any other obligation in terms of prevention of money laundering and terrorism financing at any time. In this sense, DEPASIFY does not assume in any case the AML or KYC Service, regardless of the technological solution it provides. These responsibilities and all those arising therefrom shall be assumed by THE CLIENT.
2. Independently of the above, DEPASIFY may provide the technological infrastructure to the CLIENT, by virtue of which THE CLIENT shall carry out:
1. elaborate the risk report (attached to the prevention manual).
2. Formal and real identification of users (KYC).
3. Elaboration of user admission policies.
4. Creation and maintenance of information files.
5. Documentation maintenance.
6. Annual audits
3. The KYC infrastructure provided by DEPASIFY to the CLIENT shall consist of the following:
1. DEPASIFY shall provide the CLIENT with an end-user verification infrastructure (KYC) in accordance with the regulations in force regarding the prevention of money laundering and terrorism financing.
2. Likewise, in case it is formally requested in writing by THE CLIENT, DEPASIFY will provide the business verification infrastructure (KYB).
3. This system will be provided as a Widget, since the End User will carry out this procedure in DEPASIFY's secure environment. DEPASIFY will allow the CLIENT to connect through an API with DEPASIFY's KYC system.
4. DEPASIFY undertakes to ensure that its user verification process complies with current standards and regulatory requirements.
5. DEPASIFY, for the provision of this Service, may rely, in whole or in part, on Third Party providers to provide its KYC infrastructure. DEPASIFY shall not be liable for any lack of efficiency or speed in the verification process of End Users.
6. Once an End User has completed the verification process, DEPASIFY will indicate to the CLIENT whether the KYC process has been successfully completed or not. If not, the User may retry the process.
7. In case the process is not completed successfully, DEPASIFY will inform the CLIENT of the reasons and it will be the responsibility of DEPASIFY to collect more information from the User, if necessary.
8. In case of successful completion of the KYC process, DEPASIFY will send the User ID to the CLIENT for its location and control by both Parties.
10. Know Your Transaction (KYT) Service
1. DEPASIFY shall not assume in any case the penalties derived from the omission or lack of diligence of the CLIENT in relation to the obligations of knowledge of its transactions, continuous monitoring or any other obligation regarding the prevention of money laundering and terrorist financing at any time. In this sense, DEPASIFY does not assume in any case the AML or KYT Service, regardless of the technological solution hereby provided. These responsibilities and all those arising therefrom shall be assumed by THE CLIENT.
2. DEPASIFY shall make available to the CLIENT the Know Your Transaction Service so that THE CLIENT may examine the provenance of the Cryptoasset in order to assess the risk that a Cryptoasset transaction is associated with an illicit activity, together with any data included in the same or accessed through the same; detect high-risk activity patterns; and prevent transactions with addresses identified in the sanctions list.
3. CLIENT acknowledges and agrees that DEPASIFY may use Third Party Service providers to provide the Know Your Transaction Service.
11. Transaction Monitoring Service
1. DEPASIFY shall not assume in any case the penalties arising from the omission or lack of diligence of the CLIENT with respect of transaction obligations, ongoing monitoring or any other obligation regarding the prevention of money laundering and terrorist financing at any time. In this sense, DEPASIFY does not assume in any case the AML or KYT Service, regardless of the technological solution hereby provided. These responsibilities and all those arising therefrom shall be assumed by THE CLIENT.
2. DEPASIFY shall make available to the CLIENT the Transaction Monitoring Service for THE CLIENT through the Platform to aggregate and analyze the CLIENT's transaction data to highlight patterns that suggest the possible occurrence of money laundering or other financial crimes.
3. THE CLIENT acknowledges and agrees that DEPASIFY may use Third Party Service Providers for the provision of the Transaction Monitoring Service.
12. User’s Support Service
1. DEPASIFY undertakes to provide Adequate Support Services to the CLIENT by responding to requests within a reasonable period of time.
2. The Support Service or Customer Service to the Users will always be performed by THE CLIENT. DEPASIFY shall only communicate with THE CLIENT and the management of incidents shall be carried out through a ticketing system.
3. Both Parties shall hold periodical meetings to review the incidents that may have occurred, in order to prevent future incidents and to make the resolution process more efficient.
4. Communication between THE CLIENT and DEPASIFY will be carried out through a ticketing system.
5. DEPASIFY will process and answer all the incidents reported by THE CLIENT within a maximum period of twenty-four (24) working hours from their notification.
6. For these purposes, DEPASIFY's working hours shall be considered to be between 9:00 a.m. and 6:00 p.m. from Monday to Friday.

13. Modifications and Updates
1. DEPASIFY reserves the right to modify, suspend or interrupt, temporarily or permanently, the Platform or any Service to which it connects, with or without prior notice and without any liability to the User.
2. DEPASIFY may from time to time provide enhancements to the features/functionality of the Platform, which may include patches, bug fixes, updates, upgrades, enhancements and other modifications. Updates may modify or eliminate certain features and/or functionalities of the Platform. CLIENT agrees that DEPASIFY is under no obligation to (i) provide any updates, or (ii) continue to provide or enable any particular features and/or functionality of the Platform to CLIENT.
3. CLIENT further agrees that all updates or any other modifications (i) shall be deemed to be an integral part of the Platform, and (ii) shall be subject to the terms and conditions of these Terms and Conditions.
4. Please note that during updates or any other modifications to the Platform, THE Services may be temporarily unavailable. Such unavailability during upgrades or any other modification provided by DEPASIFY shall not be deemed a breach or violation of DEPASIFY's obligations under these Terms and Conditions, the Terms of Service or the Subscription Policy.
5. DEPASIFY shall be responsible for the maintenance of the Platform in order to (i) keep it available; (ii) make its use convenient and uninterrupted to the greatest extent possible.

14. Third Party Services
1. The Platform may display, include or make available third party content (including data, information, applications and other products Services) or provide links to third party websites or services (hereinafter, "Third Party Service").
2. CLIENT acknowledges and agrees that DEPASIFY shall not be responsible for any Third Party Services, including their accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality or any other aspect thereof. DEPASIFY does not assume and shall have no liability to CLIENT or any other person or entity for any Third Party Services.
3. CLIENT may be required to comply with applicable Third Party terms and conditions when using the Platform. Third Party Services and links thereto are provided solely for the convenience of the CLIENT and CLIENT accesses and uses them at its own risk and subject to the terms and conditions of such Third Parties.

ANNEX I - DATA PROTECTION

This Data Protection Annex forms an integral part of the General Terms and Conditions of Contract for DEPASIFY S.L. Services and regulates the processing of personal data within the framework of a business relationship where a legal entity (hereinafter, the "Business Partner") introduces the end user (hereinafter, the "End User") to DEPASIFY S.L. for the provision of Cryptoasset Services. This Annex is governed by Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2023/1114 (MiCA), Organic Law 3/2018 (LOPDGDD), Law 11/2023, Law 34/2002 (LSSI), Law 10/2010, Royal Decree 304/2014, and Directives (EU) 2015/849 ("AMLD5") and 2018/843 ("AMLD6").

1. Identification of the Parties
• DEPASIFY S.L.: Limited company with NIF B-67823831, domiciled in calle Álvaro de Bazán 10, 46010 Valencia (Valencia), Spain, registered in the Mercantile Registry of Valencia in the electronic Volume, electronic Folio, Page V-221845, current registration, with IRUS code: 1000309399078 and duly registered in the register of service providers on Cryptoassets of the Bank of Spain with the number D705 and contactable through the email or the form at .
• Business Partner: Legal entity that, under a contract with the End User, collects personal data and shares it with DEPASIFY for the provision of cryptoasset services through the platform .
• End User: Natural person of legal age who uses DEPASIFY's services through the Business Partner, complying with the registration and identity verification (KYC) requirements.
• Roles in Data Processing

DEPASIFY S.L. and the Business Partner act as co-responsible for the processing of the End User's personal data, pursuant to Article 26 of the GDPR, as they jointly determine the purposes and means of the processing for the provision of cryptoasset services. However, in certain specific cases, DEPASIFY could act as a processor if it processes data under direct instructions from the Business Partner.

2. Co-responsibility
• Shared Purposes: to facilitate the purchase, sale or exchange of cryptoassets, to comply with KYC/AML obligations, and to ensure the security of transactions.
• Means: The Trading Partner collects initial End User data (e.g., name, ID, email) under its contract, while DEPASIFY determines the technical means (e.g., encryption, HSM, 3D Secure) and procedures (e.g., KYC, transaction monitoring) for the Services provided through its platform.
• Co-responsibility Agreement: DEPASIFY and the Business Partner shall enter into a written agreement defining the responsibilities of each party, including data subject rights management, security breach notifications, and cooperation with the Spanish Data Protection Agency (AEPD). Such agreement will be available to End Users upon request to
• Warranties: In compliance with the provisions of the RGPD and other applicable data protection regulations, the Data Controllers provide sufficient guarantees to implement the appropriate technical and organizational policies to implement the security measures established in the current legislation and to protect the rights of data subjects.
3. Processing as Processor

When DEPASIFY processes personal data exclusively under instructions from the Business Partner (for example, executing a specific transaction), it shall act as a processor, pursuant to Article 28 of the GDPR. In this case, a processing commissioning contract will be formalized specifying the instructions, security measures, and confidentiality obligations.

4. Purpose.

These clauses regulate the processing of personal data necessary for the provision of the Services described in these General Conditions.

The authorized processing will be those strictly necessary to achieve the purpose of the Service, such as:

• Management of the data of interested parties to receive and send transactions;
• Management of interested parties (End Users);
• Communication of data of the data subject to the data controller.
5. Duration.

These General Conditions shall come into force at the time of acceptance and shall have the same duration as the contracted Services.

6. Purpose of the Treatment.
• By the Business Partner: To manage the contractual relationship with the End User and to facilitate access to DEPASIFY's Services.
• By DEPASIFY: Account registration, transaction processing, KYC/AML compliance, customer service, promotional communications (with consent), and platform improvement.
• Shared Purposes: Provision of cryptoasset services, regulatory compliance (MiCA, AMLD5/AMLD6, Law 10/2010), and fraud prevention.
7. Types of data processed.

The categories of End User personal data processed include:

• Identifying data: first name, last name, ID/NIE/passport, email, telephone, bank account, and pseudonymized identifying data, such as user identifier (User_ID).
• Financial data: bank account information, cryptocurrency wallets, or payment card data (without storing full data).
• KYC/AML data: Identity verification documents, proof of address.
• Usage data and metadata: IP addresses, browser, operating system, cookies.
8. Legal basis
• Consent (art. 6.1.a RGPD): For promotional communications and non-essential processing, obtained by the Business Partner or DEPASIFY.
• Execution of a contract (art. 6.1.b RGPD): For the contractual relationship between the Business Partner and the End User, and between DEPASIFY and the End User (upon acceptance of the General Terms and Conditions).
• Compliance with legal obligations (art. 6.1.c RGPD): For KYC/AML, reporting to authorities, and compliance with MiCA, Law 10/2010, and other regulations.
• Legitimate interest (art. 6.1.f RGPD): To improve the security and functionality of the platform, provided that the End User's rights do not prevail.
9. Prohibition of communication of personal data.

The Parties undertake to keep under their control and custody the personal data received from the Stakeholders, as well as the data provided by the Data Controller to which it has access in connection with the provision of the Services and not to disclose, transfer or communicate them in any other way, not even for storage, to other persons unrelated to them and to the provision of the Service.

However, the Data Processor shall not be liable when, upon prior express and written indication by the Data Controller, communicates the data to a third party designated by the Data Controller, to whom he/she has entrusted the provision of a Service in accordance with the provisions of the regulations in force on data protection.

Access by the Data Controller to personal data shall not be considered communication or transfer of data when such access is necessary for the proper provision of the Services.

10. Subcontracting of the Services.

The Data Controller agrees that the Processor may engage sub-processors (hereinafter referred to as "Sub-processors" or "Sub-processors") to perform its obligations under these General Terms and Conditions.

The Controller grants a general consent for the Processor to engage with the Sub-Processors, subject to the following requirements:

1. Each Sub-Processor must ensure compliance with data protection data.
2. The Processor shall limit the Sub-Processor's access to the Controller's Personal Data strictly necessary for the provision of its Services.

The Controller agrees that the Processor may engage additional Sub-Processors to process data within the Services provided and for the permitted purposes, and will maintain an updated list of its Sub-Processors.

11. International Data Transfers.

If data is transferred outside the European Economic Area, DEPASIFY will ensure GDPR-compliant mechanisms (standard contractual clauses, adequacy decisions, Data Privacy Framework for USA), coordinating with the Business Partner.

12. Security of personal data.

The Parties undertake to ensure that appropriate technical and organizational measures are implemented to ensure that processing complies with the legal requirements in accordance with Article 32 of the GDPR.

DEPASIFY implements security measures, including:

• HSM and multi-signature storage.
• Security measures for card payments.
• Machine learning algorithms to detect suspicious transactions.
• Regular audits and compliance with standards such as PCI DSS.

The Business Partner will ensure equivalent security measures for directly collected data.

13. Collaboration in reporting security breaches.

In the event of a security breach in the systems of either Party, which may affect the data of the Stakeholders, they are obliged to notify the other Party within a maximum of 48 hours, always after becoming aware of the personal data breach, through the designated email address, together with all relevant information for the documentation and communication of the incident.

Notification shall not be required when such security breach is unlikely to constitute a risk to the rights and freedoms of natural persons.

14. Rights of access, rectification, deletion, limitation, opposition and data portability.

End Users may exercise their rights (access, rectification, deletion, limitation, portability, opposition) by contacting DEPASIFY at or the Business Partner through its designated channels. DEPASIFY and the Business Partner will coordinate the response within a maximum period of one month, extendable to two months in complex cases. End Users may file complaints with the AEPD (www.aepd.es).

In the event that, for reasons of efficiency and provided that the Parties have so agreed, it shall be the Data Processor who deals with requests for the exercise of data protection rights against the Stakeholders.

15. Confidentiality.

The duty of secrecy and confidentiality arising from these General Conditions bind the Parties for the duration of the business relationship.

The Parties guarantee that the persons in their charge, authorized to process the personal data will assume a commitment of confidentiality and that they will be subject to the appropriate legal obligations of confidentiality, even after the termination of the Services. It also undertakes to allow access to such data only to those employees who need to know them for the proper performance of their duties in connection with the provision of the Services.

16. Periods of conservation and return of the information

DEPASIFY S.L. and the Business Partner, as co-responsible for the processing, will keep the End User's personal data only for the time necessary to fulfill the purposes described and the applicable legal obligations, in accordance with the storage limitation principle of the GDPR (Article 5.1.e). Data retention and deletion responsibilities will be coordinated between both parties, as set out in the co-responsibility agreement.

1. Retention period
• Account and transaction data: Retained for the duration of the contractual relationship with the End User and up to 5 years after its termination, in accordance with the accounting, tax, and audit obligations set forth in the Commercial Code, Royal Decree-Law 19/2018, and the MiCA Regulation.
• KYC/AML Data: Retained for 10 years after the end of the commercial relationship, as required by Law 10/2010, Royal Decree 304/2014, and the AMLD5/AMLD6 Directives, to comply with regulations for the prevention of money laundering and terrorist financing.
• Contact and promotional data: retained until the End User revokes consent or requests deletion, in accordance with the GDPR.
• Usage and metadata data: Retained for 1 year, unless a longer period is required for legal or security reasons.
• Customer service communications data: Retained for up to 3 years after the end of the contractual relationship, to address potential claims or legal liabilities.
• Data in backup systems: Retained for a maximum of 1 year, unless a longer period is required by legal obligations. This data will be securely isolated and protected from further processing, except where required by applicable law.
• Legal liabilities: The data will be kept at the disposal of the public administration, judges and courts for the legal periods established to meet possible liabilities arising from the processing, in accordance with Law 11/2023 and other applicable regulations.
2. Coordination between Corresponsible parties.
• Data Management: DEPASIFY and the Business Partner shall coordinate obtaining copies of the End User's data, if necessary, to comply with portability requests or audits. The Business Partner shall inform DEPASIFY of any deletion request by the End User, and both parties shall agree on the steps to comply with such request, respecting legal obligations.
• Termination of the Contractual Relationship: Upon termination of the contract between DEPASIFY and the Business Partner, both parties:
• Shall delete End User data that is not necessary to fulfill the described purposes or legal obligations, within a maximum period of 90 days after the end of the contract, unless a different period is agreed upon in the co-responsibility agreement.
• They shall ensure that data in backup systems are deleted within a maximum period of 180 days, keeping them isolated and protected from any further processing during this period, unless otherwise required by law.
• Legal Retention Obligations: DEPASIFY may retain End User data if required by applicable law (e.g. KYC/AML data for 10 years), informing the Business Partner and the End User, if applicable.
17. Return of Data
• Upon request of the Business Partner or End User, DEPASIFY will provide a copy of the processed personal data in a structured, commonly used and machine-readable format, in accordance with the right of portability of the GDPR (Article 20).
• The return of data will be coordinated between DEPASIFY and the Business Partner, ensuring that neither data security nor legal retention obligations are compromised.
18. Responsibilities of the parties.
• Business Partner: Shall obtain the End User's informed consent to share his/her data with DEPASIFY, inform about co-responsibility, and ensure that the data is truthful and up-to-date.
• DEPASIFY: Shall implement technical and organizational measures (encryption, HSM, 3D Secure, 2FA, ISO/IEC 27001 audits if applicable) and comply with MiCA and AMLD5/AMLD6 obligations, including KYC checks and transaction monitoring.
• Both Parties will: Cooperate in responding to requests for data subjects' rights (access, rectification, erasure, etc.), notify security breaches in accordance with Article 33 of the GDPR, and comply with the recommendations of the AEPD. Each Party shall be liable for any infringements, penalties and/or fines that may be imposed on it for failure to comply with its obligations under the Data Protection regulations, as well as when it fails to adopt the corresponding security measures.
19. Data Protection.

Each of the Parties is informed that its personal data will be processed by the other party, in accordance with the provisions of the General Regulation 2016/679, on data protection and the L.O. 3/2018, on data protection and guarantee of digital rights, in order to allow the development, fulfillment and control of the provision of the Services, the basis of the processing being the fulfillment of the contractual relationship. The data will be kept for the duration of the Services and thereafter, by law, until the obligations and / or liabilities arising therefrom expire. The data of the parties may be transferred to banks, insurance companies and Public Administrations, in the cases provided for in the Law and for the purposes defined therein. The parties may request access to personal data, its rectification, deletion, portability and limitation of its processing, as well as oppose its processing, at the address of the other party listed in the heading of these General Conditions.

20. Contact

For questions about this Addendum, please contact DEPASIFY at:

• Address: calle Álvaro de Bazán 10, 46010 Valencia, Spain.
• E-mail:
• Form:
21. Applicable law and jurisdiction.

This Data Protection Annex is governed by the Spanish and European regulations on Personal Data Protection, as well as by the resolutions and guidelines of the Spanish Data Protection Agency and other competent bodies in the field.

For the resolution of any discrepancy regarding the interpretation and/or execution of the provisions of these General Conditions of the Data Processor, the Parties submit to the jurisdiction of the Courts and Tribunals of Valencia, expressly waiving any other jurisdiction that may correspond to them.

ANNEX II - Withdrawal Milestones

The following requirements must be met, as applicable, to allow the withdrawal of funds by the CLIENT or end users, after deducting the corresponding commissions to the account holder and DEPASIFY, in accordance with the terms of the General Conditions, MiCA Regulation (EU) 2023/1114, Regulation (EU) 2023/1113 ("EU Travel Rule"), Law 10/2010 of 28 April on the Prevention of Money Laundering and Terrorist Financing, and Directives (EU) 2015/849 (AMLD5) and (EU) 2018/843 (AMLD6).

• Regulatory Compliance: completion of the KYC process for all end users submitted by THE CLIENT, including verification of valid identification documents (e.g., DNI, NIE or passport) and proof of life. Such verifications will be performed by DEPASIFY in full compliance with the requirements of Law 10/2010, Royal Decree 304/2014, the AMLD5 and the AMLD6, ensuring that all End Users are properly identified prior to any withdrawal of Funds. This includes, among others, compliance with the EU Travel Rule to share information on the originator and beneficiary of transactions involving cryptoassets.
• Cooperation with authorities: Timely and accurate submission by the CLIENT of all information required in response to requests from competent authorities or as required by DEPASIFY in connection with altered cases, suspicious transaction reports ("STRs"), requests for information ("RFIs") or other regulatory obligations.
• Key Performance Indicators ("KPIs") and Risk Management: Maintenance of a risk profile that does not pose any credit risk to DEPASIFY, particularly with respect to potential chargebacks, disputes or liabilities arising from card acquiring services or other payment processing activities. THE CLIENT shall ensure that its operations and those of its end users do not give rise to financial or operational risks that may result in losses for DEPASIFY.

ANNEX III - Currencies supported by the Service

• Fiduciary currencies
• EUR
• Digital currencies
• USDC
• BUSD
• DAI
• BTC
• ETH
• TRX
• POL
• SOL
• XRP

ANNEX IV - Payment methods supported by the Service

• SEPA, Instant SEPA
• Card payments
• PSD2

ANNEX V - Remarks

The accounts are provided to the CLIENT for the purpose of operating on, but not limited to, the CLIENT's platform. DEPASIFY understands the functionality of the CLIENT's platform.

It acknowledges that trading is performed on the platform itself, however, fiat (EUR) settlement is performed directly between users. This means that the CLIENT will send or receive EUR amounts to/from various CLIENT users directly, to/from their private/corporate accounts.

In the event of requests from third parties, to whom DEPASIFY entrusts the provision of its Services in connection with the CLIENT's platform or transactions carried out through the platform, DEPASIFY will try to respond to them on its own in the first instance. In case further support is required from the CLIENT, DEPASIFY will request additional clarifications.

ANNEX VII - SLAs

1. Types of Incidents
1. Technical or IT Incidents

Incidents related to the system, technological infrastructure, hardware, or software, including:

• Platform or application failures;
• Access problems (username/password); and
• Errors in integration with third parties (API, payment gateways).
2. Operational Incidents

Incidents that affect customer service or service processes, such as:

• Problems with the execution of transfers or remittances.
• Errors in identity validation or user operations.
• Delays in the execution of internal operational processes.
3. Financial Incidents

Incidents related to financial issues, such as:

• Insufficient funds on specific routes.
• Accounting or financial discrepancies.
• Problems with billing or improper charges.
2. Incident Prioritization

Each incident will be classified according to its level of impact and urgency into three priority levels:

1. Low Priority

Minimal impact, does not significantly affect operation or service.

• SLA: 72 Business Hours.

Example:

• Non-urgent data updates.
• Minor errors in billing reports.
• Medium Priority

Moderate impact, affects a group of users or processes, but temporary alternatives are available.

• SLA: 24 Business Hours.

Example:

• Problems with identity validation for a group of users.
• Delays in the settlement of non-critical remittances.
• High Priority

Critical impact, directly affects business continuity, operations, or customer service.

1. SLA: 12 Business Hours.

Example:

1. Platform crash.
2. Liquidity shortage on a key route.
3. Escalation to Third Parties

It may be necessary to escalate the case to a banking entity. These cases will be reported in a timely manner by the team and will depend on the response times of the banking or payment entity.

1. Transaction supports issued by the banking entity.
2. Reconciliation of balances sent with delivery display problems in the destination account.
1. Escalation Procedure
2. Information Gathering

Before escalating an incident, make sure you have the following information:

1. Detailed description of the problem.
2. Impact on the business.
3. Screenshots, logs, or relevant evidence.
4. Affected user or area involved.
5. Escalation Channel
6. Fill out the form in the Slack channel created by Depasify.
7. Clearly indicate:
8. Remittance ID
9. Date and time of the incident
10. Type of incident (IT, Operational, or Liquidity/Billing).
11. Priority level (Low, Medium, High).
12. Problem description.
13. Attach supporting documentation (only if necessary).
14. Confirmation and Follow-up
15. Help Desk will confirm receipt within a maximum of 2 business hours.
16. It will provide an estimated response time based on the confirmed priority level.
17. It will confirm the priority level (Low, Medium, High).
18. Support Hours

The Help Desk operates during the following hours:

1. Business Days: Monday through Friday, whenever they are business days in Madrid, Spain, from 9:00 a.m. to 6:00 p.m. (Madrid, Spain time).
2. Outside these hours, only High Priority incidents will be addressed.
3. Response Times (SLA)

This manual must be reviewed and updated every six months to ensure its validity and adaptability to conditions.