Purchase Order Terms and Conditions

Gopuff Purchase Order Terms and Conditions

1. Applicability. This purchase order is an offer by GoBrands, Inc. d/b/a Gopuff (the “Buyer”) for the purchase of the goods (the “Goods”) or services (the “Services”) specified on the face of this purchase order from the party to whom the purchase order is addressed (the “Supplier”) in accordance with and subject to these terms and conditions (the “Terms”; together with the terms and conditions on the face of the purchase order, the “Order”). This Order, together with any documents incorporated herein by reference, constitutes the sole and entire agreement of the parties with respect to the Order, and supersedes all prior or contemporaneous understandings, agreements, negotiations, representations and warranties, and communications, both written and oral, with respect to the subject matter of the Order. The Order expressly limits Supplier’s acceptance to the terms of the Order. Except as otherwise expressly modified in a master supply agreement executed by the Buyer and the Supplier, these Terms prevail over any terms or conditions contained in any other documentation and expressly exclude any of Supplier’s general terms and conditions of sale or any other document issued by Supplier in connection with this Order. These Terms apply to any repaired or replacement Goods provided by Supplier hereunder. Buyer is not obligated to any minimum purchase or future purchase obligations under this Order.

2. Acceptance. Commencement of performance pursuant to this Order constitutes acceptance hereof by Supplier. Order confirmations shall be sent to Buyer within 24 hours of Order receipt. Buyer may withdraw the Order at any time before it is accepted by Supplier.

2. Delivery Location. All Goods shall be delivered to the address specified in this Order (the “Delivery Location”) during Buyer’s normal business hours or as otherwise instructed by Buyer.

3. Shipping Terms. Delivery shall be made F.O.B. the Delivery Location. Supplier shall give written notice of shipment to Buyer when the Goods are delivered to a carrier for transportation. Supplier shall provide Buyer all shipping documents, including the commercial invoice, packing list, air waybill/bill of lading and any other documents necessary to release the Goods to Buyer upon delivery of such Goods. The purchase order number must appear on all shipping documents, shipping labels, bills of lading, air waybills, invoices, correspondence and any other documents pertaining to the Order.

4. Title and Risk of Loss. Title passes to Buyer upon delivery of the Goods to the Delivery Location. Supplier bears all risk of loss or damage to the Goods until delivery of the Goods to the Delivery Location.

5. Packaging. All Goods shall be packed for shipment according to Buyer’s instructions or, if there are no instructions, in a manner sufficient to ensure that the Goods are delivered in undamaged condition. Shipments shall be properly packaged and shipped only by licensed carrier over the least expensive route, unless otherwise instructed. Supplier shall be responsible for safe packing which must conform to the requirements of carriers’ tariffs and all applicable international, federal and state transportation and shipping laws, statutes and regulations. Supplier shall separately number all cases, packages, etc., showing the corresponding numbers on all invoices. Unless otherwise provided herein, no charge shall be made by Supplier for containers, crating, boxing, storage or other packaging requirements. Supplier must provide Buyer prior written notice if it requires Buyer to return any packaging material. Any return of such packaging material shall be made at Supplier's expense.

6. Amendment and Modification. No change to this Order is binding upon Buyer unless it is in writing, specifically states that it amends this Order and is signed by an authorized representative of Buyer.

7. Inspection and Rejection of Nonconforming Goods. Buyer has the right to inspect the Goods on or after the Delivery Date. Buyer, at its sole option, may inspect all or a sample of the Goods, and may reject all or any portion of the Goods if it determines the Goods are nonconforming or defective. If Buyer rejects any portion of the Goods, Buyer has the right, effective upon written notice to Supplier, to: (a) rescind the Order in its entirety; (b) accept the Goods at a reasonably reduced price; or (c) reject the Goods and require replacement of the rejected Goods. If Buyer requires replacement of the Goods, Supplier shall, at its sole risk and expense, immediately replace the nonconforming Goods and pay for all related expenses, including, but not limited to, transportation charges for the return of the defective goods and the delivery of replacement Goods. If Supplier fails to timely deliver replacement Goods, Buyer may

Purchase Order Terms and Conditions


3. Changes.
notice to any surety, make changes or additions within the general scope of this Order in or to drawings, designs, specifications, instructions for work, method of shipment or packing, or time and place of delivery. If any such changes cause an increase or decrease in the cost of, or the time required for, performance of this Order, Supplier shall notify Buyer in writing immediately and an appropriate equitable adjustment will be made in the price or time of performance, or both, by written modification of this Order.

1. Delivery Date. Supplier shall deliver the Goods in the quantities and on the date(s) specified in this Order or as otherwise agreed in writing by the parties (the “Delivery Date”). Timely delivery of the Goods is of the essence. If Supplier fails to deliver the Goods in full on the Delivery Date, Buyer may terminate this Order (or any part hereof) immediately by providing written notice to Supplier and Supplier shall indemnify Buyer against any losses, claims, damages, and reasonable costs and expenses directly attributable to Supplier's failure to deliver the Goods on the Delivery Date. Buyer reserves the right to cancel this Order (or any part hereof) and reject the Goods upon default by the Supplier in item, rate or manner of delivery. Buyer also reserves the right to refuse shipments made in advance of the Delivery Date. Any quantity of the Goods in excess of the amount ordered may not be accepted, and such excess Goods may be received, held and returned to Supplier by Buyer at Supplier’s sole risk and expense.

Buyer may at any time, by written order, without


replace them with goods from a third party and charge Supplier the cost thereof and terminate this Order. Any inspection or other action by Buyer under this Section shall not reduce or otherwise affect Supplier's obligations under the Order, and Buyer shall have the right to conduct further inspections after Supplier has carried out its remedial actions.

8. Price. The price of the Goods and Services is the price stated in the Order (the “Price”). Unless otherwise specified in the Order, the Price includes all packaging, transportation costs to the Delivery Location, insurance, customs duties and fees. No increase in the Price is effective, whether due to increased material, labor or transportation costs or otherwise, without the prior written consent of Buyer. Except as otherwise agreed by the parties, the Price does not include sales, use, excise or similar taxes applicable to the sale of the Goods. All such taxes shall be shown separately on Supplier’s invoice. Supplier agrees that any price reduction applicable to the ordered Goods subsequent to this purchase order but prior to delivery will be applicable to this purchase order.

9. Materials Furnished or Paid For by Buyer. All designs, patterns, formulas, samples, equipment or material provided by Buyer or obtained or prepared by Supplier at Buyer’s expense shall be and remain the property of Buyer, shall be clearly marked as Buyer’s equipment, shall be used solely to meet Buyer’s requirements, shall be maintained by Supplier in good working order and condition at Supplier’s expense and held at Supplier’s risk while in Supplier’s custody and, upon completion of delivery hereunder or upon termination of this Order (unless otherwise instructed by Buyer), shall be returned or delivered to Buyer at Supplier’s expense in good working order and condition within thirty (30) days after completion or termination.

10. Most Favored Customer; Rebates.

(a) Supplier represents and warrants that the price for the Goods and Services is the lowest price charged by Supplier to any of its external buyers for similar volumes of similar Goods or Services. If Supplier charges any other buyer a lower price, Supplier must apply that price to all Goods and Services under this Order.

(b) Supplier will pay Buyer the incentives and rebates (“Rebates”) in the amounts specified on the cover page of the Order (if any), and in connection therewith, on a quarterly basis following the date of this Order, Buyer shall provide Supplier with a sales report from Buyer setting forth the total sales of Goods or other measure of the Goods or Services required to determine the Rebate during such quarterly period. The Rebate shall be applied within seven days following submission of a sales report from Buyer.

11. Supplier’s Obligations Regarding Services. Supplier shall:

(a) before the date on which the Services are to start, obtain, and at all times during the term of this Order, maintain, all necessary licenses and consents and comply with all relevant laws applicable to the provision of the Services;

(b) comply with all rules, regulations and policies of Buyer, including security procedures concerning systems and data and remote access thereto, building security procedures, and general health and safety practices and procedures;

(c) maintain complete and accurate records relating to the provision of the Services under this Order, including records of the time spent and materials used by Supplier in providing the Services

in such form as Buyer shall approve. During the term of this Order and for one (1) year thereafter, upon Buyer's written request, Supplier shall allow Buyer to inspect and make copies of such records and interview Supplier personnel in connection with the provision of the Services;

(d) obtain Buyer’s written consent, which shall not be unreasonably withheld or delayed, prior to entering into agreements with or otherwise engaging any person or entity, including all subcontractors and affiliates of Supplier, other than Supplier's employees, to provide any Services to Buyer (each such approved subcontractor or other third party, a “Permitted Subcontractor”). Buyer’s approval shall not relieve Supplier of its obligations under this Order, and Supplier shall remain fully responsible for the performance of each such Permitted Subcontractor and its employees and for their compliance with all of the terms and conditions of this Order as if they were Supplier's own employees. Nothing contained in this Order shall create any contractual relationship between Buyer and any Supplier subcontractor or supplier;

(e) require each Permitted Subcontractor to be bound in writing by the confidentiality provisions of this Order, and, upon Buyer's written request, to enter into a non-disclosure or intellectual property assignment or license agreement in a form that is reasonably satisfactory to Buyer;

(f) ensure that all persons, whether employees, agents, subcontractors, or anyone acting for or on behalf of the Supplier, are properly licensed, certified or accredited as required by applicable law and are suitably skilled, experienced and qualified to perform the Services;

(g) ensure that all of its equipment used in the provision of the Services is in good working order and suitable for the purposes for which it is used, and conforms to all relevant legal standards and standards specified by the Buyer; and

(h) keep and maintain any Buyer equipment in its possession in good working order and shall not dispose of or use such equipment other than in accordance with the Buyer's written instructions or authorization.

12. Payment Terms. Supplier shall issue an invoice to Buyer on or any time after the completion of delivery and only in accordance with the Terms. Buyer shall pay all properly invoiced amounts due to Supplier within forty-five (45) days after Buyer’s receipt of such invoice, except for any amounts disputed by Buyer in good faith. All payments hereunder must be in US dollars. In the event of a payment dispute, Buyer shall notify the Supplier of such dispute prior to the date payment is due on the disputed invoice. Amounts not so disputed are deemed accepted and must be paid, notwithstanding disputes on other items, within the period set forth in this Section 15. The parties shall seek to resolve all such disputes expeditiously and in good faith. Supplier shall continue performing its obligations under the Order notwithstanding any such dispute.

13. Set-off. Without prejudice to any other right or remedy it may have, Buyer reserves the right to set off at any time any amount owing to it by Supplier against any amount payable by Buyer to Supplier.

14. Warranties. Supplier warrants to Buyer that for a period of twenty-four (24) months from the Delivery Date, all Goods and Services will: (a) be free from any defects in workmanship, material and design; (b) conform to applicable specifications, drawings, designs, samples and other requirements specified by Buyer or


supplied to Buyer by Supplier; (c) be fit for their intended purpose and operate as intended; (d) be merchantable; (e) be free and clear of all liens, security interests or other encumbrances; and (f) not infringe or misappropriate any third party's patent or other intellectual property rights. Supplier further warrants to Buyer that it shall perform the Services using personnel of required skill, experience and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and shall devote adequate resources to meet its obligations under this Order. These warranties survive any delivery, inspection, acceptance or payment of or for the Goods or Services by Buyer. These warranties are cumulative and in addition to any other warranty provided by law or equity. All warranties herein stated shall run to Buyer, its customers and the users of the goods or deliverables or products into which the Goods may be incorporated. Any applicable statute of limitations runs from the date of Buyer’s discovery of the noncompliance of the Goods with the foregoing warranties. If Buyer gives Supplier notice of noncompliance with this Section, Supplier shall, at its own cost and expense, promptly replace or repair the defective or nonconforming Goods or Services and pay for all related expenses, including, but not limited to, transportation charges for the return of the defective or nonconforming goods to Supplier and the delivery of repaired or replacement Goods to Buyer.

15. Indemnification. Supplier shall defend, indemnify and hold harmless Buyer and Buyer’s parent companies, their subsidiaries, affiliates, successors or assigns and their respective directors, officers, managers equityholders, employees, investors, lenders, insurers and customers (collectively, “Indemnitees”) for, from and against any and all loss, injury, death, damage, liability, claim, deficiency, action, judgment, interest, award, penalty, fine, cost or expense, including reasonable attorney and professional fees and costs, and the cost of enforcing any right to indemnification hereunder and the cost of pursuing any insurance providers (collectively, “Losses”) arising out of or occurring in connection with (1) the Goods or Services purchased from Supplier, (2), Supplier’s negligence, wilful misconduct or breach of the Terms, (3) any claim that Buyer’s or Indemnitee’s use or possession of the Goods or Services infringes or misappropriates the patent, copyright, trade secret or other intellectual property right of any third party, or (4) any liabilities arising out of or in connection with a breach of the data protection terms incorporated into this Order, including any Data Breach as defined under applicable laws. Supplier shall not enter into any settlement without Buyer’s or Indemnitee’s prior written consent.

16. Insurance. During the term of the Order, Supplier shall, at its own expense, maintain and carry insurance in full force and effect which includes, but is not limited to, commercial general liability (including coverage for Contractual Liability assumed by Supplier under this Order, and Completed Operations-Products) in a sum no less than $1,000,000 each occurrence for bodily injury and $1,000,000 each occurrence for property damage with financially sound and reputable insurers (i.e., insurers with a minimum A.M. Best rating of A-minus (or an equivalent rating from another recognized rating agency)). Upon Buyer's request, Supplier shall provide Buyer with a certificate of insurance from Supplier's insurer evidencing the insurance coverage specified in this Order. The certificate of insurance shall name Buyer as an additional insured. Supplier shall provide Buyer with thirty (30) days' advance written notice in the event of a cancellation or material change in Supplier's insurance policy. Except where prohibited by law, Supplier shall require its insurer to waive all rights of subrogation against Buyer's insurers and Buyer or the Indemnitees.


18. Compliance with Law. Supplier is in compliance with and shall comply with all applicable laws, regulations and ordinances. Supplier has and shall maintain in effect all the licenses, permissions, authorizations, consents and permits that it needs to carry out its obligations under the Order. Supplier shall comply with all export and import laws of all countries involved in the sale of Goods under this Order. Supplier assumes all responsibility for shipments of Goods requiring any government import clearance. Buyer may terminate this Order if any government authority imposes antidumping duties, countervailing duties or any retaliatory duties on the Goods.

19. Termination. Buyer may, at any time, terminate this Order for its convenience, in whole or in part, by written notice or verbal notice confirmed in writing to Supplier. In addition to any remedies that may be provided under these Terms, Buyer may terminate this Order with immediate effect upon written notice to the Supplier, either before or after the acceptance of the Goods, if Supplier has not performed or complied with any of these Terms, in whole or in part. If the Supplier becomes insolvent, files a petition for bankruptcy or commences or has commenced against it proceedings relating to bankruptcy, receivership, reorganization or assignment for the benefit of creditors, then the Buyer may terminate this Order upon written notice to Supplier. If Buyer terminates the Order for any reason, Supplier’s sole and exclusive remedy is payment for the Goods and Services received and accepted by Buyer prior to the termination.

20. Waiver. No waiver by any party of any of the provisions of the Order shall be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in the Order, no failure to exercise, or delay in exercising, any rights, remedy, power or privilege arising from the Order shall operate or be construed as a waiver thereof, nor shall any single or partial exercise of any right, remedy, power or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power or privilege.

21. Confidential Information. All non-public, confidential or proprietary information of the Buyer, including, but not limited to, specifications, samples, patterns, designs, plans, drawings, documents, data, business operations, customer lists, pricing, discounts or rebates, disclosed by Buyer to Supplier, whether disclosed orally or disclosed or accessed in written, electronic or other form or media, and whether or not marked, designated or otherwise identified as "confidential," in connection with the Order is confidential, solely for the use of performing the Order and may not be disclosed or copied unless authorized by Buyer in writing. Upon







Buyer's request, Supplier shall promptly return all documents and other materials received from Buyer. Buyer shall be entitled to injunctive relief for any violation of this Section.

22. Force Majeure. Neither party shall be liable to the other for any delay or failure in performing its obligations under the Order to the extent that such delay or failure is caused by an event or circumstance that is beyond the reasonable control of that party, without such party's fault or negligence, and which by its nature could not have been foreseen by such party or, if it could have been foreseen, was unavoidable (“Force Majeure Event”). Force Majeure Events include, but are not limited to, acts of God or the public enemy, government restrictions, floods, fire, earthquakes, explosion, epidemic, pandemic (including, if applicable, if any federal, state, or local governments or agencies are unable to timely operate and issue any applicable permits, licenses, certificates, or authorizations, including due to COVID-19) war, invasion, hostilities, terrorist acts, riots, strike, embargoes or industrial disturbances. Supplier's economic hardship or changes in market conditions are not considered Force Majeure Events. Supplier shall use all diligent efforts to end the failure or delay of its performance, ensure that the effects of any Force Majeure Event are minimized and resume performance under the Order. If a Force Majeure Event prevents Supplier from carrying out its obligations under the Order for a continuous period of more than thirty (30) days, Buyer may terminate this Order immediately by giving written notice to Supplier.

23. Food & Beverage Terms. If the Goods are food, beverages or any other item to be consumed, the following terms and conditions apply:

(a) Supplier represents and warrants that all Goods provided by Supplier pursuant to this Order will be, as of the date the Goods are actually delivered to Buyer (i) not adulterated, misbranded or otherwise in violation of any applicable food quality, food inspection or food processing laws or regulations, including but not limited to the Federal Food, Drug and Cosmetic Act; (ii) free of any chemicals known to cause cancer or reproductive toxicity as identified by the applicable government authority; (iii) free from any salmonella or listeria organisms, toxins, foreign material or other poisonous or injurious matter; and (vi) shall be labeled in accordance with and comply in all respects with any and all applicable laws, regulations, orders and ordinances, including without limitation: any applicable rules of the Federal Trade Commission, the Consumer Products Safety Commission, and the Department of Health, Education and Welfare, including care labeling requirements, and the requirements of each of the following acts to which such goods may be subject: the Federal Food, Drug and Cosmetic Act and the Fair Packaging and Labeling Act.

(b) Supplier shall be responsible for all recalls of the Goods, whether voluntary or required by law; provided that, to the extent permitted by applicable law, Supplier shall consult with Buyer prior to taking any actions in relation to notifying Buyer’s customers of such recall. Supplier shall at its sole cost and expense, take all actions reasonably necessary and appropriate to implement recalls on a timely basis, and in any case, within any timeframe required by law. Without limiting the foregoing, if any Good is recalled, Supplier shall, at its sole expense, effect the following: (i) immediately notify Buyer of such recall and arrange to have the recalled goods picked up from or destroyed at each of Buyer’s locations; (ii) replace any recalled goods with new goods as ordered by Buyer; and (iii) cooperate in all reasonable respects with Buyer’s public relations representatives, as designated by Buyer from time to time, to coordinate a mutually acceptable public warning and/or news media communication.

(c) As between Buyer and Supplier, Supplier is solely responsible for ensuring goods are properly labeled as required by law. If Supplier’s goods require a specific label or warning, Supplier must deliver such Goods to Buyer with the necessary label or warning affixed to the product or consumer packaging. Buyer is not responsible for labeling goods or displaying signage on behalf of Supplier.

(d) Supplier ensures that all employees and agents at its or its subcontractors facilities which store, manufacture or process Goods which are food or beverages or other items to be consumed (each a “Facility”) are qualified to perform their assigned duties, with the necessary combination of education, training and/or experience necessary to handle food to maintain cleanliness and safety.

(e) Upon three business days written notice, Buyer, at its cost and expense, shall have the right to conduct a reasonable food safety and quality assurance (FSQA) audit of Supplier’s Facilities, procedures and systems and review documents as they relate to the storage, manufacture or processing of the applicable Goods. Buyer may initiate an FSQA audit for any reason it deems necessary, including, but not limited to, quality control, cleanliness tests and/or compliance with industry standards and specifications. If Buyer identifies any material deficiencies in such audit, it shall present such findings to Supplier, and Supplier shall within 10 business days thereof, issue responses detailing a plan to remedy (if capable of remedy) to all such deficiencies identified in the audit report.

(f) Upon delivery, there will not be less than the following intervals between (i) the date of delivery of the Goods and (ii) the “expiration” or “sell by” date printed on the packaging of the Goods: 90 days for prepackaged and frozen Goods and 14 days for fresh Goods (e.g., milk, eggs, fruit, etc.).

(g) Supplier will have policies and procedures in place, and use reasonable best efforts, to document, investigate, and respond to all FSQA related complaints and assist Buyer’s FSQA team in investigations as reasonably requested by Buyer for complaints associated with the Goods.


24. SaaS Services.
software-as-a-service as identified on the first page of this Order, then Appendix 1 shall apply. To the extent that any terms contained herein are contrary to the terms of Appendices 1 and 2, the Appendices shall control.

25. Assignment. Supplier shall not assign, transfer, delegate or subcontract any of its rights or obligations under the Order without the prior written consent of Buyer. Any purported assignment or delegation in violation of this Section shall be null and void. No assignment or delegation shall relieve the Supplier of any of its obligations hereunder. Buyer may at any time assign, transfer or subcontract any or all of its rights or obligations under the Order without Supplier's prior written consent.

26. Relationship of the Parties. The relationship between the parties for the delivery of Goods or Services under the Order is that of independent contractors. Nothing contained in the Order shall be construed as creating any agency, partnership, joint venture, joint controllership for the processing of personal data, or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party shall have authority to contract for or bind the other party in any manner whatsoever. No relationship of exclusivity shall be construed from this Order.

If the Service(s) purchased hereunder is


27. No Third-Party Beneficiaries. This Order is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other person or entity any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of these Terms.

28. Governing Law and Jurisdiction. All matters arising out of or relating to this Order shall be governed by and construed in accordance with the internal laws of the state where the applicable Goods were delivered to Buyer, without giving effect to any choice or conflict of law provision or rule that would cause the application of the laws of any jurisdiction other than those of such state. Any legal suit, action or proceeding arising out of or relating to this Order shall be instituted solely in the federal courts located in the state where the applicable Goods were delivered to Buyer, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action or proceeding.

29. Cumulative Remedies. The rights and remedies under this Order are cumulative and are in addition to and not in substitution for any other rights and remedies available at law or in equity or otherwise.

30. Notices. All notices, request, consents, claims, demands, waivers and other communications hereunder from Seller (each, a “Notice”) shall be in writing and addressed to Buyer at the address set forth on the face of this Order or to such other address that may be designated by Buyer in writing. All Notices from Seller shall be delivered by personal delivery, nationally recognized overnight

courier (with all fees pre-paid), facsimile (with confirmation of transmission) or certified or registered mail (in each case, return receipt requested, postage prepaid). A Notice to Buyer is effective only (a) upon receipt by Buyer, and (b) if Seller has complied with the requirements of this Section. All notices and requests from Buyer may be made by email, phone, or any other form of communication used by Seller.

31. No public statements by Seller; Trademark Rights. Seller party will not make any public statement or press release regarding this purchase order without the prior written consent of Buyer, which may be withheld in Buyer’s sole discretion. Seller grants to Buyer a royalty-free, limited, worldwide license to Seller’s trademarks relating to the Goods solely to market the Goods to Buyer’s customers.

32. Severability. If any term or provision of this Order is invalid, illegal or unenforceable in any jurisdiction, such invalidity, illegality or unenforceability shall not affect any other term or provision of this Order or invalidate or render unenforceable such term or provision in any other jurisdiction.

33. Survival. Provisions of this Order which by their nature should apply beyond their terms will remain in force after any termination or expiration of this Order including, but not limited to, the following provisions: Materials Furnished or Paid For by Buyer, Set-off, Warranties, General Indemnification, Intellectual Property Indemnification, Insurance, Compliance with Laws, Confidential Information, Governing Law, Submission to Jurisdiction and Survival.


Appendix 1 - Software-as-a-Service Appendix

This Software as a Service Addendum (this “Appendix”), effective as of the date of the Order (the “Effective Date”), and is part of the Purchase Order Terms & Conditions. Capitalized terms used but not defined herein have the meanings given to them in the Order.

1. Definitions. As used in this Appendix:

(a) “Authorized User” means Buyer's employees, consultants, contractors, and agents who are authorized by Buyer to access and use the SaaS under the rights granted to Buyer pursuant to this Order.

(b) “Buyer Data” means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Buyer or an Authorized User through the SaaS.

(c) “Documentation” means Supplier's user manuals, handbooks, and guides relating to the SaaS provided by Supplier to Buyer either electronically or in hard copy form/end user documentation relating to the SaaS made available to Buyer under this Order.

(d) “Supplier IP” means the SaaS, the Documentation, and any and all intellectual property provided to Buyer or any Authorized User in connection with the foregoing. For the avoidance of doubt, Supplier IP does not include Buyer Data.

(e) “SaaS” means solely the Services making up the software-as-a-service offering described in the Order.

2. Access and Use.

(a) Provision of Access. Supplier hereby grants Buyer a non-exclusive, non-transferable right to access and use the SaaS during the Term, solely for use by Authorized Users in accordance with the terms and conditions herein. Such use is limited to Buyer's internal use. Supplier shall provide to Buyer the necessary passwords and network links or connections to allow Buyer to access the SaaS within three business days following the Effective Date. If the total number of Authorized Users will not exceed the number set forth in the Order (if any), except as expressly agreed to in writing by the parties and subject to any appropriate adjustment of the Fees payable hereunder.

(b) Documentation License. Supplier hereby grants to Buyer a non-exclusive, non-sublicensable, non-transferable license to use the Documentation during the Term solely for Buyer's internal business purposes in connection with its use of the SaaS.

(c) Use Restrictions. Buyer shall not use the SaaS for any purposes beyond the scope of the access granted in this Order. Buyer shall not at any time, directly or indirectly, and shall not permit any Authorized Users to: (i) copy, modify, or create derivative works of the SaaS or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the SaaS or Documentation; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the SaaS, in whole or in part; or (iv) remove any proprietary notices from the SaaS or Documentation.

3. Service Levels and Support. Supplier shall make the SaaS available in accordance with the service levels set out in Appendix

1-A (SLA & Support) The access rights granted hereunder entitles Buyer to the support SaaS described in Appendix 1-A. Throughout the Term, Supplier shall maintain a business continuity and disaster recovery plan for the SaaS reasonably acceptable to Buyer and implement such plan in the event of any unplanned interruption of the SaaS.

4. Fees. Buyer shall pay Supplier the Fees set forth in Order. Supplier shall invoice Buyer for all Fees in accordance with the invoicing schedule and requirements set forth in Set forth in the Order. Buyer shall pay all undisputed invoices as set forth in Section 14 of the Order..

5. Intellectual Property Ownership.

(a) Supplier IP. Buyer acknowledges that, as between Buyer and Supplier, Supplier owns all right, title, and interest, including all intellectual property rights, in and to the Supplier IP.

(b) Buyer Data. Supplier acknowledges that, as between Supplier and Buyer, Buyer owns all right, title, and interest, including all intellectual property rights, in and to the Buyer Data. Buyer hereby grants to Supplier a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and use and display the Buyer Data solely to the extent necessary for Supplier to provide the SaaS to Buyer.

6. Warranties and Warranty Disclaimer.

(a) Supplier warrants that during the Term of this Order the SaaS, (i) will conform in all material respects to the specifications set forth in the Documentation and the Order during the Term; and (ii) will be provided in compliance with all applicable laws; and (iii) do not contain any virus or other malicious code.


7. Indemnification.

(a) Without limiting Supplier’s other indemnification obligations set forth in the Order, Supplier shall indemnify, defend, and hold harmless Buyer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (“Losses”) incurred by Buyer resulting from any third-party claim, suit, action, or proceeding “Third-Party Claim”) that the Supplier IP, or any use of the SaaS in accordance with this Order, infringes or misappropriates such third party's intellectual property rights, provided that Buyer promptly notifies Supplier in writing of the claim, reasonably cooperates with Supplier at Supplier's expense, and allows Supplier sole authority to control the defense and settlement of such claim.

(b) If such a claim is made or appears possible, Buyer agrees to permit Supplier, at Supplier's sole expense, to (i) modify or replace the Supplier IP, or component or part thereof, to make it non-infringing, or (ii) obtain the right for Buyer to continue use. If neither of these alternatives are commercially reasonable, Supplier


may terminate this Order, in its entirety or with respect to the affected component or part, effective immediately on written notice to Buyer, provided that Supplier shall refund or credit to Buyer all amounts Buyer paid in respect of the Supplier IP that Buyer cannot reasonably use as intended under this Order.

8. Term and Termination.

(a) Term. Notwithstanding anything to the contrary to Section 22 of the Order, the term of this Order with respect to the SaaS begins on the Effective Date in effect until end of the subscription for the use of the SaaS as set forth on the face of the purchase order (the “Term”).

(b) Termination.

(i) Buyer may terminate the Order with respect to the SaaS for convenience, for any reason or no reason, upon 30 days prior written notice to Supplier.

(ii) either party may terminate this Order with respect to the SaaS, effective on written notice to the other party, if the other party materially breaches this Order, and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured 30 days after the non-breaching Party provides the breaching Party with written notice of such breach; or

(iii) either party may terminate this Order with respect to the SaaS, effective immediately upon written notice to the other party, if the other party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

(c) Effect of Expiration or Termination. Upon expiration or earlier termination of this Order, Buyer shall immediately discontinue use of the Supplier IP and, without limiting Buyer's obligations under Section 5 of this Appendix, Buyer shall delete, destroy, or return all copies of the Supplier IP.

(d) Survival. This Section 8(d) and Sections 1, 5, and 7 survive any termination or expiration of this Order with respect to the SaaS.

9. Export Regulation. Buyer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the SaaS or any Buyer Data outside the US.


Appendix 2 – Data Processing Addendum

This Data Protection Addendum (“DPA”) and all Annexes, are effective as of the date of the Order (the “Effective Date”), and are part of the Purchase Order Terms & Conditions. Capitalized terms used but not defined herein have the meanings given to them in the Order.

This DPA applies when Supplier’s performance with respect to the Purchase Order involves Processing (defined herein) of any amount of Personal Data (defined herein). The parties acknowledge and agree that no minimum threshold for Processing a certain amount of Personal Data triggers the applicability of this DPA; This DPA applies for any handling, storage or other Processing of Personal Data, including but not limited to where Supplier receives any Personal Data of Buyer’s employees, staff, workers, customers or driver partners, or Processes Personal Data for the sole purpose of authentication and authorization into a computer system.

1. Definitions.

(a) “Applicable Law” means all legislation and other laws including all regulatory or industry codes of practice and guidance in force from time to time relating to the protection of personal data, cybersecurity or the privacy of individuals.

(b) “Data Subject” means the identified or identifiable natural person to whom Personal Data relates.

(c) “Data Breach” means the (i) accidental, unlawful or unauthorized Processing of, or access to Personal Data, or (ii) any other act or omission that compromises or may compromise the security, confidentiality, integrity or availability of Personal Data.

(d) “Processing” means as any operation or set of operations performed on Personal Data, whether or not by automated means.

(e) “Personal Data” has the meaning assigned to the terms “Personal Data” or “Personal Information” under Applicable Law, and shall, at a minimum, mean any information relating to a Data Subject. Personal Data is Confidential Information as that term is defined in the Purchase Order.

(f) “Sub-Supplier” or “Sub-Processor” means any person or entity appointed on behalf of Supplier that Processes Personal Data

2. Roles of the Parties. The parties acknowledge and agree that for the purposes of Processing of Personal Data, Buyer determines the purposes and means for Processing Personal Data and Supplier Processes Personal Data on behalf of Buyer.

3. Supplier’s Obligations. Supplier shall only Process Personal Data for purposes of providing the Services and on other documented instructions from Buyer including regarding international transfers of Personal Data. Without limiting the generality of the foregoing, Supplier is prohibited from and will not: (i) sell Personal Data; (ii) retain, use, or disclose the Personal Data for any purpose other than for the specific purpose of performing the Services, including retaining, using, or disclosing the Personal Data for a commercial purpose other than performing the Services; (iii) use the Personal Data for targeted advertising; (iv) retain, use, or disclose the Personal Data outside of the direct business relationship between Buyer and Supplier; and (v) combine Personal Data which it receives from or on behalf of Buyer with Personal Data which it receives from another source, except as approved by Buyer in writing. Supplier shall ensure that this also applies for any persons or Sub-Suppliers granted access to Personal Data. If Supplier is otherwise required to Process Personal Data under any Applicable Law to which Supplier is subject, Supplier shall inform Buyer of such legal requirement in due time before Processing, unless such information is prohibited on important grounds of public interest. If Supplier is of the opinion that

any of Buyer’s instructions regarding Processing Personal data infringes Applicable Law, it shall immediately notify Buyer. If, at any time, Supplier determines that it can no longer meet the restrictions and obligations set forth on it in this DPA or under Applicable Law, it shall provide Buyer written notice thereof immediately. Supplier shall also cooperate with Buyer’s reasonable and appropriate directions to remediate any unauthorized use of Personal Data.

4. Confidentiality. Supplier shall ensure that any of Supplier’s employees, staff, workers, agents, or consultants (“Personnel”) entrusted with Processing Personal Data have been obliged to maintain confidentiality of the Personal Data and will provide verification upon request; such obligation shall continue as long as Supplier holds Personal Data of Buyer. Supplier shall make sure that its Personnel will not Process the Personal Data except on instructions from Buyer.

5. Data Subject Rights. Supplier shall assist Buyer by appropriate technical and organizational measures, taking into account the nature and purpose of the Processing, for the fulfilment of Buyer’s obligation to respond to requests for exercising rights afforded to data subjects under applicable law, including complaints regarding Supplier’s or Buyer’s compliance with any such Laws. Supplier shall comply with any individual rights requests (such as rights to know, access, correct, or delete) only if directed by Buyer and then without unreasonable delay, but in no event later than ten calendar days. If a data subject or authorized individual directly contacts Supplier for the purposes of exercising the data subject’s rights, Supplier shall forward this request to Buyer in no event later than forty-eight (48) hours after receiving such request and shall cooperate with Buyer in responding.

6. Information Security Program. Supplier represents and warrants that it has implemented and will maintain a written information security program that meets the requirements set forth in Annex 1 and includes appropriate technical and organizational safeguards that ensure the confidentiality, security, integrity, and availability of Personal Data which shall, at a minimum, encrypt Personal Data when in transit and at rest.

7. Data Breaches. Supplier shall immediately, in any case within 24 hours after becoming aware of a Data Breach, notify the Buyer via email to cyber@gopuff.com of the Data Breach, violations of Applicable Law (if known), or violations of this DPA or other contractual requirements. Supplier shall not inform any third party, including supervisory authorities and data subjects, of any Data Breach under this DPA without first obtaining the Buyer’s prior written consent, except when required by Law. Supplier shall support the Buyer in fulfilling its duties under Applicable Law, including required communication with the data subject(s), regulators, and any other third parties, including but not limited to Supplier’s obligation to assist the Buyer with notifications to the supervisory authority and communications to the data subjects.

8. Corrective Action by Supplier. In the event of a Data Breach caused by the acts or omissions of Supplier (or Supplier’s Sub-processors, agents or subcontractors), Supplier shall take all necessary steps and actions (at no cost to Buyer) related to investigating, mitigating, and remediating the effects of the Data Breach (“Costs”), including but not limited to Costs relating to notification letters, regulatory investigations or litigation, and credit monitoring and other services that entities commonly make available to individuals impacted by a Data Breach.

9. Assistance. Taking into account the nature of Processing and the information available to Supplier, Supplier shall assist Buyer in ensuring compliance with Buyer’s legal obligations pursuant to Applicable Law, in particular with respect to the security of the


Processing, data breach notification, data protection impact assessments, and consultation of supervisory authorities.

10. Records of Processing Activities. Supplier shall contribute to the preparation of Buyer’s record of Processing activities. Supplier shall timely provide Buyer with the requested information.

11. International Transfers. Supplier shall not transfer Personal Data from any jurisdiction to any other jurisdiction (the European Economic Area constituting a single jurisdiction for this purpose), without Buyer’s prior written consent and, if applicable without first putting in place an appropriate data transfer agreement or other mechanism appropriate to comply with Applicable Law. Notwithstanding the foregoing, if Supplier or its Sub-Suppliers Process Personal Data originating in the European Economic Area, Switzerland or the United Kingdom in a country that has not been found to have an adequate level of protection under Applicable Law and the transfer of such Personal Data is not covered by an alternative transfer mechanism that is recognized by such relevant authorities as providing an adequate level of protection for Personal Data (such as Binding Corporate Rules), the parties agree to comply with and incorporate by reference into this DPA the Standard Contractual Clauses. To the extent the Standard Contractual Clauses apply, (i) they apply independently to All EEA Affiliates of GoBrands EU SARL that may use the services provided by Supplier as defined in the Order (ii) The aforementioned GoBrands EU SARL affiliates shall each be deemed the “data exporter” and Supplier shall be deemed the “data importer” (iii) the security measures set out in this DPA and in Annex 1 hereto are incorporated into the Standard Contractual Clauses as Appendix 1 thereto. The parties agree that the Standard Contractual Clauses will apply not only to direct transfers but also any onward transfer of Personal Data. If requested by Buyer, Supplier shall execute any other version of a model contract or data transfer agreement to offer adequate data protection safeguards in relation to the transfer of Personal Data as Buyer deems reasonably necessary to comply with Applicable Law or protect its interests.

12. Deletion and Return of Personal Data. At the choice of Buyer, Supplier shall delete or return the Personal Data, unless the law to which Supplier is subject requires retention, in which case the retention shall remain subject to this DPA and limited to the purpose and period required by Applicable Law. Supplier shall erase or destroy all Personal Data in Supplier’s possession, custody, or control, including in the possession, custody or control of any agents, subcontractors, or Sub-Suppliers using mechanisms consistent with prevailing best industry practice. The deletion or return of Personal Data shall be immediately confirmed in writing.

13. Demonstration of Compliance. Supplier shall make available to Buyer all information necessary to demonstrate compliance with Supplier’s obligations under this DPA. Supplier shall allow, and cooperate with, reasonable assessments, audits, and inspections by Buyer or Buyer’s designated assessor/auditor, which may include, Supplier’s policies and technical and organizational measures in support of its obligations under Applicable Law. Alternatively, Supplier may, with Buyer’s consent and at Supplier’s expense, arrange to have corresponding audits performed by professionally qualified, independent, and recognized companies on an annual basis, but at least every 12 months, and shall submit the audit report to Buyer within the aforementioned time period.

14. Requests by Authorities. Supplier shall, without undue delay, inform Buyer on controls or checks and other measures conducted by a data protection authority, unless Supplier is prohibited to do so under applicable statutory law. Supplier shall not disclose Personal Data in response to a request by a third party unless it is either under a compelling statutory obligation to make such

disclosure or there is an imminent risk of serious harm that merits disclosure.

15. Sub-Suppliers. The Sub-Suppliers identified in Table 1 are currently engaged for processing of Personal Data. If Supplier would like to engage or change Sub-Suppliers to render the contractually agreed services, Supplier must provide Buyer prior written notice of such changes, including full details of the Processing to be undertaken by the Sub-Suppliers. If, within 30 days of receipt of that notice, Buyer notifies Supplier of any objections (on reasonable grounds) to the proposed appointment, Supplier shall not appoint that proposed Sub-Supplier until reasonable steps have been taken to address the objections raised by Buyer.

16. Term and Termination. This DPA shall remain in force for an indefinite term and may be terminated in accordance with the provisions of the Order, provided, however, regardless of expiration or termination of this DPA, Supplier will comply with the provisions of this DPA for so long as Personal Data is Processed on behalf of Buyer.

17. Miscellaneous. In the event of a change in Law, the parties agree to negotiate in good faith to amend this DPA as is reasonable and appropriate given the change in Law. In the event of a conflict between a provision in this DPA and any other agreement between the parties, this DPA shall control; provided that if another provision requires greater privacy or security protection of Personal Data, such other provision shall control.

Annex 1 to the Data Processing Addendum Supplier Security Measures

The Supplier/Processor/Data Importer has implemented and shall maintain the following security measures, as a minimum:

1. Ensure ownership of security and data protection compliance internally by appointing staff responsible for coordinating and monitoring the security rules and procedures as well as data protection compliance;

2. Maintain an inventory of all systems, networks, computing and other equipment and media used to Process Personal Data Processed under this DPA (“System”);

3. The data center system at least, a Tier 3 data center;

hosting the Personal Data must be,

4. The System must follow industry standards to protect against loss of data, including due to power supply failure, fire and other natural hazards;

5. The System must be backed up every day and the backup of Personal Data Processed under this DPA and data recovery procedures must be stored in a different place from where the primary System is located;

6. System restore tests must be run, at least, once per year and results must be communicated to Buyer/Controller/Data Exporter;

7. Physical & logical accesses to the System must be: (a) secured on need-to-know and the least privilege principles and duly documented, registering at least the access ID, time and relevant activity (b) documented in inventories access to which is restricted to authorized personnel only; (c) restricted to those individuals who require such access to perform their job function for the purposes

identified in the DPA; (d) only granted to individuals with separate, unique identifier/username;

  1. Access rights must be reviewed periodically;

  2. With regards to authentications mechanism as outlined in

point 7 above: (a) where these are based on passwords these must be sufficiently complex, in accordance with the applicable industry standards for strong passwords; (b) any de-activated or expired identifiers/usernames shall not granted to other individuals; (c) accounts shall be locked out in case of repeated attempts to gain access to the information system using an invalid password; (d) practices designed to ensure the confidentiality and integrity of passwords when they are assigned and distributed, and during storage, shall be maintained.

10. For external facing System applications, intrusion tests must be run, at least, once a year;

11. A Disaster Recovery Plan, covering a Recovery Point Objective (RPO) of twelve (12) hours and Recovery Time Objective (RTO) of twelve (12) hours must be in place and tested, at least, once per year. Results must be communicated in writing to the Controller;

12. Change management procedures must exist to ensure changes to operational systems and applications are performed in a controlled way and do not harm or otherwise unfavorably impact Processing of Personal Data Processed under the DPA;

13. Prevent the unauthorized reading, copying, modification or erasure of data media containing any Personal Data under this DPA, including by implementing industry standard control measures (e.g. firewalls, security appliances, network segmentation);

14. Ensure that procedures for recovering data are designed to attempt to reconstruct Personal Data Processed under this DPA in its last-replicated state from before the time it was lost or destroyed;

15. Prevent the unauthorized input of Personal Data and the unauthorized inspection, modification or deletion of stored Personal Data, including, inter alia, by adopting appropriate anti-malware and virus controls;

16. Ensure that the security patches are followed-up and installed following a documented security patch management process;

17. Ensure that it is possible to verify and establish the bodies to which Personal Data have been or may be transmitted or made available using data communication equipment, networks or other means;

18. Ensure that is it subsequently possible to verify and establish which Personal Data have been input into automated processing systems and when and by whom the Personal Data were input;

19. Implement a System/network segmentation policy and controls to avoid individuals gaining access to communication,

System and Personal Data Processed under this DPA for which they have not been authorized;

20. Ensure that the confidentiality and integrity of Personal Data are encrypted during transfers of Personal Data across public networks or during transport of data media or during the time it is placed on portable devices;

21. Ensure that procedures for securely disposing of media and printed materials that contain Personal Data Processed under this DPA are in place;

22. Ensure that encryption of Personal Data Processed under this DPA is performed according to formal processes and industry encryption standards. SSL/TLS encryption mechanisms follow the highest standards only using strong ciphers and at least 128-bit encryption;

23. Maintain a selection process to evaluate the security and privacy and practices of the Sub-Processors with regard to Processing of Personal Data Processed under this DPA;

24. Ensure that all System functions perform and that the appearance of faults in the functions is reported;

25. Ensure that Personal Data collected for different purposes can be Processed separately;

26. Ensure all employees and any other persons acting under Processor’s authority are trained about relevant security measures to protect Personal Data Processed under this DPA;

27. Execute periodical risk assessment of the implemented security controls and communicate the results to the Controller; and

28. The requirements set forth in the Purchase Order.

The Processor may implement alternative measures providing equal or higher protection but in this case shall inform the Controller of the alternative in advance.