Marketplace Terms of Service

1. Subject Matter

1.1. Subject Matter. Personio SE & Co. KG (hereinafter “Personio”) offers a web-based personnel
administration and recruiting software (hereinafter “Personio Software”) for small and
medium-sized companies, in particular via personio.com. The Partner offers and operates a
software or online service (hereinafter “Partner Application”) and intends to create an
application interface between the Partner Application and the Personio Software so that data
and commands can be exchanged between the Personio Software and the Partner Application
(hereinafter “Integration”). To facilitate the Integration the Partner intends to use an Application
Programming Interface (API) of Personio (hereinafter “Personio API”). Once the Integration is
accepted by Personio, Personio will list the Integration on the Personio marketplace (currently at
marketplace.personio.com) (hereinafter “Personio Marketplace”).

This Marketplace Terms of Service Agreement (hereinafter “Agreement”) sets forth the rights
and obligations of Parties in connection with the Integration, including the requirements and the
process of review and acceptance of the Partner Application.

1.2. Applicable Terms. Terms and conditions of the Partner do not apply, unless Personio expressly
agrees to their application in writing. Personio does not offer the Integration to Partners who are
consumers within the meaning of § 13 BGB (German Civil Code)

2. Partner Integration Review and Acceptance

2.1. Acceptance Requirement. Before the Partner may use the API, manage real live data with the
API and offer the Integration to its customers, the Integration must be reviewed and accepted by
Personio as set out in this Agreement. For the avoidance of doubt, the use of the API for testing
and development purposes does not require such acceptance, provided that only (anonymous)
testing data is used.

2.2. Review Process. Partner must complete an application form and submit all required documents
for review. Submitted information must be accurate and complete. Personio will conduct a
technical quality check of the Integration. Within such quality check Personio will review whether
the Integration complies with the Partner Integration Acceptance Criteria, which includes (i) the
API Security Policy, (ii) the API Use Policy and (iii) the terms of this Agreement. If Personio
deems the requirements to be fulfilled, Personio will in its discretion accept the Integration after
a live/demo presentation of the Integration and the Partner Application in a joint session. The
review process description, the application form, a list of all required documentation and the
Partner Integration Acceptance Criteria are available online on our [Developer Hub] (developer.personio.de).
The Partner Integration Acceptance Criteria may include criteria like data security, compliance with
Personio’s technical specifications, user friendliness and quality of the Partner Application.
Personio is not obliged to accept an Integration.

2.3. Changes to the Integration. If the Partner intends to materially change the Integration after
acceptance, the Partner must submit the changes for a new acceptance before offering the
changed version of the Integration to its customers. A change is material if it raises again the
question of compliance with the Partner Integration Acceptance Criteria.

3. Personio Obligations

3.1. Integration Review. Personio will conduct the review process in a timely manner, provided that
the Partner submits all required documentation.

3.2. Listing. Personio will list accepted Integrations on the Personio Marketplace. Details of the
listing remain in the discretion of Personio.

3.3. API Availability. Personio will use commercially reasonable efforts to make the Personio API
available 99 % an annual average. Excluded from this are times in which the server cannot be
reached due to other technical problems beyond the control of Personio (in particular force
majeure, third party negligence). Also excluded are planned maintenance work which Personio
will announce duly in advance.

3.4. Support. Unless otherwise agreed Personio shall not be obliged to provide support for the
Personio API.

4. Partner Obligations

4.1. Compliance of Integration. The Partner will ensure that the Integration conforms to the Partner
Integration Acceptance Criteria (including the API Security Policy and the API Use Policy)
during the entire term of this Agreement. The Partner will use the Personio API in compliance
with this Agreement and will - in the course of using the Personio API - not violate third party
rights or any applicable laws or regulations, in particular data protection laws and regulations
and copyright laws. The Partner may use the Personio API solely for the purpose of providing
the Partner Application and Integration as set out in the description of the Partner available at
the Personio Marketplace and as set out in the joint review process.

4.2. Limited Use Purposes. The Partner shall not use the API for the purpose of (i) creating publicly
available directories based on the information retrieved from the API (e.g. a public employee
handbook) or (ii) for building an alternative HR record keeping system, or for (iii) creating a tool
to migrate Personio customers to a competitor of Personio except respectively with the prior
written consent of Personio, which Personio will not unreasonably withhold.

4.3. Test Environment. Partner will provide Personio with a fully functional test environment and
logins for the Integration, which Personio may use, store, copy and distribute for internal testing
and evaluation purposes. The test environment must be functionally identical to your production
environment.

4.4. Access Credentials. The Partner will keep all access credentials provided by Personio for the
Personio API secret and confidential, and will not share, assign, or transfer them to any third
party. The Partner is responsible for all activities that occur using its access credentials.

4.5. Notification of Changes and Problems. The Partner will notify changes of the Integration to
Personio and obtain Personio’s prior acceptance in accordance with section 2.3. The Partner
shall report to Personio without undue delay disruption of the availability of the Personio API or
any other malfunction of the Personio API.

4.6. Support. The Partner will provide Personio with a support contact and offer reasonable support
in case of any issue raised by Personio in connection with any technical aspect of the
Integration, e.g. in case of a complaint by a Personio customer or a synchronization error.

4.7. Responsibility. Partner shall be fully responsible for the Partner Application and the Integration,
in particular that the Partner Application and Integration is free from defects, does not violate
third party rights or any applicable laws or regulations. Customer of the Partner or any other
third parties shall have no rights against Personio form this Agreement.

4.8. Warranties. The Partner warrants that (i) all information the Partner provides to Personio is
true, accurate, and complete, and that (ii) the Integration (a) does not contain, and will not
transmit to Personio, any viruses, worms, time bombs, Trojan horses and other harmful or
malicious code, files, scripts, agents or programs, and (b) will not interfere with, disrupt, or harm
Personio, the Personio API, the systems, servers, or networks providing the foregoing, or
anyone’s use of the Personio Software, (iii) the Partner will not use the Personio APIs or any
data obtained using the Personio APIs to identify, exploit or publicly disclose any potential
security vulnerabilities; and (iv) the Partner will not reverse engineer, decompile, disassemble,
or derive source code from the Personio API or Personio Software.

4.9. No representation. The Partner will not suggest any affiliation with Personio, including any
suggestion that Personio sponsors, endorses or guarantees the Integration or Partner
Application, except for the API Integration relationship expressly contemplated in this
Agreement. The Partner will not make any representations, warranties or commitments on
behalf of Personio or regarding the Personio Software or the Personio APIs.

5. Remuneration

Unless otherwise agreed any services of each Party under this Agreement shall be free of
charge.

6. Intellectual Property Rights, Use of Names and Trademarks

6.1. IP Rights. Each Party shall remain owner of its intellectual property rights, in particular Personio
shall keep all rights in the Personio Software and the Personio API and the Partner shall keep
all rights in the Partner Application and the Integration.

6.2. Use of Names and Trademarks. Personio and Partner each grant the other Party hereby a
limited, non-exclusive, non-sublicensable, non-transferable and non-assignable license during
the term of this Agreement to display the licensing’s party trade names, trademarks, service
marks, logos and domain names (“Brand Features”) that the licensing’ party makes available
solely for the purposes of: (a) online and offline marketing and promotion of the availability of
the Integration in the Personio Marketplace; and (b) for any mutually agreed marketing
activities. Both Parties agree: (I) not to display the licensing’ party Brand Features in any way
that violates applicable law, including laws regarding libel, slander, obscenity and infringement,
or in a way that suggests that it has created, sponsored, or endorsed the Integration or its
content, and (ii) that all displays of the licensing’s party Brand Features will be in accordance
with the licensing’s party branding guidelines made available to the other Party. The branding
guidelines of Personio are available at our Partner Marketing Kit page.

6.3. Feedback. Either Party may from time to time elect, in its sole discretion, to provide
suggestions, comments, improvements, ideas or other feedback to the other Party related to
such other Party’s products and services (”Feedback”). Such Feedback is provided on an “as
is” basis with no warranties of any kind and the receiving Party will have a non-exclusive,
perpetual and irrevocable right and license to use such Feedback. Each Party agrees not to
provide Feedback that it knows is subject to any intellectual property claim by a third party or
any license terms which would require products or services derived from such Feedback to be
licensed to or from, or shared with, any third party.

6.4. Data Analytics. Personio may analyze the use of the Personio API by Partner (e.g. amount and
times of access requests, transferred amount of data) for the purpose of ensuring compliance
with this Agreement, data security and in order to improve or further develop the Personio API
and other services of Personio.

7. Data Protection and Security

7.1. Roles. Personio acts as a data processor within the meaning of Article 3 no. 8 EU General Data
Protection Regulation (GDPR) for its customers which act as data controllers within the meaning
of Article 3 no. 7 GDPR. It is the Parties intend and understanding that the Partner acts as an
independent data processor for the customer or as a data controller, but Personio and Partner
are neither joint controllers (within the meaning of Art. 26 GDPR) nor are in a processor and
sub-processors relationship.

7.2. Compliance and Customer instructions. The Partner shall comply with all applicable laws
and regulations on the protection of personal data, in particular the GDPR, when processing
personal data in the course of the Integration. Partner shall access, modify or otherwise process
personal data through the Personio API only if and to the extent authorized or instructed by the
customer and data controller.

7.3. Personal Data Breach. If the Partner becomes aware of a personal data breach within the
meaning of Art. 3 no 12 GDPR that occurred in connection with the use of the Personio API
(e.g. unauthorized access to customer data through the Personio API), the Partner shall inform
Personio without undue delay and provide Personio with the information as set out in Art. 33
para 3, 4 GDPR. The Partner shall consult and cooperate with investigations, assist with
any required notices, and provide any information reasonably requested by Personio.

8. Term and Termination

8.1. Term and Termination for Convenience. This Agreement shall have an indefinite term. It may
be terminated for convenience by either party with a 90 days notice period.

8.2. Termination for Cause. The right to terminate for good cause shall remain unaffected. A good
cause shall in particular exist if the Partner fails to comply with data security requirements or
caused a personal data breach or if the Partner during the term of this Agreement fails to
comply with the Partner Integration Acceptance Criteria and does not rectify such defect within
30 days.

8.3. Form of Termination. Termination shall be made in writing (no email). If this Agreement was
entered into in electronic form, termination in the same electronic form (e.g. copy of signed PDF,
DocuSign) shall be considered sufficient.

8.4. Special Right to Terminate. Personio shall be entitled to terminate this Agreement without a
notice period if (a) Personio decides to generally cease to provide the Personio API or to
materially change its offer of an application programming interface (API), or (b) the Partner or an
affiliated company of Partners becomes a competitor of Personio or of an affiliated company of
Personio.

8.5. Effect of Termination. Upon termination of this Agreement the Partner will cease to use the
Personio API and cease to operate, market and offer the Integration and Personio will no longer
list the Integration in the Marketplace.

8.6. Blocking of Access. Personio is entitled to temporarily block access to the Personio API if
Personio has good reason to believe that the use of the API is violating the Partner Integration
Acceptance Criteria, including the API Security Policy and the API Use Policy, or otherwise
constitutes a potential security or performance threat. Personio shall immediately inform the
Partner of any such blocking and the Parties shall cooperate in good faith to resolve the reason
for the blocking.

9. Confidentiality

9.1. Duty of Confidentiality. During the term of this Agreement and for five years thereafter,
the Parties will use all Confidential Information within the meaning of section 9.2 solely for
purposes of this Agreement and will keep it confidential; in particular, the disclosure of
Confidential Information to Third Parties requires the prior written consent of the other
party.

9.2. Confidential Information. "Confidential Information" refers to all documents, information
and data labelled or referred to as "confidential" by the disclosing Party, which have been
made accessible to the parties, or of which they became aware, due to their cooperation,
and all information which is confidential by its nature. Confidential Information includes in
particular customer data exchanged through the API.

9.3. Exceptions. Without granting any right or license, the obligations pursuant to section 9.1
do not apply to the extent the Party receiving Confidential Information can demonstrate that
the Confidential Information lawfully
a) was in the public domain at the time of disclosure or entered the public domain
thereafter, or
b) was disclosed to the receiving party by a Third Party, or
c) was already in the possession of or known to the receiving party at the time of
disclosure, or
d) was developed by the receiving party independently from the Confidential
Information, or
e) must be disclosed pursuant to statutory or regulatory provisions or because of a court
order if the disclosing Party is immediately notified of this requirement and if the
scope of disclosure is limited as much as possible.

9.4. Third Parties. The term “Third Parties” within the meaning of the preceding provisions does not
include lawyers, auditors and tax offices as well as persons who are bound by professional
non-disclosure obligations. Vis-à-vis Personio, sub-contractors of Personio are not third parties.

10. Liability and Claims for Defects

10.1. Limitation of Liability. Personio is providing the Personio API and its other services under this
Agreement free of charge. Insofar the provisions on loan of the German Civil Code (BGB) shall
apply, i.e. in particular, Personio’s liability for defects is limited to fraudulent intent according to §
600 BGB, liability is limited to intent and gross negligence according to § 599 BGB and the
reduced limitation period of six months according to § 606 BGB applies.

10.2. Failure of Personio API. Personio shall not be liable for any damages resulting from the
non-availability, irresponsiveness or malfunction of the Personio API, except in case of intend.

11. Indemnification

11.1. Duty to Indemnify. If third parties (including data subjects, customers or user of the Personio
Software or Partner Application) assert claims or legal infringements against Personio based on
the allegation that the Partner has breached this Agreement, in particular has used the Personio
API in violation of applicable data protection laws or in otherwise illegal manner, the following
shall apply: Partner shall indemnify Personio against such claims, provide Personio with
reasonable assistance in defending its rights and indemnify Personio against the costs of
defending its rights.

11.2. Conditions. It is a prerequisite for the indemnification obligation according to clause 11.1 that
Personio immediately informs the Partner in writing about asserted claims, does not make any
acknowledgements or equivalent declarations and enables the customer to conduct all judicial
and extrajudicial negotiations about the claims at the partner's expense - as far as possible.

12. Reservation of Changes

12.1. Changes of terms. Personio has the right to change the terms of this Agreement including the
Partner Integration Acceptance Criteria at any time or to amend terms for the use of any newly
introduced additional services or features of the Personio API. Changes and amendments to
this Agreement shall be announced to the Partner not later than four weeks before the
scheduled change. The Partner’s consent to the change of the terms of the Agreement will be
deemed granted if the Partner does not object to the change in textual form (e. g. letter, fax,
email) within a period of two weeks, beginning with the day following the day of the
announcement of the change. Personio undertakes to separately indicate in the announcement
of the change the possibility of objection, the deadline for an objection, the and the meaning or
consequences of omitting an objection. If the Partner objects to the change, Personio reserves
the right to terminate the Agreement with effect to the effective date of the announced change.

12.2. Changes of the Personio API. Personio reserves the right to technically modify the Personio
API or to offer deviating functionalities. Personio will announce material changes to Personio
API in due advance on its website. Personio in particular reserves the right to modify the
Personio API or to offer deviating functionalities, (i) to the extent necessary to make the services
offered by Personio compliant to the law applicable to such services, in particular if the legal
situation changes; (ii) to the extent Personio complies with a court order or authority decision
addressed to Personio; (iii) to the extent necessary to eliminate security vulnerabilities; (iv) due
to significant changes in the services or contractual conditions of third-party providers, or (v) to
the extent that this is predominantly beneficial for the customer. Personio especially reserves
the right to restrict or discontinue the provision of functionalities if the technical partners for
these additional functionalities or the providers of the third party systems significantly change or
limit their services or terms of service and Personio can therefore no longer reasonably be
expected to continue providing the above, such as if the additional expense due to Personio’s
involvement would be disproportionately high.

13. Final Provisions

13.1. Applicable Law. This Agreement and all disputes related thereto (both under contract and
tort aspects) are exclusively governed by German law excluding UN Sales Law (United
Nations Convention on Contracts for the International Sale of Goods, CISG).

13.2. Language of Contract and Interpretation. The text of the Agreement may be available in
German and English language. In case of a conflict or in case of ambiguities, the German
version is decisive for customers in the DACH region. In all language versions, legal terms
have the meaning afforded to them by the legal understanding in Germany pursuant to
German law.

13.3. Venue. If the Customer is a merchant, a legal person under public law or a special fund
under public law, the sole venue is the place of jurisdiction of Personio. Personio remains
entitled to bring action at the establishment of the Customer.

13.4. Severability. If individual terms of this Agreement were to be or become invalid, the validity
of the remaining terms is not affected. In lieu of the invalid provision, the following shall
apply: such provision as the Parties would have agreed in good faith pursuant to the
originally intended purpose from an economic perspective. This also applies in case of a
gap.