.

.

Terms and conditions of use

Duds Int OÜ , having its registered office in Vana-viru 9, 10111, Tallinn, Estonia,  hereby represented by its pro tempore legal representative (hereinafter, “OS”), created and is the owner of a website for online sale of products and for the supply of the dropshipping service, whose domain is www.peppela.com (hereinafter “OS Main Domain”) OS wants to offer users regularly registered on the OS Main Domain (hereinafter, “User”), under regular price payment (hereinafter, “Price”), a membership service giving the User the opportunity to sell online OS products supplied in dropshipping (hereinafter, the “Service”) listed in the catalogue (hereinafter, the “Catalogue”) through the user’s online shop (therefore provided with xls, csv, xml or json files for the extrapolation of the product catalog data, or through plugins, where present, for the automatic exchange of catalog and order data) or through a ready-to-use e-commerce with domain owned by the User created by OS and integrated with the dropshipping service provided by the latter (hereinafter “User Domain”). In light of the above,

THE FOLLOWING IS AGREED

1- The User’s request to activate the Service amounts to a proposal. The User shall register on the OS Main Domain, within the manner and the terms established in Annex A, choosing the desired Service and accepting the conditions of the present contract by ticking the acceptance box, also in relation to the clauses under Estonian Civil Code. It is understood that the registration is subject to the electronic acceptance through the ticking of the present contract terms and conditions. The User’s proposal will be deemed to be accepted, and thus the contract concluded, at the moment of the Service activation by OS, which will happen upon verification of the User’s regular registration on the OS Main Domain and the success of the Price payment, as detailed in Annex A. By registering, requesting the Service activation and accepting by clicking on the acceptance button, the User declares to have read and to accept all contents in the present contract also in relation to the provisions Civil Code of Switzerland. It is understood that the present contract between the User and OS will be concluded only in digital form by accepting the present conditions through the electronic point-and-click procedure by the User on the OS Main Domain.

2- The User may proceed with the Price payment through the modes indicated in Annex A. The User undertakes to adopt all necessary measures to ensure the successful outcome of the payment. In the event that the payment of the amounts due to OS is not successful, OS reserves the right to suspend the Service supply until the moment of the effective payment.

3- The User is not bound by any non-competition obligation and therefore is entitled to directly or indirectly handle competitor products other than OS’s. The User does not enjoy any exclusive rights for OS’s product. It is understood that OS is free to handle the online and offline sale with end customers directly or through agents, other partners or intermediaries. In any case, OS may not be considered responsible for products, sold by the User on his/her own User Domain, which are not listed in the Catalogue proposed by OS.

4- The User may use trademarks owned by OS or by third parties with a mere descriptive function necessary to indicate the industrial origin of the product and ensure its originality. OS does not authorize the use of logos, symbols or other distinguishing marks exclusively owned by OS or by third parties. It is understood that OS cannot be deemed responsible for the eventual misuse of such logos, symbols, marks or other distinguishing signs by the User.

5- The User shall hold OS harmless and shall indemnify it from any kind of claims, such as damages, liability, costs, burdens and expenses claims, including eventual legal fees, deriving from any User’s non-compliance with obligations under this contract.

6- The Service has a minimum duration of 1 or 12 months and starts running from the date of its activation by the User. The Service will automatically be renewed for the same period. It is understood that the User will have to pay the current Price at the time of each renewal.

7- It is understood that OS, in any case and at any time, may terminate the present contract and interrupt the Service, by means of an e-mail notice to the address provided by the User, who will not have the right to any compensation or reparation. In case of termination of the contract by OS, the Price eventually paid for the period during which the Service will not be used will be reimbursed to the User.

8- The Parties reciprocally ensure the respect of any norms related to personal data process. The personal data provided will be processed exclusively for the pursuance of contractual purposes. By registering and accepting the present contract as outlined above, the User gives his/her consent in order for OS to process his/her personal data, provided at the time of registration and of the Service request, and to transfer the User via e-mail any communications relating to the execution of the present contract, to the Service and to the promotion of the Catalogue products. The User, as owner of the data of his/her customers, appoints OS responsible for the treatment with reference to the data of the end users that are transmitted to him in order to perform the Service, by signing the contract referred to in the Annex “Designation of the data processing manager”.

9- The sales between OS and the User will be subject to OS’s general sale conditions provided by the present contract.

10- The present contract is governed by Estonian law.

11- All disputes arising out of or in connection with the present contract, both contractual and non contractual, shall be exclusively and finally settled by the competent Court of the place where OS has its registered office

12- The present contract repeals and replaces any other precedent written or verbal agreement, eventually entered into force between the parties on the matter covered by the contract.

13- Any amendment or integration shall be made in writing, otherwise they should be void.

14- The present contract cannot be transferred, in whole or in part, unless previously agreed in writing by the parties.

15- OS’s Dropshipping service is not for resale to third parties.

16- In the event of non-compliance with the present contract by the other party, the failure to exert a remedy or a right shall not constitute waiver to exert such remedy or right in the future.

17- The Whereas and the Annexes shall be considered a constitutive part of the present Terms of Peppela.

18- The service is not refundable

1. Cost of the service

The Dropshipping service can be activated according to the plans and rates which can be consulted in the Pricing section within the Peppela dashboard for Dropshipping plans or in the Ready to Use section The cost of the service is not refundable, in accordance with the EU Directive on consumer rights The activation of the service takes place within 24 hours of receipt of payment. The User can pay for the service by credit card. Depending on the plan chosen, the service will have a duration of 1 or 12 months in the case of a Dropshipping plan, 12 months in case of purchase of the turnkey website. The user can modify the Dropshipping plan or deactivate the renewal of the subscription by contacting customer service

2. Service content

Dropshipping

Once one of the Dropshipping plans proposed for the type of service requested is activated, the User can select the products for one or more lists, consequently integrate them into the selected channel (s) or download the files in the desired format: (XLSX, CSV, XML, or JSON) in the “Manage import lists” area.

The data provided on the selected product are:

Product code (SKU) Barcode Made in Available stock Category Season Gender Description in 3 languages (Italian, English, German) Volumetric weight Link to 3 product photos, Italian retail price (VAT included) Selling price (VAT excluded), Suggested price (VAT included) The price of the products is the same as the one in the “Search products” section of Peppela under Cost (VAT excluded). peppela.com does not retain any percentage on the sale of the products.   In order to protect the collaboration with the different brands, Peppela recommends selling prices (suggested_price) available in the different formats provided (xlsx, csv, xml and json) and suggests not to drop below 30% of net margin. OS provides advertising material useful for sponsoring the products on sale, however the use of a logo or registered trademark is prohibited without the authorization of the owner of the trademark itself. It is understood that OS cannot be held responsible for any incorrect use of these logos, symbols, brands or other distinctive signs by the User. Technical management is entirely entrusted to the User. OS provides assistance within 48h via e-mail, ticket and chat for information and problems related to the service offered. For assistance with the plugins, the user will be required to provide complete access information (admin and ftp) to carry out a correct diagnosis and resolution of the verified problems. In the event that interventions are requested to the OS staff, for example installation and setting of the plugins or resolutions of problems not related to the operation of the plugins provided by OS or in general of functions not included in the OS offer, the user will be requested a payment of 150 € for extra intervention required. In the case of a free role and therefore in the absence of subscription to a dropshipping plan or in the absence of renewal of one of the subscription services of your choice, the previously selected catalogues will be removed within 72h of the creation of the catalogue/expiration of the service.

3. Orders and Shipments

If the plan chosen is the one with only the download of the file, the user can place orders on Peppela in manual mode. The User agrees to place the order on Peppela, only once the purchase has been made and confirmed by his/her end users on his/her e-shop. This order is considered in a “booked” status and awaiting payment. Any changes/cancellations are accepted only if the order is in the “booked” status. Once the receipt of the payment has been confirmed, the order is processed and passed on to the logistics processing, therefore it is no longer possible to make changes/cancellations. In the event that the shipment should return to sender, for an incorrect address or for non-acceptance by the end user, a credit note will be provided and consequent credit net of shipping costs. With Peppela’s Dropshipping service, the User can choose whether to: ship orders to final customers via OS courier* by activating the option “Ship to customer” in the Catalogue Settings independently manage the packing and shipping of the orders of his/her end customers: in this case it is necessary to make cumulative orders, to be received in your logistics through OS courier or own courier by activating option in the Catalogue Settings OS delivers the products directly to the end customer in the countries and at the costs indicated in the Shipping section inside the Dashboard. Packages sent to the end customer do not contain any reference to peppela.com. For all non-EU countries to which OS does not provide shipments to the end customer, orders must be cumulative and reach a minimum of 400 €. The User can request quotes with OS courier or organize the collection with his/her own courier. Shipping costs are always to be paid by the User. For shipments to non-EU countries, customs duties and charges may apply depending on the regulations of the country of destination of the goods. The User is invited to contact their local customs office for further information.

4. Product payment terms

Once the end customer has purchased the product on the User’s e-shop, the User must then create the order (or the order will be automatically generated) on the OS platform, by entering his/her billing information and the shipping details of the end customer (or another address where he/she wishes to receive the goods). If payment is not made within 24 hours, then the order expires. Orders can be paid by debit/credit card or Bank transfer. The order will be automatically confirmed in case of existing credit on the User’s profile. If the credit does not cover the entire cost of the order, then the payment of the missing amount will be required. An invoice is issued for any payment made, both for single order or for multiple orders, the User can download it from his/her profile page. Invoices are available on the User’s Peppela profile, yet they are not valid for tax purposes.

5. Post-sales and product return policy

The User can request a return within 20 days of receiving the order, for the following reasons: if he/she dislikes the product; if the product is too big/small, damaged, does not correspond to the product ordered, or if it is not actually in the package, etc. To start the return request, it is necessary to follow these instructions: Access the Profile and then the “Orders” section on Peppela Select the order to be returned Send e-mail with explanations in 24 hours User will receive return confirmation with shipping instructions Send the instructions to the end customer Return the product within 15 days of receiving the e-mail OS reserves the right not to refund in the following cases: The product is damaged or the original packaging (shoe box, sunglasses case, dust-proof bag) is missing or damaged. Return code and/or order number are missing Unauthorized or after return deadline The shipping, return costs and customs duties are to be paid by the User unless otherwise instructed. Also in the case of damaged or non-compliant products, a return request must be made as indicated above. The damage must be described in detail and photos must be attached demonstrating its extent within and no later than 20 days from receipt of the order. Please send all details to the appropriate contact form. The refund is issued in the form of a credit loaded on the User’s profile within a maximum of 10 working days of receipt of the product and is visible at the bottom of the profile page of your account. The credit is automatically deducted when a new order is placed. The credit is available for 2 years following the issuance of the credit note. OS does not exchange goods. It is necessary to make a return request for the product that the User wishes to return and create a new order deducting any credit charged on the User’s profile.

Product categories

The products are divided into product categories, the site is provided with the entire catalogue available on peppela.com, the user can subsequently modify and customize his/her offer.

ANNEX A– Subscription types

1 Month Plan – File download (xlsx, csv, xml, json): 49€

6 Months Plan – File download (xlsx, csv, xml, json): 199€

12 Months Plan – File download (xlsx, csv, xml, json): 299€

Integration – 1 integration (1 list and 1 channel to be chosen among Woocommerce, Prestashop): 100€ + Setting 50€.

ANNEX B – Appointment of the Data

Processor  

BETWEEN The Client – the Controller – and Iconic Sport OÜ , with its registered office in Punane 15, Tallinn, Estonia – the Processor

1. Object, duration, processed personal data

1.1. The Processor will carry out the following activities: management of shipments to the addresses communicated by and on behalf of the Controller.

1.2. The duration of this appointment is equal to the duration of the main contract. 1.4. The categories of processed personal data are the following: fundamental personal data contact details contractual data purchase history billing and payment information and accounting data others: …………………………………………….. [specify]

1.3. The personal data collected and processed relate to: customers potential customers subscribers employees and partners officers agents and representatives contact point people others …………………………………………….. [specify]

2. Processing within the UE and the EEA

2.1. The operations of data process regulated by the present appointment contract will be carried out within the European Union (EU) or the European Economic Area (EEA). Any data transfer to a third country outside the EU or the EEA is subjected to prior written authorization by the Controller and can occur only according to specific conditions set out under articles 44 et seq. GDPR

2.2. The legal basis for the transfer under the GDPR are: an adequacy decision by the European Commission (art. 45 par. 3) binding corporate rules (art. 46 par. 2 point b) and art. 47) standard data protection clauses (art. 46 par. 2 points c) and d)) codes of conduct (art. 46 par. 2 point e) and art. 40) a certification mechanism (art. 46 par. 2 point f) and art. 42) others: …………………………………………….. (art. 46 par. 2 point a), par. 3 points a) and b))

3. Technical and organizational measures

3.1. The Processor ensures the security of processing pursuant to articles 28 par. 3 point c) and 32 GDPR, in particular pursuant to article 5 paragraphs 1 and 2 GDPR. Such measures must ensure the security of data and a level of protection appropriate to the risk for confidentiality, integrity, availability and resilience of the systems. Pursuant to article 32 par. 1 GDPR, the state of the art, implementation costs, nature, object and purposes of processing, as well as the probability of a violation of personal data and the seriousness of the risks potentially deriving from it to natural persons’ rights and freedom, should all be taken into account.

3.2. The technical and organisational measures are subjected to technical and technological development and progress. Therefore, the Processor may adopt alternative measures adequate to the changed technological context. In such cases, the level of processing security cannot be reduced. Any substantial modification must be documented.

4. Rectification, restriction and erasure of data

4.1. The Processor cannot, rectify, erase or restrict the processing of the data assigned by the Controller on his own initiative, but only upon documented instruction by the Controller.

4.2. Should a data subject contact directly the Processor with regard to a question of processing rectification, erasure or restriction, the Processor shall forward such a request immediately to the Controller. The erasure, rectification, portability and access requests shall be processed without undue delay on the basis of the Controller’s documented instructions.

5. Warranties and other Processor’s obligations

In addition to the provisions of the present contract, the Processor is bound to respect all legal requirements outlined in articles 28-33 GDPR. To this end, the Processor ensures to comply in particular with the following conditions: Appointment of a Processor for the Protection of Personal Data (Data Protection Officer, DPO) The current DPO is: Ida Tafuri The Processor will communicate without undue delay every DPO change to the Controller. Confidentiality The processing activity regulated by this appointment contract will be carried out only by employees, partners or appointed people previously instructed by the Processor on the correct processing of personal data and contractually bound by the obligation of confidentiality under articles 28 par. 3(b) and 32 GDPR. The Processor, as well as any other person under his authority and able to access to personal data, shall not process personal data unless instructed to do so by the Controller, not even through the present appointment, unless expressly provided by the law. Technical and organizational measures Implementation and respect of adequate technical and organizational measures in the context of the present appointment contract, pursuant to what specified under article 32 GDPR. The Processor controls periodically the internal procedures and the technical and organizational measures to ensure that the processing within his competent area is compliant with the legal requirements under the discipline of the protection of personal data and data subjects’ rights. The Processor ensures to the Controller the verifiability of the technical and organizational measures among his supervisory powers as set out under point 7 of the present contract. Partnership with supervisory authorities The Controller and the Processor cooperate, under request, with the supervisory authority. The Controller is immediately informed of all inspections and the measures executed by the supervisory authority, in so far as they refer to activities carried out according to this contract. This is true also in case the Processor is subject to or involved in an investigation by a competent authority with regard to a violation of any provision relating to personal data processing occurred in activities pursuant to the present contract. In so far as the Controller is subject to investigation by the supervisory authority, administrative pecuniary sanctions, precautionary measures or criminal proceedings, claims by data subjects or by third parties, or any other legal actions relating to the data processing by the Processor pursuant to the present appointment, the Processo shall do everything possible to support the Controller.

6. Sub-tasks

6.1. the Processor may delegate part of processing activities regulated by the present contract to further Sub-processors, who shall be subject to the contractual obligations set out under article 28 par. 4 GDPR where provided by the law.

6.2. The Processor appoints from now the following Sub-processors, provided that contractual agreements complying with what required under article 28 par. 2-4 GDPR are concluded: DHL, UPS, FEDEX, Poste Italiane SPA. act with the Controller without prior notification.

6.3. The transfer of data to a Sub-processor may occur only upon satisfaction of all abovementioned conditions for Sub-processors appointment.

6.4. The Processor is integrally responsible for the appointed Sub-processors’ conduct. Any modification to the Sub-processors list must be communicated to the Controller without undue delay, giving the latter the right to object to it. In case of objection, the Processor has the right to withdraw from the contract with the Controller without prior notification.

6.5 In particular, should the Sub-processor work outside the EU/EEA, the Processor shall ensure with adequate means the respect of EU law on personal data protection, as described under point 2 of the present contract.

7. Controller’s supervisory power

7.1. In coordination with the Processor, the Controller has the right to carry out inspections or have an auditor, instructed on each occasion, carry them out. The auditor shall have the right to assess the Processor’s compliance with the present appointment contract as far as it concerns his own entrepreneurial activities, by means of random checks, which shall be communicated in advance as a general rule.

7.2. The Processor shall allow the Controller to verify his compliance with his obligations, as set out in article 28 GDPR. Upon request, the Processor shall provide the Controller with any necessary information as well as, in particular, with evidence of the adoption of technical and organizational measures.

7.3. The evidence of the adoption of such measures, which may refer also to activities other than those falling within the scope of the present contract, may be provided also by means of compliance with approved codes of conduct pursuant to article 40 GDPR;L certifications issued according to an approved certification mechanism pursuant article 42 GDPR; current auditors’ certifications, reports or extracts of reports written by independent organs. (e.g. auditors, personal data protection officers, IT security department, data protection auditors) Adequate certifications issued by IT security or personal data protection auditors.

7.4. The Processor may charge the Controller a reasonable remuneration for the inspections execution.

8. Controller assistance

8.1. The Processor shall assist the Controller in carrying out his obligations relating to the personal data security, in reporting data breaches, in the impact assessments on the data protection and in the pre-emptive consultations referred to in the articles from 32 to 36 GDPR, also ensuring adequate protection standards by means of technical and organizational measures, taking into account nature, circumstances and purposes of processing, probability of data breaches and of the seriousness of the risks deriving from it for natural persons ensuring the immediate detection of infringements reporting without undue delay any data breach to the Controller assisting the Controller in processing data subjects’ requests to exert their rights

8.2. The Processor may request a reasonable remuneration for the assistance services that are not included in the description of the services and that are not due to errors attributable to the Processor.

9. Controller’s executive powers

9.1. The Processor shall process no personal data pursuant to the present appointment if not under the Controller’s instruction, unless he is bound to do that under the law of the EU or of Member States.

9.2. Should the Controller ask for a modification of the personal data processing envisaged in the documented instructions pursuant to point 2, the Processor informs immediately the Controller if he considers that such modification could entail a violation of the provisions on data protection. The Processor may abstain from carrying out any activity that could result in such a violation.

10. Liability

10.1. Each party of the present contract undertakes to compensate the other for damages or expenses deriving from his own negligent non-compliance with the present contract, including any negligent non-compliance committed by his own legal representative, Subprocessors, employees or other agents. Furthermore, each party undertakes to indemnify the other from any claim by third parties deriving from or relating to any negligent violation committed by the other.

10.2. It remains unchanged the requirement under article 82 GDPR

11. Destruction or returning of personal data

11.1. The Processor does not create copies or duplicates of data unbeknownst to and without the Controller’s consent, except for security copies, in so far as they are necessary to ensure the ordered processing of data, as well as for the data whose storage is required by the law. 11.2. Upon the conclusion of the service supply, the Controller may choose to have the Processor erase or return all personal data collected and processed pursuant to the present appointment, in compliance with data protection, unless the applicable legal provisions do not require further conservation of personal data. In any case, the Processor may keep all information necessary to demonstrate the ordered and conformed execution of the processing activities also beyond the termination of the contract, in accordance with the storage period prescribed by the law. 11.3. The documents used to demonstrate an ordered processing of data pursuant to the appointment contract shall be stored by the Processor beyond the duration of the contract in compliance with the respective storage period. The Processor may give such documents to the Controller at the end of the duration of the contract to discharge himself from such contractual obligation.