PUBLIC AGREEMENT

This Agreement is governed by the laws of the European Union, as well as the national law of the country of registration of the respective Service Provider. For users from the USA, the California Consumer Privacy Act (CCPA/CPRA) and other applicable state privacy laws additionally apply. For users from the UAE — Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL UAE). All disputes shall be resolved in the competent court of the country of registration of the respective Service Provider.

Service Providers under this Agreement:

• Nosenko Volodymyr Mykolayovych, sole proprietor (FOP), registered under the laws of Ukraine, owner of the rights to the Reservble Platform (hereinafter — “FOP”). Acts as Service Provider for Companies registered or operating in Ukraine.

• Reservble, Inc. — a legal entity incorporated in the State of Delaware, USA (EIN: 35-2826590), operating under a licence agreement with FOP Nosenko Volodymyr Mykolayovych (hereinafter — “Reservble Company”). Acts as Service Provider for Companies registered or operating in EU countries, the USA, and other jurisdictions.

Hereinafter, FOP and Reservble, Inc. are jointly referred to as “Service Provider” or “Service” in the part relating to the respective jurisdiction.

The Service Provider offers an unlimited number of legal entities and sole proprietors (hereinafter — “Companies”) to use the functionality and services of the Reservble Service, and for this purpose publishes this Public Agreement (hereinafter — “Agreement”).

This Agreement is an adhesion contract in accordance with the principles of contract law applicable in the European Union. The act of registering a Company in the Service’s web cabinet and confirming acceptance of this Agreement during authorisation constitutes acceptance of its terms.

1. DEFINITIONS

1.1. For the purposes of this Agreement, the following terms apply:

Internet Resources — electronic communication channels used for interaction between the Parties and third parties via the Internet (accounts linked to phone numbers, chats, email, social networks, messengers, etc.).

Service (Platform) — software, website and/or mobile application called Reservble, owned by FOP Nosenko Volodymyr Mykolayovych. The Service is intended for table reservation management, acceptance of deposits and prepayments, QR payments, gift certificates, digital menus, analytics and marketing tools. The Service collects, processes and stores User data in accordance with the Reservble Privacy Policy.

Service User (Guest) — an individual who has provided their personal data to the Service Provider and consented to its transfer to the Company under this Agreement.

Company (Partner) — a legal entity or sole proprietor operating in the hospitality industry (restaurants, cafés, bars, hotels and other food service and hospitality establishments) that has connected to the Reservble Service under this Agreement.

Acquiring Bank / Payment Service Provider (PSP) — a third party (acquirer, processing company, financial organisation) through which online payments are processed in the Service. For Companies in Ukraine — UKRCARD; for Companies in the EU and USA — Stripe. The Service may use one or more payment providers simultaneously.

Transaction — a payment operation (debit, authorisation, refund) executed through a payment provider using the Service Provider’s resource.

Deposit — funds in an amount determined by the Company, paid by the Guest through the Service before or after confirmation of a reservation, under the terms of the Company’s Booking Policy.

1.2. Terms not defined in this Agreement shall be interpreted in accordance with market practice and applicable EU legislation.

2. SUBJECT MATTER OF THE AGREEMENT

2.1. This Agreement defines the rules and conditions under which the Service Provider provides the Service to the Company, including the collection, processing and storage of User data in accordance with applicable EU legislation and the Service Provider’s Privacy Policy.

2.2. The Company undertakes to transfer User personal data to the Service Provider for the performance of this Agreement solely in accordance with the terms of this Agreement and applicable personal data protection legislation: Regulation (EU) 2016/679 (GDPR) — for EU/EEA users; CCPA/CPRA — for US users; PDPL UAE — for UAE users; Ukrainian legislation — for Ukrainian users. The Service Provider undertakes to process such data in accordance with applicable law and to ensure its protection.

2.3. User personal data transferred by the Company is processed by the Service Provider for: organising and confirming reservations; communicating with guests; providing marketing materials (subject to the User’s consent); conducting analytics and bookkeeping.

2.4. Detailed terms of personal data processing, including the allocation of controller and processor roles, are set out in Section 11 of this Agreement and the Reservble Privacy Policy.

3. PRICING AND PAYMENT PROCEDURE

3.1. Payment for Services is made in accordance with the approved Tariff Terms (Appendix No. 1), published on the Service’s official website and forming an integral part of this Agreement. The Service Provider reserves the right to amend pricing by updating the Tariff Terms.

3.2. The payment currency is determined by the Company’s jurisdiction and specified in the invoice. For Companies in Ukraine, payments are made in Ukrainian hryvnia (₴). For Companies in EU countries and the USA — in euros (€) or US dollars ($) in accordance with the separate tariffs for the respective jurisdiction. If VAT or any other tax is payable under applicable law, it is added to the cost of Services separately.

3.3. Notice of changes to the Tariff Terms shall be published on the Service’s website no later than 10 (ten) calendar days prior to the date of entry into force of such changes. Continued use of the Services after the updated Tariff Terms take effect constitutes acceptance thereof.

3.4. The Company pays for Services monthly in accordance with the invoice issued by the Service Provider.

3.5. Payment may be made in accordance with the issued invoice or directly in the Service’s web cabinet by bank card.

3.6. The invoice is sent to the Company electronically or is available for download in the Service’s web cabinet.

3.7. Payment must be made within 3 (three) business days of receipt of the invoice. In the event of late payment, the Service Provider shall send the Company a written reminder. If the debt is not settled within 14 (fourteen) calendar days of the invoice date, the Service Provider shall have the right to restrict or suspend the Company’s access to the Service until full settlement of the debt. Access shall be restored within 1 (one) business day after confirmation of receipt of payment.

3.8. The total value of the Agreement is determined as the sum of the value of Services provided by the Service Provider. Payment of an invoice by the Company constitutes confirmation of receipt and acceptance of the respective Services. Additional execution of acceptance certificates is not required.

3.9. In the event of material objections, the Company must send written remarks to the Service Provider within 5 (five) business days of receipt of the invoice to support@reservble.com, indicating the Company name and contact person. In the absence of written remarks within the specified period, the Services shall be deemed provided and accepted in full.

4. RIGHTS AND OBLIGATIONS OF THE PARTIES

5. LIABILITY OF THE PARTIES

5.1. In the event of non-performance or improper performance of obligations under this Agreement, the defaulting Party shall compensate the other Party for the losses incurred. The total liability of the Service Provider under this Agreement shall not exceed the aggregate amount actually paid by the Company for the 3 (three) months preceding the month in which the losses arose. This limitation shall not apply in cases of wilful damage or gross negligence on the part of the Service Provider.

5.2. The Service Provider shall not be liable for any losses arising from the use or inability to use the Service that did not arise through the fault of the Service Provider. The Service Provider does not guarantee any financial or other results from the use of the Service.

5.3. The Service Provider shall not be liable for the accuracy and content of information and materials provided by the Company.

5.4. The Company receives Services in electronic form on an “AS IS” basis, which does not exclude the possibility of technical errors. The Service Provider shall make reasonable efforts to remedy identified errors within reasonable timeframes.

5.5. In the event of late payment for Services by 14 (fourteen) or more calendar days from the invoice date, the Service Provider shall have the right to: (a) restrict or fully suspend the Company’s access to the Service; (b) suspend the processing of new reservations and Guest payments through the Platform. Restriction of access does not release the Company from the obligation to settle the debt in full. The Service Provider shall not be liable for any losses of the Company or Guests arising from restriction of access due to non-payment. Full access to the Service shall be restored within 1 (one) business day after confirmation of receipt of full payment of the debt.

5.6. The Service Provider shall not be liable for the Company’s breach of applicable legislation, including consumer protection law, tax legislation and cash register accounting regulations.

5.7. The Service Provider shall not be liable for the actions or omissions of the Acquiring Bank (PSP), including delays in processing payments, transaction refusals or changes to PSP service terms.

6. CONFIDENTIALITY

6.1. The Parties consider confidential all business information transferred between them: information about clients, partners, business plans, operating procedures, working documents, etc.

6.2. The Parties may not disclose confidential information to anyone, except where necessary for the proper performance of obligations under this Agreement, or where such information is publicly available, or with the mutual consent of the Parties.

6.3. Each Party undertakes not to disclose confidential information received from the other Party to third parties without prior written consent.

6.4. The confidentiality obligation remains in force for the entire duration of this Agreement and for 3 (three) years after its termination.

6.5. The Parties undertake to process personal data in accordance with applicable data protection legislation: Regulation (EU) 2016/679 (GDPR) — for EU/EEA users; California Consumer Privacy Act (CCPA/CPRA) and other applicable state laws — for US users; Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL UAE) — for UAE users; Ukrainian legislation — for Ukrainian users. Each Party is independently responsible for compliance with the relevant requirements when processing data received under this Agreement. Detailed personal data processing terms are set out in Section 11 of this Agreement.

6.6. When using the Service, the Company receives the following Guest data, which is confidential: full name and contact phone number; quantity and value of services provided; other data voluntarily provided by the Guest.

6.7. The Service Provider shall have the right to store User personal data to the extent and for the period necessary to achieve the purposes set out in this Agreement, in accordance with the Privacy Policy and applicable legislation: EU legislation — for EU/EEA users; Ukrainian legislation — for Ukrainian users; CCPA/CPRA — for US users; PDPL UAE — for UAE users.

6.8. For wilful or grossly negligent disclosure of confidential information, the defaulting Party shall compensate the other Party for losses in full and pay a penalty of €100,000.00 (one hundred thousand euros) per proven violation. The penalty shall not apply in cases of accidental or technically caused leakage, provided the defaulting Party took all reasonable protective measures.

7. INTELLECTUAL PROPERTY

7.1. FOP Nosenko Volodymyr Mykolayovych is the owner of the non-property and exclusive property rights of intellectual property in the Service and all its components. Reservble, Inc. uses the Service under a licence agreement with FOP.

7.2. Any infringement of the Service Provider’s intellectual property rights is prohibited. In the event of infringement by the Company, the Company shall compensate the Service Provider for losses in full.

7.3. The Company does not acquire any intellectual property rights in the Service or its components as a result of concluding this Agreement.

8. FORCE MAJEURE

8.1. The Parties shall be released from liability for failure to perform obligations in the event of force majeure: military actions, acts of state authorities, industrial accidents, catastrophes, disruption of production communications, strikes, mass disturbances, fires, floods and other natural disasters that make it impossible for the Parties to perform their obligations.

8.2. The Party affected by force majeure shall notify the other Party in writing within 5 (five) business days of the occurrence of such circumstances.

8.3. If force majeure circumstances continue for more than 30 (thirty) days, either Party shall have the right to terminate this Agreement without liability for such termination, having notified the other Party in writing no later than 15 (fifteen) days prior to termination.

9. AMENDMENTS, SUPPLEMENTS AND TERMINATION OF THE AGREEMENT. DISPUTE RESOLUTION

9.1. The Service Provider shall have the right to amend and supplement the terms of this Agreement unilaterally by publishing an updated version on the website. The Company shall be notified of material changes by email no later than 10 (ten) calendar days before they take effect. Continued use of the Service after changes take effect constitutes acceptance thereof.

9.2. Termination of the Agreement. This Agreement may be terminated:

• by either Party by written notice to the other Party with 15 (fifteen) calendar days’ notice;

• at the Service Provider’s initiative in the event of the Company’s breach of this Agreement or applicable legislation — after a warning (except in cases of critical violations, where termination may occur immediately);

• by mutual agreement of the Parties at any time.

9.3. Following termination of the Agreement, the Company retains access to the Service solely for the purpose of exporting its data for 90 (ninety) calendar days. After expiry of this period, all Company data shall be deleted or anonymised in accordance with the Privacy Policy and retention periods set out in Section 11 of this Agreement.

9.4. All disputes and disagreements arising in connection with this Agreement shall be resolved through negotiation. If agreement cannot be reached, disputes shall be resolved in the competent court in accordance with the Company’s jurisdiction: for Companies from Ukraine — under Ukrainian law; for Companies from EU/EEA countries — under EU law in the court at the place of registration of Reservble, Inc. or FOP; for Companies from the USA — under the laws of the State of Delaware; for Companies from the UAE — under PDPL UAE and the laws of the UAE.

10. FINAL PROVISIONS

10.1. This Agreement enters into force upon acceptance by the Company and remains in force until terminated in accordance with the terms of the Agreement or applicable law of the respective jurisdiction.

10.2. If any provision of this Agreement is found to be invalid or unenforceable, this shall not affect the validity of the remaining provisions. The Parties undertake to replace the invalid provision with a valid one that most accurately reflects the original intent of the Parties.

10.3. By accepting the terms of this Agreement, the Company confirms that it has read, understood and fully accepts all its terms, and has the authority to conclude this Agreement.

10.4. The authoritative language of this Agreement for Companies from jurisdictions other than Ukraine is English. Translations into other languages are made for informational purposes only. In the event of any discrepancy between versions, the English text shall prevail for non-Ukrainian Companies, and the Ukrainian text shall prevail for Ukrainian Companies.

11. PERSONAL DATA PROCESSING (DATA PROCESSING AGREEMENT)

11.1. Allocation of roles. The Company acts as the data controller of Guest personal data under GDPR (EU/EEA), CCPA/CPRA (USA) and PDPL UAE (UAE). The Service Provider (Reservble) acts as the data processor / service provider, processing Guest data solely on the instructions of the Company and to the extent necessary to provide the Services under this Agreement.

11.2. Processing operations. The Service Provider carries out the following operations on Guest personal data:

• collection and storage of reservation data (name, phone, email, date/time, number of guests, comments);

• storage and display of visit history in the CRM section of the Platform;

• transfer of payment data to the Acquiring Bank (PSP) for processing deposits and QR payments;

• sending reservation confirmations and reminders to Guests on behalf of the Company;

• generation of analytical reports for the Company based on aggregated data;

• storage of gift certificate data.

11.3. Categories of data subjects and data. Data subjects: restaurant guests (individuals). Data categories: identification data (first name, last name), contact data (phone, email), behavioural data (visit history), payment data (tokenised transaction data via PSP).

11.4. Engagement of sub-processors. The Service Provider engages the following sub-processors for Guest data processing:

• UKRCARD — payment processing for Ukrainian users (PCI DSS);

• Stripe — payment processing for EU and US users (PCI DSS);

• DigitalOcean (Germany) — data storage for Ukrainian and EU users;

• DigitalOcean (USA) — data storage for US users.

The Service Provider concludes data processing agreements with each sub-processor and requires them to comply with data protection standards equivalent to GDPR (for EU/EEA), CCPA/CPRA (for USA) and PDPL UAE (for UAE). The Service Provider shall notify the Company of the engagement of new sub-processors no later than 10 (ten) calendar days in advance.

11.5. Technical and organisational measures (TOMs). The Service Provider implements the following data protection measures:

• encryption of data in transit (TLS/SSL) and at rest;

• restricted access to personal data on a least-privilege basis;

• regular security audits;

• data backup;

• security incident response procedures.

11.6. Security incidents (Data Breach). Upon discovery of a leak or unauthorised access to Guest personal data, the Service Provider shall:

• notify the Company within 48 (forty-eight) hours of discovery;

• provide the Company with all information necessary to assess the scope of the incident;

• take immediate measures to remedy the incident and minimise its consequences.

The Company, in turn, shall notify the relevant supervisory authority upon receipt of notification from the Service Provider, if the incident poses a risk to the rights and freedoms of Guests: for EU/EEA — within 72 (seventy-two) hours (in particular, AEPD for Spain) under GDPR; for Ukraine — the Ukrainian Parliament Commissioner for Human Rights within 72 hours; for UAE — UAE Data Office under PDPL UAE (Art. 26); for USA — in accordance with CCPA/CPRA and applicable state breach notification law.

11.7. Right of audit. The Company shall have the right to request a report from the Service Provider on Guest personal data processing operations no more than once per year. In the event of a security incident, the right of audit arises immediately. The audit is conducted in writing; where there is a justified need, it may take the form of a technical review by agreement of the Parties.

11.8. Data retention and return. Following termination of this Agreement:

• the Service Provider shall provide the Company with the ability to export all Guest data within 90 (ninety) calendar days;

• after expiry of the export period, Guest personal data shall be deleted or anonymised in accordance with the Privacy Policy;

• financial data subject to retention under applicable law shall be retained for the statutory periods (5 years) and thereafter destroyed.

11.9. Guest rights. The Service Provider technically enables the exercise of Guest rights under applicable law: under GDPR (access, rectification, erasure, portability, etc.) — for EU/EEA users; under CCPA/CPRA (right to know, delete, opt out of sale) — for US users; under PDPL UAE (access, rectification, erasure) — for UAE users. The Company as data controller is responsible for responding to Guest requests to exercise their rights within the timeframes set by applicable law: 30 calendar days under GDPR; 45 days under CCPA/CPRA; 30 days under PDPL UAE.

SERVICE PROVIDERS

Nosenko Volodymyr Mykolayovych, FOP

Address: Akademika Hlushka Ave., 1/3, Odesa, Ukraine

Email: support@reservble.com

Reservble, Inc.

Delaware, USA, EIN: 35-2826590

Email: support@reservble.com

APPENDIX No. 1: TARIFF PLANS

Tariffs for Companies outside Ukraine (payments in US dollars). Tariffs for Ukrainian Companies are defined in the Ukrainian version of this Agreement.

ACCEPTANCE OF THE AGREEMENT

By registering in the Reservble Service web cabinet and confirming acceptance of the terms of this Agreement during the authorisation process, the Company effects acceptance of this Public Agreement within the meaning of applicable law.

Upon acceptance, the Company confirms that it:

• (a) has read all terms of this Agreement in full, including all Appendices, the Privacy Policy and the Payments Policy of Reservble, and has understood their content;

• (b) has full legal capacity and capacity to act (or the relevant authority of a representative of a legal entity) to conclude this Agreement;

• (c) agrees to all terms of this Agreement without any reservations or additions;

• (d) understands that this Agreement is legally binding upon the Company from the moment of acceptance and has the same legal force as a written agreement signed by an authorised representative of the Company;

• (e) consents to the processing of personal data in accordance with the terms of Section 11 of this Agreement and the Reservble Privacy Policy.

Acceptance shall also be deemed to occur upon: payment of an invoice issued by the Service Provider; commencement of actual use of the Service following registration.

This Agreement is concluded in electronic form and is valid without the handwritten signatures of the Parties in accordance with applicable e-commerce and electronic document legislation.