General Terms of Service for SaaS

These General Terms of Service for SaaS (hereinafter the "GTS") govern the relationship between the company DIGILAB, a Simplified Joint-Stock Company (Société par Actions Simplifiée) with share capital of 10,000 euros, with its registered office at 55 avenue Foch, 75016 Paris, registered with the Paris Trade and Companies Register under number 999 221 831, and its clients (hereinafter referred to as the "Client").

The Provider and the Client are hereinafter collectively referred to as the "Parties", with no joint liability between them.

DIGILAB (hereinafter referred to as "DIGILAB" or the "Provider") is a company that provides and maintains software specialising in the management of orders, production workflows and digital processes for dental laboratories, called DIGILAB (hereinafter the "Solution").

The Solution is accessible as a remote service (or "SaaS mode").

The Client has subscribed to the Services in the course of its professional activity.

These provisions shall come into effect upon the Client's access to the Services. They shall be presented to the Client by any means prior to such access.

Article 1. Definitions

Anomaly: means any malfunction or non-conformity of the Solution's features compared to its normal operating state, when the Solution is used in accordance with its purpose and the Documentation. The different categories of Anomalies are described in Annex 3.

Documentation: means all documentation of any nature relating to the Solution and/or the Services, including any update, improvement or other modification that may be made thereto, and any other element that may be added thereto, provided or made available by the Provider to the Client and relating to the Services.

Data: means the information (including Personal Data) of which the Client is the owner and/or controller, that the Client enters, provides, transmits, collects, stores and/or processes in the context of the GTS.

Personal Data: means any information relating to a directly or indirectly identified or identifiable natural person.

Licence: means the provision of the Solution granted by the Provider to the Client in accordance with the terms of these GTS.

Services: means all services as described in the Annexes, that the Provider supplies to the Client in performance of these terms, comprising (i) the provision of the Solution in SaaS mode to the Client (or the "Licence"), (ii) the hosting of the Solution and the Data, (iii) support and corrective and evolutionary maintenance of the Solution, and (iv) training of Users, depending on the plan subscribed to by the Client.

User: means any natural person under the responsibility of the Client and authorised by the Client to connect to the Solution and benefit from the Services in accordance with the provisions of the GTS. The number of Users authorised to connect to the Solution depends on the plan subscribed to by the Client.

Credentials: means the specific term by which each User identifies themselves to connect to the Services. This includes a login and a password unique to each User. The User's Credentials are confidential.

Article 2. Contractual documents

These GTS are exclusively composed of the following documents:

• this document;
• the following Annexes:
  • Annex 1: Description of the Solution and Services and technical prerequisites
  • Annex 2: Security provisions
  • Annex 3: Service Levels (availability rate and incident management)
  • Annex 4: Financial conditions
  • Annex 5: Personal Data Processing Agreement

It is understood that the contractual documents are mutually explanatory. However, in the event of contradiction or divergence between the terms of the contractual documents, the Parties agree that this document shall prevail over the Annexes, which each have equal value.

It is expressly agreed between the Parties that the Client's general terms of purchase shall not apply to their commercial relationship.

The technical Annexes may be updated by the Provider and must be communicated to the Client by any means.

Article 3. Purpose

The purpose of these GTS is to define the conditions under which:

• the Provider makes the Solution available to the Client and provides the associated Services, and
• the Client undertakes to use the Solution.

Article 4. Effective date and duration

A. Duration

The Client subscribes to the Services for a fixed term, according to the plan chosen by the Client at the time of subscription, which may be monthly or annual, under the conditions specified below.

Monthly subscription

The monthly subscription is entered into for an initial period of one (1) month. Payment of the monthly fee is due in full at the time of subscription to the Licence, for the forthcoming month.

The subscription is automatically renewed by tacit renewal for successive periods of one (1) month, subject to prior payment of the corresponding fee.

It may be terminated by the Client at any time, it being specified that any month commenced is due in full and shall not give rise to any refund.

Termination shall take effect at the end of the current month.

In the event of non-payment of the monthly fee by the due date, the Services shall be automatically suspended without notice and the contract shall be terminated as of right.

Annual subscription

The annual subscription is entered into for a firm period of twelve (12) months ("Initial Term").

Payment of the annual fee is due in full at the time of subscription to the Licence, for the entire Initial Term.

The subscription may be terminated by the Client at any time during the annual period. However, the full amount of fees due for the current year shall remain payable, and no refund shall be granted.

By way of exception, in the event of termination based on a serious and unremedied breach by the Provider of its contractual obligations, duly notified by the Client in accordance with the conditions of Article 4.B, only fees accrued up to the effective date of termination shall be due.

In the event of non-payment of the annual fee by the due date of the Initial Term, the Services shall be automatically suspended without notice and the contract shall be terminated as of right.

In the absence of termination at the end of the Initial Term, and subject to prior payment of the corresponding annual fee, the Services shall be tacitly renewed for successive periods of twelve (12) months (each renewal period is referred to as a "Renewed Period"), in accordance with the Financial Conditions applicable at the time of renewal.

It is, however, specified that prior to subscribing to the Services under the aforementioned conditions, the Client benefits from restricted access to the Solution as part of a free trial (the "Test Phase"), in accordance with the terms set out in Article 5c.

B. Termination for breach

In the event of a breach by either Party of any of its obligations under these terms, the other Party may give formal notice to remedy such breach within a maximum period of fifteen (15) days, by registered letter with acknowledgement of receipt.

If at the end of this fifteen (15) calendar day period, the breach has not been or could not be remedied, the other Party may terminate the Services as of right, by registered letter with acknowledgement of receipt, without prejudice to any damages to which it may be entitled.

Unless the Services are terminated due to a breach by the Provider of its obligations, it is agreed between the Parties that the Client shall remain liable for all sums due in respect of the Services until the normal end of the Services (whether this is the Initial Term or a Renewed Period).

C. Consequences of termination

In the event of expiry or termination of the Services for any reason whatsoever, the Provider undertakes to carry out the reversibility operations indicated in the "Reversibility" Article.

Upon termination of the Services, for whatever reason, the Licence granted by the Provider under these terms shall be automatically terminated, and the Parties shall return to each other without delay or further formalities all documents of any nature in their possession belonging to the other Party (including the Documentation where applicable).

In all cases, and unless the Client requests the application of the "Reversibility" article of these GTS, the Provider shall delete the Data three (3) weeks after the effective date of termination of the Services, unless a specific legal obligation requires otherwise.

Article 5. Conditions of use and implementation of the Services

A. Rights of use of the Solution and the Services

In consideration of payment of the price for the Services, the Provider grants the Client a non-exclusive, personal, non-assignable and non-transferable right to access and use the Solution and its Documentation, through its Users, under the conditions and for the duration of these terms.

The DIGILAB Solution is strictly reserved for internal professional use by prosthetic laboratories and factories, within the scope of their design, manufacturing and prosthetic management activities. It is strictly prohibited to use DIGILAB to create, operate or supply, directly or indirectly, matchmaking or intermediation platforms between Practitioners and prosthetic laboratories, where such uses are carried out by a Client outside the strict scope of the use of the Solution and the Services, as provided for and authorised by these General Terms of Service.

The Solution shall be used by the Client under its sole control, direction and responsibility. The Client warrants that Users shall comply with these terms.

The Client undertakes not to (i) resell, sublicence, lease, share or make the Solution and the Services available to any unauthorised third party in any way without the prior written authorisation of the Provider; (ii) illegally access, disrupt the integrity or performance of the Solution or the data it contains; (iii) reverse engineer the Solution.

Any non-compliant use, as well as any attempt to divert the Solution for such purposes, shall result in the immediate suspension or deactivation of access to the Solution, without notice or right to compensation.

B. Terms of provision of the Services

The Services are provided within the framework of an infrastructure using the Provider's resources.

The Provider may, at any time, modify the Solution and/or the Services, or change the manner in which the Services are provided, provided that this does not result in a substantial regression of the performance and features of the Services, unless this is required to correct an Anomaly.

The Client acknowledges having been informed by the Provider of all technical prerequisites necessary for the optimal operation of the Services, accessible in Annex 1. The Client is furthermore informed that these prerequisites may change, particularly for technical reasons.

The Client is solely responsible for access to the Services; it is the Client's responsibility to take all necessary steps to maintain such access. The Provider shall be released from all liability in the event of inability to access the Services due to an event beyond its control.

The Client undertakes not to allow unauthorised persons to access the Services and must ensure that each authorised person complies with these GTS.

C. Validation of the Services

The Services shall be subject to a Test Phase, the duration of which shall be agreed between the Parties, without however exceeding fourteen (14) days.

During this Test Phase, the Provider grants the Client limited access to the Solution, for one hundred (100) cases.

At the end of the Test Phase, either upon expiry of the fourteen (14) day period or upon reaching the threshold of one hundred (100) processed cases, whichever occurs first, the Client must subscribe to a paid subscription in order to continue to access the Solution and the Services.

In the absence of subscription under these conditions, access to the Solution and the Services shall be automatically suspended, without notice, until the Client effectively subscribes to a plan.

D. Access to the Services - Availability

The Provider guarantees access to the Services and their performance in accordance with the SLA provisions in Annex 3.

The Solution is normally available 24 hours a day, 7 days a week, with the exception of:

• periods of unavailability related to maintenance operations necessary for the proper functioning of the Solution,
• periods of unavailability resulting from force majeure or an event beyond the Provider's control, such as incidents, bugs or failures that may affect online applications or Internet access.

Where technically possible, the Provider shall endeavour to notify the User of any interruption as soon as possible and by any means.

Access to the Services by Users is carried out, for each use, using the Credentials from any desktop or laptop computer, tablet or smartphone.

The Client is informed, however, that connection to the Services is made via the Internet. The Client is therefore advised of the technical contingencies that may affect this network and cause slowdowns or unavailability rendering connection impossible. The Provider cannot be held liable for difficulties in accessing the Services due to disruptions of the Internet network.

Credentials are assigned to each User. The Client shall ensure that the confidentiality of Credentials is respected by its Users. Credentials may only be used to allow access to the Services for Users authorised by the Client, in order to guarantee the security of the Client's Data.

The Client is solely responsible for the use, and any loss or misappropriation, of Credentials. The Client must inform the Provider without delay if it becomes aware of a security breach, particularly relating to the voluntary disclosure or misappropriation of Credentials, so that the Provider can promptly take all appropriate measures to remedy the security breach.

In the event of loss or misappropriation of Credentials, the Provider reserves the right to close or suspend the account concerned, without its liability being incurred.

Access to the Services may be temporarily interrupted, without compensation and without notice, for reasons of necessity relating to the Services, in particular to ensure maintenance of the Solution or the Provider's servers. In such circumstances, the Client shall be informed by any means at least twenty-four (24) hours in advance.

In the event of a security breach identified by the Provider, of a nature likely to seriously compromise the security of the Services and/or the Data, the Provider may, without notice, temporarily interrupt the Services in order to remedy the security breach as soon as possible.

In the event of a proven or suspected breach by the Client of its obligations referred to above, the Provider may take all measures it deems necessary, including the immediate suspension without notice of access to the Solution, without its liability being incurred in any way whatsoever.

Article 6. Obligations of the Parties

A. Obligations of the Provider

The Provider undertakes to make the Solution available to the Client, and to provide the Services to the Client, in accordance with these provisions and in accordance with best practice, from the time the Services are made available, as an obligation of means.

In this context, the Provider undertakes to:

• provide the Services in compliance with the Service Levels (SLA) defined in Annex 3;
• assign qualified and competent personnel to the performance of the Services.

B. Client's obligation to collaborate

In addition to the obligations relating to the use of the Solution and the Services and the payment obligations for the Services described herein, the Client undertakes to collaborate with the Provider and to provide or guarantee access to any information or elements that the Provider may reasonably need in order to fulfil its obligations under these terms.

The Client undertakes to use the Services in compliance with applicable laws and regulations.

Article 7. Intellectual property

A. Ownership rights and use of the Solution

The Solution and the associated Documentation are and remain the property of the Provider or its licensors.

The Provider warrants that it is the author or holder of the exclusive operating rights to the Solution in accordance with the provisions of the French Intellectual Property Code. The Provider retains all intellectual property rights relating to the Solution and the confidential information of which it is the owner.

Consequently, the Client understands and acknowledges that the Licence granted under these terms does not entail any transfer of ownership in its favour. The Client is prohibited from infringing in any way the Solution, and in particular from using the Solution in a manner inconsistent with its professional purpose and the conditions set out herein.

The Parties warrant that they recognise and respect each other's intellectual property rights.

This Article shall survive the termination or expiry of these terms for any reason whatsoever.

B. Warranty against eviction

The Provider warrants that it holds all intellectual property rights enabling it to provide the Solution, and that to its knowledge, these do not infringe the intellectual property rights of third parties.

The Provider indemnifies the Client against any claim by a third party on the basis of infringement resulting from the Client's use of the Solution.

Accordingly, the Provider shall bear all damages, costs and ancillary amounts to which the Client may be ordered to pay by a final court decision.

If, as a result of such an action, the Client is prevented from using the Solution, the Provider shall, at its own expense, take one of the following measures, which it considers most appropriate, and which shall constitute the Client's sole and exclusive remedy:

• Obtain the right for the Client to use the Solution in accordance with these terms;
• replace or modify the Solution in order to avoid such action whilst maintaining an equivalent level of functionality and relevance;
• refund to the Client the sums paid by the Client under these terms, in proportion to the duration during which the Services could not be performed pursuant to this Article.

Article 8. Maintenance and support

The Provider provides maintenance and support services for the Solution under the terms and conditions expressly and exclusively set out in Annexes 1 and 2.

Article 9. Data

A. Ownership of Data

The Client is the sole holder of rights over the Data that may be processed by the Provider in the context of the Services.

The Client grants, as necessary, to the Provider and its potential subcontractors, a non-exclusive, worldwide, free-of-charge and assignable licence, permitting in particular access to, hosting, use and copying of said Data for the purposes of performing the Services.

This licence shall automatically terminate upon the cessation of these terms, unless it is necessary to continue hosting the Data and processing it, particularly in the context of implementing Reversibility operations.

The Provider reserves the right to use Data derived from the Client's use of the Solution and the Services, in a strictly anonymised form, for the purposes of producing statistics, analyses or studies intended to improve the performance, quality and features of the Solution and the Services. Such processing is carried out in compliance with the Applicable Regulations and does not in any case allow the direct or indirect identification of the Client or its Users.

The Client declares and warrants that it holds all the authorisations necessary for the exploitation of the Data in the context of the Services and that it may freely grant a licence in the aforementioned terms to the Provider and its potential subcontractors. The Client furthermore declares and warrants that in creating, installing or uploading the Data in the context of the Services, it does not exceed any right that may have been granted to it over all or part of the Data and that it does not infringe the rights of third parties.

The Client undertakes to ensure that Users do not enter or communicate, in the context of using the Solution, any Personal Data, sensitive, confidential or business secret-protected Data.

It is the Client's responsibility to put in place the necessary internal controls and instructions to prevent any unauthorised entry or transmission of such Data. The Provider shall not be held liable for any inadvertent or inappropriate processing resulting from the transmission of such Data by the Client or its Users in breach of these provisions.

The Client shall ensure that it does not communicate, in the course of using the Services, Data that would require the Provider to comply with specific laws or regulations other than those provided for in the context of the normal provision of the Services.

The Client undertakes to indemnify the Provider against all financial consequences that the Provider may be required to bear as a result of a breach by the Client of the above warranties concerning the Data.

B. Security

The Provider undertakes to perform the Services in compliance with the security document set out in Annex 2.

C. Personal Data

In the context of the provision of the Services, the Parties undertake to comply with all obligations arising from the application of any applicable legislation relating to the protection of personal data, in particular those arising from the French Data Protection Act of 6 January 1978 as amended and, since 25 May 2018, Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("Applicable Regulations").

In the context of the Services, the Provider acts as a Processor within the meaning of the Applicable Regulations. The conditions relating to the processing carried out in this context are described in the Personal Data protection document (Annex 5).

With regard to Personal Data collected and processed by each of the Parties on their own behalf for the purposes of administrative management of these terms, each of the Parties acknowledges processing such data in the capacity of Data Controller within the meaning of the GDPR and undertakes to comply with all obligations incumbent upon them in this capacity.

The Provider shall in no case be liable for the Client's failure to comply with its legal or contractual obligations with regard to Personal Data that may be integrated into the Solution by the User.

This Article shall survive the termination or expiry of these terms for any reason whatsoever.

Article 10. Financial conditions

In consideration of the provision of the Services, the Client shall pay the Provider the amounts indicated in the Financial Conditions Annex, expressed in the currency of the relevant country and determined according to the type of plan subscribed to by the Client, and any case overages (Annex 4).

The prices mentioned in the Financial Conditions Annex may be revised at the Provider's initiative.

Payment is made online, at the time of subscription and then automatically at each due date, by automatic debit from the payment method provided by the Client. By providing its bank details, the Client expressly authorises the Provider to debit the sums due in respect of the Services.

Invoices are issued and made available to the Client via the Solution. In the event of a dispute regarding an invoice, payment of the disputed invoice remains due. If the dispute is upheld, a credit note shall be issued to the Client as soon as possible.

Article 11. Warranties

The Provider warrants the conformity of the Services with its Documentation.

The Provider does not warrant that the Services are free from all defects or contingencies and undertakes to remedy exclusively the Anomalies detected in accordance with Annex 3.

The conformity of the Services shall not be extended to any other express or implied warranty in respect of the Services, including, in particular, any implied warranty of merchantability or fitness of the Solution for a particular purpose or result that the Client may have set for itself and/or to perform particular tasks that may have motivated the Client's decision to subscribe to the Services. The Provider does not warrant that the features of the Services, including the Solution, will meet the Client's requirements.

To the extent permitted by law, any warranty other than those expressed herein is expressly excluded.

Article 12. Liability

The Provider shall under no circumstances be held liable for indirect loss suffered by the Client that may arise from or in connection with the performance of these terms and their consequences. Indirect loss includes, in particular, without limitation, loss of earnings or profits, loss of opportunity, commercial loss, loss of Data, notwithstanding the fact that the Provider may have been advised of the possibility of their occurrence.

In the event that the Provider's liability is established as a result of a breach by the Provider of its contractual obligations, the total and cumulative amount of compensation, from all causes combined, including principal, interest and costs, to which the Client may be entitled, shall be limited to the direct and foreseeable loss suffered by the Client and shall not exceed an amount equal to the sums paid by the Client to the Provider in respect of the Services during the six (6) months preceding the event giving rise to the Provider's liability.

The Parties' liability may not, however, be excluded or capped in the event of personal injury or loss caused by fraud or gross negligence.

In any event, the Provider's liability may under no circumstances be sought in the event of:

• use of the Services in a manner not provided for in the Documentation and/or not expressly authorised by these terms or the Documentation;
• modification of all or part of the Solution and the Services without the Provider's consent by the Client or a third party;
• continued use of all or part of the Solution and the Services when the Provider had recommended suspending their use;
• use of the Solution and the Services in an environment or configuration that does not comply with the Provider's technical prerequisites, or in connection with third-party programmes or data not expressly approved by the Provider;
• occurrence of any loss resulting from a fault or negligence of the Client, or that the Client could have avoided by seeking the Provider's advice;
• use in connection with the Solution and the Services of programmes not provided or approved by the Provider and likely to affect the Solution, the Services or the Client's Data.

Article 13. Confidentiality

Unless expressly provided otherwise by the disclosing Party, all information, data, documents, deliverables and/or know-how, of any nature whatsoever, communicated by one Party to the other in the context of the performance of these terms, as well as the terms hereof, shall be considered confidential ("Confidential Information"). Furthermore, the Parties undertake not to use information gathered in the context of pre-contractual negotiations or the performance of these terms in any way that may cause harm to the other Party.

This obligation shall remain in effect for the duration of these terms and for a period of five (5) years from their termination or expiry, for any reason whatsoever.

The following shall not be considered Confidential Information: information (i) that was in the possession of the receiving Party prior to its disclosure by the other Party, provided that such possession did not result directly or indirectly from the unauthorised disclosure of such information by a third party; (ii) that is in the public domain at the date of its disclosure or subsequently enters the public domain through no fault of the receiving Party; (iii) that was lawfully obtained from a third party without breach of a confidentiality obligation.

To the extent permitted by law, the Parties undertake to return or destroy, in accordance with the other Party's instructions, all Data and Information, upon request from the relevant Party, within a maximum period of fifteen (15) days from receipt of the request.

This Article shall survive the termination or expiry of these terms for any reason whatsoever.

Article 14. Reversibility

In the event of expiry and/or termination of the Services, the Client shall have the Data retention period provided for by the subscribed plan to retrieve the Data accessible through the features of the Solution.

Article 15. Applicable law and jurisdiction

These GTS and any dispute relating thereto shall be governed by and construed in accordance with French law.

In the event of any dispute that may arise between the Provider and the Client regarding the validity, performance, nullity or interpretation of these terms, the Parties undertake to cooperate diligently and in good faith in order to find an amicable solution.

If, however, no agreement is reached within a reasonable period, the courts within the jurisdiction of the Paris Court of Appeal shall have sole competence, even in the event of multiple defendants, third-party claims or summary proceedings.

These GTS are drafted in the French language and any translation into a foreign language is provided for information purposes only, French being the sole authoritative language.

Article 16. Miscellaneous provisions

A. Entirety

These GTS supersede and replace any discussion, negotiation and/or contract that may have previously existed between the Parties regarding the same subject matter and the same Services.

B. Headings

The headings of the paragraphs and articles of the GTS are inserted for ease of reading and shall in no case serve as a guide to their interpretation.

C. Partial invalidity

If one (or more) of the provisions of the GTS is held, rendered or declared invalid by reason of a law, regulation or decision of a competent court, the Parties shall consult each other to agree on one or more replacement provision(s) for the invalid provision(s) and to achieve, to the extent possible, the purpose intended by the original clause(s). All other provisions of the GTS shall retain their full force and effect.

D. Non-waiver

The failure by either Party to exercise any right arising from a breach by the other Party of any of its obligations shall not be construed as a waiver of the obligation in question or as an amendment to these terms, and shall not prevent the non-defaulting Party from exercising such right in the future.

E. Force majeure

Only events of force majeure that are unforeseeable and irresistible, and that prevent either Party from partially or fully performing its obligations under these terms (as defined in Article 1218 of the French Civil Code and the case law of the Court of Cassation), shall be expressly considered as cases of force majeure. The Provider and the Client agree that internal labour disputes within their respective companies and/or their subcontractors shall not constitute a case of force majeure within the meaning of this article.

In the event of a force majeure event, the obligations undertaken pursuant to the GTS shall be suspended for the duration of said event. The Party invoking a force majeure event must inform the other Party as soon as it occurs. Should the effects of the force majeure event exceed one (1) month, either Party may terminate the Services as of right and without prior formal notice, subject to a minimum notice period of one (1) month.

F. Insurance

Each Party declares that it has taken out and maintains with a reputable and solvent insurance company an insurance policy covering the consequences of its Professional Civil Liability and Operating Civil Liability.

G. Notification

Unless otherwise stipulated, notifications shall be made by registered letter with acknowledgement of receipt. Any notification shall take effect from the date of first presentation.

H. Amendment

The Provider reserves the right to amend these GTS and their Annexes at any time, provided that such amendments do not result in a substantial reduction of the Client's rights. Any amendment shall be brought to the Client's attention by any means the Provider deems appropriate. The amended GTS shall come into effect on the date specified in the notification sent to the Client.

ANNEX 1 – DESCRIPTION OF THE SOLUTION, SERVICES AND TECHNICAL PREREQUISITES

General overview

DIGILAB is a web-based software platform designed for dental prosthesis laboratories and dental practitioners, enabling the centralised management of digital orders from intraoral scanners.

The solution unifies access to orders from multiple cloud platforms of dental scanner manufacturers within a single interface, thereby facilitating the management, traceability and processing of digital cases.

Main features of the Platform

• Automatic centralisation of digital orders from multiple connected scanner platforms (3Shape, Medit, Dexis, Shining 3D, 3Disc, iTero, Alliedstar, Panda/Freqtek, DScore, etc.);
• Integrated 3D viewer for direct viewing of intraoral scans;
• Advanced order management:
  • search, filters, personalised views,
  • production status tracking,
  • collaborative discussion areas;
• Automatic document generation:
  • purchase orders,
  • declarations of conformity,
  • labels with QR code,
  • invoices;
• Data export (notably in Excel format);
• Integration with third-party software for dental CAD and laboratory management software;
• Interface customisation in the laboratory's colours and logo (depending on the plan).

The platform enables the management of different types of dental treatments:

• Dental prostheses
• Surgical guides
• Alignment trays

Modules and options available by plan

BASIC plan

Allows:

• viewing orders;
• simple search and filters;
• file download;
• 3D scan viewing;
• integration with third-party software.

ESSENTIAL plan

Includes all BASIC features as well as:

• advanced order management;
• order modification and creation;
• personalised filters and views;
• collaborative discussion areas;
• graphic customisation for the laboratory;
• automatic document generation;
• production status management;
• data exports;
• advanced user and laboratory management;
• comprehensive traceability tools.

Optional module: DL Desktop

Installable software module for Windows workstations enabling:

• automatic local retrieval of DIGILAB orders;
• automatic file download;
• automatic generation of compatible exports:
  • EXOCAD .dentalProject),
  • 3Shape Dental System (.3OXZ);
• automatic file organisation on the user's workstation;
• direct opening of cases in CAD software.

2. Associated services

Technical support

Provision of a Frequently Asked Questions (FAQ) section accessible online, gathering answers to common platform usage issues.

Provision of a support chatbot accessible from the DIGILAB interface, providing immediate assistance on main features and standard procedures.

Access to a ticketing platform allowing users to submit technical support requests, report anomalies and track the processing of incidents by the DIGILAB team.

Training

Online onboarding programme in video format, enabling progressive familiarisation with the DIGILAB solution, including notably:

• initial account configuration;
• connection to scanner platforms;
• order management;
• production tracking;
• use of the platform's main features.

Maintenance and updates

The DIGILAB solution benefits from:

• regular application updates;
• continuous functional improvements;
• security patches;
• cloud infrastructure maintenance.

The infrastructure undergoes:

• automatic daily backups;
• continuous technical monitoring;
• data and communication encryption.

3. Technical prerequisites

Minimum configuration for accessing the web solution

DIGILAB being a SaaS application accessible via browser:

Compatible browsers:

• Google Chrome (recommended)
• Microsoft Edge
• Any recent Chromium-based browser

Compatible operating systems:

• Windows 10 or higher
• Recent macOS
• Linux

Internet connection:

• Broadband connection recommended
• Recommended minimum speed: 5 Mbps

Hardware:

• Standard computer workstation capable of displaying 3D models
• Recommended screen size ≥ 1920×1080 for optimal comfort

Prerequisites for the DL Desktop module

• Windows 10 or Windows 11
• Intel Core i3 processor or equivalent minimum
• 4 GB RAM minimum (8 GB recommended)
• 500 MB minimum disk space
• Authorised access to local storage folders
• Stable internet connection

Integration prerequisites

For proper operation, the laboratory must have:

• an active cloud account with compatible intraoral scanner manufacturers, notably:
  • 3Shape
  • Medit
  • Dexis
  • Shining 3D
  • 3Disc
  • iTero
  • Alliedstar (AS Connect)
  • Panda / Freqtek
  • DScore
• the necessary access to any third-party software used (e.g. CAD or laboratory management software).

DIGILAB offers assistance with the configuration of these connections.

ANNEX 2 – SECURITY DOCUMENT

1. Technical security measures

1.1 Data protection

The Solution is based on a secure cloud infrastructure hosted on Google Cloud Platform (GCP), located in the European Union, GCP region europe-west9-a (Paris), europe-west4-a (Netherlands), europe-west9-b (Belgium).

The following measures are implemented:

Data encryption

• All communications with the DIGILAB platform are secured via the HTTPS protocol (TLS), with SSL certificates issued by Google Cloud or by the Caddy server.
• User passwords are never stored in plain text and are protected by a strong hashing algorithm (bcrypt).
• Credentials required for connecting to dental scanner platforms are encrypted using an AES algorithm before storage.
• Data stored on Google Cloud virtual machines benefits from native encryption at rest via encryption keys managed by Google.

Secure storage

• Application data is stored in an isolated MongoDB database within the cloud infrastructure.
• Network access to the database is restricted by IP filtering, authorising only the necessary internal services.
• A migration to MongoDB Atlas (secure managed service) is underway to further strengthen security and high availability mechanisms.

Backups

• Virtual machines are subject to automatic daily backups (daily snapshots).
• Backups are managed by the Google Backup and Disaster Recovery service.
• Automatic restart mechanisms enable rapid restoration of services in the event of an incident.

Certification and hosting

• The infrastructure is based on Google Cloud Platform, a provider holding numerous international security certifications (ISO 27001, ISO 27017, ISO 27018). Google Cloud Platform is also SOC 2 and SOC 3 certified.
• The DIGILAB platform processes data that may be classified as health data within the meaning of Article L.1111-8 of the French Public Health Code.

1.2 Access control

Authentication

• Access to the DIGILAB platform requires authentication by username and password.
• Auto-login mechanisms between the various DIGILAB applications are secured server-side.
• Passwords are stored only in hashed form.

Permission management

• Users can only access orders and data associated with their laboratory.
• Role separation limits access to authorised administrators.

Administrator and infrastructure access

• Access to virtual machines is exclusively via individual SSH keys.
• Access is limited to authorised accounts.
• Google Cloud service accounts have restricted API rights in accordance with the principle of least privilege.

1.3 Network and infrastructure security

Secure architecture

• The DIGILAB infrastructure is distributed across several isolated services:
  • application services,
  • Cloud Run functions,
  • databases,
  • third-party integration servers.
• Critical services use fixed IPs and VPC connectors to limit public exposure.

Network protection

• Google Cloud firewall rules limit incoming traffic to the necessary ports (HTTP/HTTPS).
• The MongoDB database is protected by IP address filtering.
• Inter-service communications are carried out via secure internal networks.

Monitoring and logging

• Services use Google Cloud Logging and Monitoring (Stackdriver) for:
  • event logging,
  • performance tracking,
  • anomaly detection.
• VM integrity monitoring is enabled.

System protection

• VMs benefit from:
  • an enabled vTPM module,
  • integrity monitoring,
  • automatic migrations during host maintenance,
  • automatic restart in the event of failure.

Application protection

The DIGILAB infrastructure is based on a hybrid architecture combining serverless services (Cloud Run, Firebase Hosting) and GCP Compute Engine virtual machines, the security of which is largely managed natively by Google Cloud Platform.

• Application containers are built from maintained base images and benefit from the built-in security mechanisms of the GCP platform (isolation, sandboxing, gVisor).
• This serverless architecture makes the deployment of a traditional third-party antivirus on the execution environments irrelevant.

Security controls

DIGILAB may carry out or commission vulnerability scans and/or security tests at a frequency adapted to the risk level and the evolution of the Solution, without guarantee of exhaustive coverage, and shall implement reasonable corrective actions based on criticality.

Maintenance and updates

• Systems, dependencies and application images are regularly updated to address known vulnerabilities.
• Application deployments follow a continuous delivery process (CI/CD) including quality and security checks.

2. Operational and organisational measures

2.1 Security incident management

DIGILAB applies an incident management process comprising:

• detection via cloud monitoring tools;
• technical analysis of the incident;
• isolation of the affected service if necessary;
• data restoration via backups;
• correction and deployment of a fix;
• traceability of actions taken.

In the event of a security incident affecting data, DIGILAB undertakes to notify the client within a maximum of 72 hours after becoming aware of it, in accordance with applicable regulatory obligations (notably GDPR).

2.2 Business continuity and disaster recovery plan

To ensure service continuity:

• application components are distributed across several independent cloud services;
• daily backups enable rapid restoration of environments;
• instances have automatic restart capability;
• the Google Cloud infrastructure guarantees high hardware and network availability;
• services can be rapidly redeployed via Docker containers and managed services (Cloud Run, Firebase Hosting).

These measures help to limit service interruptions and ensure operational recovery according to the following objectives:

• Recovery Point Objective (RPO): 24 hours.
• Recovery Time Objective (RTO): 24 to 48 hours depending on the nature of the incident.

2.3 Data retention and deletion

User data is retained for the entire duration of the contractual relationship. User data such as orders received is retained for a maximum of 3 months, depending on the plan:

• BASIC: 3 weeks,
• ESSENTIAL: 90 days

2.4 Personal data protection

The processing of personal data carried out in the context of using the DIGILAB platform is governed by a specific annex "Data Protection – GDPR (DPA)" incorporated into the General Terms of Service.

3. Security contacts

The designated contacts for questions relating to the security of the DIGILAB platform are:

• Contractual contact: Morgan ABBOU (CIO) – morgan.abbou@stemmerlife.com
• Technical security contact: Mickael ANOUFA – mickael.anoufa@DIGILAB.dental

ANNEX 3 – SERVICE LEVELS

1. Solution availability

1.1 Availability rate

The Provider undertakes to ensure a monthly availability of the DIGILAB Solution of:

99.5% of the time during business days,
Monday to Friday from 09:00 to 18:00 (CET).

Availability corresponds to the ability for authorised users to:

• access the DIGILAB platform;
• view orders;
• download associated files;
• use the main features of the service.

The following are excluded from the availability calculation:

• scheduled maintenance windows;
• interruptions due to force majeure;
• failures of the Client's internet networks or equipment;
• unavailability resulting from third-party services or external scanner platforms.

1.2 Scheduled maintenance

Maintenance operations may be carried out to ensure:

• application updates;
• security patches;
• cloud infrastructure upgrades.

Applicable conditions:

• prior notification at least 24 hours before the intervention;
• priority scheduling outside business hours where possible;
• communication of a post-incident report within 3 business days in the event of a major incident.

1.3 Recovery objectives

The DIGILAB infrastructure benefits from backup and recovery mechanisms enabling the following objectives:

• RPO (Recovery Point Objective): 12 hours maximum
  (maximum data loss in the event of a major incident)
• RTO (Recovery Time Objective): 5 hours maximum
  (target time for service restoration)

2. Performance and Anomaly management

2.1 Anomaly classification

Anomalies are classified according to their severity level:

Blocking anomaly (Critical)

Corresponds notably to:

• complete inability to access the DIGILAB platform;
• general service unavailability;
• data loss or corruption preventing normal use.

Major anomaly

Corresponds notably to:

• failure to automatically receive orders from scanners;
• malfunction affecting an essential feature without complete service shutdown.

Minor anomaly

Corresponds notably to:

• display defect;
• interface anomaly;
• incomplete information or non-blocking platform behaviour.

2.2 Response commitments

The Provider undertakes to acknowledge receipt of Client requests within the following timeframes (business hours):

2.3 Resolution commitments

Resolution times are understood as a reasonable objective for correction or implementation of a workaround.

2.4 Anomaly reporting and tracking procedure

Anomalies can be reported via:

• the DIGILAB ticketing platform;
• the integrated support chatbot;
• email: support@digilab.dental.

Each report is subject to:

• recording;
• severity classification;
• tracking until closure.

The Client undertakes to provide all information necessary to reproduce the anomaly.

3. Support and assistance

3.1 Contact methods

DIGILAB technical support is accessible via:

• Email: support@digilab.dental
• Ticketing portal integrated into the platform
• DIGILAB support chatbot

3.2 Support hours

Technical support is provided:

Monday to Friday
from 09:00 to 17:00 (CET), excluding public holidays.

Request processing is prioritised according to the severity level of the anomaly.

4. Service credits

4.1 Principle

In the event of a proven failure to meet the availability commitments defined in this annex, the Client may request the granting of a service credit.

Credits take exclusively the form of a credit note applied to a future DIGILAB invoice.

Service credits represent DIGILAB's sole liability and the Client's sole remedy in the event of non-compliance of the Services with the Service Levels.

4.2 Limitation

The total amount of service credits granted shall not exceed an amount equal to the sums paid by the Client for the Services during the month preceding the event giving rise to the Provider's liability.

4.3 Eligibility conditions

Any credit request must:

• be made in writing within 30 days following the incident;
• contain evidence establishing the alleged breach.

ANNEX 4 – FINANCIAL CONDITIONS

DigiLab Pricing Schedule

Pricing tailored to your business

Our pricing philosophy

• Flexibility — From small workshops to large-scale operations
• Transparency — No hidden fees, everything is clear
• Scalability — Your subscription grows with your business

Quick comparison

BASIC: Who is it for?

• Small structures
• Standard daily usage
• Controlled budget
• Small team

ESSENTIEL: Who is it for?

• Growing laboratories
• Subcontractor collaboration
• Multiple teams
• Customisation needs

SMALL LABORATORIES

Two plans, two uses

BASIC — The essentials to get started

• Universal inbox
• 2 collaborators
• 4-week backup

ESSENTIEL — The power to perform

• Universal inbox
• 5 collaborators
• 3-month backup
• Platform customisation
• Direct subcontractor access

Small Laboratories — 100 to 500 cases/month

LARGE LABORATORIES

Two plans, two uses

BASIC — The essentials to get started

• Universal inbox
• 5 collaborators
• 6-week backup

ESSENTIEL — The power to perform

• Universal inbox
• 10 collaborators
• 4-month backup
• Platform customisation
• Direct subcontractor access

Large Laboratories — 1,000 to 5,000+ cases/month

Overage rates

SMALL LABS — Overage rate - 100-case plan

SMALL LABS — Overage rate - 200-case plan

Beyond this: automatic switch to 500-case plan

SMALL LABS — Overage rate - 500-case plan

Beyond this: automatic switch to 1,000-case plan (Large Labs)

LARGE LABS — Overage rate - 1,000-case plan

LARGE LABS — Overage rate - 2,000-case plan

LARGE LABS — Overage rate - 5,000-case plan

Volume management

Monthly subscription

Plan overage?

• Upgrade to a higher plan, or
• Purchase additional credit packs

Annual subscription

• Credits allocated monthly
• Unused credits carry over
• Additional credits can be purchased if needed during the month
• Unused credits are lost at the end of the year
• By choosing the annual plan, one month is offered (-8% compared to the monthly subscription price)

API - White Label

Integrate DigiLab into your ecosystem

£3,000

Includes:

• Full API access
• Technical support for installation
• Integration documentation
• Dedicated hotline
• 4-week backup

Ideal for laboratory groups and networks

Smart upgrade

Switch plans without constraints

Our system automatically calculates:

• 01 — Amount already paid
• 02 — Remaining pro rata
• 03 — New monthly fee

Your anniversary date remains unchanged.

API: Who is it for?

• Industrial groups
• Massive volumes
• Complex IT integrations
• Priority support

Benefits summary

All plans include:

• Universal multi-practitioner inbox
• Real-time notifications
• Intuitive interface
• AI technical support
• Updates included
• Data security (HDS)

Additionally with ESSENTIEL (SMALL LABORATORIES):

Everything in the Basic plan, plus

• 3 additional users
• Interface customisation
• 11 additional months of backup
• Subcontractor connection

Our commitments

• No commitment on monthly plans
• Transparent pricing changes
• Clear billing with no surprises
• Easy migration between plans

Ready to digitise your laboratory?

Get started today

Free trial: 100 cases within a 14-day limit

Contact: contact@digilab.fr

Long-term archiving — Premium Option

Beyond the included durations

• Option 1 — £0.09 per case per additional month
• Option 2 — Unlimited archiving package +£43/month
• Option 3 — Annual 12-month archiving pack +£34/month

Instant access at any time via the platform

ANNEX 5 – PERSONAL DATA PROCESSING

• Personal Data: means any information relating to an identified or identifiable individual, directly or indirectly, in particular by reference to an identification number or to one or more elements specific to that individual. "Client Personal Data" means data communicated by the Client to the Provider as well as data collected, produced or otherwise Processed by the Provider in connection with the performance of the Contract;
• Processing: means any operation or set of operations applied to Personal Data, whether or not carried out by automated means, such as collection, recording, organisation, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, as well as blocking, erasure or destruction;
• The terms "Data Subjects", "Data Controller" and "Processor" have the meaning given to them in Article 4 of the GDPR; their related terms shall be interpreted accordingly.

A) General provisions

The Parties acknowledge that for the Processing operations carried out in the context of the performance of the Contract, the Client acts as Data Controller and the Provider acts as Processor. As Processor, the Provider undertakes to:

1. Process Personal Data solely for the purposes that are the subject of the sub-processing;
2. Process Personal Data in accordance with the Client's documented instructions. If the Provider considers that an instruction constitutes a breach of Applicable Regulations, it shall immediately inform the Client;
3. Guarantee the confidentiality, security and integrity of Personal Data processed hereunder;
4. Ensure that persons authorised to process Personal Data comply with Applicable Regulations;
5. Inform the Client of any transfer of Personal Data outside the European Union, or to a non-adequate country, and guarantee that such transfer and/or hosting is carried out to countries that ensure a sufficient level of data protection;
6. The Provider has a general authorisation to engage another processor (hereinafter, the "sub-processor") to carry out specific processing activities. In the event of the addition or replacement of a sub-processor, the Provider shall inform the Client in advance and in writing, and the Client shall have a period of one (1) month from the date of receipt of such information to raise objections.
7. Right to inform Data Subjects: It is the Client's responsibility to provide information to Data Subjects affected by the processing operations at the time of collection of Personal Data.
8. Exercise of data subjects' rights: To the extent possible, the Provider shall assist the Client in fulfilling its obligation to respond to requests for the exercise of data subjects' rights. Where data subjects submit requests to the Provider for the exercise of their rights, the Provider shall forward them to the Client within seventy-two (72) hours of receipt;
9. Personal data breach notification: the Provider shall notify the Client of any Personal Data breach within a maximum of 48 (forty-eight) hours of becoming aware of it, by email to the email address provided by the Client for this purpose.
10. DPIA: to the extent possible, the Provider shall assist the Client in carrying out data protection impact assessments.
11. Fate of Personal Data: Upon termination hereof, the Provider undertakes to destroy all Personal Data, unless a legal obligation requires otherwise.

B) Description of Processing — Sub-processors

Identity and contact details of the Data Protection Officers (DPO)