This Privacy Notice applies to information we process when you engage with:

• Our website and other online tools (together, our “Digital Platforms”); and

• The broader Kitman Labs ecosystem, including our users, subscribers, visitors, and those accessing or using our technology or platforms (collectively, the “Kitman Labs Service” or the “Service”).

We are committed to safeguarding your privacy and operating in line with applicable data protection standards. This Privacy Notice sets out our approach to handling “Personal Data”, which includes any information that directly or indirectly identifies a living person, whether on its own or in combination with other data. We encourage you to review this Privacy Notice in full to understand how your Personal Data is processed. Please note that certain sections may apply only to individuals located in specific jurisdictions. For example, the legal bases for processing provided in the table below apply primarily to individuals subject to the General Data Protection Regulation (GDPR) and the UK Data Protection Act. Transparency is central to how we operate. We want you to feel confident in how we handle your data and are committed to treating your information with care and respect. If you have any questions or need more information, please do not hesitate to contact us.

Kitman Labs acts in different capacities depending on the specific context in which Personal Data is processed. In most cases, Kitman Labs acts as a data processor on behalf of its customers (e.g., sports teams, clubs, or organizations) that use the Kitman Labs Service to manage and analyse athlete data. In these circumstances, our role is limited to processing Personal Data under the instructions of our customers, who remain the data controllers. However, there are limited situations where Kitman Labs independently determines the purposes and means of processing certain categories of Personal Data and therefore acts as a data controller. For example, we may process certain athlete data as a controller for the purposes of ensuring the security, integrity, and availability of our systems, platforms, and services. This includes processing data such as IP addresses, log-in activity, and system access metadata to detect and respond to suspicious behaviour, ensure system resilience, and comply with our legal obligations related to information security. We are committed to providing transparency about our data processing practices and will continue to clearly distinguish between our role as a controller and as a processor in the contexts in which each applies.

This Privacy Notice may be updated by us from time to time without notice to you. You should read this Privacy Notice before using the Service”. If you cannot comply with all of the terms of this Privacy Notice, you may not access or use the Service.We may update this Privacy Notice periodically to reflect changes in our practices or legal requirements. We encourage you to review it regularly to stay informed about how we handle your Personal Data. The latest version will always be indicated below. If we make significant changes to how we use your Personal Data in ways that differ from what was stated at the time of collection, we will notify you. This notification may be provided through a notice on our Website, via email, or through other appropriate means.

In the course of providing the Kitman Labs Service, we may collect or receive the following categories of Personal Data, either directly from you, from our customers (e.g. teams, clubs, organizations), from third parties, or through automated means. These categories apply across jurisdictions and may be subject to local variations based on applicable laws:

a. Identification and Contact Data

(such as name, email address, mailing address, phone number, date of birth, identification numbers like user ID, athlete ID, device ID)

b. Account and Authentication Data

(such as login credentials, username, password, encrypted tokens, account status, user roles, and authentication history)

c. Device, Log and Technical Data

(such as IP address, browser type, operating system, user agent string, access times, geolocation data where enabled, and device identifiers)

d. Usage and Activity Data

Interactions with the Kitman Labs Service, usage logs, activity submissions, performance data, and support history

e. Medical, Physical and Health-Related Data (Sensitive Personal Data / Special Category Data under applicable laws)

In jurisdictions that regulate the processing of sensitive or special category data (e.g., GDPR, UK GDPR, HIPAA, LGPD, PDPA), we may collect the following types of health-related data solely for purposes agreed upon with our customers and/or based on appropriate legal grounds:

• Medical history, injuries, diagnoses, treatment or rehabilitation data

• Physical characteristics, biometric measurements, and performance data

• Sleep patterns, fatigue levels, nutrition, hydration, and recovery metrics

• Psychological assessments, wellness check-ins, cognitive performance, or emotional wellbeing indicators

• Any data derived from sensors, wearables, or third-party integrations used to monitor or assess an athlete’s health or performance

f. Professional and Team Context Data

Club or team affiliation, position, coaching staff inputs, attendance, training schedules, match participation, and internal assessments

g. Marketing and Communication Preferences

Preferences for receiving communications, marketing opt-ins, and correspondence logs

h. Sensitive Personal Information under Local Laws

Where applicable (e.g., under the CCPA/CPRA in California), we may collect “sensitive personal information” as defined by law, including:

• Government identifiers

• Precise geolocation

• Racial or ethnic origin (where relevant and permitted)

• Health information (as described above)

• Contents of messages (where not directed to us)

We will only collect and process these categories of data as permitted by applicable data protection laws, with appropriate safeguards and, where required, valid legal bases or consents.

We use cookies and similar tracking technologies across our Website and Digital Platforms to improve your experience, enable key features, understand how our services are used, and deliver content that is relevant to you. This section provides an overview of what cookies are, how we use them, and the options available to you.

Cookies are small data files stored on your device (such as a computer, smartphone, or tablet) when you access a website. These files help websites recognise your device and retain information about your visit—such as your preferences, login status, or Browse behaviour.

Cookies vary in terms of their purpose and duration. Some are essential to the functioning of our platforms, while others support analytics, personalization, or advertising. They may remain active only for the duration of your visit (session cookies) or persist for a longer period (persistent cookies).

You have control over the use of cookies, and we explain your choices and how to manage them in the sections below.

Types of Cookies We Use

We use a variety of cookies on our Digital Platforms to support core functionality, enhance user experience, and help us understand how our services are used. Below is an overview of the types of cookies in use:

Strictly Necessary Cookies

These cookies are essential to the operation of our Website and Digital Platforms. They enable critical functions such as secure access, navigation, and the use of key features. Because they are necessary for the platform to function properly, they cannot be turned off through our consent management tools.

Functional Cookies

Functional cookies support enhanced and personalised user experiences by remembering your preferences—such as language settings or region. These may be set by us or by third-party providers whose services we incorporate on our site.

Analytics and Performance Cookies

These cookies gather insights into how users interact with our Website—for example, which pages are most frequently visited or how users move between sections. This data helps us improve performance and usability. These cookies do not collect information that directly identifies you.

Advertising and Targeting Cookies

These cookies may be set by us or our advertising partners to deliver content and ads that are tailored to your interests. They work by tracking your Browse behaviour across websites and creating a profile of your preferences. Where required by law, these cookies will only be activated with your consent.

Cookie Duration

Cookies used on our platforms may be classified by how long they remain active:

Session Cookies: Temporary cookies that are deleted when you close your browser.

Persistent Cookies: Remain on your device for a specified duration or until manually deleted. Depending on their purpose, our persistent cookies typically last between 30 days and 13 months.

Managing Your Cookie Preferences

You can manage or disable cookies at any time by adjusting the settings in your browser. Most web browsers allow you to review, block, or delete cookies, and to be notified when a site attempts to store cookies on your device.

Please note that restricting certain types of cookies may impact your experience on the Kitman Labs Service and limit functionality.

If you have any questions about our use of cookies or similar technologies, please contact us at dpo@kitmanlabs.com.

When you interact with our Site, we automatically collect certain technical data through the use of log files. This information may include:

• Internet Protocol (IP) address

• Browser type and settings

• Internet Service Provider (ISP)

• Date and time of access

• Referring and exit pages

• Pages viewed or clicked

• Other data transmitted by your browser or mobile device during your interaction

We use this information to better understand how visitors engage with our Site. Log file data helps us identify usage trends, monitor system performance, troubleshoot technical issues, and gather aggregate demographic insights. These insights enable us to continuously refine our Site’s performance and content to better meet user expectations and improve your overall experience.

At Kitman Labs, safeguarding your personal information is a core priority. We employ a range of technical, organisational, and procedural measures designed to protect your data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These safeguards are proportionate to the sensitivity of the data and the risks associated with its processing, and are implemented in accordance with applicable data protection laws and standards.

Despite our efforts, it is important to understand that no security system is infallible. While we are committed to maintaining robust protections, we cannot guarantee the absolute security of our systems or those of third parties with whom data may be shared, as outlined in this Privacy Notice. Additionally, data transmitted over the internet may be subject to interception or unauthorized access while in transit.

We have put in place appropriate safeguards to minimise such risks, but your own actions are equally important in maintaining data security. To help protect your information, we encourage you to:

Use strong and unique passwords for your accounts;

Keep your login credentials confidential;

Ensure your devices and internet connections are secure when accessing our Service.

Please also be cautious when communicating with us via email. Email is not always a secure transmission method, and we advise against sending sensitive or confidential information through unsecured channels wherever possible.

At Kitman Labs, we retain Personal Data only for as long as it is necessary for the purposes for which it was collected, or as required under applicable legal, regulatory, or contractual obligations. The duration of storage depends on the category of data and the context of its use. For example:

Medical and performance data may be retained for up to 10 years following the last contact or data entry, in line with healthcare regulatory requirements (e.g., GDPR, HIPAA, NHS guidelines).

Personal identification data is typically retained for 10 years following account deactivation or contract end, to support legal and compliance needs.

Operational data, such as logs and access records, is retained for a minimum of 2 years to support audits and investigations.

Once the applicable retention period expires, or upon a valid request for deletion (where legally permissible), we follow a structured process to either:

Securely delete the data from our live and archived systems, using methods consistent with ISO 27001 and NIST 800-88 standards; or

Anonymise the data, where ongoing use is required for analytics, benchmarking, or research. Anonymisation is performed in a manner that ensures the data can no longer be linked to any individual, consistent with GDPR Recital 26 and ISO/IEC 20889.

Where users request early deletion of their data, we may satisfy the request by anonymising the data instead of deleting it—provided that the anonymisation is irreversible and meets applicable legal standards. In such cases, the resulting data is no longer considered Personal Data and falls outside the scope of data protection laws.

Please note that we may retain certain data for longer periods if necessary to:

• Comply with legal, tax, regulatory, or accounting obligations;

• Maintain accurate records in the event of complaints, disputes, or investigations; or

• Preserve information where we reasonably anticipate litigation or other legal claims.

If you have questions about our data retention or deletion practices, or would like to request the removal of your Personal Data, please contact us at dpo@kitmanlabs.com.

In those instances when Kitman Labs provides access to its services through an application programming interface (“API”), any Personal Data processed via the API is subject to this Privacy Notice and governed by the terms of the applicable agreement with the customer.

Customers are solely responsible for verifying and validating the manner in which they use the API, including the nature of any data submitted to or retrieved from it. It is the customer’s responsibility to ensure that their API usage aligns with their internal policies, intended purpose, and applicable legal and regulatory obligations.

Kitman Labs does not assume responsibility for the privacy, security, or accuracy of data processed by external systems or third-party platforms that integrate with the Kitman Labs platform via the API. This includes any third-party tools or environments connected to our API by or on behalf of the customer.

To maintain the integrity and performance of our services, we monitor for abnormal or excessive use of the API. This may include high-frequency, automated, or otherwise intensive access patterns. In such cases, Kitman Labs may take steps to restrict or suspend API access—either temporarily or permanently—following reasonable attempts to notify the affected customer.

Kitman Labs also reserves the right to modify, restrict, or discontinue API access at any time, with or without prior notice, where necessary to protect the security, stability, or reliability of our systems.

Customers are expected to ensure that their use of the API complies with all relevant data protection requirements, including obtaining valid consent or establishing another lawful basis for any Personal Data processed through the API.

We may share your Personal Data in the following circumstances, always in accordance with applicable data protection laws and with appropriate safeguards in place:

1. Legal and Regulatory Compliance

We may disclose your information to law enforcement authorities, regulatory bodies, courts, or other governmental agencies if we are legally required to do so. This may include compliance with subpoenas, court orders, legal proceedings, or lawful requests from public authorities.

2. Business Transitions

If Kitman Labs is involved in a merger, acquisition, asset sale, reorganization, or similar business transaction, your Personal Data may be disclosed to relevant third parties as part of the due diligence process or transferred as part of the transaction itself. In such cases, we will take reasonable steps to ensure that your Personal Data continues to be protected in line with this Privacy Notice.

3. With Your Consent

We may share your Personal Data where you have given us explicit consent to do so. This may include, for example, opting in to receive marketing communications, participating in research, or enabling specific product features or third-party integrations.

4. Law Enforcement and Regulatory Requests

We assess and respond to information requests from law enforcement or regulatory authorities with care. Any disclosure is subject to verification that the request is lawful, necessary, and proportionate.

5. Internal Transfers Within Kitman Labs

Your Personal Data may be shared across entities within the Kitman Labs group to support operational efficiency, customer service, compliance, and security. We apply consistent and appropriate data protection standards across all internal transfers, regardless of location.

6. Transfers to External Third Parties

Where we share your Personal Data with external service providers, business partners, or other third parties, we do so in accordance with applicable data protection laws. We require these recipients to adhere to contractual obligations that ensure your data is protected and processed only for the purposes specified by Kitman Labs.

International Transfers

Where your Personal Data is transferred outside of your country or region (including transfers from the EU or UK to countries not deemed to provide an adequate level of protection), we implement appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms to ensure your rights are upheld.

Your Data Protection Rights

Kitman Labs respects your rights in relation to your Personal Data. Depending on your jurisdiction and applicable privacy laws—including but not limited to the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA/CPRA), and other global data protection laws—you may have the following rights, subject to certain limitations or exemptions:

1. Right to Access / Know

You have the right to request confirmation of whether we process your Personal Data and to access the data we hold about you. Under laws such as the GDPR and CCPA, this includes the right to request a copy of the data and information about:

The categories of Personal Data we collect;

The purposes for processing;

The categories of recipients to whom data is disclosed;

The duration of data retention;

Whether we sell or share your data (note: Kitman Labs does not sell Personal Data).

2. Right to Rectification / Correction

If your Personal Data is inaccurate or incomplete, you may request that it be corrected or updated.

3. Right to Erasure / Deletion

You may request that we delete your Personal Data in certain circumstances (also known as the “right to be forgotten” under the GDPR or the “right to delete” under the CCPA). However, we may retain data:

As required by legal, regulatory, or contractual obligations;

To defend or establish legal claims;

Where necessary for security, fraud prevention, or product integrity;

Where anonymisation is a lawful and appropriate alternative (e.g., for research or analytics).

4. Right to Restrict Processing

Under the GDPR, you may request that we restrict the processing of your Personal Data in specific circumstances—such as during a dispute over accuracy or legality of processing.

5. Right to Object

Where we process your Personal Data based on legitimate interests, you may object to such processing. You may also object to profiling or to direct marketing at any time.

6. Right to Data Portability

You may request a copy of your Personal Data in a structured, commonly used, and machine-readable format. Where feasible, you may request that we transfer this data directly to another service provider.

7. Right to Withdraw Consent

Where our processing of your Personal Data relies on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before the withdrawal.

8. Right to Lodge a Complaint

If you believe we have violated your privacy rights, you may lodge a complaint with a data protection supervisory authority in your jurisdiction (e.g., the ICO in the UK, a DPA in the EU, or a state Attorney General in the U.S.). We encourage you to contact us first so we can attempt to resolve your concern directly.

9. Right to Opt Out of Sales / Sharing and Targeted Advertising (CCPA/CPRA and similar U.S. laws)

If you are a resident of California or certain other U.S. states, you may have the right to:

Opt out of the “sale” or “sharing” of your Personal Data (as defined by law);

• Opt out of targeted advertising or profiling;

• Limit the use and disclosure of sensitive Personal Data.

Kitman Labs does not sell Personal Data. If we ever engage in sharing or targeted advertising, we will provide appropriate mechanisms for you to exercise your rights under these laws.

10. Right to Information About International Transfers

You may request details about how your Personal Data is transferred outside your home country, including the safeguards in place. This may involve use of Standard Contractual Clauses or other legally recognised mechanisms.

Exercising Your Rights

To exercise any of the rights described above, please contact us at dpo@kitmanlabs.com. We will respond within the timeframe required by applicable law.

To protect your data, we may ask for information to verify your identity before acting on your request. In some cases, we may not be able to fully comply with your request if it conflicts with our legal obligations, affects the rights of others, or would compromise system integrity. If so, we will explain the reasons and seek to accommodate your request as far as possible under the law.

International Data Transfers

As a global organization, Kitman Labs may transfer and process your Personal Data in countries outside your country of residence, including jurisdictions that may not provide the same level of data protection as those in your home country. These transfers are essential to deliver our services and operate efficiently across regions.

We are committed to ensuring that your Personal Data is protected in accordance with applicable data protection laws, including but not limited to the EU and UK GDPR, Swiss Federal Act on Data Protection (FADP), U.S. state privacy laws (e.g., CCPA/CPRA), Australian Privacy Act, and other international standards.

Safeguards for Cross-Border Transfers

Where we transfer Personal Data internationally—particularly from the European Economic Area (EEA), United Kingdom (UK), or Switzerland—we implement appropriate safeguards to ensure that the data continues to receive a level of protection that is essentially equivalent to that provided under the applicable laws.

These safeguards may include:

▸ Adequacy Decisions

Where the European Commission, UK Government, or Swiss authorities have recognised a third country as providing an adequate level of data protection, we may transfer data to organisations within that country without additional formalities.

▸ Standard Contractual Clauses (SCCs) and UK IDTA/Addendum

For transfers to countries not subject to an adequacy decision, we rely on the European Commission’s SCCs, the UK’s International Data Transfer Agreement (IDTA), or the UK Addendum to the SCCs. These legally binding contracts impose obligations on the data importer to uphold the protection of Personal Data in accordance with EU and UK standards.

▸ Binding Corporate Rules (BCRs)

Where applicable, we may rely on approved Binding Corporate Rules to facilitate intra-group data transfers within Kitman Labs and its affiliates. BCRs are a framework that ensures consistent data protection across our corporate entities worldwide.

▸ Supplementary Measures

In line with the guidance from European data protection authorities (e.g., post-Schrems II), we may implement additional safeguards such as:

Encryption during transmission and at rest;

Access controls and pseudonymisation;

Data minimisation and purpose limitation;

Technical and organisational security measures aligned with ISO/IEC 27001 and NIST standards.

Transfers to the United States and Other Non-Adequate Jurisdictions

Where we transfer data to the U.S. or other countries that do not benefit from adequacy decisions, these transfers are governed by the safeguards described above. We also monitor developments under evolving frameworks, such as the EU-U.S. Data Privacy Framework (DPF) and equivalent UK/Swiss mechanisms, and will update our approach as legal standards evolve.

Your Rights and Access to Transfer Mechanisms

You have the right to request further information about the international data transfer mechanisms we use. If you wish to obtain a copy of the relevant safeguards (e.g., SCCs or BCR summaries), please contact us at dpo@kitmanlabs.com. Where required, we may redact portions of the documentation to protect commercially sensitive terms or third-party confidentiality.

Ongoing Review and Compliance

We continually assess and update our international data transfer practices in light of legal developments and regulatory guidance across all jurisdictions in which we operate. Our goal is to maintain a lawful transfer framework that protects your data wherever it goes.

Kitman Labs’ products and services are not designed for, or directed at, individuals under the age of 18. If you are under 18, you may only use our services with the involvement and verifiable consent of a parent or legal guardian.

We do not knowingly collect, store, or process Personal Data from children under the age of 18 without appropriate consent. If we become aware that Personal Data has been submitted to us by a child in violation of this policy, we will take immediate steps to delete the data from our systems and ensure it is not used or retained.

In jurisdictions where a different minimum age applies for data consent purposes (e.g., 13 under U.S. COPPA, 16 under certain EU Member State GDPR implementations), we will comply with the applicable legal requirements and treat any affected data accordingly.

If you believe that a child under the age threshold applicable in your jurisdiction has provided us with Personal Data without parental or guardian consent, please contact us at dpo@kitmanlabs.com so we can promptly investigate and take appropriate action.

Protecting the privacy and security of children is a fundamental priority for Kitman Labs, and we design our services and privacy practices with this commitment in mind.

If you would like to manage your communication preferences, update your information, or exercise any data rights (including access, correction, or objection), please contact us at dpo@kitmanlabs.com.

You may also use this email address to:

• Update your account details or contact information

• Unsubscribe from marketing communications or adjust your consent settings

• Request to delete or reset your account

• Request permanent deletion of your account and all associated data

Upon receiving a valid request for permanent deletion, we will process it within 30 days, unless a longer period is required to comply with legal obligations or verify identity. Where permitted under applicable law, we may anonymize your data instead of deleting it, consistent with our data retention and deletion policy. If you have any questions about your rights or need assistance, please don’t hesitate to reach out. We are committed to ensuring your data is handled with care and transparency.

You have the right to opt out of receiving marketing or promotional communications from Kitman Labs at any time, regardless of your jurisdiction. You may do so by:

Emailing us directly at dpo@kitmanlabs.com with your request to opt out; or

Clicking the “Unsubscribe” link found at the bottom of any marketing or promotional email we send and following the instructions provided.

Please note that your opt-out request will only apply to non-essential communications. You will still receive service-related communications that are necessary for the operation, maintenance, and security of your account and the Kitman Labs platform (e.g., transactional emails, service announcements, or support-related messages), as these are not considered marketing and are permitted under applicable laws.

We aim to process all opt-out requests promptly and in accordance with the timeframes required by law. Depending on your location, this may range from a few days (e.g., under GDPR/UK GDPR) to up to 10 business days (CAN-SPAM and CCPA) or 30 days (CASL).

If you believe you have received marketing communications in error or need assistance managing your communication preferences, please contact us at dpo@kitmanlabs.com and we will assist you.

This Privacy Notice applies to all individuals whose Personal Data is collected, used, or otherwise processed by Kitman Labs—regardless of their location or the jurisdiction from which they access our services. We are committed to upholding the highest standards of privacy, transparency, accountability, and data protection worldwide.

Whether you interact with the Kitman Labs Service from the European Union, United Kingdom, United States, Canada, Brazil, Australia, New Zealand, Singapore, South Africa, Switzerland, Japan, or any other jurisdiction, this Privacy Notice governs how we collect, use, disclose, transfer, store, and protect your Personal Data.

We recognise and respect the diversity of legal, regulatory, and cultural expectations surrounding data privacy and are committed to ensuring that our practices align with applicable laws in each region. Our privacy program is designed to comply with international and local frameworks, including but not limited to:

• EU General Data Protection Regulation (GDPR)

• UK GDPR and the UK Data Protection Act 2018

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

• Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

• Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados – LGPD)

• Australia’s Privacy Act 1988

• Singapore’s Personal Data Protection Act (PDPA)

• South Africa’s Protection of Personal Information Act (POPIA)

• Japan’s Act on the Protection of Personal Information (APPI)

• Switzerland’s Federal Act on Data Protection (FADP)

• New Zealand Privacy Act 2020

Where local data protection laws impose stricter or additional requirements, we implement appropriate measures to comply with those obligations. This includes honouring individual rights, maintaining cross-border transfer mechanisms, providing transparent notice, and enforcing robust security and governance controls.

In the event of any conflict between this Privacy Notice and the mandatory provisions of local law, the local law shall prevail, but only to the extent of the inconsistency. In all other cases, this Privacy Notice applies in full and without limitation.

For any questions regarding our global privacy practices or to exercise your data rights, please contact us at dpo@kitmanlabs.com.

This Privacy Notice is effective as of the “Last Updated” date indicated at the top of this document. We may revise or update this Privacy Notice from time to time to reflect changes in our practices, services, or applicable laws. We reserve the right to make such changes with or without advance notice.

Any updates will become effective once posted. By continuing to access or use the Kitman Labs Service after an update, you acknowledge and accept the revised Privacy Notice. To ensure that you remain informed of how we handle your Personal Data, we encourage you to review this Privacy Notice periodically.

Unless otherwise required by applicable law, our use of your Personal Data is governed by the Privacy Notice in effect at the time the information is collected.

This Privacy Notice, including any disputes or claims arising from it, shall be governed by and construed in accordance with the laws of Ireland, if you are based in the United Kingdom, a Member State of the European Economic Area, or Switzerland, without regard to any conflict of law principles.The United Nations Convention on Contracts for the International Sale of Goods (1980) (“CISG”) is expressly excluded and shall not apply. Any disputes arising in connection with this Privacy Notice shall be subject to the exclusive jurisdiction of the courts of Dublin, Ireland, unless otherwise required by applicable mandatory law in your place of residence.

If you are located in the United States, this Agreement shall be governed by the laws of the State of California, United States, without reference to conflict of laws principles. The Parties irrevocably submit to the exclusive jurisdiction of the state or federal courts located in San Francisco County, California, for all disputes arising out of or in connection with this Agreement. The CISG, the Uniform Computer Information Transactions Act (UCITA), and choice of law rules are expressly excluded. Notwithstanding the foregoing, either Party may seek injunctive or equitable relief in any court of competent jurisdiction for matters relating to intellectual property rights.

If you are located in Australia, this Agreement shall be governed by the laws of New South Wales, Australia. The Parties submit to the non-exclusive jurisdiction of the courts of New South Wales. The CISG is expressly excluded and does not apply. Any legal action arising under this Agreement must be commenced within two (2) years of the cause of action arising. Each Party irrevocably waives, to the fullest extent permitted by law, any right to a trial by jury in any legal proceeding arising out of or relating to this Agreement.

If you are located in Singapore, this Agreement shall be governed by the laws of Singapore. The Parties submit to the non-exclusive jurisdiction of the courts of Singapore. The CISG is expressly excluded and does not apply. Any legal action arising under this Agreement must be commenced within two (2) years of the cause of action arising.

For all other locations, this Agreement, including any disputes or claims (whether contractual or non-contractual) arising out of or in connection with its subject matter or formation, shall be governed by and construed in accordance with the laws of the Republic of Ireland. The Parties irrevocably agree that the courts of the Republic of Ireland shall have exclusive jurisdiction to resolve such disputes or claims. The United Nations Convention on Contracts for the International Sale of Goods (1980) (“CISG”) is expressly excluded and shall not apply.

If you have any questions, concerns, or requests regarding this Privacy Notice or how we process your Personal Data, you may contact us at: dpo@kitmanlabs.com. Kitman Labs has appointed Aphaia Ltd as its Data Protection Officer (DPO) in accordance with the GDPR and other applicable data protection laws.

Aphaia Ltd
dpo@aphaia.co.uk
www.aphaia.co.uk
(+44) 20 3917 4158