CTRLSC4C/24-25/LFL/D/1191

Purchase Order No PO Date PRF. No.

CTRLSC4C/24-25/LFL/D/1191 22/11/2024 SR2270959615

Name of the Contractor/Vendor: Details of Annexure attached to this Order

Billing & Shipping Address:
Cloud4C Services FZ-LLC
To,
#101, Building No.12, Dubai Internet City,
Giftalittlebyanchal LLC
Dubai, United Arab Emirates

Contact Person Ms Anchal Gupta Cloud4c Contact Person: Rakesh Reddy

Phone +971547833117 Phone +971564156440

Email [email protected] Email

Contractor's GST No. Not Applicable Contractor's GST No. Not Applicable
PO Issued By: Neeraj
Email: [email protected] ITPC No: C4C971ITPC20241121,4-5PM,GCSS,SS ,mvv-A027
Kumar
Dear Sir/Mam,
Sub: MEA – Diwali Goodies/Hamper

With reference to the above, we are pleased to issue this Order for the subject work as per the given details, documents enclosed herewith
as Annexures and the Terms & Conditions as detailed below.

S.no Product/item Qty Unit Price Total price in AED

1 Diwali Hampers 17 AED 285 AED 4,845

2 Print Charges 17 AED 12.65 AED 215.05

3 Transport to cloud4c office Dubai 1 AED 150 AED 150

Sub Total Value 5,210.05

Taxes 0
Total Value in AED 5,210.05

Total in Words in AED: Dirham five thousand two hundred ten point zero five only.
CTRLSC4C/24-25/LFL/D/1191

ANNEXURE
1 Scope: MEA – Diwali Goodies/Hamper
Price Basis: Unit Prices mentioned shall remain firm and fixed for the entire scope of works.
2 Statutory approvals or any other charges: Any charges/fees pertaining statutory or of any other form shall be on account of
Contractor/Vendor, hence part of unit rate. All other taxes, duties, if applicable, included in unit rate.
3 Taxes: N/A
Contractual Period: Service Provider shall complete total scope of work within 1 week from the date of order in co-ordination
4
with Could4C Authorized representative.
Recoveries for delay in Liquidated supply: In case of part shipment or delay beyond schedule time, for reasons attributable
5 to you, LD shall be applicable on part shipment penalty or @ 0.5% of the total Contract Price per week of delay, as the case
may be, subject to a maximum of 10% of Order Value.
Address for Correspondence: You hereby agree that for the proper and effective administration of the Contract, all notices,
instructions, payments etc. under the Contract shall be addressed to " M/s Cloud4C Services Pvt. Ltd., Plot no: 16, Pioneer
6 Towers, Inorbit Mall Road, HITEC City, Hyderabad, Telangana-500081". Such notices and instructions shall be deemed as
duly served to you pursuant to the conditions of Contract. Any change as to the address for correspondence or the contact
person shall be duly intimated to us in writing.
7 Support: Not Applicable
8 Payment Terms: 100% Advance. (Transportation cost as per locations 30-45 Aed will be calculated on actuals)
Acceptance of Bill of material: Cloud4c shall duly accept the Bill of material and confirm on the same. If any discrepancy is
9 found in the list items and specifications, Cloud4c shall have the right to reject the Bill of Material, and such delivery shall be
considered as wrong delivery or part delivery. You are not entitled to claim any payment on partial delivery.
Special Instructions For submission of Invoices and Bank Guarantee(s) Invoices for Payment: We have a system of
10
making payments to our vendors through Bank transfer for which you shall provide relevant details.
11 Quantity Variation: Not Applicable
Risk Purchase: During execution of this order, if any delay is observed due to reasons attributable to you other than Force
Majeure conditions which may cause delay in completion of the work, Cloud4c shall be at liberty to cancel the contract, totally
12
or partially, at any point of time without assigning any reasons, whatsoever, and take
Alternative measures at your risk and cost.
13 Tax Deduction at Source (TDS): N/A
14 Inspection- Quality Assurance: Inspection- Quality Assurance respect to services offered.
15 Insurance Policies: Not Applicable
16 Statutory Requirements: Not Applicable
17 Other Terms & Conditions: All other terms & Conditions not specifically mentioned herein shall be as per tender documents.
Business Ethics: Cloud4c is committed to operating its business conforming to the highest moral and ethical standards. This
commitment underpins everything that we do in connection with the purchase Order/ Work Orders. Cloud4c shall work with
suppliers and service providers who share similar value and demonstrate the same values. We expect our suppliers & service
18 providers to confirm to the confidentiality of information shared with them. Cloud4c represents and covenants that it has not
made, offered, paid, promised or authorized, and will not make, offer, pay, promise or authorize, the payment or gift of money
or anything of value directly or indirectly to an party, in exchange for a business advantage, including a commitment to expedite
or perform a routine action.
Non-Disclosure & Confidentiality: All commercial and technical information and data provided by us or the Contract in relation
to the project shall be kept confidential and you shall not at any time directly or indirectly disclose such information and data to
19
any person or firm or use or exploit the same in any Manner other than in connection with the pursuit of the object of this
Agreement, without the prior written consent of us.
Order Acceptance: This order is being issued to you in "Triplicate". Please return one acceptance copy of this order to
Procurement Team and second acceptance copy to Projects Team duly signed on each page with your Company's seal as a
20 token of your acceptance of this order with all Terms & Conditions. In case no reply is received within 7 days, it shall be deemed
that this Order has been accepted by you in total. Please expedite return of your acceptance copies as advised herein
immediately on receipt of the order.

21 Post Order Correspondence: Please quote our Work Order / Purchase Order Number in all your future correspondence
Which shall be addressed to Project Team. Copies of correspondence involving commercial matters shall be marked to
CTRLSC4C/24-25/LFL/D/1191

Procurement team.
All your invoices for Payment shall be forwarded in Original PLUS 1 extra copy to stores department. Please note that the above
requirement will ensure seamless processing of your invoices While forwarding the invoices, please also ensure that all
supporting documents required for processing of invoices are enclosed. For this purpose, we recommend that a check list be
submitted together with your invoices.
Force Majeure: This contract is subjected to for majeure due to any cause beyond reasonable control, Including but not limited
to embargoes acts of Government, strikes (not due to you), lockouts (Not due to you), fire, accident, explosion, theft,
22
earthquakes, floods, and any other acts of God, Civil commotion, war, malicious mischief, acts of enemies and any other
conditions prevailing Under international norms of practice
Indemnity: You shall indemnify and keep indemnified us from and against any and all loss, damage, expense (including legal
costs on a full indemnity basis), or liability (whether criminal or civil) and costs of settlement suffered or incurred by us, due to
any neglect or default by you, agents, employees, partners, directors or representatives of you or due to any breach of
23
undertaking, loss, regulation and other statutory requirements in force in the territory or any other reason so long as such loss,
expense, damage, fees or costs resulted from the acts, operations or negligence of you. Maximum Indemnity shall be to the
value of the purchase order.
Settlement of Disputes / Arbitration: All disputes and differences of any kind whatsoever arising out of or in connection with
this work order as also with regard to the implementation, meaning, interpretation or implications of the various clauses of the
work order or in respect of any other matter or thing arising out of or relating to the development and construction of the Project
whether during the progress of the work or after their completion shall be communicated by the Contractor in writing to the
Project Manager and all possible efforts would be made by the Parties to sort out and resolve all such matters of controversy,
disputes and differences, amicably with due dispatch and effective priority. In case, the Contractor and the Project Manager
were unable to resolve such issues amicably latest within 10 working days from the date of receipt of such communication by
the Project Manager. In such eventuality the Owner / Project Manager shall take their decision thereon without any undue delay
and preferably within next 10 working days and there upon they shall notify in writing such decision to the Contractor within next
24 5 working days. Unresolved disputes, if any shall be subject to resolution by arbitration by a sole arbitrator duly appointed by
the employer. If the parties fail to decide upon a sole arbitrator, such a dispute shall be referred to a panel of three arbitrators
wherein each party shall appoint one arbitrator and the two arbitrators shall appoint the third member. Arbitration and
Conciliation Act, 1996 shall be the governing law for arbitration proceedings. The seat of the arbitration shall be Hyderabad.
The language of the arbitration shall be English. The Contractor shall not, except with the consent in writing of the Owner and
Project Manager, in any way delay the carrying out of the Work by reason of such matter, question or dispute being referred to
arbitration. On the contrary the Contractor shall proceed with the work with all due diligence and shall, until the decision of the
arbitrator is given, abide by the decision of the Project Manager. The award of the arbitrator shall not relieve the Contractor of
his obligations to adhere strictly to the Owner’s / Project Manager’s instructions with regard to the actual carrying of the Work
save and except as the Award may specifically affect such instructions.
Right to Audit: Cloud4c shall have all the rights to audit the scope of the products / services provided / being provided by you
25 at any point of time with notice to or without notice to you and you shall co-operate in all respects in regard with Cloud4c for the
smooth conduct of such audits.
Reference Documents: All correspondence amongst Principal Distributor and Cloud4c including quotations, modifications,
26
and commitments on warranty, spares, ORC, technical specifications, customer commitments and other terms.
Order of Reference: All reference documents are a part of this purchase agreement. In case of conflict, this PO prevails over
27
all others and the latest mutually agreed correspondence prevails over earlier correspondence or offers.
1. Anti-Bribery and Anti-Corruption Policy ("ABAC Policy")
Vendor shall not engage in any conduct which would constitute an offence under any of the anti-corruption/anti-bribery
legislations of the Applicable Laws. Vendor shall have and shall maintain in place throughout the term of this Agreement their
own effective compliance programme, to ensure compliance with and detect violations of all of the applicable anti-bribery/ anti-
corruption norms.
i. Vendor has to conduct itself with the highest standards of integrity and in compliance with all relevant laws and
regulations and in full compliance of this ABAC policy.
2. Vendor Personnel:
i. The Vendor may delegate staff that to fulfil its obligation under this Agreement and the Vendor ensures that the staff so
delegated shall be appropriately skilled and qualified.
28
ii. Vendor understands that it solely responsible to their personnel for all their, grievances, disputes, salaries, statutory
deductions such as PF, ESI etc.,. Vendor further ensures that it shall dully pay all their personnel salaries, wages etc.,.
On time and without any delay
iii. The personnel so deployed/delegated under this Agreement shall have no claim, in whatsoever manner or mode,
against the Customer.
iv. Vendor understands and agrees that it shall be solely responsible for obtaining all licenses, registrations, approvals,
permissions, sanctions, etc. under applicable laws necessary, to deploy/ delegate its personnel to the Customer under
this Agreement, such as the Contract labor (Regulations & Abolitions) Act 1970, Maternity Benefit Act 1961, The
Employees’ Provident Funds And Miscellaneous Provisions Act, 1952, Employees’ State Insurance Act, 1948 etc.,.
v. Replacement of staff: If the Customer determines that it is in Customer’s interest that the Vendor’s personnel does not
CTRLSC4C/24-25/LFL/D/1191

continue performing any of the Services, Customer shall give the Vendor a written notice of the same, specifying the
reason and requesting that the employee or subcontractor be replaced. The Vendor will take appropriate action within
the mutually agreed timeframe to Customer’s satisfaction at its own cost and expense.
vi. Background Check: Vendor shall adhere to all background check requirements and conduct a background check (as
described below) before hiring its employees and assigning for rendering of Services to the Customer. Upon request,
the Vendor shall provide to Customer the background check history for each of its employee being assigned for
rendering Services to Customer which include the following:
a) a written statement confirming that the employee has successfully completed the background check in accordance
with its policies and procedures.
b) Character references - business and personal of such employees;
c) Confirmation of prior experience, academic record, and professional qualifications of such employees;
d) Confirmation of identity through a government issued identification of such employees.
A. INTRODUCTION
1. Purpose and scope
1.1 This Security and Data Privacy Schedule (Schedule) forms part of the Vendor Contract, that this Schedule is attached
or otherwise expressly required to be complied with.
“Vendor Contract” means the contract between Cloud4c Datacenters Limited (Cloud4c) and the [•] (Vendor) dated [•]
1.2 This Schedule sets out the security and privacy measures which must be complied with by the Vendor for the Services
provided to Cloud4c. Any security and privacy measures contained in this Schedule which Vendor is not required to
comply with, must be approved by Cloud4c in prior, in writing.
2. Objectives
The professional reputation of the Cloud4c is based upon trust & confidence, and in the safety & soundness of its operations.
29 The objective of this document is to ensure compliance, by Vendor, to the current legislation, regulation, codes of practice, and
good industry practice procedures ans all other applicable laws, relating to security & privacy, and to ensure that the business
is conducted in a secure and safe environment.
3. Principles
3.1 This Schedule has been developed within the context of several over-arching principles:
3.2 Cloud4c requires Vendor to follow Cloud4c policies and good industry practice procedures for the security of all
Vendor systems and Cloud4c systems. This involves, but is not limited to, ensuring the confidentiality, security, privacy
and availability of information and systems.
3.3 Where this Schedule requires the Vendor to have and/or to put in place any policy and/or procedure it shall: (i) not be
construed as limiting or fettering the Vendor’s obligations; and (ii) obligations to meet good industry practice procedure
(including the standards required by all relevant applicable Laws).
A. SECURITY POLICIES
1. Information Security policy:
a) The Vendor will have in a place a comprehensive system and information security program including written security
policies and procedures that are reviewed and (if necessary) revised at least every Twelve (12) months.
b) The Vendor must describe in its security policies the governance process, including roles, responsibilities, committees
and regularity of the meetings, reports, and dashboards.
c) Evidence of all Vendor security policies must be promptly available to Cloud4c upon request. In addition, if an onsite
audit is undertaken, the complete policies must be available for viewing by the customer, or by any other relevant
authorities, if required (e.g. Regulators of Cloud4c and/or its Affiliates).

B. RISK MANAGEMENT PLAN

1. The Vendor undertakes a thorough risk assessment and prepare a risk management plan in accordance with ISO
standard ISO/IEC 27001 or equivalent. The plan will include identification and evaluation of any risks associated with
30 information technology and infrastructure, designate owners for managing each risk, and present plans for elimination,
minimization and mitigation of each risk. The risk assessment should be reviewed and updated whenever there is a
significant change in the risk profile for Cloud4c system or Vendor’s own systems, and at least annually.
2. Whenever an emerging risk or a potential threat is identified by the Vendor which will impact Cloud4c service, the
Vendor must promptly notify Cloud4c, after which Vendor must evaluate the risk and implement a remediation plan if
necessary. This includes any problem that may have a significant impact on its ability to perform outsourced tasks
efficiently and in compliance with applicable contractual and regulatory requirements.
3. Human Resources Security
a) Agreements with personnel: The Vendor must have in place signed contracts with its employees, consultants and
contractors prior to their involvement in any contract between the Vendor and customer or its Affiliates. These
contracts will include appropriate non-disclosure and confidentiality clauses, and require compliance with all
relevant regulations, such as Applicable law. Vendor undertakes to take sole responsibility, at all times, for all acts
and actions of its employees, consultants and/or contractors.
b) The Vendor must identify sensitive population working for Cloud4c who have access to Cloud4c systems and
CTRLSC4C/24-25/LFL/D/1191

data pertaining to Services defined under the MSA. These employees must sign a formal agreement with their
sensitivity levels duly mentioned. They must also follow an awareness training in adequacy with their status.
c) Background investigation policy content
i. The Vendor maintains appropriate policies and procedures for background checks and vetting of employees,
consultants and contractors. These processes shall include (where legally permissible) checking on prior
employment, education, criminal records, and any relevant regulatory requirements as a minimum.
ii. The Vendor is responsible of the screening and the notification procedures if background verification has not been
completed or if the results give cause for doubt or concern. If requested by Cloud4c, the Vendor must provide
proof of its compliance to the above.
C. Roles and responsibilities
The Vendor maintains an up-to-date list of key roles and role-holders with responsibility for the key areas covered by this
Security Schedule.
D. Disciplinary policies
The Vendor maintains appropriate disciplinary policies and procedures for non-compliance with policies by employees,
consultants or contractors.
E. Security awareness training
i. The Vendor maintains a program to train employees, consultants and contractors on Security and Security
awareness, with training of each person required at least annually.
ii. The training must include the topic of information Security (e.g. IT security processes, data confidentiality,
banking secrecy, Incident reporting, business continuity, secure coding, compliance, ethics, personal data
privacy, data protection and data leakage) and services provided to Cloud4c and usage of Cloud4c Systems
and data.
F. Access Control
a. Access control and management
b. The Vendor shall ensure that it and its employees will follow all policies and procedures with respect to access control
traceability for:
c. registration, revocation and de-registration of user access;
d. allocation and revision of rights and privileges to users;
e. authentication of intending users seeking access;
f. the use of secret authentication information;
g. user password management; and
h. Access to Cloud4c System, administration rights and to privileged utility programs.
1.1 Traceability
A. The Vendor ensures that:
all registered users and IT administrators are uniquely identified in the Vendor systems and such data shall be shared to
Cloud4c as and when required; user identity is authenticated at each separate access occasion (login) to a Cloud4c system;
and all actions undertaken on each IT system which use or relate to Cloud4c system resources and Protected Information are
traceable to a specific system user. ‘Protected Information means Cloud4c’s customer information or personal information/data
or Confidential Information of Cloud4c or its Affiliates’
B. Password Policy
I. The Vendor maintains a password policy for access to Vendor systems that store, process or transmit any
Protected Information, or which store or execute software developed for Cloud4c or its Affiliates. Access to the
source code of software developed for Cloud4c or its Affiliates will be highly restricted.
C. Remote access
I. The Vendor maintains a policy regarding remote access to any networks and to any internet or cloud-facing
applications that involve Protected Information or code. Remote access systems will require use of encryption
(to the levels defined in this Security Schedule) and a VPN or Virtual Private Network. The "work from home",
31
"on duty", and "bring your own device" usages and means must be validated by Cloud4c.
‘VPN or Virtual Private Network means a private network connecting two or more devices which runs across a public network,
such as the Internet or the public telecommunications network.’

D. Data Protection Policy

The Vendor maintains a policy to ensure the confidentiality, protection, and privacy of any Protected Information. The policy will
cover the following topics and detail effective processes for each of the following, in compliance with relevant laws and
regulations:
I. data protection and privacy governance process, including roles, responsibilities, committees and regularity of the
meetings, reports, dashboards;
II. data collection, accuracy, pre-processing, storage, processing, updating, aggregation, usage, retention, transfer and
destruction, in accordance with relevant regulations;
III. responses to requests from data subjects;
IV. responses to requests from law enforcement agencies and Regulators;
CTRLSC4C/24-25/LFL/D/1191

V. documentation of processes;
VI. logging and reporting of actions undertaken, both legitimate and breaches; and
VII. Reporting of any security incidents to Cloud4c or its Affiliates in accordance with the reporting requirements stated in
the Vendor Contract.

E. Data Loss Prevention

The Vendor deploys industry standard data loss prevention systems for all Vendor systems, to ensure full Protection
Information. The data loss prevention system’s rules should be regularly updated and tested to ensure they are fit for purpose.

F. Incident notification
The Vendor will have in place processes for incident notification to Cloud4c or its Affiliates for incidents related to data and
system confidentiality, security and privacy.

G. Change Management
a. Change Management Policy
The Vendor maintains a policy for change management of IT assets (hardware, firmware, operating system, software and
configuration). The Vendor will seek to minimize significant changes during core business hours. All changes will require
supervisory approval before implementation.
b. Operating Procedures
The Vendor maintains a documentation of procedures employed for configuration, launch into production mode, operations and
maintenance of all information processing systems and facilities. As part of these procedures, the Vendor will consider the
impacts of any changes on information Security. Before production deployment of any change, change management will include
testing, backup and roll-back plans.
DATA PRIVACY:
1. Notwithstanding the foregoing, the Vendor shall implement and undertake reasonable and appropriate measures
designed to secure Protected Information against accidental or unlawful loss, access or unauthorized disclosure.
32
2. The Vendor hereby undertakes that the Vendor shall comply with all applicable data privacy laws while handling
Protected Information and shall be liable for any violation of such applicable data privacy laws where such violation is
attributable to the Vendor.
DATA RETENTION AND DESTRUCTION
1. Vendor won’t keep Protected Information for longer than it is necessary for the purpose for which it was collected. This
means that information is destroyed or erased from the systems when it’s no longer required.
2. Vendor shall retain Protected Information only if the Vendor is mandated to retain such data under applicable laws
and/or if it is necessary for permitted purpose. However, Vendor ensures to promptly notify Cloud4c with respect to
the requirement of the data retention and shall share the nature of the data that is being retained. Notwithstanding
anything contained above, in no event, in whatsoever manner or mode, shall the Vendor be absolved from its
confidential obligations with respect to the data retained.
3. Vendor shall promptly return or delete all Protected Information upon within 10 days from the date of such notice from
Cloud4c and shall duly certify Cloud4c in writing that all Protected Information has been destroyed. The vendor shall
also instruct all third parties (if any) to whom it has disclosed Cloud4c Data to return to the vendor or delete, such
Cloud4c Data.
4. DATA LOCATION
All Cloud4c related data (if any) shall be stored, processed and transmitted within the jurisdiction of India.
5. CONSENTS/AUTHORIZATIONS.
33
Vendor and Cloud4c agrees that through signing MSA or contract, Cloud4c have given consent to use the Protected
Information.
6. OBLIGATIONS OF SUBCONTRACTOR
I. Vendor shall not share any Protected Information to its subcontractor(s) without having obtained a prior written
consent, from Cloud4c and such subcontractors shall be obliged by the same confidentiality, data protection &
privacy obligations as that of the Vendor.
II. Restrictions: Cloud4c will promptly notify Vendor in writing of any restrictions on the use of the Protected
Information that may affect Vendor’s ability to perform its obligations under the Agreement.
III. Reporting: Vendor shall report to Cloud4c on any unauthorized use or disclosure of Protected Information which
is not contemplated under the MSA, of which vendor becomes aware.
IV. Access for Services: Vendor maintains its internal practices, books, and records relating to the use and
disclosure of Protected Information.
V. Accountings of Disclosures: The subcontractors (if any) shall ensure to maintain and make available the requisite
information with respect to the accounting of disclosures of the Protected Information upon a request from
Cloud4c.
BUSINESS CONTINUITY MANAGEMENT (BCM):
34
1. Vendor shall ensure to abide by the terms and conditions as specified in ISO 22301 certification. Vendor further
CTRLSC4C/24-25/LFL/D/1191

ensures that it shall at all times maintain active ISO 22301 certification.
2. Vendor shall reasonably assist Cloud4c during any recovery testing’s’, which will be conducted by Cloud4c at its own
cost and expense.
3. Vendor undertakes and confirms that the Services shall be rendered on a continuous and uninterrupted basis.
4. Vendor shall at all times maintain a business continuity plan and a disaster recovery plan describing measures that
will be implemented to recover from a Disaster as per SOW share by Vendor.
5. Vendor shall notify the Cloud4c of any material change or modification in the business continuity plan and disaster
recovery plan and at periodic intervals conduct a joint review and recovery exercise with the Cloud4c on the contents
of the then-current business continuity plan and procedures, including incidental reports to ensure the accuracy and
currency of the contents of the plans.
OHSMS
1. Vendors shall comply with all with the labour, the environment and anti-corruption, statutory requirements and the
relevant legislation of India and any other statutory authorities as reflected in the Cloud4c code of conduct. Vendor
has to provide all relevant artefacts against the statutory and regulatory requirements compliance belongs their
organization.
2. Vendor shall comply with the Cloud4c’s Health & Safety requirements and any direction issued by the Cloud4c’s safety
department or authorized personnel of the Cloud4c.
35 3. Vendor shall conduct all activities in a manner such that equipment, working conditions and methods are safe and free
from any danger for the Contractor’s Personnel and the Cloud4c’s Personnel as well as for other users of the premises.
4. Vendor shall maintain and adhere to Cloud4c OHSMS practices in eliminating hazards on works/activities being
carried out at Cloud4c.
5. Vendor have to submit the license & certificates of their employee's competencies which are related to the Cloud4c
contractual agreements and services.
A. Vendor shall ensure that its employees undergo (i) Basic Health & Safety training, (ii) periodic health/medical
inspection, (iii) re-fresher training at regular intervals.
CERTIFICATIONS AND ACCREDITATIONS
I. Vendor must provide evidence of applicable certificates providing assurance on internal controls and to ensure that
all customer requirements are met. (For example: ISO 9000, ISO 20000, ISO 27001:2013; ISO 31000 and ISAE 3402
36
SOC1/SOC2.)
II. Vendor must maintain the certifications throughout the tenure of the MSA and Cloud4c shall notify the Vendor of any
change impacting the scope covered by such certification.
AUDIT
Cloud4c shall provide a prior written notice of 7 (seven) days to perform the audit and all costs pertaining to the audit shall be
borne by the Cloud4c. Further, it is also agreed that either Cloud4c or any of its auditors including third party auditors shall
request access to the copies of any or all information, records or documents with respect to the services to which it is given
37 access in connection with the conduct of an audit exercise.
A. The Vendor may be asked to submit documentation regarding the resolution of audit disclosed deficiencies and
inspection of their processing facilities and operating practices.
B. The Vendor shall take all necessary measures to mitigate the risk(s) involved with non-compliance areas observed
during such audits.
For Cloud4C Services FZ-LLC

Authorized Signatory
Order Acceptance
For Giftalittlebyanchal LLC

Signature with Official seal