SERVICE LEVEL AGREEMENT (SLA) FOR DATA CENTRE SERVICES

Helios Global Solutions Pvt. Ltd.

Effective Date: 01st April, 2025
Version: 2.0 (Helios-Protective & Compliant Edition – Website Binding Version)

PREAMBLE

This Service Level Agreement (“SLA“) is entered into between Helios Global Solutions Pvt. Ltd. (“Helios” or “Provider“) and the Customer (“Customer“), and shall be read in conjunction with the Terms of Service (“Terms“) and any Master Service Agreement (“MSA“) or Data Processing Agreement (“DPA“) executed by the parties. In the event of any conflict between this SLA and the Terms/MSA/DPA, the hierarchy shall be: (1) DPA (if applicable and customer handles personal data), (2) MSA, (3) Terms, (4) this SLA.

WEBSITE SLA VERSION – BINDING ON ALL CUSTOMERS

This SLA is maintained and updated on Helios’s official website at www.heliosglobal.in. The version posted on the website represents the current, authoritative, and binding SLA for all Services. By becoming a Customer and accepting Services from Helios, Customer acknowledges and irrevocably accepts the SLA version published on Helios’s website as of the Service Activation Date.

Helios may modify this SLA at any time by updating the version published on Helios’s website or by notice to Customer. Amendments become effective in accordance with the provisions below. Continued use of the Services after amendments are posted on the website (or after receipt of written notice, whichever is earlier) constitutes Customer’s acceptance of the amended SLA terms. Customers are responsible for regularly reviewing the SLA on the website for updates.

Helios may modify this SLA at any time by posting a revised version on Helios’s website or by notice to Customer, provided that:

(a) material adverse changes shall become effective only upon renewal or commencement of the next billing cycle with 30 days’ prior notice;

(b) changes mandated by law or regulation may be implemented with 15 days’ notice; and

(c) continued use of the Services after such notice constitutes acceptance of the modified SLA.

1. DEFINITIONS

1.1 “Uptime” (UT)

The aggregate percentage of hours in a calendar month during which the Services are actually available for use by the Customer, calculated as: UT = 100% − DT, where DT is Downtime as defined below.

1.2 “Downtime” (DT)

The aggregate percentage of hours in a billed calendar month during which any discrete/individual Service(s) offered by Helios was not available for use by the Customer due to a Fault, calculated as:

DT=([(PD+EM+Fault)-EU]×100)/ST

For purposes of downtime calculation, only the directly impacted service(s) or server instance(s) shall be considered. EU (Excused Unavailability) shall not offset Downtime resulting from Helios’s negligence or breach of its security obligations.

1.3 “Fault”

Failure by Helios to meet the applicable service level commitments set out in Section 2 of this SLA, where such failure is within Helios’s reasonable control and does not fall within Exceptions (Section 5) or Force Majeure (Section 6).

1.4 “Service Time” (ST)

Total hours in the calendar month during which Services are being provided. Example: 30 × 24 = 720 hours in a 30-day calendar month.

1.5 “Emergency Maintenance” (EM)

Maintenance carried out under emergency conditions posing immediate danger to system integrity, equipment, network facilities, data security, or life safety, requiring immediate action. Helios shall attempt advance notification but may perform such maintenance immediately and notify Customer at the earliest opportunity thereafter. EM shall not be counted as Downtime if: (i) Helios provides notice within 2 hours of commencement; (ii) duration does not exceed 4 hours; and (iii) EM addresses a documented security threat or system-critical failure.

1.6 “Planned Downtime” (PD)

The aggregate hours in any billed month during which Helios carries out scheduled maintenance, checks, configuration changes, or preventive infrastructure maintenance, subject to all of the following:

• (a) Customer is notified at least 48 hours in advance via email or portal notification;
• (b) Maintenance is performed during the standard maintenance window: 11:00 PM to 6:00 AM IST (Monday to Friday, excluding Indian public holidays); OR
• (c) Maintenance is performed during a non-standard window with Customer’s prior written approval;
• (d) Total PD shall not exceed 4 hours per calendar month (48 hours annually) without prior written consent;
• (e) PD shall not include time for the Customer’s requested repairs or optimizations, which shall be scheduled separately;
• (f) PD is limited to: security updates, routine preventive maintenance, utility maintenance (AC, UPS, cooling systems), performance optimization, and compliance-related upgrades.

Helios retains the right to perform Emergency Maintenance outside these windows without restriction.

1.7 “Excused Unavailability” (EU)

Aggregate hours in any month when Services are unavailable due to Exceptions (Section 5) or Force Majeure (Section 6), where Customer is not entitled to service credits or rebates.

1.8 “Support Request”

A documented report of Service unavailability or performance degradation submitted by Customer to Helios in the manner prescribed in Section 3, containing sufficient detail to enable Helios to conduct root-cause analysis.

1.9 “Rebates”

Service extensions issued by Helios in accordance with Section 4, representing Helios’s sole and exclusive remedy for Downtime. No monetary refunds or account credits shall be issued under any circumstances.

1.10 “Force Majeure Event”

Any event beyond the reasonable control of the parties, including but not limited to: (i) acts of God (earthquake, flood, tsunami, volcanic eruption); (ii) war, terrorism, civil unrest, or armed conflict; (iii) pandemic or epidemic with government-mandated lockdowns affecting infrastructure; (iv) strike or organized labour action affecting third-party providers or critical infrastructure; (v) government action or regulatory order blocking services; (vi) complete and sustained failure of internet backbone or power grid affecting multiple providers; (vii) cyber-attack or DDoS exceeding industry-standard mitigation thresholds; (viii) critical failure of third-party data-centre provider affecting multiple customers simultaneously; (ix) failure of telecommunications carriers beyond Helios’s control; or (x) other events of comparable magnitude for which industry-standard precautions are not ordinarily taken.

1.11 “Critical Security Incident”

A confirmed breach, unauthorized access, data exfiltration, ransomware attack, or vulnerability exploit affecting Customer Data or Helios infrastructure, requiring immediate response under Section 9.

2. SERVICE LEVEL COMMITMENTS & UPTIME

2.1 Uptime Guarantees

Helios commits to maintain the following monthly Uptime for Services:

These targets apply to Services provisioned in Helios’s primary data centres in India (and any globally replicated instances if contracted). Regional failover or multi-region configurations may entail separate SLA terms.

2.2 Uptime Measurement & Verification

Uptime shall be measured from Helios’s monitoring infrastructure and verified by Helios using industry-standard tools. Customer may also monitor Service availability via the Portal API/Health Dashboard. In the event of dispute, Helios’s logs and monitoring data shall be deemed authoritative unless demonstrably corrupted or tampered with.

2.3 Scope of Services Covered

This SLA applies to the cloud platform, compute services, storage services, content delivery network, and data protection backup services specified in Customer’s Order Form or MSA. The SLA does NOT apply to:

• Pre-release, beta, or trial Services marked “as-is”;
• Third-party software or services (including open-source software);
• Customer-provided software, custom code, or third-party APIs;
• Services accessed via Customer’s network, firewall, or equipment;
• Downtime caused by Customer configuration, misuse, or negligence.

3. DOWNTIME REPORTING PROCESS

3.1 Mandatory Reporting Requirement

Customer must report any suspected Downtime within 24 hours of discovery to Helios via:

• Email: support@heliosglobal.zohodesk.in (with subject “Downtime Report [Ticket ID]”)
• Phone: +91 8889992890
• Portal: https://heliosglobal.zohodesk.in/portal/en/home

Report must include:

• (a) Exact date, time, and duration of the outage (in IST);
• (b) Affected service(s) or server instance(s);
• (c) Description of impact and symptoms observed;
• (d) Customer’s remedial steps taken (if any);
• (e) Relevant logs, screenshots, or error messages (with sensitive data redacted);
• (f) Name and contact details of reporting person.

Failure to provide complete information shall not invalidate the report, but shall delay root-cause analysis and may affect timing of rebate calculations.

3.2 Helios Acknowledgment & Investigation

Upon receipt of a valid Support Request, Helios shall acknowledge and respond according to the Service Tier:

• (S1 Standard) – Acknowledge within 24 hours, initiate investigation within 24 hours;
• (S2 Enhanced) – Acknowledge within 30 minutes, initiate investigation within 30 minutes;
• (S3 Premium) – Acknowledge within 20 minutes, initiate investigation within 20 minutes;
• (S4 Enterprise) – Acknowledge within 10 minutes, initiate investigation within 10 minutes.

Helios shall:

• (a) Assign a ticket number upon acknowledgment;
• (b) Provide updates to Customer every 2 hours for critical issues, every 4 hours for major issues, and every 24 hours for minor issues;
• (c) Conduct root-cause analysis and provide detailed findings to Customer upon resolution.

3.3 Downtime Commencement & Termination

• Commencement: The reported Downtime period shall be deemed to commence from the timestamp in Customer’s Support Request email, provided such timestamp is within 24 hours of actual occurrence. If Customer reports late, Downtime commencement shall be adjusted to actual occurrence time minus 1 hour (to account for detection delay).
• Termination: Downtime shall be deemed to end when: (i) Helios confirms that the Service is fully operational and accessible to Customer; AND (ii) Customer acknowledges restoration via reply email or Portal notification.

4. ELIGIBILITY FOR REBATES & SERVICE EXTENSIONS

4.1 Rebate Calculation – Service Extensions Only

Rebates shall be applied on a per-incident basis and calculated as a service extension (additional free service days), as follows:

Service Extensions Clarification:

• Extensions are applied as additional free days of Service at no cost, extending the Service expiration date accordingly.
• No monetary refunds shall be issued under any circumstances. Rebates are limited exclusively to service extensions.
• Extensions are non-transferable, non-assignable, and non-cash-convertible.
• Extensions must be utilized before the next renewal date; unused extensions expire upon contract termination or renewal.

For Service Tier S2 (99.9%), extensions apply only if Uptime falls below 99.9%. For Service Tier S1 (99.5%), extensions apply only if Uptime falls below 99.5%.

Extensions shall not be cumulative or aggregated across multiple incidents in a month; the highest single extension shall apply.

4.2 Rebate Request Procedure

Customer must submit a formal rebate request (“SLA Rebate Claim“) within 5 business days of the end of the billing month (or receipt of invoice, whichever is later), to escalation@heliosglobal.in with subject line “SLA Rebate Claim — [Account ID] — [Billing Month]“.

Rebate claim must include:

• (a) Billing month and calendar dates of claimed Downtime incidents;
• (b) Affected services and server instances;
• (c) Exact timestamps (date and time in IST) of Downtime start and end;
• (d) Copy of Support Request ticket(s) and Helios’s acknowledgment;
• (e) Customer’s internal logs or monitoring data corroborating the outage;
• (f) Monthly Uptime % calculation (Customer’s version, if available);
• (g) Calculation of service extension requested (number of days).

4.3 Waiver of Rebates

Customer shall be deemed to have irrevocably waived all rebate claims if:

• (a) Rebate request is not submitted within 5 business days of the end of the billing month or receipt of invoice, whichever is later;
• (b) Customer has failed to pay invoices on time in the preceding two billing cycles or the current billing month;
• (c) Customer has failed to remit payment within 15 days of invoice due date in the past 12 months (more than two instances);
• (d) Customer breaches material payment terms or the MSA, and such breach is not cured within 10 days of written notice.

Waivers are non-waivable and non-negotiable for compliance and operational efficiency.

4.4 Rebate Disputes & Resolution

Helios shall respond to rebate claims within 10 business days with either:

• (a) Approval and automatic extension to next invoice; OR
• (b) Denial with detailed explanation referencing the SLA terms and Helios’s monitoring data.

If Customer disputes Helios’s decision, both parties shall attempt to resolve in good faith within 15 calendar days via the Escalation Officer. If unresolved after 15 days, Helios’s determination shall be final and binding for administrative purposes; provided that Customer retains the right to pursue legal remedies under applicable law, subject to the limitation of liability and dispute resolution clauses in the MSA or Terms of Service.

4.5 Pro-Rata Calculation

For Services provisioned during partial calendar months, rebates shall be calculated on a pro-rata basis:

“Extension Days”=(“(Downtime Hours / Total Service Hours in Month)” ×”Rebate Days” )/30

5. EXCEPTIONS (SERVICES NOT COVERED BY SLA)

Helios shall not be liable for Downtime to the extent resulting from any of the following events or combination thereof (collectively, “Exceptions“):

5.1 Customer-Related Exceptions

• (a) Customer-Initiated Changes: Any modification, alteration, or reconfiguration of Services requested by Customer, including resource scaling, DNS changes, or network configuration, unless caused by Helios’s negligence;
• (b) Customer Software & Third-Party Services: Defects, failures, or incompatibility in Customer’s software, applications, or any third-party software, services, APIs, or open-source libraries integrated by Customer;
• (c) Incomplete/Inaccurate Information: Incorrect, incomplete, or false information provided by Customer to Helios (e.g., during account setup, security configurations, DNS entries, SSL certificates);
• (d) Customer Network & Access: Failure, delay, or unavailability of Customer’s internet connection, local network, access circuits, VPN, or any network not owned or operated by Helios;
• (e) Customer Negligence: Damage to or misuse of Equipment due to Customer’s negligence, accidents, transportation errors, improper handling, or misuse by Customer’s authorized representatives or contractors;
• (f) Backup & Offline Operations: Time consumed during offline backups (planned or Customer-requested), including data verification and restoration tests;
• (g) Customer Failure to Notify: Customer’s failure to notify Helios of unexpected Downtime via the prescribed Support Request process, resulting in delayed detection or response;
• (h) No Trouble Found: Incidents in which Helios’s investigation confirms no actual fault exists (e.g., Customer’s internet was offline, local network issue, or false alarm confirmed by Customer);
• (i) Customer Continued Impaired Use: Customer’s choice to continue using a Service in an impaired or degraded state without notifying Helios or without authorizing testing/repair;
• (j) Customer Configuration Errors: Inaccurate configuration, misconfiguration of resources, non-compliant use of installed software, incorrect resource sizing, failure to apply security patches or updates provided by Helios;
• (k) Customer’s End-User Negligence: Negligence, misconduct, or errors of Customer’s employees, agents, contractors, or end-users, including weak password management, unauthorized access attempts, or misuse of APIs.

5.2 Regulatory & Compliance Exceptions

• (a) Regulatory Requirements: Any Downtime required to comply with regulatory orders, government requests, legal injunctions, or court orders (e.g., takedown notices, data localization requirements, government blocking orders);
• (b) Abuse & Illegal Use: Customer’s or end-user’s use of Services in violation of law, Helios’s Terms of Service, Acceptable Use Policy, or for illegal, fraudulent, or abusive purposes (e.g., malware distribution, unauthorized access attempts, spam).

5.3 External Infrastructure Exceptions

• (a) Third-Party Performance: Failures in third-party systems beyond Helios’s control, including internet exchanges, traffic exchange points, DNS resolvers, CDN providers, telecommunications carriers, or internet backbone providers;
• (b) Customer’s External Links: Unavailability or failure of circuits, local loops, access connections, or networks between Customer and Helios’s data centre;
• (c) DNS Issues: DNS resolution issues originating from Customer’s DNS provider or third-party DNS services not operated by Helios;
• (d) Third-Party Data-Centre Providers: Failures or unavailability of third-party data-centre infrastructure, power, cooling, or connectivity services (Helios shall provide advance notice if known and seek alternative capacity where feasible).

5.4 Force Majeure (Section 6 Applies)

All Force Majeure Events as defined in Section 1.10 are excluded from Downtime calculations.

5.5 Burden of Proof

Helios bears the burden of proving that an Exception applies. Helios shall provide Customer with contemporaneous evidence (monitoring logs, incident reports, third-party notices, or government orders) demonstrating that an Exception was the cause of Downtime. Absence of evidence supporting an Exception claim shall result in the Downtime being credited to the Customer.

6. FORCE MAJEURE

6.1 Suspension of Obligations

Neither party shall be held liable for any failure or delay in performing obligations under this SLA to the extent caused by a Force Majeure Event, provided that:

• (a) The affected party provides notice to the other party within 24 hours of the Force Majeure Event’s commencement, including description of the event, expected duration, and impact on Services;
• (b) The affected party uses commercially reasonable efforts to mitigate the impact and restore Service;
• (c) The Force Majeure Event is not caused by the affected party’s gross negligence, willful misconduct, or failure to implement reasonable precautions;
• (d) The affected party continues to perform all other non-affected obligations under the Agreement.

6.2 Termination Right Due to Prolonged Force Majeure

If a Force Majeure Event prevents Helios from providing Services for more than 30 consecutive days, Customer may terminate the affected Services and receive a pro-rata refund of prepaid fees for the unusable period, without penalty.

7. SUPPORT SERVICES & RESPONSE TIMES

7.1 Support Hours & Availability

Helios shall provide technical support 24 hours per day, 7 days per week, 365 days per year, including weekends and Indian public holidays, via the following channels:

• Email: support@heliosglobal.zohodesk.in
• Phone: +91 8889992890
• Portal/Chat: https://heliosglobal.zohodesk.in/portal/en/home
• Escalation (Senior Engineers): escalation@heliosglobal.in

7.2 Support Ticket Priority & Response Times

Support response times are aligned with Service Tiers as follows:

Response Time = Helios’s acknowledgment of ticket and assignment to engineer.
Investigation Commencement = Time within which root-cause analysis begins.

7.3 Support Expectations & Limitations

• (a) Helios shall use best-effort industry-standard practices to meet response timeframes for each Service Tier; however, response times are targets based on contracted tier, and shall not form the basis for additional SLA credits unless explicitly stated in the MSA;
• (b) Support excludes: custom code development, third-party software support, pre-release feature support, and issues arising from Customer’s improper use;
• (c) Support for issues caused by Exceptions (Section 5) or Force Majeure (Section 6) may be delayed;
• (d) Customer must provide reasonable access to systems, logs, and diagnostic information for Helios to investigate issues.

8. SECURITY, DATA PROTECTION, & COMPLIANCE

8.1 IT Act Intermediary Compliance (Rule 3)

Helios operates as a technology intermediary and shall maintain compliance with Rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, including:

• (a) Reasonable Security Measures: Helios implements industry-standard technical and organizational security measures, including encryption in transit (TLS 1.2+) and at rest, intrusion detection, firewalls, regular patching, and vulnerability assessments;
• (b) No Prior Knowledge: Helios does not proactively monitor Customer Data for unlawful content; however, Helios shall expeditiously remove or disable access to content upon receipt of a valid government order, court order, or lawful complaint;
• (c) Due Diligence: Helios’s Terms of Service include detailed Acceptable Use Policy (“AUP“) prohibiting illegal content, malware, spam, and abuse. Helios enforces the AUP and shall suspend or terminate Services for material breaches;
• (d) Government Cooperation: Helios shall cooperate with lawfully authorized government agencies and law enforcement, providing information or access within 72 hours of receipt of a valid legal order;
• (e) Cyber-Incident Reporting: Helios shall report cyber-security incidents, data breaches, and critical vulnerabilities to the Indian Computer Emergency Response Team (CERT-IN) in accordance with Rule 3(iii) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011;
• (f) Grievance Officer: Helios maintains a Grievance Officer and grievance mechanism (grievance@heliosglobal.in) for users to report violations, with commitment to address complaints within 15 days of submission.

8.2 DPDP Act Compliance (India’s Data Protection Framework)

Where Customer acts as a Data Fiduciary and Helios acts as a Data Processor (as defined in the Digital Personal Data Protection Act, 2023), the following apply:

• (a) Processor Instructions: Helios shall process Customer Data only in accordance with documented instructions from Customer, as Data Fiduciary. Any processing beyond such instructions is unlawful and shall be immediately halted upon notice;
• (b) Security Safeguards: Helios shall implement reasonable technical and organizational security measures (as specified in a Data Processing Agreement or this SLA), including encryption, access controls, and regular security assessments. Helios shall notify Customer of any suspected breach or unauthorized access within 48 hours of discovery;
• (c) Sub-Processors: Helios shall not engage sub-processors without prior written authorization from Customer. Helios shall maintain a current list of authorized sub-processors and provide notice of changes at least 30 days in advance, with Customer’s right to object;
• (d) Data Localisation: Customer Data shall be stored within India unless Customer explicitly consents to cross-border transfer. Any cross-border transfer shall comply with DPDP Act Sections 5 & 6 and shall require a Data Processing Agreement;
• (e) Right to Audit & Inspection: Customer and regulatory authorities may audit Helios’s security and data handling practices upon reasonable notice (15 days);
• (f) Data Deletion & Return: Upon termination or expiration of Services, Helios shall, at Customer’s election, either securely delete Customer Data or return it in machine-readable format, within 30 days. Helios shall certify deletion or return in writing;
• (g) Data Subject Rights: Helios shall reasonably assist Customer in fulfilling Data Subject requests (right to access, correction, erasure, portability) within timelines required by law;
• (h) Breach Notification: Helios shall notify Customer of any data breach or unauthorized access to Personal Data as soon as practicable and no later than 48 hours after discovery, providing:
  • Description of the breach and data affected;
  • Helios’s contact person for further information;
  • Likely consequences and remedial actions taken or proposed;
  • Customer shall be responsible for notifying Data Subjects and authorities as required by DPDP.

8.3 GDPR Compliance (For EU/International Customers)

Where Services are provided to customers subject to the General Data Protection Regulation (EU) 2016/679 (GDPR):

• (a) Controller-Processor Model: Helios shall act as a Data Processor (as defined in GDPR Article 28) and shall process personal data only on documented instructions from Customer (Data Controller). A Data Processing Agreement (“DPA“) is mandatory and shall govern the controller-processor relationship, including:
  • Details of processing (purpose, duration, data types, categories of data subjects);
  • Technical and organizational security measures;
  • Sub-processor authorization and notification procedures;
  • Cross-border transfer mechanisms (if applicable);
  • Data Subject rights assistance;
  • Audit and inspection rights;
  • Data return or deletion upon termination;
• (b) Standard Contractual Clauses: Where personal data is transferred outside the EU/EEA, Helios shall execute the EU Commission’s Standard Contractual Clauses (SCCs) or equivalent adequacy mechanisms, as required by GDPR Article 46;
• (c) Data Security: Helios implements technical and organizational measures meeting GDPR Article 32 standards, including encryption, access controls, intrusion detection, regular security assessments, and employee training;
• (d) Data Subject Rights: Helios shall assist Customer in responding to Data Subject access requests, deletion requests, portability requests, and other rights within 10 business days of Customer’s request;
• (e) International Data Transfers: Helios shall not transfer personal data outside India unless Customer consents and appropriate safeguards (SCCs, Binding Corporate Rules, or adequacy decisions) are in place;
• (f) Incident Response: Upon discovery of a personal data breach, Helios shall notify Customer within 24 hours, providing sufficient information for Customer to notify authorities as required by GDPR Article 33.

8.4 Security Standards & Certifications

Helios implements industry-standard security practices consistent with:

• ISO 27001 (Information Security Management);
• SOC 2 Type II (as applicable to Helios’s services);
• NIST Cybersecurity Framework;
• CIS Controls and Benchmarks;
• Regular third-party vulnerability assessments and penetration testing.

Helios shall provide a Security Compliance Statement upon Customer’s reasonable request.

8.5 Data Integrity & Backup Responsibility

Helios implements reasonable technical safeguards for data integrity, including redundancy, version control, and automatic backups. However:

• (a) Primary Responsibility: Customer remains responsible for implementing appropriate backup and disaster-recovery strategies, including off-site backups, testing backup restoration procedures, and maintaining copies of critical data outside Helios’s infrastructure;
• (b) Backup Services: Helios’s backup services are optional add-ons and are NOT automatic; Customer must explicitly enable and configure backup services. Data Protection Backup Services (if contracted) shall be subject to separate SLA terms;
• (c) Accidental Deletion: Helios makes no warranty regarding recovery of data intentionally or accidentally deleted by Customer or authorized users. Helios provides version history and snapshot features where contracted, but recovery is not guaranteed beyond the specified retention period;
• (d) No Replacement for Backups: Helios’s Services are not a substitute for Customer’s independent backup strategy. Customers are strongly advised to maintain independent, regularly-tested backups of all critical data.

9. CRITICAL SECURITY INCIDENTS & BREACH NOTIFICATION

9.1 Incident Detection & Initial Response

Upon discovery of a Critical Security Incident affecting Customer Data or Services, Helios shall:

• (a) Immediately declare a Security Incident and activate the incident response team;
• (b) Within 1 hour: Notify Customer’s primary Security Contact via phone and email to escalation@heliosglobal.in;
• (c) Implement containment measures to prevent further unauthorized access or data exfiltration;
• (d) Preserve forensic evidence and logs;
• (e) Provide updates to Customer every 2 hours during active incident response.

9.2 Breach Notification Timeline

For confirmed Personal Data breaches (under DPDP Act, GDPR, or other data protection laws), Helios shall notify Customer with the following details:

• (a) Within 48 hours of discovery: Preliminary notification with confirmed scope (data types, number of records, individuals potentially affected);
• (b) Within 5 business days: Detailed forensic report including root cause, attack vector, timeline, affected systems, and remediation steps;
• (c) Within 15 days: Complete incident post-mortem and recommendations for preventing recurrence.

9.3 Cooperation & Remediation

Helios shall:

• (a) Cooperate fully with Customer’s own incident investigation and any regulatory authority investigations;
• (b) Provide Customer with all relevant logs, forensic data, and technical details necessary for law enforcement or regulator inquiries;
• (c) At Customer’s expense, engage a mutually agreed-upon third-party forensic firm to conduct an independent investigation;
• (d) Implement remediation measures and security enhancements within a timeline agreed with Customer;
• (e) Provide breach insurance (if required by MSA) or indemnify Customer for reasonable costs of breach notification and credit monitoring (where applicable under law).

10. LIMITATION OF LIABILITY & INDEMNITY

10.1 Sole Remedy

The service extensions in Section 4 constitute the Customer’s sole and exclusive remedy for any breach of this SLA or failure to meet service levels. These remedies are in lieu of any other remedy at law or in equity for unavailability or performance failures.

10.2 Cap on Liability

Except for: (i) data protection breaches, (ii) IP infringement indemnities, or (iii) gross negligence or willful misconduct, Helios’s total aggregate liability under this SLA and the MSA shall not exceed the fees paid or payable by Customer in the 12 months preceding the claim, or INR 10 lakhs (whichever is greater).

10.3 Exclusion of Indirect Damages

In no event shall Helios be liable for indirect, incidental, special, consequential, punitive, or exemplary damages, including loss of profits, revenue, goodwill, use, or data, even if Helios has been advised of the possibility of such damages.

10.4 Customer Indemnity

Customer shall indemnify and hold harmless Helios from any claims arising out of:

• (a) Customer Data provided to Helios, including infringement of intellectual property rights;
• (b) Customer’s use of Services in violation of law, this Agreement, or third-party rights;
• (c) Customer’s misuse, improper configuration, or failure to secure access to Services;
• (d) Customer’s integration of Services with non-authorized third-party platforms or software;
• (e) Any claims by Customer’s end-users related to Services.

10.5 Helios Indemnity

Helios shall indemnify Customer for third-party claims that Helios’s Services, as provided and used in accordance with the Terms, infringe any copyright, patent, or trademark of a third party, provided Customer:

• (a) Promptly notifies Helios of the claim;
• (b) Grants Helios sole control of defense and settlement;
• (c) Provides reasonable cooperation at Helios’s expense.

If Services are held to infringe or are enjoined, Helios may, at its option: (i) procure the right for Customer to continue using Services; (ii) replace or modify Services to be non-infringing; or (iii) terminate Services and refund prepaid fees.

11. INTELLECTUAL PROPERTY & CONFIDENTIALITY

11.1 IP Ownership

Helios retains all intellectual property rights in the Services, software, documentation, and tools. Customer retains all rights to Customer Data. Neither party shall use the other’s IP without prior written consent, except as expressly permitted by this Agreement.

11.2 Confidentiality

Both parties shall maintain the confidentiality of the other’s Confidential Information and shall not disclose it without prior written consent, except: (a) to employees or contractors with a need to know; (b) as required by law or court order (with advance notice to allow the disclosing party to seek protective order); or (c) to regulators, auditors, or tax authorities.

12. TERM, TERMINATION & SURVIVAL

12.1 Term

This SLA commences on the Service Activation Date and continues for the initial term specified in the Order Form (typically 12 months), and automatically renews for successive 12-month periods unless either party provides written notice of non-renewal at least 60 days before expiration.

12.2 Termination for Cause

Either party may terminate Services if the other materially breaches this Agreement and fails to cure within 30 days of written notice (or 10 days for payment defaults).

12.3 Effect of Termination

Upon termination:

• (a) Services shall cease and Customer shall lose access;
• (b) Helios shall delete Customer Data within 30 days (or return it if Customer requests, at no additional cost);
• (c) Customer shall pay all outstanding invoices and accrued charges;
• (d) Confidentiality and IP provisions shall survive indefinitely;
• (e) Indemnity, limitation of liability, and dispute resolution provisions shall survive.

13. GOVERNING LAW, JURISDICTION & DISPUTE RESOLUTION<

13.1 Governing Law

This SLA shall be governed by and construed in accordance with the laws of India, specifically:

• Indian Contract Act, 1872;
• Information Technology Act, 2000 (as amended);
• Digital Personal Data Protection Act, 2023;
• Consumer Protection Act, 2019 (to the extent applicable);
• General Principles of Equity and Common Law.

The language of this Agreement is English; any translations are for convenience only and the English version shall control.

13.2 Jurisdiction

Both parties irrevocably submit to the exclusive jurisdiction of the courts of Gurugram and Delhi, National Capital Region (NCR), India for any disputes arising under this Agreement. Neither party shall initiate proceedings in any other jurisdiction.

13.3 Dispute Resolution Process

Before litigation, disputes shall be resolved through the following escalation:

Step 1: Escalation Notification (Days 1–5)
Either party shall provide written notice of the dispute to the other’s Escalation Officer (escalation@heliosglobal.in), including a detailed description of the dispute, applicable SLA provisions, and proposed resolution.

Step 2: Senior Management Review (Days 6–15)
The Escalation Officers (or senior management nominees) shall meet (in person or virtually) to discuss the dispute and attempt good-faith resolution.

Step 3: Executive Escalation (Days 16–30)
If unresolved, the dispute shall be escalated to the C-level executives (CEO or equivalent) of each party for final negotiation.

Step 4: Mediation (Days 31–60)
If the dispute remains unresolved, the parties shall jointly appoint a neutral mediator (mutually agreed or appointed under the Indian Arbitration and Conciliation Act, 1996) to facilitate settlement discussions. Each party shall bear its own costs and share mediator fees equally.

Step 5: Arbitration (Days 61+)
If mediation fails, either party may initiate arbitration under the Arbitration and Conciliation Act, 1996 under the Rules of the Delhi Arbitration Chambers (or UNCITRAL Rules, if parties mutually agree), with:

• Seat of Arbitration: Delhi, India
• Number of Arbitrators: Three (unless parties mutually agree to one)
• Language: English
• Substantive Law: Laws of India (as above)
• Costs: Loser shall bear all arbitration costs (including arbitrator fees, legal fees, and administrative costs), provided arbitrators have discretion to apportion costs based on outcome.

No party shall initiate litigation in courts except: (a) for interim relief (injunctions, attachment, etc.) before arbitration commences; or (b) to enforce an arbitration award.

13.4 Waiver of Class Actions

To the maximum extent permitted by law, both parties waive the right to bring or participate in any class action, collective action, or representative proceeding against the other. All disputes must be brought in the party’s individual capacity and not as a plaintiff or class member in any class or representative proceeding.

14. CHANGES & MODIFICATIONS

14.1 SLA Amendments

Helios may amend this SLA at any time by:

• (a) Posting the revised SLA on Helios’s website (heliosglobal.in);
• (b) Providing written notice to Customer at the email address on file.

Amendments become effective as follows:

• Non-Material Amendments (clarifications, corrections, technical updates): Effective immediately upon posting;
• Material Adverse Amendments (reductions in uptime targets, increases in costs, new limitations): Effective 30 days after notice, or at the next renewal date, whichever is later. Customer may terminate if material adverse changes are unacceptable.
• Amendments Required by Law: Effective upon the legal deadline with 15 days’ notice (or as required).

Continued use of Services after amendment notice constitutes acceptance of amended terms.

14.2 Customer Feedback

Helios welcomes feedback and feature requests. Customers may submit suggestions to feedback@heliosglobal.in, but Helios assumes no obligation to implement such requests.

15. MISCELLANEOUS PROVISIONS

15.1 Entire Agreement

This SLA, together with the MSA, Terms of Service, and Data Processing Agreement (if applicable), constitutes the entire agreement between the parties regarding Services and supersedes all prior negotiations, representations, and agreements. In case of conflicts, the following hierarchy applies: (1) DPA; (2) MSA; (3) Terms of Service; (4) SLA; (5) Order Form.

15.2 Severability

If any provision of this SLA is held invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it enforceable, or if not possible, severed. The remaining provisions shall continue in full force.

15.3 Waiver

No waiver of any provision shall be effective unless in writing and signed by the waiving party. Waiver of a breach shall not constitute waiver of any other provision or future breach.

15.4 Assignment

Neither party may assign its rights or obligations under this SLA without the other’s prior written consent, except that Helios may assign to a successor entity or affiliate with notice to Customer.

15.5 Third-Party Beneficiaries

This Agreement is solely for the benefit of Helios and Customer and their respective successors and permitted assigns. No third party has any rights hereunder.

15.6 Notices

Any notice under this SLA shall be in writing and delivered via: (a) hand delivery; (b) overnight courier (FedEx, DHL); (c) registered mail with return receipt; or (d) email to the addresses specified in the Account. Notices are effective upon receipt.

APPENDIX A: SERVICE LEVEL MATRIX

APPENDIX B: CONTACT INFORMATION & ESCALATION

Technical Support:

• Email: support@heliosglobal.zohodesk.in
• Phone: +91 8889992890
• Portal: https://heliosglobal.zohodesk.in/portal/en/home

Escalation & SLA Claims:<

• Email: escalation@heliosglobal.in
• Subject: “SLA Rebate Claim” or “Incident Escalation”

Security & Compliance Issues:

• Email: security@heliosglobal.in
• Contact: Chief Security Officer, Helios Global Solutions

Grievances (Rule 3, IT Act):

• Email: grievance@heliosglobal.in
• Response Target: 15 days

Executive Escalation:

• Email: executives@heliosglobal.in
• Contact: CEO/COO, Helios Global Solutions

APPENDIX C: DPDP ACT & GDPR ALIGNMENT CLAUSE

This SLA is supplemented by a Data Processing Agreement (“DPA“) where Customer processes Personal Data through Services. The DPA shall address:

• Processing instructions and scope;
• Security and confidentiality measures;
• Sub-processor management;
• Data Subject rights assistance;
• Data breach notification timelines;
• International data transfer mechanisms;
• Audit and inspection rights;
• Data deletion/return procedures.

Where there is any conflict between this SLA and the DPA, the DPA shall govern data protection obligations.

SIGNATURE PAGE

By executing this SLA, both parties acknowledge that they have read, understood, and agree to be bound by all terms and conditions herein.

For Helios Global Solutions Pvt. Ltd.

Authorized Signatory: ___________________________
Name: ___________________________
Title: ___________________________
Date: ___________________________

For Customer:

Authorized Signatory: ___________________________
Name: ___________________________
Title: ___________________________
Date: ___________________________

Document Version: 2.1 (Website Binding Edition)
Effective Date: 1^st April, 2025
Last Updated: 1^st April, 2025
Prepared by: Legal & Compliance, Helios Global Solutions Pvt. Ltd.
Review Cycle: Annual (or upon legal/regulatory changes)

THIS SLA VERSION PUBLISHED ON www.heliosglobal.in IS THE AUTHORITATIVE AND BINDING VERSION FOR ALL CUSTOMERS.