Terms and Conditions of Pulso

Last updated: 6 May 2026

These terms govern the use of the Pulso service, made available by Pacific Board S.L., a company incorporated under the laws of Spain, with registered office at Carrer del Doctor Fleming 55, 2-2, 08860 Castelldefels, Barcelona, CIF B16674541, and registered with the Mercantile Registry of Barcelona under Tomo 47929, Folio 16, Hoja 566629, Inscripción 1 (referred to throughout this document as "Pulso").

1. Definitions

For the purposes of these Terms and Conditions, the following capitalized terms — used in the singular or the plural — carry the meanings set out below.

Account — the user account through which the Customer accesses the Platform and uses the Services.

Login Credentials — the email address and password used by the Customer to authenticate access to the Account

Additional Features — optional extensions to the standard functionality of the Services, as identified in a Quotation. These may consist of (i) features Pulso offers as standard add-ons, (ii) features developed specifically for the Customer (referred to in Article 6 as Custom Features), or (iii) extra services such as web design, for instance.

Agreement — the contractual relationship between Pulso and the Customer governing the provision of the Services. The Agreement is composed of these Terms and Conditions, their appendices, any accepted Quotations, and — where applicable — a Custom Terms Proposal.

Custom Terms Proposal — a written proposal (with any appendices), signed by both Parties, which may incorporate a Quotation. It constitutes one of the means by which the Parties may enter into the Agreement, and these Terms and Conditions form an integral part of it.

Customer — any legal entity, or any natural person acting in a professional or business capacity, that enters into the Agreement with Pulso.

Customer Data — any data that the Customer processes through the Services.

Intellectual Property Rights — all intellectual property rights and related rights, including but not limited to copyrights, database rights, domain name rights, trademark rights, brand rights, model rights, neighboring rights, patent rights and rights to know-how.

Materials — any content made available by either Party in connection with the Agreement, including websites, logos, documents, images, text, audio, video, and the like.

Party / Parties — Pulso or the Customer individually, or both jointly.

Platform — the rental management software made available by Pulso through the Website and mobile applications, the functionality of which depends on the Service Plan and any Additional Features in effect.

Quotation — any offer made by Pulso for paid Services (or trials thereof), whether presented through the Website (including during sign-up), as part of a Custom Terms Proposal, or in any other written form. A Quotation specifies the applicable Services, Service Plan, and any Additional Features, and incorporates these Terms and Conditions.

Service Plan — the subscription tier under which the Services are provided. Different Service Plans unlock different features and may carry different pricing.

Trial Service Plan — a time-limited plan that allows the Customer to access the Services free of charge for evaluation purposes

Services — everything Pulso provides to the Customer under the Agreement: access to the Platform and the Pulso API, Additional Features, and the development of Custom Features. The exact scope depends on the Service Plan and any Additional Features in effect.

Terms and Conditions — this document and its appendices.

Website — https://pulsorent.com

2. Agreement and Customer responsibilities

2.1. The Agreement comes into effect when one of the following occurs:

a. the Customer completes the registration form on the Platform and verifies the Account by means of a verification code or link sent by Pulso to the email address provided;
b. the Customer expressly accepts these Terms and Conditions within the Platform — by ticking a designated checkbox, clicking a confirmation button, or any other equivalent affirmative action made available by Pulso for that purpose; or
c. the Parties sign a Custom Terms Proposal under which Pulso undertakes to provide Account access to the Customer.

2.2. Once the Agreement is in effect, Pulso will use commercially reasonable efforts to provide the Customer with access to the Services as soon as practicable, and will perform the Agreement with the care and skill that may reasonably be expected of a professional service provider. Access continues for the duration of the Agreement.

2.3. Each Account is secured by Login Credentials, which the Customer is responsible for safeguarding and keeping strictly confidential. Pulso is entitled to treat any action taken through an authenticated Account as having been performed by, or with the authorization of, the Customer. The Customer must notify Pulso without delay of any suspected unauthorized access to or misuse of its Account.

2.4. The configuration and setup of the Services — including but not limited to creating products, defining pricing rules, configuring availability, setting up tax rates, and adapting the Platform to the Customer's operational workflow — is the sole responsibility of the Customer. Pulso may, where the Parties have expressly agreed, assist with configuration as part of an onboarding, or implementation, in which case the scope and any applicable fees will be set out in a Quotation or Custom Terms Proposal.

2.5. The Services are designed to integrate with third-party systems used by the Customer, including the Customer's own website (for example, through their CMS or other website provider). Implementation and ongoing maintenance of any such integration is the sole responsibility of the Customer, unless the Parties have expressly agreed otherwise in writing. Where Pulso agrees to carry out or assist with an integration on the Customer's behalf, this will be treated as a separate service for which an additional fee may be charged, as set out in the relevant Quotation or Custom Terms Proposal.

2.6. Pulso bears no responsibility for malfunctions, data loss, downtime, missed bookings, or any other issue arising from (i) incorrect, incomplete, or outdated configuration of the Services by the Customer, or (ii) incorrect, incomplete, or outdated integration with the Customer's website or any third-party product or service. Pulso is likewise not responsible for the performance, availability, or behaviour of any third-party product or service with which the Services are integrated.

2.7. Pulso may unilaterally amend these Terms and Conditions where the change is not material, or where the change is required by mandatory law. Other amendments will be communicated to the Customer in writing at least thirty (30) days before they take effect. A Customer who does not wish to accept an amendment may terminate the Agreement before the amendment's effective date. Continued use of the Services beyond that date constitutes acceptance of the amended Terms and Conditions.

3. Order of precedence

3.1. If any inconsistency arises between the documents that together form the Agreement, the following hierarchy applies, in descending order:

a. any subsequent written agreement between the Parties;
b. an accepted Quotation;
c. a Custom Terms Proposal, if any;
d. Appendix 1 (Data Processing Agreement);
e. these Terms and Conditions.

3.2. Notwithstanding Article 3.1, Appendix 1 (Data Processing Agreement) prevails over any other part of the Agreement in respect of the Processing of personal data on the Customer's behalf, unless expressly amended by a subsequent written agreement, signed by both Parties, that specifically references and amends Appendix 1.

4. Service Plans, term, and renewal

4.1. The Services available to the Customer at any given time are determined by the Service Plan in effect. If no Service Plan applies — whether because none has yet been agreed, or because a previous one has expired or been terminated — the Customer's access to the Services will be restricted, although Account access will generally remain available.

4.2. Where a Quotation specifies that a Service Plan applies for a fixed period (the "Initial Period"), that Service Plan will automatically renew at the end of the Initial Period for successive periods of equal length (each a "Renewal Period"), unless the Customer gives Pulso notice of non-renewal:

a. at least seven (7) days before the renewal date, where the Service Plan has a duration of one (1) month or less; or
b. at least thirty (30) days before the renewal date, where the Service Plan has a longer duration.

4.3. The pricing and conditions of the Initial Period continue to apply during any Renewal Period, except where Pulso has notified the Customer in writing of changes to those conditions or of a price increase, in accordance with Articles 11.3 and 2.7.

4.4. At or after the formation of the Agreement, the Customer may be offered access to a Trial Service Plan at no cost. Trial access may be requested through the Website or offered as part of a Quotation, including during Account registration, and takes effect immediately after the Account creation.

4.5. The Trial Service Plan ends on the earlier of:

a. the end date specified in the Quotation; or
b. the date on which the Parties enter into a paid Service Plan.

4.6. When a Trial Service Plan ends, the Customer's access to the Services will be suspended until a paid Service Plan is purchased. Pulso may, at its sole discretion, extend the duration of a Trial Service Plan. The Customer's Account will remain accessible during the suspension period, but most features of the Services will be unavailable until a paid Service Plan is in effect.

4.7. As part of any Service Plan, Pulso provides support to the Customer by email at [email protected]. Pulso will use reasonable endeavours to respond promptly, but does not commit to a fixed response or resolution time, as these depend on the nature and complexity of the request.

5. Term, suspension, and termination

5.1. The Agreement is concluded for an indefinite period.

5.2. Subject to Article 5.7, the Customer may terminate the Agreement at any time by giving a written notice to Pulso.

5.3. Pulso may terminate the Agreement at any time, subject to a notice period of six (6) months.

5.4. Pulso may suspend or terminate the Agreement, without prejudice to its other rights and remedies, where the Customer is in breach of the Agreement and either (i) the breach cannot be remedied, or (ii) the breach can be remedied but the Customer has failed to do so within thirty (30) calendar days of receiving written notice from Pulso.

5.5. Pulso may suspend or terminate the Agreement immediately, with no notice of default required, if the Customer becomes insolvent, applies for or is granted a moratorium on payments, ceases its business activities, or enters into liquidation.

5.6. Suspension does not prejudice any of Pulso's rights or claims under the Agreement or applicable law.

5.7. On termination, all amounts owed by the Customer to Pulso become immediately due and payable, regardless of the cause of termination. The Customer is not entitled to any refund except where Pulso has terminated under Article 5.3, in which case Pulso will refund the unused portion of the Service Plan on a pro rata basis.

6. Additional Features and Custom Features

6.1. Unless the Parties have expressly agreed otherwise in writing through a Quotation or Custom Terms Proposal, the Services are provided as they exist at any given time, and Pulso is under no obligation to develop, build, configure, or otherwise implement any Additional Features, Custom Features, integrations, or other functionality for the Customer. Any such work will only be undertaken by Pulso pursuant to an accepted Quotation in accordance with this Article 6.

6.2. Pulso may, on request from the Customer or on its own initiative, provide a Quotation for Additional Features. Pulso is under no obligation to act on such requests.

6.3. Where the Customer accepts a Quotation for Additional Features that are not developed specifically for the Customer, access will be granted upon written confirmation by Pulso (which may be automated).

6.4. Additional Features developed specifically for the Customer ("Custom Features") will be made available once Pulso considers them, in its professional judgment, fit for use and meeting the agreed requirements. Pulso will aim to do so by the date set out in the Quotation but does not guarantee that date.

6.5. Custom Features are provided on an "as-is" and "as-available" basis. The Customer will indemnify Pulso and hold it harmless against any third-party claim arising from the Customer's use of, or reliance on, Custom Features.

6.6. The Customer acknowledges and agrees that any Additional Features or Custom Features developed by Pulso — whether on its own initiative, on the Customer's request, or on the request of any other customer — may, at Pulso's sole discretion, be incorporated into the standard Services and made available to other customers of Pulso, including competitors of the Customer. The Customer acquires no exclusivity over any Additional Features or Custom Features, and no right to prevent or restrict their use by Pulso or by any third party, even where the Customer has paid for their development.

7. Additional Work

7.1. The Customer may, at any time, ask Pulso to carry out work that falls outside the scope of the Agreement ("Additional Work"). Pulso is not required to accept such requests. Where Pulso is willing to proceed, it will provide the Customer with an estimate of the associated cost and will only begin the work after the Customer has approved that estimate.

7.2. Pulso may, however, perform Additional Work without prior approval where it can demonstrate that the work is reasonably necessary to provide the Services, or where the necessity follows reasonably from instructions given by the Customer. Such Additional Work will be invoiced on a time-and-materials basis at Pulso's then-current hourly rates.

7.3. A refusal by Pulso to perform requested Additional Work does not entitle the Customer to terminate or dissolve the Agreement or any Service Plan.

8. Customer Data

8.1. Customer Data belongs to the Customer. Nothing in the Agreement transfers ownership of Customer Data to Pulso, and Pulso will not assert any title, interest, or proprietary right over it at any time.

8.2. To enable Pulso to provide the Services, the Customer grants Pulso a limited right to access, store, process, transmit, and otherwise handle Customer Data for the duration of the Agreement. This right is non-transferable; however, Pulso may extend it to any sub-processor or service provider it engages, but only to the extent strictly necessary for the performance of the Services and subject to equivalent confidentiality and data protection obligations. Where Customer Data constitutes personal data processed by Pulso on behalf of the Customer, it is treated as End-User Booking Data for the purposes of Appendix 1 (Data Processing Agreement).

8.3. Pulso also receives a perpetual, irrevocable, royalty-free licence to use insights, analyses, statistics, and reports derived from Customer Data, provided that such derived material is either anonymised — such that the data subject is no longer identifiable, within the meaning of Recital 26 GDPR — or aggregated in a way that prevents re-identification, and that all applicable data protection law — including the GDPR — is complied with. This licence allows Pulso to use such material for internal purposes such as service improvement, benchmarking, and product development.

8.4. Pulso will take reasonable measures to protect Customer Data against misuse, abuse, and unauthorized access.

8.5. The Customer warrants that any Customer Data submitted to the Services has been collected and is processed lawfully, and that providing it to Pulso for processing under the Agreement does not breach any applicable law. The Customer must not enter payment card data (including credit or debit card numbers) in any way in the Platform; such data may only be handled through a payment integration that is expressly designated for that purpose and is PCI-compliant. The Customer must not upload, attach, or otherwise store images, scans, or photographs of identity documents (including national identity cards, passports, residence permits, or driving licences) of its end clients in the Platform; where the Customer needs to record identity-verification data, only the corresponding document number may be entered, in the field designated for that purpose.

8.6. On termination of the Agreement, Pulso will delete or destroy Customer Data on the terms set out in Article 12 of Appendix 1 (Data Processing Agreement), which provides for a 30-day export grace period followed by deletion from active production systems. Responsibility for retaining backups of any Customer Data the Customer wishes to keep beyond termination lies with the Customer.

9. Intellectual Property Rights

9.1. Pulso (or, where applicable, its licensors) is and remains the exclusive owner of all Intellectual Property Rights in and to the Platform, the Services, the Additional Features, the Custom Features, and any Materials that Pulso makes available under the Agreement. Nothing in the Agreement should be read as transferring ownership of any such rights to the Customer; the Customer's entitlements are limited to the usage rights granted in this Article 9 and elsewhere in the Agreement.

9.2. Pulso grants the Customer, for the duration of the Agreement and solely for the purpose of using the Services as intended, a personal, revocable, non-exclusive, non-transferable, and non-sublicensable right of use over the Platform, the Additional Features, and any Materials made available by Pulso. This right ends automatically on termination of the Agreement.

9.3. Except where mandatory law expressly permits otherwise, the Customer must not (and must not permit any third party to): (i) modify, adapt, translate, or create derivative works of the Platform or any Pulso Materials; (ii) attempt to access, reconstruct, or derive the source code of the Platform, whether by reverse engineering, decompilation, disassembly, or any other technique; or (iii) request or expect to be provided with such source code.

9.4. The Platform and Pulso's Materials may incorporate technical protection measures, including access controls, watermarking, and integrity checks. The Customer must not interfere with, disable, circumvent, or remove any such measure, nor authorize or assist any third party in doing so.

9.5. Any notice, label, or marking on Pulso's Materials that identifies a right of intellectual property, indicates confidentiality, or attributes authorship must be left intact. The Customer must not remove, conceal, or alter any such notice, whether on copies of the Materials in its possession or on derivative outputs generated through the Services.

9.6. The Customer permits Pulso to identify the Customer publicly as a Pulso customer, including by reproducing the Customer's name and logo on the Website, in marketing materials, and in press communications.

9.7. Any feedback, suggestion, idea, or proposal that the Customer provides to Pulso regarding the Services becomes the property of Pulso. Pulso may use such input for any purpose — including incorporating it into the Services — with no obligation to compensate or credit the Customer.

10. Acceptable use

10.1. The Customer must not use the Services in any way that breaches these Terms and Conditions or any applicable law, nor in any way that could cause harm or undue burden to Pulso or to any third party.

10.2. Pulso acts as an intermediary in respect of content stored on the Platform by Customers. Pulso does not pre-screen, moderate, or actively monitor such content, and is not responsible for it. The Customer acknowledges and accepts this.

10.3. Without limiting Article 10.1, the Customer must not use the Platform to:

a. carry out, facilitate, or conceal any activity that is unlawful under Spanish law or under any other law applicable to the Customer or to the persons affected by such activity;
b. handle payment card data of any kind — including credit card numbers, debit card numbers, CVV codes, or equivalent information — outside of a payment integration that Pulso has expressly designated for that purpose and that is PCI-compliant;
c. publish, transmit, or store content that is defamatory, harassing, deceptive, obscene, threatening, or that a reasonable person would find offensive, regardless of whether it targets a specific individual or group;
d. infringe the intellectual property rights, privacy rights, or any other legally protected interest of a third party, whether by reproducing, distributing, or making available protected content without authorization;
e. upload, host, or transmit malicious code of any nature — including viruses, worms, ransomware, spyware, or any other software designed to disrupt, damage, or gain unauthorized access to a system;
f. degrade, overload, probe, scan, or otherwise interfere with the operation, integrity, or security of the Platform, of Pulso's infrastructure, or of any system or network operated by another user or by a third party.

10.4. Where Pulso reasonably believes that the Customer has breached this Article 10 or any applicable law — whether on its own assessment or following a complaint — Pulso may take such action as it considers proportionate, including suspending Account access or terminating the Agreement.

10.5. Where Pulso considers that its systems, its network, or the availability of the Services to other customers is at risk — for example due to excessive data transfer, leaked personal data, or malware activity — Pulso may take any measure it reasonably considers necessary to mitigate that risk, including suspending the Services or terminating the Agreement.

10.6. Pulso may report acts that may constitute criminal offences to the competent authorities, and may share with those authorities any relevant Materials and information about the Customer or any third parties involved.

10.7. The Customer must comply with any reasonable instructions issued by Pulso concerning use of the Services.

10.8. The Customer will compensate Pulso for any loss or damage Pulso suffers as a result of the Customer's breach of this Article 10, and will indemnify and hold Pulso harmless against any third-party claim arising from such breach.

11. Pricing and payments

11.1. All prices and fees quoted by Pulso are exclusive of VAT and any other applicable taxes or government charges, unless expressly stated otherwise.

11.2. If a price has been calculated on the basis of information provided by the Customer that turns out to be inaccurate, Pulso may adjust the price accordingly, even after the Agreement has been concluded.

11.3. Pulso may revise its prices and fees. Pulso will give the Customer at least two (2) months' prior notice of any such revision. Continued use of the Services after the effective date of the revision constitutes acceptance of the new pricing.

11.4. Where applicable, use of the Platform is subject to a recurring subscription fee — billed monthly or annually depending on the Service Plan and any Additional Features in effect, as set out in the Quotation.

11.5. Additional Features and implementation work may be subject to one-off fees in addition to any recurring subscription, as specified in the relevant Quotation.

11.6. Pulso may issue invoices electronically. Invoices are payable in advance and must be settled within seven (7) days of the invoice date.

11.7. All sums owed by the Customer become immediately due and payable upon the Customer's insolvency, application for a moratorium on payments, attachment of its assets, or liquidation.

11.8. Where the Customer fails to pay an invoice by its due date, the Customer becomes liable — without further notice of default — for statutory commercial interest on the unpaid amount, as well as for any extrajudicial collection costs, including legal fees and the fees of any bailiff or recovery agent. Pulso may, in such circumstances, suspend performance of the Agreement until all overdue amounts (including interest and costs) have been paid in full.

11.9. The Customer is not entitled to set off any amounts due to Pulso against any claim it may have against Pulso, on any basis whatsoever.

12. Personal data and GDPR

12.1. The Parties acknowledge that the performance of the Agreement involves the processing of personal data, and that each Party is responsible for complying with its respective obligations under Regulation (EU) 2016/679 (the General Data Protection Regulation, or "GDPR") and any other applicable data protection legislation.

12.2. Where Pulso processes personal data on behalf of the Customer in the course of providing the Services, the Customer acts as data controller and Pulso acts as data processor within the meaning of the GDPR. The terms governing such processing — including the subject matter, duration, nature and purpose of the processing, the categories of personal data and data subjects involved, the rights and obligations of each Party, the security measures in place, the use of sub-processors, and the conditions for international transfers of personal data — are set out in Appendix 1 (Data Processing Agreement), which forms an integral and inseparable part of these Terms and Conditions. No separate signature is required: by accepting these Terms and Conditions, the Customer accepts Appendix 1.

12.3. Independently of the processing referred to in Article 12.2, Pulso acts as data controller in respect of personal data it processes for its own purposes — including, but not limited to, account administration, authentication, billing and invoicing, customer support, service improvement, product analytics, security monitoring, and marketing communications where lawfully permitted. Pulso processes such data in accordance with its Privacy Policy, available on the Website, which describes the categories of personal data processed, the legal bases for processing, retention periods, and the rights of data subjects under the GDPR.

13. Availability and maintenance

13.1. Pulso will use reasonable endeavours to keep the Services continuously available, but does not warrant uninterrupted availability.

13.2. Maintenance may temporarily affect availability. Where Pulso is able to anticipate such interruptions, it will try to schedule them outside peak hours. Pulso will normally give at least two (2) days' prior notice — by email or through the Platform — of planned maintenance. Emergency maintenance may be carried out at any time without prior notice.

13.3. After an update or upgrade has been deployed, the Customer cannot continue to use any earlier version of the Platform. The Customer has no right or claim to any update or upgrade that has been announced but not yet released.

14. Confidentiality

14.1. Each Party will treat as confidential (i) the existence, content, and nature of the Agreement and of the relationship between the Parties, and (ii) any information disclosed by the other Party — before, during, or after the Agreement — that is marked as confidential or that the receiving Party knows, or ought reasonably to understand, to be confidential. Each Party will impose equivalent obligations on its employees and on any third party it engages in connection with the Agreement.

14.2. The obligations in Article 14.1 do not apply to information which:

a. is or becomes publicly available, otherwise than as a result of a breach of the Agreement by the receiving Party;
b. was already lawfully in the receiving Party's possession before disclosure by the disclosing Party;
c. is lawfully obtained by the receiving Party from a third party that is not bound by an obligation of confidence; or
d. is independently developed by the receiving Party without use of the disclosing Party's confidential information.

14.3. Where a receiving Party is legally required to disclose confidential information, it will give the disclosing Party prompt written notice — to the extent legally permitted — so that the disclosing Party may seek a protective order or other appropriate remedy, or waive compliance with this Article 14.

14.4. On the expiry or termination of the Agreement, each receiving Party will, at the disclosing Party's option, return or destroy all material containing confidential information of the disclosing Party. The obligations in this Article 14 survive termination of the Agreement.

15. Liability

15.1. Pulso's total liability under the Agreement — whether for breach of contract, tort, or any other cause — is capped at the amount (excluding VAT) the Customer has paid Pulso in the two (2) months immediately preceding the event giving rise to the liability.

15.2. Pulso is liable only for direct damages caused by an attributable failure to perform the Agreement. Liability for indirect damages is excluded. Indirect damages include, for the purposes of the Agreement, lost profits, lost savings, loss of data, loss of goodwill or reputation, and damages arising from business interruption.

15.3. No claim against Pulso for failure to perform the Agreement may be brought unless the Customer has first served Pulso with a written notice describing the alleged failure in sufficient detail to allow Pulso to identify, investigate, and address it, and has then allowed Pulso a reasonable period — proportionate to the nature and complexity of the issue — to cure the alleged failure. Pulso's liability arises only if, after that period has elapsed, Pulso has still not remedied the failure. A notice that is vague, incomplete, or that does not afford Pulso a meaningful opportunity to respond will not trigger liability under this Article 15.

15.4. Any claim for damages must be notified to Pulso in writing within thirty (30) days of the Customer becoming aware of the damage; failing such notification, the claim lapses.

15.5. The Customer expressly accepts that Services provided under a Trial Service Plan, or while no Service Plan is in effect, are provided on an "as-is" and "as-available" basis, and that Pulso has no liability whatsoever in respect of such Services, save where the damage results from intentional misconduct or gross negligence on the part of Pulso's management.

15.6. The Customer will indemnify Pulso and hold it harmless against any third-party claim arising from (i) the Customer's use of the Services in breach of these Terms and Conditions or applicable law, or (ii) any other use of the Services by, or attributable to, the Customer that has not been expressly authorized by Pulso.

15.7. Nothing in this Article 15 limits or excludes the liability of either Party towards data subjects under Article 82 GDPR, nor affects any allocation of liability between the Parties that is mandatory under GDPR.

16. Force majeure

16.1. Pulso is not required to perform any obligation under the Agreement to the extent that performance is prevented by force majeure, and is not liable for any loss or damage resulting from such an event.

16.2. Force majeure includes, without limitation: power outages; failures of internet or telecommunications infrastructure; cyberattacks (including denial-of-service attacks); attacks involving malware or other harmful software; civil unrest; natural disasters; terrorism; war or mobilization; import or export restrictions; strikes; supply-chain disruption; fire; flood; and any other circumstance in which Pulso, or any of its suppliers, is unable to perform.

16.3. Where a force majeure situation persists for more than ninety (90) consecutive days, either Party may terminate the Agreement immediately by written notice. Services already delivered before and during the force majeure period will be invoiced and paid on a pro rata basis.

17. General provisions

17.1. The Agreement is governed exclusively by Spanish law. Any dispute arising out of or in connection with the Agreement will be submitted to the exclusive jurisdiction of the courts and tribunals of the city of Barcelona.

17.2. Where these Terms and Conditions refer to "writing" or to something being done "in writing", this includes communication by email, provided the identity of the sender and the integrity of the message can be reasonably established.

17.3. In the absence of evidence to the contrary, the records held by Pulso of any communication or transaction will be treated as authoritative.

17.4. If any provision of the Agreement is held to be invalid or unenforceable, that provision will be interpreted, or replaced, in such a way as to give effect — so far as legally possible — to the original intention of the Parties. The remaining provisions of the Agreement will continue in full force and effect.

17.5. Any general terms and conditions of the Customer are expressly excluded and do not form part of the Agreement.

17.6. The Customer may not transfer or assign the Agreement, or any of its rights or obligations under it, to a third party without Pulso's prior written consent. Pulso may transfer the Agreement and any of its rights and obligations under it to any third party that acquires all or the majority of the business operations to which the Agreement relates.

Appendix 1 | Data Processing Agreement

Last updated: 6 May 2026

This Data Processing Agreement ("DPA") forms an integral and inseparable part of the Terms and Conditions entered into between Pacific Board S.L., trading as Pulso (CIF B16674541, Carrer del Doctor Fleming 55, 2-2, 08860 Castelldefels, Barcelona, Spain) — referred to in this DPA as "Pulso" or the "Processor" — and the Customer (the "Controller"), jointly the "Parties" and individually a "Party".

By accepting the Terms and Conditions, the Customer accepts this DPA. No separate signature is required.

1. Subject-matter and scope

1.1. This DPA sets out the terms on which Pulso Processes Personal Data on behalf of the Customer in the course of providing the Services under the Agreement. It is concluded in accordance with Article 28(3) of Regulation (EU) 2016/679 (the "GDPR").

1.2. Capitalised terms not otherwise defined in this DPA have the meaning given to them in the Terms and Conditions. Terms derived from the GDPR — in particular "Personal Data", "Processing" (and its cognates), "Data Subject", "Controller", "Processor", "Sub-processor", "Supervisory Authority", and "Personal Data Breach" — bear the meanings set out in Article 4 GDPR. "Applicable Data Protection Law" means the GDPR and any other data protection legislation applicable to the Processing carried out under this DPA.

1.3. This DPA applies exclusively to Personal Data that Pulso Processes on the Customer's behalf, namely Personal Data that the Customer, its authorised users, or end clients acting through the Platform on the Customer's instruction (for example, via public booking forms) record in the Platform concerning the Customer's own end clients in connection with equipment-rental bookings ("End-User Booking Data").

1.4. This DPA does not apply to Personal Data for which Pulso is itself the Controller — including Customer account administration, authorised-user account administration (including authentication and activity logs of users invited by the Customer), security logging, billing and invoicing, customer support correspondence with the Customer, product analytics, website visitor data, and marketing communications. Such Processing is governed by Pulso's Privacy Policy.

2. Roles of the Parties

2.1. In respect of End-User Booking Data, the Customer acts as the Controller and Pulso acts as the Processor, within the meaning of Article 4(7) and 4(8) GDPR respectively.

2.2. The Customer is solely responsible for:

a. determining the purposes and means of the Processing within the parameters offered by the Platform;
b. ensuring that it has a valid lawful basis under Article 6 GDPR (and, where applicable, Article 9 GDPR) for the collection and submission of End-User Booking Data to the Platform;
c. the accuracy, quality, and legality of End-User Booking Data;
d. providing Data Subjects with any privacy notices and information required by Articles 13 and 14 GDPR; and
e. handling and responding to Data Subject Requests, subject to Pulso's assistance under Article 8 of this DPA.

2.3. Each Party complies, in respect of its own activities, with Applicable Data Protection Law.

3. Pulso's Processing instructions

3.1. Pulso Processes End-User Booking Data only on the Customer's documented instructions. For the purposes of Article 28(3)(a) GDPR, the following constitute documented instructions:

a. the Agreement (including this DPA and its Annexes);
b. the Customer's configuration and use of the Services and their features; and
c. any further written instructions issued by the Customer to Pulso (including by email to [email protected] or through the in-Platform support channel), provided they are consistent with the Agreement.

3.2. The subject-matter, duration, nature, and purpose of the Processing, together with the categories of Personal Data and of Data Subjects concerned, are described in Annex 1.

3.3. Pulso will inform the Customer without undue delay if, in its reasonable view, an instruction infringes Applicable Data Protection Law or is manifestly unlawful. Pulso is under no obligation to review the general legality of the Customer's Processing activities beyond this.

3.4. Where Pulso is required by EU or Member State law to Process End-User Booking Data beyond the Customer's instructions, Pulso will notify the Customer of that legal requirement before carrying out the Processing, unless the applicable law prohibits such notification on important grounds of public interest.

4. Confidentiality of personnel

4.1. Pulso ensures that every member of its personnel — including employees and contractors — who is authorised to Process End-User Booking Data is bound by a written undertaking of confidentiality, whether under contract or under a statutory duty of confidence, that survives the termination of their engagement with Pulso.

4.2. Access to End-User Booking Data within Pulso is restricted, on a role-based and strict need-to-know basis, to personnel who require such access to perform Pulso's obligations under the Agreement.

5. Security of Processing

5.1. Pulso implements and maintains the technical and organisational measures set out in Annex 3 to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of the Processing, and the risks of varying likelihood and severity for the rights and freedoms of natural persons.

5.2. Pulso will not, during the term of the Agreement, materially reduce the overall level of security provided in respect of End-User Booking Data. Pulso may, at its discretion, improve, update, or replace specific measures provided the overall level of protection is not diminished.

6. Sub-processors

6.1. The Customer grants Pulso a general written authorisation, in accordance with Article 28(2) GDPR, to engage Sub-processors for the Processing of End-User Booking Data.

6.2. The Sub-processors engaged at the date of this DPA are listed in Annex 2. An up-to-date list is maintained at https://pulsorent.com/fr/subprocessors (the "Sub-processor Page"), which forms part of this DPA by reference.

6.3. Where Pulso intends to engage a new Sub-processor, or replace an existing one, it will notify the Customer at least thirty (30) days before that Sub-processor begins Processing End-User Booking Data. Notification is given by:

a. an in-Platform notice addressed to the Customer's administrative users; and
b. a dated entry, with a changelog, on the Sub-processor Page.

6.4. The Customer may object, in writing, on reasonable grounds relating to data protection compliance, within the 30-day notice period. The Parties will then consult in good faith with a view to reaching a mutually acceptable solution. Where no solution is agreed within a reasonable further period, the Customer may terminate the Services affected by the proposed Sub-processor change and, if termination takes effect before the end of a prepaid term, receive a pro-rata refund of fees prepaid for the unused portion of that term in respect of the affected Services. Continued use of the Services after the notice period without a written objection constitutes acceptance of the Sub-processor.

6.5. Pulso imposes on each Sub-processor, by means of a written contract, data protection obligations no less protective than those set out in this DPA — including obligations regarding confidentiality, security, assistance, international transfers, and audit. Pulso remains fully liable to the Customer for any failure by a Sub-processor to comply with those obligations, as if Pulso had committed the failure itself.

7. International transfers

7.1. Pulso Processes End-User Booking Data primarily within the European Economic Area ("EEA"). Where a Sub-processor is established, or Processes End-User Booking Data, in a country outside the EEA for which the European Commission has not issued an adequacy decision, Pulso ensures that an appropriate transfer mechanism under Chapter V GDPR is in place. Such mechanisms include:

a. the European Commission's Standard Contractual Clauses set out in Implementing Decision (EU) 2021/914 (the "SCCs");
b. the EU–US Data Privacy Framework, to the extent applicable and certified;
c. binding corporate rules approved by a competent Supervisory Authority; or
d. any other transfer mechanism lawfully recognised under Applicable Data Protection Law.

7.2. The Customer authorises Pulso to enter into the SCCs on the Customer's behalf with any relevant Sub-processor, applying Module 3 (Processor-to-Processor) or, where appropriate, Module 2 (Controller-to-Processor). The Customer undertakes to confirm or counter-sign such clauses on request where direct execution by the Customer is required under Applicable Data Protection Law.

7.3. Copies of the transfer mechanisms relied on under this Article 7 are available to the Customer on request at [email protected].

8. Data Subject Requests

8.1. Where Pulso receives, directly from a Data Subject, a request to exercise rights under Articles 15 to 22 GDPR in relation to End-User Booking Data, Pulso will:

a. acknowledge receipt and direct the Data Subject to the Customer, without responding to the request substantively; and
b. forward the request to the Customer within three (3) working days of receipt.

8.2. Taking into account the nature of the Processing, Pulso will assist the Customer by appropriate technical and organisational measures — including the self-service functionality of the Platform — in fulfilling the Customer's obligation to respond to Data Subject Requests.

8.3. Reasonable assistance under this Article 8 is provided at no charge. Where a request requires Pulso to undertake engineering or manual work that goes significantly beyond the standard functionality of the Platform, Pulso may charge the Customer for that additional work at its then-current hourly rates, on terms agreed in advance.

9. Personal Data Breach

9.1. Pulso will notify the Customer of any Personal Data Breach affecting End-User Booking Data without undue delay after becoming aware of it, and in any event in sufficient time to enable the Customer to comply with its own notification obligations under Articles 33 and 34 GDPR.

9.2. The notification will be sent to the Customer's primary administrative contact registered in the Platform and will include, to the extent known at the time:

a. a description of the nature of the Breach, including where possible the categories and approximate number of Data Subjects and records concerned;
b. the likely consequences of the Breach;
c. the measures taken or proposed by Pulso to address the Breach and mitigate any adverse effects; and
d. a contact point at Pulso for further information.

9.3. Where not all information listed in Article 9.2 is available at the time of the initial notification, Pulso will supplement it in further communications as soon as the information becomes available, without further undue delay.

9.4. The Customer is solely responsible for notifying, where required, the competent Supervisory Authority under Article 33 GDPR and affected Data Subjects under Article 34 GDPR.

10. Assistance with DPIAs and prior consultation

10.1. Taking into account the nature of the Processing and the information reasonably available to Pulso, Pulso will provide the Customer with reasonable assistance with:

a. data protection impact assessments under Article 35 GDPR; and
b. prior consultations with a Supervisory Authority under Article 36 GDPR,

to the extent such assistance is required by Applicable Data Protection Law and the Customer does not otherwise have access to the information needed.

10.2. Reasonable assistance is provided at no charge. The cost principles set out in Article 8.3 apply to any work that goes significantly beyond the standard functionality of the Platform.

11. Audits

11.1. Pulso will, on reasonable written request, make available to the Customer the information that is reasonably necessary to demonstrate compliance with this DPA and with Article 28 GDPR. This may include summaries of security testing, the measures set out in Annex 3, and any third-party audit reports or certifications that Pulso holds from time to time.

11.2. In addition to Article 11.1, the Customer may verify Pulso's compliance with this DPA by means of an audit conducted by an independent third-party auditor bound by obligations of confidentiality, subject to the following conditions:

a. the audit may be requested only where the Customer has a reasonable and well-founded suspicion of a material breach of this DPA, which it has communicated to Pulso in writing together with the grounds for that suspicion;
b. the audit may be carried out at most once per calendar year;
c. the Parties agree in advance, in good faith, on the scope, timing, duration, and confidentiality arrangements of the audit;
d. the audit is carried out during normal business hours and in a manner that does not unreasonably interfere with Pulso's operations and does not compromise the confidentiality of other Pulso customers' data or of Pulso's intellectual property.

11.3. The Customer bears its own costs and Pulso's reasonable costs of any audit under Article 11.2, unless the audit establishes a material non-compliance by Pulso, in which case Pulso bears its own costs and reimburses the Customer's reasonable, documented costs.

11.4. All information obtained by the Customer or its auditor in connection with an audit is treated as confidential and may not be disclosed to third parties, save as required by applicable law or with Pulso's prior written consent.

12. Return and deletion of End-User Booking Data

12.1. On termination or expiry of the Agreement, the Customer has thirty (30) days from the effective termination date during which it may request and/or export End-User Booking Data from the Platform. Exports are provided in a structured, commonly used, machine-readable format (typically CSV).

12.2. At the end of the 30-day period referred to in Article 12.1, Pulso will delete all End-User Booking Data from its active production systems. End-User Booking Data may persist in encrypted backups for up to seven (7) additional days before being overwritten in the ordinary course of Pulso's backup rotation; during that period, backup data is not accessed for any operational purpose. Data restored from a backup will, if it had previously been subject to deletion, be re-deleted without undue delay after restoration.

12.3. Notwithstanding Articles 12.1 and 12.2, Pulso may retain End-User Booking Data to the extent, and for the period, required to comply with a binding legal obligation, to establish, exercise, or defend legal claims, or to comply with a lawful order from a competent authority. Any such retained data remains subject to the confidentiality and security obligations of this DPA and will not be Processed for any other purpose.

13. Liability

13.1. Each Party's liability arising out of or in connection with this DPA forms part of, and is subject to, the liability regime set out in the Terms and Conditions. For the avoidance of doubt, any claim under this DPA is subject to the limitations and exclusions of liability set out in Article 15 of the Terms and Conditions.

14. Term, amendments, and governing law

14.1. This DPA takes effect on the date the Customer accepts the Terms and Conditions and remains in force for as long as Pulso Processes End-User Booking Data on behalf of the Customer, including any post-termination period during which such data is retained under Article 12. Provisions that by their nature survive termination — including Articles 4, 11, 12, 13, and 14.3 — continue to apply after termination of the Agreement.

14.2. Pulso may amend this DPA by giving the Customer at least thirty (30) days' prior written notice where the amendment (i) is non-material, (ii) is required by Applicable Data Protection Law or by guidance of a competent Supervisory Authority, or (iii) reflects changes to Sub-processors or to the technical and organisational measures set out in Annex 3 that do not materially reduce the overall level of protection afforded to End-User Booking Data. Any other amendment is made in accordance with Article 2.7 of the Terms and Conditions.

14.3. This DPA is governed by Spanish law. The courts and tribunals of the city of Barcelona have exclusive jurisdiction over any dispute arising out of or in connection with this DPA, without prejudice to the rights of Data Subjects to seek redress before their local courts or Supervisory Authority in accordance with Applicable Data Protection Law.

15. Order of precedence

15.1. In the event of any conflict or inconsistency between this DPA and any other part of the Agreement in respect of the Processing of End-User Booking Data, this DPA prevails to the extent of the conflict.

Annex 1 | Description of the Processing

Subject-matter of the Processing

Provision by Pulso to the Customer of the Pulso equipment-rental management platform and related Services, as defined in the Agreement, insofar as that provision involves the Processing of Personal Data of the Customer's end clients.

Duration of the Processing

For the term of the Agreement and for any post-termination retention period permitted under Article 12 of this DPA.

Nature of the Processing

Collection (by the Customer and its authorised users through the Platform interface and API), storage, organisation, structuring, retrieval, consultation, use, transmission, access control, backup, restoration, and deletion.

Purpose of the Processing

To enable the Customer to record, manage, and fulfil equipment-rental bookings; to generate documents and communications related to those bookings; to process payments associated with those bookings; and to enable Pulso to provide technical support to the Customer.

Categories of Data Subjects

Natural persons who are end clients of the Customer and about whom the Customer, its authorised users, or the end clients themselves (acting through Platform features such as public booking forms) record Personal Data in the Platform.

Categories of Personal Data

The Customer determines which categories of Personal Data it collects and submits to the Platform. Typical categories include:

Identification data: full name.
Contact data: email address, phone number, postal address.
Identity document data: national identity card number, passport number, driving-licence number — where collection of such data is required by the Customer's business activity (for example, for equipment-rental identity verification). The Customer must not upload, attach, or otherwise store images, scans, or photographs of identity documents in the Platform; only the document number may be recorded, in the field designated for that purpose.
Booking data: rental period, equipment rented, notes, and any other information the Customer records in standard or custom fields of the Platform.
Payment-related data: transaction identifiers and payment-method metadata. Full payment card details (PAN, CVV) are never stored by Pulso; such data is handled exclusively by the payment-processing Sub-processors identified in Annex 2.

Special Category Data (Article 9 GDPR)

Pulso does not require, solicit, or design the Platform for the Processing of Special Category Data. The Customer determines, at its sole responsibility, whether to submit any such data; where it does so, the Customer alone bears responsibility for ensuring that a valid exception under Article 9(2) GDPR applies.

Retention of End-User Booking Data

As set out in Article 12 of this DPA.

Annex 2 | Sub-processors

The Sub-processors engaged by Pulso at the date of this DPA to Process End-User Booking Data on behalf of Customers are as follows:

Sub-processor	Role	Country / region	Transfer mechanism
DigitalOcean, LLC	Cloud hosting of the Platform database and application	Frankfurt, Germany (EU data centre)	EEA hosting; SCCs with US parent entity for any support access originating outside the EEA
BetterStack (Better Stack sp. z o.o.)	Application log management and error tracking	European Union	Within the EEA — no transfer
Twilio Inc. (SendGrid)	Transactional email delivery to end clients (e.g. booking confirmations, notifications)	United States	SCCs / EU–US Data Privacy Framework
Stripe, Inc.	End-user payment processing (card payments taken by the Customer through the Platform)	United States	SCCs / EU–US Data Privacy Framework
Redsys Servicios de Procesamiento, S.L.	End-user payment processing	Madrid, Spain	Within the EEA — no transfer

An up-to-date list is maintained at https://pulsorent.com/fr/subprocessors and forms part of this Annex by reference. The URL-hosted list governs in case of any discrepancy with the table above.

Annex 3 | Technical and Organisational Measures (Article 32 GDPR)

Pulso implements the following technical and organisational measures to ensure an appropriate level of security for End-User Booking Data:

Encryption

All data in transit between the Customer, the end client, and the Platform is protected by TLS (HTTPS).
Data at rest in the Platform's primary production database is encrypted.
Backups of End-User Booking Data are encrypted.

Access control

Access to End-User Booking Data through the Platform requires authentication with Login Credentials.
All user passwords — whether belonging to end clients, authorised users, or Pulso personnel — are stored only in hashed, non-reversible form across the Platform.
Access to Pulso's production systems is limited, on a role-based and need-to-know basis, to authorised Pulso personnel.
Access by Pulso personnel to administrative interfaces of the Platform's production environment is protected by multi-factor authentication (TOTP).

Confidentiality of personnel

All Pulso personnel with access to End-User Booking Data are bound by written confidentiality obligations that survive the termination of their engagement with Pulso.

Infrastructure and hosting

The primary production infrastructure is located within the European Economic Area (DigitalOcean, Frankfurt).
Application logs and runtime errors are centrally collected and monitored by BetterStack, enabling timely detection of operational anomalies affecting End-User Booking Data.

Data segregation

Each Customer's End-User Booking Data is logically segregated within the Platform so that one Customer cannot access another Customer's data.

Resilience and recovery

Regular, encrypted backups of End-User Booking Data are performed to enable restoration of the service in the event of a physical or technical incident.

Sub-processor oversight

Pulso enters into written contracts with each Sub-processor that impose data protection obligations no less protective than those set out in this DPA, including obligations of confidentiality, security, assistance, audit, and compliance with Chapter V GDPR for international transfers.

Pulso reviews these measures periodically and may update, replace, or improve individual measures, provided the overall level of security is not materially reduced during the term of the Agreement.