Skip to main content
← Back to URE

Pilot Agreement — URE × Resort

Status: template — first version. Requires legal review and per-resort negotiation before signing. Mark every [PLACEHOLDER] field for fill-in per pilot.

>

Last modified: 25 April 2026 Maintainer: Sebastiaan

>

Translation note: the Dutch version is the legally binding source. This English translation is provided for convenience and accessibility; in case of conflict the Dutch text prevails.

>

Cross-references: privacy.en.md (DPA component) · docs/adrs/ADR-CAT-001-supply-tier-taxonomy.md · docs/adrs/ADR-PAY-001-eu-payment-methods.md · docs/adrs/ADR-MT-001-multi-tenant-strategy.md.

Between

URE — trade name of [PLACEHOLDER company name], registered at [PLACEHOLDER address], registered with the Dutch Chamber of Commerce under number [PLACEHOLDER], represented by [PLACEHOLDER name], hereinafter referred to as "URE".

and

Resort — [PLACEHOLDER resort name], registered at [PLACEHOLDER address], registered with [PLACEHOLDER trade register + number], represented by [PLACEHOLDER name], hereinafter referred to as "Resort".

1. Purpose of the pilot

URE provides a software platform that allows guests of Resort, after their stay, to buy products they experienced during that stay ("post-stay commerce"). Resort retains full editorial control over which products are offered, what prices apply, and how the communication is presented.

The purpose of this pilot is to validate over a period of [PLACEHOLDER 3 months] whether:

  1. URE works technically for Resort (uploads, email delivery, payments, reporting).
  2. The commercial model is profitable for both parties.
  3. Guests respond positively to the communication (no reputational damage to Resort).

2. Scope — what URE delivers

  • Multi-tenant SaaS platform reachable at [resort-slug].ure.services, fully in Resort's brand style.
  • Onboarding call of up to 2 hours, in which URE configures Resort's first 10–20 products in the system.
  • Operator access for up to [PLACEHOLDER 3] Resort staff to the admin panel /admin.
  • Weekly personalised post-stay emails to guests Resort uploads via CSV.
  • Stripe Connect account on behalf of Resort: payment processing, automatic payouts.
  • Weekly revenue and attribution reporting by email to Resort's primary contact.
  • Technical support within one business day, via [PLACEHOLDER email / Slack channel].
  • Hosting, maintenance, security, and backups of the platform.

3. Scope — what Resort delivers

  • Product data: photos, descriptions, prices, stock status, supply-tier classification (see §6).
  • Guest uploads: weekly (no later than Monday morning 09:00 local time) a CSV of departed guests.
  • Operator resources: at least one person who responds within business days to platform notifications (e.g. bounces, guest complaints, price changes).
  • Own shipping or fulfilment of physical products — URE facilitates payments, not logistics.
  • Own inventory management: marking products as out-of-stock before URE sells them.
  • Response to complaints: direct communication with Resort's own guests in case of return, delivery, or quality complaints.

URE provides no logistics, customer service, inventory management, or marketing outside the platform.

4. Commercial terms

4.1 Set-up fee

€ 0 for the pilot period. URE charges no onboarding or integration fees.

4.2 Monthly fee

€ 0 for the pilot period. There is no fixed monthly fee during the pilot.

4.3 Commission per sale

URE retains a commission on the gross sale amount (excl. VAT, excl. shipping), differentiated by supply tier per ADR-CAT-001:

TierProduct typeCommission
Tier 1Resort-internal (own products)15%
Tier 2Local artisans18%
Tier 3Brand wholesale8%
Tier 4Brand referral (MAP-respecting)12%

The commission is automatically settled by Stripe Connect via application_fee_amount. Resort receives the net amount directly to its bank account; URE receives the commission directly.

4.4 Refunds and returns

For a refund (within 14 days of delivery) the commission is refunded pro rata to Resort. Stripe processes this automatically.

4.5 VAT

Both parties invoice each other in compliance with applicable VAT rules. URE commission inclusive of VAT where applicable.

4.6 Payout schedule

Stripe issues weekly payouts to Resort, per Stripe's standard payout schedule (2–7 days).

5. Term and termination

5.1 Pilot period

This agreement starts on [PLACEHOLDER start date] and ends automatically on [PLACEHOLDER start date + 3 months] unless both parties agree in writing to extend.

5.2 Early termination without cause

Either party may terminate the agreement early with 14 days' written notice, without compensation. Open orders are completed; thereafter the platform stops.

5.3 Termination with immediate effect

Possible in case of:

  • Material breach not remedied within 7 days of notice of default.
  • Bankruptcy, suspension of payments, or comparable insolvency of either party.
  • Serious reputational damage (e.g. public accusation of fraud against either party).

5.4 Consequences of termination

  • Access to /admin is blocked.
  • The storefront subdomain [resort-slug].ure.services becomes unreachable.
  • Resort receives a JSON export of all its own data (see §7) within 7 days.
  • Personal data is deleted within 14 days of export, in accordance with privacy.en.md §9.
  • Pending payouts via Stripe are not interrupted.

6. Data processing

6.1 Roles under the GDPR

  • For guest data Resort is the controller; URE is the processor.
  • For operator accounts (Resort staff in the admin panel) URE is the controller.
  • A separate Data Processing Agreement (DPA) is included as Annex A and forms part of this agreement.

6.2 Sub-processors

URE engages sub-processors per the list in privacy.en.md §6 (AWS, Stripe, Sentry, Anthropic, Google, Netlify). Resort is informed in writing at least 30 days in advance of the addition or replacement of a sub-processor.

6.3 Security measures

URE warrants minimum:

  • TLS 1.2+ for all data transit.
  • AES-256 for data at rest.
  • PostgreSQL Row-Level Security for tenant isolation.
  • Audit trail for every service-role query and every super-admin action.
  • Optional MFA for operator accounts; mandatory MFA for URE personnel.
  • Yearly external pen-test.
  • Detection within 24 hours and notification to Resort within 48 hours in the event of a data breach involving Resort data.

6.4 Right to export and erasure

Resort can request a data export at any time via [PLACEHOLDER email]. URE delivers a JSON bundle within 7 days. Upon termination per §5, Resort does not need to request this explicitly — export is automatic.

7. Intellectual property

7.1 URE platform

The software, source code, design systems, technology, and documentation of the URE platform remain URE's intellectual property. Resort obtains a non-exclusive, non-transferable right of use for the duration of this agreement.

7.2 Resort content

All product photos, product descriptions, email content, and brand assets that Resort uploads or has URE configure remain Resort's property. URE obtains a non-exclusive, royalty-free licence to display this content on [resort-slug].ure.services and use it in post-stay emails, exclusively for the duration of this agreement.

7.3 Guest data

Guest personal data is not intellectual property but personal data. Treatment per §6.

7.4 Aggregated, anonymised data

URE may use aggregated, non-identifiable data (total revenue per tier per month, conversion rates, etc.) for product development and in anonymised case studies. No identification of Resort without written consent.

8. Public reference

URE may use Resort's name and logo on ultimateresortexperience.com and in marketing materials only with explicit written consent. Consent may be withdrawn at any time; URE removes the references within 7 days.

9. Liability

9.1 Limitation

URE's total liability towards Resort is limited to the total amount of commissions URE has received in the 12 months preceding the damage event. For the pilot period (commission-only model) this is effectively the cumulative commission to that date.

9.2 Exclusions

URE is not liable for:

  • Indirect damage, consequential damage, lost profits, missed opportunities.
  • Damage caused by failure of sub-processors (AWS, Stripe), except for gross negligence by URE in vendor selection.
  • Damage caused by incorrect or incomplete guest uploads by Resort.

9.3 Force majeure

Neither party is liable for non-performance caused by force majeure (war, natural disaster, pandemic, AWS outage > 24 hours, etc.).

9.4 Data-breach indemnification

In case of a data breach demonstrably caused by URE, URE indemnifies Resort against claims by data subjects up to the maximum stated in §9.1.

10. Confidentiality

Both parties treat each other's commercial, technical, and operational information as confidential. The confidentiality obligation continues for 5 years after termination of this agreement.

No confidentiality applies to:

  • Information that is public knowledge through no fault of the receiving party.
  • Information lawfully obtained from a third party.
  • Information that must be disclosed by law or court order.

11. Other provisions

11.1 Governing law

This agreement is governed by Dutch law.

11.2 Competent court

Disputes that cannot be resolved by negotiation are submitted to the court in [PLACEHOLDER Amsterdam], unless a mandatory legal provision dictates otherwise.

11.3 Mediation

Prior to legal action, the parties undertake to resolve the dispute through mediation within 30 days, initiated upon request by either party.

11.4 Entire agreement

This agreement (including Annex A — DPA) is the complete representation of the arrangements between the parties. Earlier oral or written communications are superseded by this document.

11.5 Amendments

Amendments are valid only when agreed in writing by both parties.

11.6 Non-assignability

Neither party may assign this agreement to a third party without the other party's written consent.

12. Signature

Agreed upon in duplicate:

For URE

Name: [PLACEHOLDER] Function: [PLACEHOLDER] Date: ____________________ Signature: ____________________

For Resort

Name: [PLACEHOLDER] Function: [PLACEHOLDER] Date: ____________________ Signature: ____________________

Annex A — Data Processing Agreement (DPA)

Separate document; follows the standard EU DPA template from EDPB. For the pilot period it contains at minimum:

>

1. Categories of data subjects: guests of Resort. 2. Categories of personal data: as described in privacy.en.md §3. 3. Purposes: post-stay email communication + e-commerce settlement. 4. Term: equal to the pilot period + 14 days for data deletion. 5. Sub-processors: as listed in §6.2 + privacy.en.md §6. 6. Security measures: as described in §6.3. 7. Data-breach notification time: 48 hours to Resort. 8. Audit rights: one unannounced audit per 12 months, at the auditing party's expense. 9. International transfers: SCCs for sub-processors outside the EEA (see privacy.en.md §6). 10. Termination: data export + deletion within 14 days of end of agreement.

This agreement is a template. Prior to signing, legal advice is required, particularly on the [PLACEHOLDER] fields, the liability limitation, and the DPA annex.