Data Processing Addendum

This Data Processing Addendum, including its Schedules and Appendices, (“DPA”) forms part of the Master Subscription Agreement or other written or electronic agreement between Arkieva and Customer for the purchase of online services (including associated Arkieva offline or mobile components) from Arkieva, which includes the services listed in this DPA (identified either as “Services” or otherwise in the applicable agreement, and hereinafter defined as “Services”) (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Personal Data.

By electronically signing the Master Subscription Agreement, Customer enters into this DPA by reference on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates, if and to the extent Arkieva processes Personal Data for which such Authorized Affiliates qualify as the Controller. For the purposes of this DPA only, and except where indicated otherwise, the term “Customer” shall include Customer and Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Master Subscription Agreement.

In the course of providing the Services to Customer pursuant to the Agreement, Arkieva may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

The Supplier and the Customer are also individually referred to as a “Party” and collectively as the “Parties”.

Customer and Supplier hereby declare they have agreed as follows:

1.1     “Annexes”: appendices to this agreement which form part of this Agreement.

1.2     “Customer’s Personnel”: personnel to be made available by the Customer on the basis of this Agreement.

1.3     “Services”: the services to be provided by the Supplier on the basis of the agreement specifically for the benefit of the Customer and the work to be carried out as described under 2.1

1.4     “Supplier’s Personnel”: the members of personnel employed and/or contracted by the Supplier for the execution of this agreement and/or any third parties working under his responsibility.

1.5     “Customer’s Data means any and all data and information of any kind or nature submitted to Supplier by Customer, or received by Supplier on behalf of Customer, necessary for Supplier and Developer to provide the services.

1.6     Intellectual Property means any patent, invention, registered design, copyright, database right, design right, trademark, application to register any of the aforementioned rights, trades secret, right in unpatented Know-how, right of confidence or industrial property right of any nature whatsoever in any part of the world whether registrable or otherwise.

1.7     “Information Security means the protection of data, applications, systems, and network resources from accidental or deliberate misuse through unauthorized disclosure, alteration, or destruction.

1.8     “Information Resources are information resources for which the Customer, assignees and designated users have existing authorization to access, and include: (a) Printed or written communications and documentation, such as reports, letters, and memos; (b) Online screen transactions; (c) Software applications; (d) Data set files and databases residing on any media, such as tape, disk, diskettes, microfilm, and microfiche; (e) Processing systems including, but not limited to servers, PCs, workstations, laptops, and printers; (f) Network resources.

1.9     “Swifcast means the advanced predictive analytics cloud service offered by Supplier.

1.10    “Confidential Information” means all confidential or proprietary information and documentation of such party, whether or not marked as such.

2.1     Supplier shall be responsible for establishing and maintaining an information security program/policy that is designed to (i) ensure the security and confidentiality of Customers data, (ii) protect against any anticipated threats or hazards to the security or integrity of Customers data, and (iii) protect against unauthorized access to or use of Customer’s data that could result in substantial harm or inconvenience to Customer.

2.2     Customer shall be responsible for maintaining security for its own systems, servers, and communications links as necessary to (A) protect the security and integrity of Customer’s systems and servers on which Customer’s data is stored, and (B) protect against unauthorized access to or use of Customer’s systems and servers on which Customer’s data is stored.

2.3     Supplier will notify Customer of breaches in Supplier’s security that materially affect Customer. Either party may change its security procedures from time to time as commercially reasonable to address operations risks and concerns in compliance with the requirements of this section.

3.1     This Agreement has been entered into for the same and equal period as the Master License Agreement between Supplier and Customer and enters into effect on the date of signing this Agreement.

4.1     Customer shall remain the sole and exclusive owner of all Customer’s Data and its Confidential Information.

4.2     Supplier shall be permitted to do macro-level analytics of the data to understand trends in the marketplace after anonymizing the customer data.

5.1     Each Party has developed, implemented, and will maintain effective information security policies and procedures that include administrative, technical and physical safeguards designed to (i) ensure the security and confidentiality of confidential information provided to the other parties hereunder, (ii) protect against anticipated threats or hazards to the security or integrity of such confidential information, (iii) protect against unauthorized access or use of such confidential information, and (iv) ensure the proper disposal of confidential information.

5.2     In the event of unauthorized access to confidential information or non-public personal information of individual consumers, each party shall cooperate with the other party, provide any notices and information regarding such unauthorized access to appropriate law enforcement agencies and government regulatory authorities, and affected customers which the other party in its sole discretion deems necessary.

6.1     Supplier and Developer employs technical access controls and internal policies to prohibit employees from arbitrarily accessing Customer’s Data and to restrict access to this data.

7.1     Supplier shall comply with the obligations they have as a processor concerning processing personal data. Supplier shall provide appropriate technical and organizational measures to protect personal and other data against loss or against any form of unlawful processing. Supplier is required to process personal data in accordance with the Customer’s instructions.

7.2     Personal data shall only be processed on documented instructions from the Customer, by which Supplier shall assist the Customer in complying with its data protection obligations. Any data protected by European GDPR will not be saved outside European Union Member Countries.

7.3     Supplier shall maintain a record of all categories of processing activities. This shall include details of the controllers and any other processors and of any relevant Data Protection Officers (DPOs), the categories of processing carried out, details of any transfers to third countries and a general description of technical and organizational security measures.

7.4     Customer warrants that all statutory provisions concerning processing personal data have been strictly observed and that all required explicit consents or any other way of lawful processing provided by the data protection legislation, to process personal data have been obtained or achieved.

7.5     Parties shall promptly notify each other in case of any data breach without undue delay after becoming aware of it.

8.1     All notices or approvals required or permitted under this Agreement must be given in writing to the address provided above, or to such other address as Parties shall provide to receive notices under this Agreement. Any terms and conditions of any unilateral letter, memorandum, purchase order or other writing issued by Customer shall not be binding Supplier. Any waiver or modification of this Agreement will not be effective unless executed in writing and signed by an authorized representative of Parties.

8.2     If any provision of this Agreement is held to be unenforceable, in whole or in part, such holding will not affect the validity of the other provisions of this Agreement, unless Supplier in good faith determines the unenforceable provision to be essential, in which case Supplier may terminate this Agreement effective immediately upon notice to Customer.

8.3     Neither party to this Agreement shall have authority to take any action that shall be binding on the other party, except as may be expressly provided herein or authorized in writing.

8.4     This Agreement constitutes the complete and entire statement of all conditions and representations of the agreement between Parties with respect to its subject matter and supersedes all prior writings or understandings.

8.5     Failure by either party to exercise any right or remedy under this Agreement does not signify acceptance of the event giving rise to such right or remedy.

8.6     Customer shall not solicit the employment of nor employ any Supplier personnel who has been directly involved in the development, sale, installation, or support of the Software for a period of two years from the later of the termination of such individual’s employment at Supplier or the last date of acceptance of any Software.

9.1     This Agreement will be governed by and interpreted in accordance with the laws of the State of Delaware, USA exclusive of choice of law provisions.