Alert Services Agreement

Preamble

• The Company wishes to engage CBH for the provision of Services as described herein.
• CBH has agreed to supply the said services on the terms and conditions set out in this Agreement.
• It is the express objective and intention of the Parties to this Agreement to achieve a high degree of efficiency in their professional relationship, to their mutual benefit.

1. Conditions Precedent

• The Company has integrated with CBH according to the Documentation and CBH instructions;
• The Company successfully underwent the verification and due diligence processes by providing the Company Information requested by CBH, and provided CBH with the following information: Acquirer BIN, Acquirer CAID number, payment descriptor, d.b.a. (doing business as), Company's legal entity name, and MCC;
• The Company granted the Acquirer and other third-party service providers (if any) consent (for the term of the Agreement) to provide CBH with information regarding the Company's Transactions;

2. Services

3. Fees

• In case the invoice is over thirty (30) calendar days past due, there will be an interest rate applied on any Overdue Amounts, calculated as days overdue multiplied by the EURIBOR annual interest rate +1,99% divided by 365, or, if lower, the highest rate permitted under Applicable Law, provided that CBH can, at its sole discretion, waive its right to claim the accrued interest or claim a lower interest;
• CBH also will be entitled at any time and without further notice or liability to the Company (i) to suspend providing Services, (ii) to inform any third party providers about any Overdue Amounts owed by the Company to CBH, (iii) to suspend the release of any data provided by the Company, including CAID(s), BIN(s), Payment Descriptor(s), and any other data or otherwise disrupt the provision of any third party providers' services to the Company, (iv) to instruct any third party providers to withhold any data provided by the Company or otherwise disrupt the provision of their services to the Company, and (v) apply to the Acquirers (and/or other relevant third parties involved) with instructions to debit the Company's bank account for repayment of any sums that are due and owing by the Company to CBH, and the Company irrevocably authorises its financial institution to accept such instructions;
• CBH may also take other steps to recover the Overdue Amounts, such as instructing a debt collection agency to contact the Company; issuing legal proceedings for enforcement purposes; informing fraud prevention agencies and selling, transferring or assigning the Overdue Amount to a third party; and
• Company shall reimburse CBH for all reasonable costs incurred by CBH in collecting any Overdue Amount or interest, including attorneys' fees, court costs, and collection agency fees.

• the Company is solely responsible for repayment of funds, on the terms indicated in the agreement with the Acquirer (and/or other service providers (if any)); and
• the Fees charged by CBH in relation to the execution of such Transaction are not to be returned to the Company.
• Notwithstanding any Refund, the original Transaction may still be subject to Chargeback by the End User or Issuer, which may cause the Company to provide a Refund for the same Transaction twice.

4. Service Maintenance and Updates

• a need to follow generally accepted changes in industry standards;
• changes in Applicable Law or Payment Method Rules;
• a need for increased security due to security risks identified by CBH; or
• other grounds which reasonably warrant immediate reduction of functionality.

5. Obligations of the Company

• cooperate with CBH in good faith in all matters relating to the Service (including Fees calculation);
• respond promptly to any CBH request to provide information, approvals, authorisations, or decisions that are reasonably necessary for CBH to provide the Services in accordance with this Agreement; and
• provide such Company Materials or Company Information as CBH may reasonably request to provide the Services and ensure that such materials or information are complete and accurate in all material respects.

• Use the Services in a way that infringes Applicable Law, good practices, rights of third parties, or the policies of the Acquirers, or Third-Party Services Providers;
• Use the Services to handle the Transactions on the websites and in IT environments that were not previously approved by CBH;
• Use the Services to process alerts received not via the Technical Solution;
• Fail to protect the data relating to its End Users, which is collected and stored by the Company against unauthorised access. The Company shall immediately notify CBH if the Company reasonably believes that there has been any security breach, including but not limited to instances of unauthorised access or attempt to access Transaction data or sensitive End-User data, where there is a suspected or confirmed damage, loss or theft of Transaction data or sensitive End-User data;
• Conduct activity or use the Services in a way that may result in complaints, disputes, charges, penalties and other burdens to CBH or the third parties;
• Take actions or omissions that may expose CBH to credit risk, risk of fraud, breach of duties related to anti-money laundering and terrorist financing or other statutory obligations or a sudden increase of risk (assessed under the procedures adopted by CBH based on the Company Information and other information available);
• Take any actions, as a result of which the Technical Solution or any part of CBH's infrastructure will be negatively affected;
• Engage in misleading or deceptive conduct, nor to use the Services itself or permit others to use the Services for any improper, immoral, or unlawful purposes;
• Interfere with billing, meter usage, or any Account Balance features, including attempts to circumvent charges or manipulate top-ups;
• Make improper use of CBH support services or submit false reports of abuse or misconduct;
• Attempt to bypass any measures of the Services designed to prevent or restrict access to the Services, or any portion of the Services, including circumvent, disable, or otherwise interfere with security-related features of the Services; or
• Rent, lease, lend, sell, sublicense, assign, distribute, or transfer in whole or in part the right to use the Service or any part thereof without CBH's express written authorisation.

6. Amendments

• the changes are made at the request of or due to changes in the terms or rules of Payment Method Owners, Third-Party Services Providers, Acquirers and/or other third parties;
• the changes are imposed upon CBH under the Applicable Law;
• the change is required on the basis of risk management considerations of CBH, provided that CBH shall communicate the reason for and substantiation of such considerations; or
• Company commits a material breach of its obligations under the Agreement.

7. Term and Termination

• the Company fails to perform any obligation required under this Agreement and does not remedy such breach within 5 (five) days from a written request to such effect made by CBH;
• CBH is required to do so by any Payment Method Owners or Regulatory Authority;
• the changes are imposed upon CBH under the Applicable Law;
• This is required on the basis of risk management considerations of CBH, including where CBH reasonably suspects or believes that the Company is using the Services in connection with any unauthorised, dishonest or criminal activities or that the Company's use of the Services presents fraud risk, credit risk, or any other material risk to CBH, or upon notice from the Payment Method Owners that the Company is suspended or violated any of their rules; or
• the Company becomes insolvent, fails to pay its debts due to CBH, makes a general assignment for the benefit of creditors, commences procedures for voluntary winding up, suffers or permits the appointment of a receiver for its business assets, or is wound up or liquidated, voluntary or otherwise.

8. Standard Clauses

• The provisions set forth in Schedule(s), including special terms agreed between the Parties (if any), shall prevail over the other provisions of the Agreement;
• The service-specific provisions of the Agreement (i.e. provisions other than the Standard Clauses) shall prevail over the Standard Clauses.

9. Data Protection

10. Use of Terms

• Account Balance means the net amount shown in CBH's online system equal to all payments, prepayments, promotional credits, and adjustments in the Company's favour, less all Fees, Taxes, and other charges accrued or invoiced under the Agreement. The Account Balance may be positive (prepaid Fees for the use of Services) or negative (amounts owed for the Services used).
• BIN means the Bank Identification Number (BIN) that is used to clear and settle the transaction within Payment Methods and the country in which it is licensed for use.
• CAID means the Card Acceptor ID, which is a numeric string that identifies a store location or transaction point and is provided by the Company's Acquirer.
• Credit Limit means the maximum negative Account Balance defined in Schedule A to this Agreement that CBH allows the Company to incur before payment is required.
• Standard Clauses means CBH Standard Clauses attached as Schedule B hereto, which are incorporated by reference in this Agreement and form an integral part hereof.
• Top Up Method means any payment instrument or funding mechanism accepted by CBH and designated by the Company to add funds to the Account Balance or to pay amounts due, including, without limitation, payment cards, direct debit, e-money/wallets, or other payment methods that CBH supports from time to time.

Schedule B – CBH Standard Clauses

Schedule B – 2. Interpretations

• headings are for convenience only and do not affect the interpretation of this Agreement;
• words denoting the singular include the plural and vice versa;
• a reference to a person includes a reference to any individual or legal entity and any governmental authority;
• if the numeric and literal versions of a number differ, the literal version shall have precedence;
• a reference to a specific clause, subsection, Annex, Schedule or Preamble is a reference to the applicable clause, subsection, Annex, Schedule or Preamble hereof;
• references to any law or normative act shall include any changes, amendments, supplements or substitutions of such law or normative act (in whole or in part);
• a reference to any agreement or document is a reference to that agreement or document as may be amended, novated, supplemented, extended or restated, however, to the exclusion of any amendments and supplements made in breach of this Agreement; and
• a reference to a party to any document (including to this Agreement) includes that party's successors and permitted assigns.

Schedule B – 3. Definitions

• Account Holder means any person who is authorised to use a Card or any other Payment Method issued to them.
• Acquirer means a bank or other third-party financial institution and/or their affiliates, which has a contractual relationship with the Company, in connection with which it enables the Parties to accept payments by End Users and receive value in relation to such payments.
• Affiliate means a legal entity Controlling, Controlled by, or under common Control with/by Company, CBH, or other entity.
• Agreement means any Agreement entered into by and between CBH and the Company and which has these Standard Clauses as its integral part.
• Alternative Payment Method (APM) means any supported Payment Method not operated by a Card Scheme which may be used by End Users to enable payment to Company for a Transaction.
• Anti-Corruption Laws means the U.S. Foreign Corrupt Practices Act ("FCPA") and any other applicable anti-bribery and anti-corruption laws and regulations, including, without limitation, any laws intended to implement the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, signed in Paris on December 17, 1997 (the "OECD Convention").
• Applicable Law means Payment Method Rules, Anti-Corruption Laws, Data Protection Laws, any transnational, domestic or foreign federal, state or local law (statutory, common or otherwise), constitution, treaty, convention, ordinance, code, rule, regulation, order, injunction, judgment, decree, ruling or other similar requirement enacted, adopted, promulgated or applied by a respective Regulatory Authority that is binding upon or applicable to Parties, as amended unless expressly specified otherwise.
• Authorised User means a user who is granted access to the Customer Portal by Company.
• Business Day means a day (excluding Saturdays and Sundays) on which banks are open for general business in Cyprus.
• Card means a credit, debit, pre-paid, charge or purchase or other card issued by a Card Issuer and any other cards in relation to which CBH is able and has agreed to provide the Services.
• Card Schemes means a payment card network, including the networks operated by Visa, MasterCard, American Express, JCB, Diners, Discover and/or such other organisation governing the issuance and use of the Cards, including, but not limited to, their respective members, as may be approved and notified by CBH to Company in writing from time to time. Approval to process certain Cards is subject to CBH's sole discretion.
• Chargeback means any End User charge, which is identified as being invalid or non-collectable after initial acceptance, on account of fraud, lost, cancelled, unissued, or invalid account identification, an unresolved End User complaint, or other cause.
• Company Information means all information reasonably requested by CBH and provided by the Company necessary for the KYC processes with CBH and/or the Acquirers, Third-Party Services Providers or Payment Method Owners and proper provision of the Services, including information about Company itself and its activities, including its directors, authorised signatories, shareholders and ultimate beneficial owner(s).
• Company Materials means all electronic data, information, content, materials, or other intellectual property submitted, uploaded, transmitted, or otherwise provided by Company to CBH in connection with Company's use of the Services (excluding any Personal Data).
• Confidential Information means any information, including but not limited to, the Proprietary Information, information about the existence of this Agreement, its terms, and the relationship between the Parties and any information or material: (1) concerning this Agreement, either Party's internal business, employees, policies and/or actual or potential customers; (2) which derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use; or (3) and any other information that would be regarded as confidential by a reasonable business person. Provided, however, that the Confidential Information excludes any information or material: (1) which is or subsequently becomes known to the general public other than through a breach by the receiving Party; (2) which is already known to the receiving Party before disclosure by the disclosing Party; (3) which is independently developed by the receiving Party without use or reference to the Confidential Information of the other; or (4) which the receiving Party rightfully receives from third parties without restriction as to use or disclosure.
• Control means, in relation to any person, the possession, directly or indirectly, of: (1) the power to direct, or cause the direction of, the management and policies of that person; or (2) such securities (or other rights) as confer on the holder thereof the right to exercise in excess of fifty per cent (50%) in number of all votes exercisable in a general meeting of all the members of such person, and "Controlling" and "Controlled" shall be construed accordingly.
• Customer Portal means a web portal hosted by CBH, which allows Company to configure Authorised Users and account settings, enable or disable specific services, manage user permissions, generate reports, and receive communications and other relevant information from CBH regarding the Company's account or the Services.
• Data Protection Laws means any applicable data protection, privacy or secrecy laws or regulations, including, if applicable, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
• Documentation means the document(s) and other materials made available to the Company by CBH online via
  doc.chargebackhit.com
  or such other web address notified by CBH to the Company from time to time, which sets out a description of the Services and the user instructions for the Services.
• Effective Date means the date of the Agreement, stated on the first page of the Agreement or of Schedule A to this Agreement or, if the Agreement is accepted by checking the box on CBH's website, the date indicated on CBH's website.
• End User means (i) an Account Holder, and/or (ii) another individual or legal entity who makes a payment for Goods to Company using means provided by CBH.
• Fees means the consideration payments under this Agreement that are paid by Company to CBH and that are defined in Schedule(s) to this Agreement.
• Fine means any fine, fee, charge and any type of expenses charged to CBH or the Company by a Payment Method Owner, a Regulatory Authority or any other third party that is related to this Agreement or to the Services provided to the Company.
• Force Majeure Event an unusual and unforeseeable event, outside the Party's (or its permitted sub-contractor or assignees) reasonable control and the consequences of which could not have been avoided even if all due care had been exercised (e.g. force majeure, supply chain disruption, events of war and acts of God, strike, lockout, traffic disruption, acts of domestic or foreign governmental authorities).
• Goods means goods and/or services that are sold or agreed to be sold in connection with a Transaction and which have been approved by CBH (Goods shall also include, where context requires, the payment flow, terms of use, business model, nature of business, projected monthly turnover, average and maximum Transaction's amount, geo and other terms and conditions of the sale of Goods).
• Issuer means an institution that issues or otherwise makes available accounts and/or Payment Methods to an End User and whose name appears on the Card or account statement as the Issuer.
• Limits means certain Chargeback, fraud or other limits (ratios), as updated from time to time, that CBH, Payment Method Owners and/or Third-Party Services Providers may impose.
• Losses means claims, liabilities, losses, damages, proceedings, penalties, Fines, Chargebacks, Refunds, Fees, costs, charges and expenses (including any reasonable and properly incurred legal fees and costs).
• MID means merchant identification number, a unique code provided to Company by its payment processor.
• Parties mean CBH and the Company.
• Payment Method means a method of enabling payments by End Users to the Company and specifically includes Cards and APMs.
• Payment Method Rules means the collective set of bylaws, rules, operating regulations, requirements and procedures issued by a Payment Method Owner, including those maintained by
  Visa
  and
  Mastercard
  and other rules of Card Schemes and Payment Method Owners. If any third party (e.g., Third-Party Services Provider or technical service provider) is used in connection with a Payment Method, any additional or deviating rules set by such third party will be considered part of the Payment Method Rules for that Payment Method. Payment Method Rules may be amended or supplemented by Payment Method Owners or third parties from time to time.
• Payment Method Owner means a party offering and/or regulating the relevant Payment Method and specifically includes Card Schemes and APM operators.
• PCI DSS means Payment Card Industry Data Security Standards as released from time to time by the Security Standards Council.
• Proprietary Information means all right, title and interest, including without limitation any patent, copyright, design, trade name, trademark, service mark or other intellectual property right (whether registered or not) including without limitation ideas, concepts, know-how, techniques, designs, specifications, drawings, blueprints, tracings, diagrams, models and other information relating to any such intellectual property and other intellectual property rights, in and in relation to the Services and all components used in the provision thereof, including without limitation, any Software delivered to Company, any technology embodied or implemented in the Services, any computer code provided by CBH to Company, websites and computer networks, business methods, business processes, website designs, graphics, text, content, trade names, trade secrets and know-how, and all documentation in relation to the foregoing, used in the provision of the Services.
• Refund means the procedure of full or partial return of a Transaction amount to the Account Holder on the initiative of the Company.
• Regulatory Authority means a competent government or regulatory authority, law enforcement department or agency, court of law or other law, rule or regulation-making body that has jurisdiction over a party or in respect of which a party submits or is subject to.
• Representatives means the beneficial owners, principals, officers, authorised representatives, and employees.
• Software means the collective set of programs and data developed and/or operated by CBH as needed to provide the Services to Company, including the Customer Portal and Technical Solution, where applicable.
• Taxes means any and all federal, state, local and foreign taxes, assessments and other governmental charges, duties, impositions and liabilities relating to such taxes, including value-added tax, digital service, sales, goods and service tax, duties, withholdings, retentions, levies or any other taxes under Applicable Law.
• Technical Solution means a technical solution offered by CBH to the Company for the purpose of facilitating Transactions by the transfer of information between the Company and the Acquirer (and other third-party service providers, if applicable). Technical Solution includes technical platform (including its designs), manner of integration between the Company and CBH, collection of Payment Method and/or other Transaction data, processing them to obtain appropriate authorisation, and sending the authorised Transaction data, same as the data on requested Chargebacks, for the settlement.
• Third-Party Services Provider means any third party that provides a service, product, or promotion that either integrates with, enhances, or is complementary to the Services.
• Transaction means any payment by a Payment Method or Refund for payment of Goods sold to End Users by Company, regardless of whether the Transaction is approved or declined.
• Website means website(s), domain(s), sub-domain(s) and IT environments owned and operated by Company where Company accepts or states that it will accept, Transactions in relation to Goods which are purchased by End Users; the initial Website(s) being those which have been presented to and approved by CBH, together with any future Website(s) presented to and approved by CBH.

Schedule B – 4. Representations and Warranties

• As of the date of this Agreement, it has full power and lawful authority to execute and deliver this Agreement and to perform its obligations under this Agreement.
• It is duly organised and validly existing under the laws of its domicile and has the legal capacity and corporate authority to own its property and carry on its business as now conducted and is not in breach of its by-laws.
• There is no action, suit or proceeding at law or in equity now pending or, to the best of its knowledge, threatened by or against or affecting the Party which would impair its right to carry on its business as now conducted or affect its financial conditions or operations or its ability to perform the obligations required under this Agreement.
• It has knowledge of all applicable Anti-Corruption Laws and that neither it nor any of its officers, directors, employees, agents, contractors, designees, ultimate beneficial owners or shareholders, nor any other party acting on its behalf, will directly or indirectly take any action that would constitute a violation of the Anti-Corruption Laws with respect to any activities related to any business for CBH or the Company. Neither it nor any of its direct or indirect Representatives has or will pay, offer, promise to pay or authorize the payment of, offer or promise to pay, directly or indirectly, any monies or anything else of value to any current or former official, political party or official of a political party, or any candidate for public office in connection with this Agreement. Each party acknowledges that, for purposes of this Agreement, an "official" is (i) any officer or employee of a government or any department, agency or instrumentality of a government, (ii) any officer or employee of a public international organization such as the United Nations or the World Bank, (iii) any individual acting in an official capacity for or on behalf of a government agency, department, instrumentality or of a public international organization, (iv) any officer or employee of a company owned or controlled by a government or (v) any member of a royal family who may lack formal authority but who may otherwise be influential, including by owning or managing state-owned or controlled companies. Each party represents and warrants that all representations, warranties and covenants set forth in this clause are truthful and accurate. Each party shall notify the other party in writing immediately upon the occurrence of any event which would render the representations, warranties or covenants contained herein incorrect. If, in good faith, CBH believes that any action under this Agreement will likely cause a violation of the Anti-Corruption Laws, nonperformance shall be excused, and this Agreement may be terminated at CBH's option.
• It will comply at all times with all applicable laws, rules, regulations, decrees and prohibitions of whatsoever nature relating (a) to the sale, export or transfer of items or (b) to transactions of any kind with restricted or embargoed countries or territories, restricted or blocked persons or restricted or blocked entities (together, "Embargoed Targets"), including, without limitation, those of the United States, Switzerland and the European Union or its member states ((a) and (b) together, the "Sanctions Laws"). Each party warrants, represents and covenants that (c) it is not located, organised under, ordinarily resident in or acting on behalf of an Embargoed Target and (d) that it is not an Embargoed Target and is not owned or controlled by an Embargoed Target, as defined either expressly or substantively, by the Sanctions Laws. Each party warrants, represents and covenants that it is not aware of any reason why it should be named on any list identifying Embargoed Targets maintained by implementing authorities of, without limitation, the United States, Switzerland or the European Union or member states thereof (together, "Lists"), as such Lists may be amended from time to time. Each party agrees that it shall not (e) sell, directly or indirectly, resell or deliver any good, software or technology to an Embargoed Target, (f) transport any such item on any vessel or other carrier that is owned, operated, flagged or chartered by an Embargoed Target or (g) broker, finance or otherwise facilitate any sale or resale of any such item or transaction that would cause a violation of any Sanctions Law. Each party agrees that it will provide immediately to the other party all information, including, without limitation, information concerning end customer, transit and final destination, shipping and intended end-use, to enable an assessment of compliance with the Sanctions Laws. If, in good faith, CBH believes that any action under this Agreement will likely cause a violation of the Sanctions Laws, nonperformance shall be excused, and this Agreement may be terminated at CBH's option.

• It is in all material respects in compliance with and has at all times been, and is not in material default or violation in any respect of any Applicable Law.
• Any and all information and documentation provided by the Company hereunder is true, accurate, complete and updated, and no information, document or statement provided or made available is untrue, false, incorrect, incomplete or misleading.
• It will not knowingly do anything or allow anything to be done which is likely to harm CBH's reputation or the reputation of Payment Method Owners and/or Acquirers.
• To the extent the Company signs this Agreement electronically, including by checking the box through CBH's website, this Agreement is signed by an authorised signatory, and the electronic signature is the legally binding equivalent to a handwritten physical signature.

Schedule B – 5. Indemnification

• Company's breach of this Agreement;
• Company's use of the Services;
• Company Materials;
• Company's negligence or willful misconduct, and/or
• Company's violation of Applicable Law or the rights of a third party.

Schedule B – 6. Limitation of Liability

• failure, interruption, infiltration or corruption of any hardware, software or other telecommunications or data transmission system;
• CBH's belief that the Transaction is unauthorised, fraudulent, or poses a security risk;
• interception or seizure compelled by Applicable Law;
• acts or omissions of any third parties, including the Company, Payment Method Owners, Third-Party Services Providers or Issuers; or
• other circumstances beyond CBH's reasonable control.

Schedule B – 7. Remedies

• money damages may not be a sufficient remedy for any breach of this Agreement by such Party;
• the other Party may be entitled to specific performance, injunction, and other equitable relief with respect to any such breach;

Schedule B – 8. Intellectual Property

Schedule B – 9. Confidentiality

• to a third party for the purposes of (i) equity or debt financing, (ii) acquisition or sale of a business or assets, or (iii) acquisition or sale of a corporate entity or the shares in such entity (provided that such third party is bound by equivalent or stronger obligations of confidentiality).
• by law or by any Regulatory Authority, provided that, to the extent it is legally permitted to do so, it gives the other Party as much notice of the disclosure as possible.

Schedule B – 10. Governing Law and Dispute Resolution

Schedule B – 11. Entire Agreement

Schedule B – 12. Assignment

Schedule B – 13. Notices

Schedule B – 14. Execution

• completing integration with CBH, including through the Technical Solution where applicable;
• starting processing Transactions or otherwise accepting payments through CBH's Services and/or the Technical Solution;
• opening merchant processing account(s) with CBH's facilitation;
• provision of any other Services to the Company;
• payment of the Fees by the Company;
• any other acts or omissions by the Company and/or CBH that are consistent with, or otherwise evidence the performance of, this Agreement, including where CBH has expressly communicated to the Company that a specific act or omission will be treated as constituting the Company's acceptance hereof.

Schedule B – 15. Integration

Schedule B – 16. Customer Portal

Schedule B – 17. Company Materials and Data

• it has obtained all necessary rights, licenses, consents, permissions, and authorisations necessary to grant CBH the rights outlined in this Agreement with respect to all Company Materials;
• all Company Materials have been collected, stored, transferred, processed, used, disclosed, and otherwise handled in full compliance with Applicable Law;
• Company Materials do not and will not infringe, violate, or misappropriate any third-party rights, including intellectual property rights, privacy rights, or contractual rights;
• Company Materials do not and will not contain any viruses, malware, or other harmful or malicious code; and
• Company Materials do not violate Applicable Law and Payment Method Rules.

Schedule B – 18–24. Additional Clauses

Schedule C – Data Processing Agreement

• Data Controller means the party that has authority over the processing of Personal Data, determining the purpose for its use and the manner in which it is processed.
• Data Processor means the party that processes Personal Data on behalf of, and under the instruction of, the Data Controller.
• Data Protection Authority means the official body that ensures compliance with the Data Protection Laws within its applicable jurisdiction.
• Data Subject means the directly or indirectly identified or identifiable person to whom the Personal Data relates.
• Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
• Data Protection Laws means all applicable laws, statutes, regulations, ordinances, codes, rules, guidance, orders or any other legal entitlement issued by any governmental body governing the collection, use, transfer, and disclosure of Personal Data, including, if applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
• Employees means employees, officers, consultants, suppliers, freelancers and individual subcontractors.
• Personal Data means any information regulated by Data Protection Laws, including information concerning an identified or identifiable individual, such as name, address, age, gender, email address, etc., that is processed by the Data Processor on behalf of the Data Controller as a result of, or in connection with, the provision of the Services under the Agreement.
• Processing means either any activity that involves the use of Personal Data or as the Data Protection Laws may otherwise define processing, processes or process. It includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. Processing also includes transferring Personal Data to third parties.
• Standard Contractual Clauses ("SCC") means contractual clauses established by the European Commission concerning the international transfer of Personal Data, as set out in the Annex to Commission Implementing Decision (EU) 2021/914 of 04 June 2021.
• Sub-Processor means the third party that may process personal data on behalf of the Data Processor's obligations under the Agreement. Data Processor shall ensure that Sub-Processors comply with substantially the same obligations as Data Processor under this Agreement. Data Processor remains responsible at all times for compliance with the terms of this Agreement.

Schedule C – 2. General Provisions

Schedule C – 3. Instructions

Schedule C – 4. Technical and Organisational Measures

• the pseudonymisation and encryption of personal data;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• the ability to restore the availability and access to personal data in a timely manner in the event of technical problems or any other incident;
• a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of personal data processing.

• the name and contact details of the Data Processor or its Sub-Processors and of the Data Controller, and, where applicable, of the Data Controller's or the Data Processor's representative, and the data protection officer;
• the categories of Personal Data processing carried out on behalf of the Data Controller;
• where applicable, transfers of Personal Data to a third country or an international organisation, including the identification of that third country or international organisation and including, where applicable, the documentation of suitable safeguards;
• where possible, a general description of the technical and organisational security measures.

Schedule C – 5. Data Processor’s Employees

Schedule C – 6. Sub-Processors

Schedule C – 7. Data Breaches

• Description of the Data Breach, including, if possible, the categories of data and records concerned, the category and number of Data Subjects affected;
• Likely consequences of the Data Breach;
• Measures taken or proposed to address and/or mitigate the effects of the Data Breach.

Schedule C – 8. Cooperation

• Data Breaches;
• data protection impact assessments (DPIA);
• consultations with the Data Protection Authority; and
• enquiries, complaints, audits, or claims from any court, government official, or Data Protection Authority.

Schedule C – 9. Audit

Schedule C – 10. Cross-Border Transfer of Personal Data

• the Data Processor is processing Personal Data in a territory in relation to which the European Commission has made an adequacy decision; or
• the Parties have executed Standard Contractual Clauses.

• Module Two will apply;
• in Clause 7, the optional docking clause will apply;
• in Clause 9, Option 2 will apply, and the time period for prior notice of Sub-processor changes shall be at least 5 (five) business days;
• in Clause 11, the optional language will not apply;
• in Clause 17, Option 1 will apply, and the SCC will be governed by the law of Ireland;
• in Clause 18(b), disputes shall be resolved before the courts of Ireland;
• Annex I of the SCC shall be deemed completed with the information set out in Annex A to this DPA and in the Agreement. The Data Controller is the data exporter, and the Data Processor is the data importer;
• Annex II of the SCC shall be deemed completed with the information set out in Annex B to this DPA and in the Agreement.

Schedule C – 11. California Consumers Privacy Rights

Schedule C – 12. Termination

Schedule C – 13. Miscellaneous

• any provision of the DPA and any other provision of the Agreement, the provisions of the DPA shall prevail;
• any provision of this DPA and the SCC, the provisions of the SCC shall prevail.

Annex A to Schedule C – Details of Personal Data Processing

• name;
• date of birth;
• phone number;
• IP address;
• email address;
• length of customer relationship;
• device;
• postal address; and
• data concerning transactions and payments, including, but not limited to, order details.

Annex B to Schedule C – Technical and Organizational Security Measures

• regular vulnerability scanning,
• administrative access is allowed only through bastion sites,
• access to systems is differentiated by the roles,
• encryption keys are changed, and key and data access are reviewed on a regular basis. It is also possible to re-encrypt data in case of incidents.