MyChatBot Terms of Use

PLEASE NOTE THAT YOUR USE OF AND ACCESS TO OUR SERVICES (DEFINED

BELOW) ARE SUBJECT TO THE FOLLOWING TERMS; IF YOU DO NOT AGREE TO ALL OF THE FOLLOWING, YOU MAY NOT USE OR ACCESS THE SERVICES IN ANY MANNER.

Effective date: August 25, 2023

Welcome to MyChatBot. These Terms of Use apply when you use the products and services of

MyChatBot including our application programming interface, software, tools, data,

documentation, and website (“Services”). Please read on to learn the rules and restrictions

that govern your use of our Services. If you have any questions, comments, or concerns regarding these terms or the Services, please contact us at team@mychatbot.app.

These Terms of Use (the “Terms”) are a binding contract between you and MyChatBot LLC. (“MyChatBot,” “we” and “us”). Your use of the Services is also governed by and subject

to the Meta Platform Terms (https://developers.facebook.com/policy), Meta Commercial Terms

(https://www.facebook.com/legal/commercial_terms) which are hereby

incorporated by reference and are a part of these Terms. You are solely responsible and liable

for complying with the Meta Platform Terms and Meta Commercial Terms .

You must agree to and accept all of the Terms, or you don’t have the right to use the

Services. Your using the Services in any way means that you agree to all of these Terms, and

these Terms will remain in effect while you use the Services. These Terms include the

provisions in this document, as well as those in the Privacy Policy and Copyright Dispute

Policy.

Will these Terms ever change?

We are constantly trying to improve our Services, so these Terms may need to change along

with the Services. We reserve the right to change the Terms at any time, but if we do, we will

bring it to your attention by placing a notice on the mychatbot.app website, by sending you an

email, and/or by some other means.

If you don’t agree with the new Terms, you are free to reject them; unfortunately, that means

you will no longer be able to use the Services. If you use the Services in any way after a

change to the Terms is effective, that means you agree to all of the changes.

Except for changes by us as described here, no other amendment or modification of these

Terms will be effective unless in writing and signed by both you and us.

What about my privacy?

MyChatBot takes the privacy of its users very seriously. For the current MyChatBot Privacy Policy,

please click here.

The Children’s Online Privacy Protection Act (“COPPA”) requires that online service providers

obtain parental consent before they knowingly collect personally identifiable information online

from children who are under 13. We do not knowingly collect or solicit personally identifiable

information from children under 13; if you are a child under 13, please do not attempt to

have collected personal information from a child under 13, we will delete that information as

as quickly as possible. If you believe that a child under 13 may have provided us personal

information, please contact us at team@mychatbot.app.

What are the basics of using MyChatBot?

You may be required to sign up for an account and log-in to MyChatBot through your

Google/Facebook/Instagram or other third party account, and select a password

and username (“MyChatBot User ID”). You promise to provide us with accurate, complete, and

updated registration information about yourself. You may not transfer your account to anyone

else without our prior written permission.

You represent and warrant that you are of legal age to form a binding contract (or if not,

you’ve received your parent’s or guardian’s permission to use the Services and gotten your

parent or guardian to agree to these Terms on your behalf). If you’re agreeing to these Terms

on behalf of an organization or entity, you represent and warrant that you are authorized to

agree to these Terms on that organization or entity’s behalf and bind them to these Terms (in

which case, the references to “you” and “your” in these Terms, except for in this sentence,

refer to that organization or entity).

You will only use the Services in a manner that complies with all laws that apply to you. If your

use of the Services is prohibited by applicable laws, then you aren’t authorized to use the

Services. We can’t and won't be responsible for your using the Services in a way that breaks

the law.

You will not share your account or password with anyone, and you must protect the security

of your account and your password. You’re responsible for any activity associated with your

account.

Your use of the Services is subject to the following additional restrictions:

You represent, warrant, and agree that you will not contribute any Content or User

Submission (each of those terms is defined below) or otherwise create any Service Chatbots

or use the Services in a manner that:

(a) Infringes or violates the intellectual property rights or any other rights of anyone

else (including MyChatBot);

(b) Violates any law or regulation, including any applicable export control laws;

otherwise objectionable;

(d) Jeopardizes the security of your MyChatBot account or anyone else’s (such as

allowing someone else to log in to the Services as you);

(e) Attempts, in any manner, to obtain the password, account, or other security

information from any other user;

(f) Violates the security of any computer network, or cracks any passwords or

security encryption codes;

(g) Runs Maillist, Listserv, any form of auto-responder or “spam” on the Services, or

any processes that run or are activated while you are not logged into the Services,

or that otherwise interfere with the proper working of the Services (including by

placing an unreasonable load on the Services’ infrastructure);

(h) “Crawls,” “scrapes,” or “spiders” any page, data, or portion of or relating to the

Services or Content (through use of manual or automated means);

(i) Copies or stores any significant portion of the Content;

(j) Decompiles, reverse engineers, or otherwise attempts to obtain the source code

or underlying ideas or information of or relating to the Services.

A violation of any of the foregoing is grounds for termination of your right to use or access the

Services.

What are the terms of using MyChatBot App?

MyChatBot may suspend or terminate your access to or use of MyChatBot App at any time. We

reserve the right to modify or terminate the MyChatBot App or your use of MyChatBot App, to limit or

deny access to MyChatBot App, at any time, in our sole discretion, for any reason, with or without

notice and without liability to you.

You may provide input to be processed by MyChatBot App, and receive output generated and

returned by the MyChatBot App based on the Input. Input and Output are your Content or

Customer Data, as applicable. You will ensure that your Input and use of the MyChatBot App will

not violate any applicable law. You are solely responsible for the development, content,

operation, maintenance, and use of your Content and Customer Data.

You may not use MyChatBot App (i) to mislead any person that Output from the Services was

solely human generated; (ii) to generate spam, content for dissemination in electoral

campaigns, use the Services in a manner that violates any applicable laws or technical

documentation, usage guidelines, or parameters; or (iii) process sensitive personal data as

that term is understood under applicable data protection law.

MyChatBot uses technology provided by OpenAl, LLC (“OpenAl”) to provide MyChatBot App. You

may not use MyChatBot App in a manner that violates any OpenAl Policy, including their Content

Policy; Sharing and Publication Policy; and Community Guidelines.

What are my rights in MyChatBot?

The materials displayed or performed or available on or through the Services, including, but

not limited to, text, graphics, data, articles, photos, images, illustrations, User Submissions,

and so forth (all of the foregoing, the “Content”) are protected by copyright and/or other

intellectual property laws. You promise to abide by all copyright notices, trademark rules,

information, and restrictions contained in any Content you access through the Services, and

you won’t use, copy, reproduce, modify, translate, publish, broadcast, transmit, distribute,

perform, upload, display, license, sell or otherwise exploit for any purpose any Content not

owned by you, (i) without the prior consent of the owner of that Content or (ii) in a way that

violates someone else’s (including MyChatBot’s) rights.

You understand that MyChatBot owns the Services. You won’t modify, publish, transmit,

participate in the transfer or sale of, reproduce (except as expressly provided in this

Section), create derivative works based on, or otherwise exploit any of the Services.

The Services may allow you to copy or download certain Content; please remember that

just because this functionality exists, doesn’t mean that all the restrictions above don’t apply

— they do!

Do | have to grant any licenses to MyChatBot or to other users?

Anything you post, upload, share, store, or otherwise provide through the Services, including

any Services Chatbots you create and/or communicate with through the Services, is your

“User Submission.” Some User Submissions are viewable by other users. In order to display

your User Submissions on the Services, and to allow other users to enjoy them (where

applicable), you grant us certain rights in those User Submissions. Please note that all of the

following licenses are subject to our Privacy Policy to the extent they relate to User

Submissions that are also your personally-identifiable information.

For all User Submissions, you hereby grant MyChatBot a license to translate, modify (for

technical purposes, for example making sure your content is viewable on an iPhone as well

as a computer) and reproduce and otherwise act with respect to such User Submissions, in

each case to enable us to operate the Services, as described in more detail below. This is a

license only — your ownership in User Submissions is not affected.If you store a User

Submission in your own personal MyChatBot account, in a manner that is not viewable by any

other user except you (a “Personal User Submission”), you grant MyChatBot the license above,

as well as a license to display, perform, and distribute your Personal User Submission for the

sole purpose of making that Personal User Submission accessible to you and providing the

Services necessary to do so.

If you share a User Submission only in a manner that only certain specified users can view

(for example, a private message to a chatbot) (a “Limited Audience User Submission”), then

you grant MyChatBot the licenses above, as well as a license to display, perform, and distribute

your Limited Audience User Submission for the sole purpose of making that Limited Audience

User Submission accessible to such other specified users, and providing the Services

necessary to do so. Also, you grant such other specified users a license to access that

Limited Audience User Submission, and to use and exercise all rights in it, as permitted by

the functionality of the Services.

If you share a User Submission publicly on the Services and/or in a manner that more than

just you or certain specified users can view, or if you provide us (in a direct email or

otherwise) with any feedback, suggestions, improvements, enhancements, and/or feature

requests relating to the Services (each of the foregoing, a “Public User Submission’), then

you grant MyChatBot the licenses above, as well as a license to display, perform, and distribute

your Public User Submission for the purpose of making that Public User Submission

accessible to all MyChatBot users and providing the Services necessary to do so, as well as all

other rights necessary to use and exercise all rights in that Public User Submission in

connection with the Services for any purpose. Also, you grant all other users of the Services

a license to access that Public User Submission, and to use and exercise all rights in it, as

permitted by the functionality of the Services.

You agree that the licenses you grant are royalty-free, perpetual, sublicensable, irrevocable,

and worldwide.

If you are using the free version of the Services, all your Services Chatbots created through

the Services will automatically include an attribution to MyChatBot. You agree not to remove,

modify, or obscure the MyChatBot attribution. For clarity, the Services Chatbots are themselves

deemed Public User Submissions and whether you are using the free or paid version of the

Services in creating Services Chatbots, you hereby grant MyChatBot a nonexclusive,

royalty-free, irrevocable, worldwide license to (a) use any Services Chatbots you create in

MyChatBot’s marketing materials (such as on MyChatBot.app) and (b) provide any templates for

the creation of such Services Chatbots to any other users of the Services, as part of the

Services offerings.

In addition to the above, we may track and collect data regarding your usage of the Service

(“User Data”). In addition to the licenses granted above, you grant MyChatBot a royalty-free,

perpetual, sublicensable, irrevocable, and worldwide right and license to use, store, copy,

creative derivatives, and archive User Data and the Content that you generate or upload (i)

to create anonymized compilations and analyses of User Data that is combined with data

from numerous other users (“Aggregate Data”), and (ii) to create, develop, and enhance tools

and functionalities in connection with the Services. MyChatBot shall have exclusive ownership

rights to, and the exclusive right to use and distribute, such Aggregate Data for any purpose.

MyChatBot shall not, however, distribute Aggregate Data in a manner that is identifiable as User

Data. Finally, you understand and agree that MyChatBot, in performing the required technical

steps to provide the Services to our users (including you), may need to make changes to

your User Submissions to conform and adapt those User Submissions to the technical

requirements of connection networks, devices, services, or media, and the foregoing licenses

include the rights to do so.

What if | see something on the Services that infringes my copyright?

You may have heard of the Digital Millennium Copyright Act (the “DMCA’), as it relates to

online service providers, like MyChatBot, being asked to remove material that allegedly violates

someone’s copyright. We respect others’ intellectual property rights, and we reserve the right

to delete or disable Content alleged to be infringing, and to terminate the accounts of repeat

alleged infringers; to review our complete Copyright Dispute Policy and learn how to report

potentially infringing content, click here. To learn more about the DMCA, click here.

Who is responsible for what | see and do on the Services?

Any information or content publicly posted or privately transmitted through the Services, and

any Services Chatbots, are the sole responsibility of the person from whom such content

originated, and you access all such information and content at your own risk, and we aren’t

liable for any errors or omissions in that information or content or for any damages or loss you

might suffer in connection with it. We cannot control and have no duty to take any action

regarding how you may interpret and use the Content or what actions you may take as a

result of having been exposed to the Content, and you hereby release us from all liability for

you having acquired or not acquired Content through the Services. We can’t guarantee the

identity of any users with whom you interact in using the Services and are not responsible for

which users gain access to the Services.

You are responsible for all Content you contribute, in any manner, to the Services, and you

represent and warrant you have all rights necessary to do so, in the manner in which you

contribute it. You will keep all your registration information accurate and current. You are

responsible for all your activity in connection with the Services.

The Services may contain links or connections to third party websites or services that are not

owned or controlled by MyChatBot. When you access third party websites or use third party

services, you accept that there are risks in doing so, and that MyChatBot is not responsible for

such risks. We encourage you to be aware when you leave the Services and to read the

terms and conditions and privacy policy of each third party website or service that you visit or

utilize.

MyChatBot has no control over, and assumes no responsibility for, the content, accuracy,

privacy policies, or practices of or opinions expressed in any third party websites or by any

third party that you interact with through the Services. In addition, MyChatBot will not and cannot

monitor, verify, censor or edit the content of any third party site or service. By using the

Services, you release and hold us harmless from any and all liability arising from your use of

any third party website or service.

Your interactions with organizations and/or individuals found on or through the Services,

including payment and delivery of goods or services, and any other terms, conditions,

warranties or representations associated with such dealings, are solely between you and

such organizations and/or individuals. You should make whatever investigation you feel

necessary or appropriate before proceeding with any online or offline transaction with any of

these third parties. You agree that MyChatBot shall not be responsible or liable for any loss or

damage of any sort incurred as the result of any such dealings.

Will MyChatBot ever change the Services?

We're always trying to improve the Services, so they may change over time. We may

suspend or discontinue any part of the Services, or we may introduce new features or

impose limits on certain features or restrict access to parts or all of the Services. We'll try to

give you notice when we make a material change to the Services that would adversely affect

you, but this isn’t always practical. Similarly, we reserve the right to remove any Content from

the Services at any time, for any reason (including, but not limited to, if someone alleges you

contributed that Content in violation of these Terms), in our sole discretion, and without

notice.

Do the Services Cost Anything?

MyChatBot currently offers paid versions of the Services, the Beginner Plan, Standard Plan and the Professional Plan (“Paid Services”). If you are using a free version of the Services, we will notify you before any Services you are then using begin carrying a fee, and if you wish to continue using such Services, you must pay all applicable fees for such Services.

MyChatBot reserves the right to charge for certain or all services in the future.

a. Paid Services. If you are using our Paid Services, you will be subject to payments.

Please see our pricing section for a description of the current Paid Services.

Payments for Paid Services may vary monthly as set forth

in the Pricing Terms. You agree that we may accumulate charges incurred and submit

them as one or more aggregate charges during or at the end of each billing cycle.

Please note that any payment terms presented to you in the process of using or

signing up for a Paid Service are deemed part of these Terms.

Billing. We may bill you directly through an invoice or use a third-party payment

processor (the “Payment Processor’) to bill you through a payment account linked to

your account on the Services (your “Billing Account”) for use of the Paid Services. If

you are billed through a Payment Processor, the processing of payments will be

subject to the terms, conditions and privacy policies of the Payment Processor in

in addition to these Terms. We are not responsible for any error by,

or other acts or omissions of the Payment Processor. By choosing to use Paid

Services, you agree to pay us, either directly or through the Payment Processor, all

charges at the prices then in effect for any use of such Paid Services in accordance

with the applicable payment terms, and you authorize us, either directly or through the

Payment Processor, to charge your chosen payment provider (your “Payment

Method”). You agree to make payment using that selected Payment Method. We

reserve the right to correct any errors or mistakes that the Payment Processor makes

even if it has already requested or received payment.

Payment Method. The terms of your payment will be based on your Payment Method

and may be determined by agreements between you and the financial institution, credit

card issuer or other provider of your chosen Payment Method. Any agreement you

have with your payment provider will govern your use of your Payment Method. If we,

either directly or through the Payment Processor, do not receive payment from you,

you agree to pay all amounts due on your Billing Account upon demand.

Recurring Billing. Some of the Paid Services may consist of an initial period, for which

there is a one-time charge, followed by recurring period charges as agreed to by you.

By choosing a recurring payment plan, you acknowledge that such Services have an

initial and recurring payment feature and you accept responsibility for all recurring

charges prior to cancellation. WE MAY SUBMIT PERIODIC CHARGES (E.G.,

MONTHLY) WITHOUT FURTHER AUTHORIZATION FROM YOU, UNTIL YOU PROVIDE

PRIOR NOTICE (RECEIPT OF WHICH IS CONFIRMED BY US) THAT YOU HAVE

TERMINATED THIS AUTHORIZATION OR WISH TO CHANGE YOUR PAYMENT

METHOD. SUCH NOTICE WILL NOT AFFECT CHARGES SUBMITTED BEFORE WE

REASONABLY COULD ACT. TO TERMINATE YOUR AUTHORIZATION OR CHANGE

YOUR PAYMENT METHOD, GO TO YOUR ACCOUNT SETTINGS . I

Current Information Required. YOU MUST PROVIDE CURRENT, COMPLETE AND

ACCURATE INFORMATION FOR YOUR BILLING ACCOUNT. YOU MUST

PROMPTLY UPDATE ALL INFORMATION TO KEEP YOUR BILLING ACCOUNT

CURRENT, COMPLETE AND ACCURATE (SUCH AS A CHANGE IN BILLING

ADDRESS, CREDIT CARD NUMBER, OR CREDIT CARD EXPIRATION DATE), AND

YOU MUST PROMPTLY NOTIFY US OR OUR PAYMENT PROCESSOR IF YOUR

PAYMENT METHOD IS CANCELED (E.G., FOR LOSS OR THEFT) OR IF YOU

BECOME AWARE OF A POTENTIAL BREACH OF SECURITY, SUCH AS THE

UNAUTHORIZED DISCLOSURE OR USE OF YOUR USER NAME OR PASSWORD.

CHANGES TO SUCH INFORMATION CAN BE MADE AT YOUR ACCOUNT

SETTINGS. IF YOU FAIL TO PROVIDE ANY OF THE FOREGOING INFORMATION,

YOU AGREE THAT WE MAY CONTINUE CHARGING YOU FOR ANY USE OF PAID

SERVICES UNDER YOUR BILLING ACCOUNT UNLESS YOU HAVE TERMINATED

YOUR PAID SERVICES AS SET FORTH ABOVE.

f. Auto-Renewal for Paid Services. Unless you opt out of auto-renewal, which can be

done through your account settings, any Paid Services you have signed up for will be

automatically extended for successive renewal periods of the same duration as the

subscription term originally selected, at the then-current non-promotional rate. To

change or resign your Paid Services at any time, go to your account settings. If you

terminate a Paid Service, you may use your subscription until the end of your

then-current term, and your subscription will not be renewed after your then-current

term expires. However, you will not be eligible for a prorated refund of any portion of

the subscription fee paid for the then-current subscription period. IF YOU DO NOT

WANT TO CONTINUE TO BE CHARGED ON A RECURRING MONTHLY BASIS,

YOU MUST CANCEL THE APPLICABLE PAID SERVICE THROUGH YOUR

ACCOUNT SETTINGS OR TERMINATE YOUR MyChatBot ACCOUNT BEFORE THE

END OF THE RECURRING TERM. PAID SERVICES CANNOT BE TERMINATED

BEFORE THE END OF THE PERIOD FOR WHICH YOU HAVE ALREADY PAID, AND

EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS, MyChatBot WILL NOT

REFUND ANY FEES THAT YOU HAVE ALREADY PAID.

g. Reaffirmation of Authorization. Your non-termination or continued use of a Paid Service

reaffirms that we are authorized to charge your Payment Method for that Paid Service.

We may submit those charges for payment and you will be responsible for such

charges. This does not waive our right to seek payment directly from you. Your charges

may be payable in advance, in arrears, per usage, or as otherwise described when you

initially selected to use the Paid Service.

h. Refund policy. You can ask for a refund through the MyChatBot Dashboard or by

contacting us team@mychatbot.app. The refund will proceed during 30 days.

What if | want to stop using MyChatBot?

You’re free to stop using the Services at any time; please refer to our Privacy Policy, as well

as the licenses above, to understand how we treat information you provide to us after you

have stopped using our Services.

MyChatBot is also free to terminate (or suspend access to) your use of the Services or your

account, for any reason at our discretion, including your breach of these Terms. MyChatBot

has the sole right to decide whether you are in violation of any of the restrictions set forth in

these Terms.

Account termination may result in destruction of any Services Chatbots and Content

associated with your account, so keep that in mind before you decide to terminate your

account. We will try to provide advance notice to you prior to our terminating your account so

that you are able to retrieve any important User Submissions you may have stored in your

account (to the extent allowed by law and these Terms), but we may not do so if we

determine it would be impractical, illegal, not in the interest of someone’s safety or security, or

otherwise harmful to the rights or property of MyChatBot.

Provisions that, by their nature, should survive termination of these Terms shall survive

termination. By way of example, all of the following will survive termination: any obligation you

have to pay us or indemnify us, any limitations on our liability, any terms regarding ownership

of intellectual property rights, and terms regarding disputes between us.

What else do | need to know?

Warranty Disclaimer. Neither MyChatBot nor its licensors or suppliers makes any

representations or warranties concerning any content contained in or accessed through the

Services, and we will not be responsible or liable for the accuracy, copyright compliance,

legality, or decency of material contained in or accessed through the Services. We (and our

licensors and suppliers) make no representations or warranties regarding suggestions or

recommendations of services or products offered or purchased through the Services. THE

SERVICES AND CONTENT ARE PROVIDED BY MyChatBot (AND ITS LICENSORS AND

SUPPLIERS) ON AN “AS-IS” BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER

EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT,

OR THAT USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE. SOME

STATES DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY

LASTS, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.

Limitation_of Liability. TO THE FULLEST EXTENT ALLOWED BY APPLICABLE LAW,

UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (INCLUDING,

WITHOUT LIMITATION, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) SHALL

MyChatBot (OR ITS LICENSORS OR SUPPLIERS) BE LIABLE TO YOU OR TO ANY

OTHER PERSON FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, OR

CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING DAMAGES FOR LOST

PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, ACCURACY OF RESULTS, OR

COMPUTER FAILURE OR MALFUNCTION, OR (B) ANY AMOUNT, IN THE AGGREGATE,

IN EXCESS OF THE GREATER OF (I) $100 OR (II) THE AMOUNTS PAID BY YOU TO

MyChatBot IN CONNECTION WITH THE SERVICES IN THE TWELVE (12) MONTH

PERIOD PRECEDING THIS APPLICABLE CLAIM, OR (C) ANY MATTER BEYOND OUR

REASONABLE CONTROL. SOME STATES DO NOT ALLOW THE EXCLUSION OR

LIMITATION OF CERTAIN DAMAGES, SO THE ABOVE LIMITATION AND EXCLUSIONS

MAY NOT APPLY TO YOU.

Indemnity. To the fullest extent allowed by applicable law, You agree to indemnify and hold

MyChatBot, its affiliates, officers, agents, employees, and partners harmless from and against

any and all claims, liabilities, damages (actual and consequential), losses and expenses

(including attorneys’ fees) arising from or in any way related to any third party claims relating

to (a) your use of the Services (including any actions taken by a third party using your

account), and (b) your violation of these Terms. In the event of such a claim, suit, or action

(“Claim”), we will attempt to provide notice of the Claim to the contact information we have for your account (provided that failure to deliver such notice shall not eliminate or reduce your indemnification obligations hereunder).

Assignment. You may not assign, delegate or transfer these Terms or your rights or

obligations hereunder, or your Services account, in any way (by operation of law or

otherwise) without MyChatBot’s prior written consent. We may transfer, assign, or delegate

these Terms and our rights and obligations without consent.

Any arbitration under these Terms will take place on an individual

basis: class arbitrations and class actions are not permitted. YOU UNDERSTAND AND

AGREE THAT BY ENTERING INTO THESE TERMS, YOU AND MyChatBot ARE EACH

WAIVING THE RIGHT TO TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION.

Miscellaneous. You will be responsible for paying, withholding, filing, and reporting all taxes,

duties, and other governmental assessments associated with your activity in connection with

the Services, provided that the MyChatBot may, in its sole discretion, do any of the foregoing on

your behalf or for itself as it sees fit. The failure of either you or us to exercise, in any way, any

right herein shall not be deemed a waiver of any further rights hereunder. If any provision of

these Terms is found to be unenforceable or invalid, that provision will be limited or

eliminated, to the minimum extent necessary, so that these Terms shall otherwise remain in

full force and effect and enforceable. You and MyChatBot agree that these Terms are the

complete and exclusive statement of the mutual understanding between you and MyChatBot,

and that it supersedes and cancels all previous written and oral agreements, communications

and other understandings relating to the subject matter of these Terms. You hereby

acknowledge and agree that you are not an employee, agent, partner, or joint venture of

MyChatBot, and you do not have any authority of any kind to bind MyChatBot in any respect

whatsoever. You and MyChatBot agree there are no third party beneficiaries intended under

these Terms.

Data Processing Addendum to the MyChatBot Terms of Use Regarding the Processing of Personal Data of EEA, UK and Swiss Customers (hereinafter referred to as "MyChatBot DPA") by and between

"MyChatBot" and MyChatBot’s customers are subject to the rules under the European General

Data Protection Regulation and/or Swiss data protection law.

- MyChatBot and Customer hereinafter referred to as "Parties" and each as "Party"

-MyChatBot DPA is extended to the New Zealand Customers as well as to the EEA, UK and

Swiss ones

PREAMBLE

MyChatBot performs cloud-based analytics services for Customer ("Services") as agreed between

the Parties in the MyChatBot Terms of Use ("MyChatBot Terms of Use"). This MyChatBot DPA form

part of the MyChatBot Terms of Use. Capitalized terms used but not defined herein shall have the

meaning given in the MyChatBot Terms of Use.

In the course of providing the Services, MyChatBot will process personal data within the meaning

of Art. 4 no 1 and 2 of the Regulation (EU) 2016/679 of the European Parliament and of the

Council of 27 April 2016 on the protection of natural persons with regard to the processing of

personal data and on the free movement of such data (General Data Protection Regulation)

("GDPR") of (i) Customer and/or (ii) Customer’s customers (“Customer’s Customers’) located

in the European Economic Area ("EEA") or United Kingdom (“UK”) or Switzerland and/or

located in other countries (but whose personal data is subject to the GDPR or UK or Swiss data

privacy law), for which Customer or Customer’s Customers are responsible as provided under

Art. 4 no 7 GDPR or the equivalent provision under UK or Swiss data privacy law ("Customer

Personal Data") or where Customers are for contractual reasons obliged to subject the data

processing to data processing principles adequate to the one within the EEA or UK or

Switzerland. Customer’s Customers are companies who render services to their end-customers

and who engage Customer as their processor and MyChatBot as their sub-processor.

This MyChatBot DPA regulates the data protection obligations of the Parties when processing

Customer Personal Data performed under the MyChatBot Terms of Use and will reasonably

ensure such processing will only be rendered on behalf of and under the Instructions of

Customer or Customer’s Customers and in accordance with the EU Standard Contractual

Clauses for the Transfer of Personal Data to Third Countries (Module Two: Transfer controller to

processor; "SCC Controller to Processor", and/or Module Three: Transfer processor to

processor; "SCC Processor to Processor") pursuant to European Commission Implementing

Decision (EU) 2021/914 of 4 June 2021 (as to both Modules, the "SCC") and Art. 28 et seq.

GDPR.

1. DEFINITIONS

In addition to the definitions in Clause 1 and 4(a) SCC, the following definitions shall

apply:

— "Instruction" means any documented instruction, submitted by Customer to

MyChatBot, directing MyChatBot to perform a specific action with regard to personal data.

Instructions shall initially be specified in the MyChatBot Terms of Use and may, from

time to time thereafter, be amended, supplemented or replaced by Customer by

separate written or text form instructions, provided that such instructions still fall

within the scope of the Services. Instruction issued for the purpose of complying with

statutory claims under the GDPR such as rectification, erasure, restriction or

Portability of personal data fall within the scope of the Services.

— "Applicable Law" means all laws, rules and regulations applicable to either party’s

performance under this MyChatBot DPA, including but not limited to those applicable to

the processing of personal data. This means, in particular, the GDPR and all

national laws validly amending the applicable rules for the processing of personal

data.

2. AMENDMENT OF MyChatBot TERMS OF USE

2.1 This MyChatBot DPA amends the MyChatBot Terms of Use with respect to any processing of

Customer Personal Data provided by Customer or by Customer’s Customers through

Customer as amended from time to time by written agreement between both Parties.

MyChatBot will, in the course of providing Services due under the MyChatBot Terms of Use,

process Customer Personal Data which shall be subject to the following provisions

contained in this MyChatBot DPA. When performing the Services, MyChatBot will act either as

processor or sub-processor. MyChatBot’s function as processor or sub-processor will be

determined by the function of MyChatBot’s Customer. If the Customer is the controller, then

MyChatBot shall be the processor. If the Customer is the processor on behalf of its

Customer’s Customers, then MyChatBot shall be the sub-processor, whereas Customer

and Customer’s Customers, as communicated to MyChatBot by Customer, shall be entitled

to issue Instructions under this MyChatBot DPA.

DATA PROCESSING, STANDARD CONTRACTUAL CLAUSES AND CONCLUSION

Any processing operation as described in Section 5 and Exhibit A. shall be subject

to this MyChatBot DPA which includes the SCC in Exhibit C.

As explicitly allowed by Clause 2(a) s 2 of the SCC, Sections 1 through 14 of the

MyChatBot DPA are meant to supplement the SCC, in particular, by way of providing

guidance for their practical implementation and are not intended to contradict, directly or

indirectly, any clauses of the SCC. In the event of any conflict between the SCC, the

MyChatBot Terms of Use or this MyChatBot DPA, the order of prevalence between the terms

included therein shall be as follows (in accordance with Clause 5 of the SCC):

(1) the SCC, the terms in Exhibit A of the MyChatBot DPA which are the SCC and, in

through Exhibit C meant to fill in particular, it's the required information for Appendix (2) the remaining provisions of the MyChatBot DPA, and (3) MyChatBot Terms of Use and other contractual documents.

The Parties agree that by the Customer accepting the MyChatBot Terms of Use, to whom

this MyChatBot DPA is attached, this MyChatBot DPA and the SCC included in Exhibit C will,

by default, also be concluded between MyChatBot as data importer (as defined in the SCC)

and Customer as data exporter (as defined in the SCC), whereas the following will apply:

3.2.1. In the cases where the Customer is acting as the controller of the personal data it

provides, the terms of the SCC Controller to Processor will apply.

3.2.2 In the cases where the Customer is acting as a processor for one or more of

Customer’s Customers, the terms of the SCC Processor to Processor will apply

in relation to the personal data initially provided by Customer’s Customers. As to

such cases, Customer warrants that it (i) is authorized by Customer’s Customers

to enter into this MyChatBot DPA as their processor as well as to engage MyChatBot

as their subprocessor and (ii) has concluded appropriate data processing

agreements with its Customer’s Customers as the controller.Since the Customer

is the only Party which has a direct relationship with Customer’s Customers, the

Parties agree that whenever MyChatBot may be obligated to notify Customers

Customers under this MyChatBot DPA including under the SCC Processor to

Processor, such as under its Clause 9 (option 2) or Clause 10(a), the Customer

warrants to promptly forward such notification from MyChatBot to the relevant

Customer’s Customers.

Subject to the MyChatBot Terms of Use, additional Customer’s Customers may be

added by Customer to obtain the Services. In such cases, the Parties agree that

MyChatBot will process the personal data of such additional Customer’s Customers

6.1 As a subprocessor under this MyChatBot DPA including the SCC under the same

conditions and with the same effect as outlined in the previous paragraphs

(Clause 7 of the SCC shall remain unaffected).

SAFEGUARDS AND SUPPORT FOR INTERNATIONAL DATA TRANSFERS

MyChatBot undertakes to provide reasonable support to Customer to ensure compliance with

the requirements imposed on the transfer of personal data to third countries with respect to

data subjects located in the EEA, UK and Switzerland. In accordance with Clause 14(c) of

the SCC and without prejudice to the content of that Clause, MyChatBot will do so, in particular,

by providing information to Customer which is reasonably necessary for Customer to

complete a transfer impact assessment ("TIA"). MyChatBot further agrees to implement the

supplementary measures agreed upon under Exhibit D in order to help Customer achieve

compliance with requirements imposed on the transfer of personal data to third countries.

Customer warrants that it will have successfully completed an appropriate TIA prior to

initiating any processing under this MyChatBot DPA.

DETAILS OF DATA PROCESSING

The details of data processing (such as subject matter, nature and purpose of the processing, categories of personal data and data subjects), as also referenced in Annex A, B, C. of the Appendix of the SCC in Exhibit C, are described in the MyChatBot Terms of Use and in Exhibits A, B, and C.

MyChatBot’s OBLIGATIONS

MyChatBot’s obligations are stipulated in the SCC, whereas these obligations shall be

specified in accordance with Clause 2(a) s 2 of the SCC as follows, without prejudice to

the obligations set out in the SCC:MyChatBot is permitted to anonymize Customer

Personal Data through a reliable state of the art anonymization procedure and use such

anonymized data for its own research and development purposes.

Technical and Organizational Data Security Measures

6.1.1. In accordance with Clause 8.6(a) SCC and Art. 32 GDPR, MyChatBot will

implement the technical and organizational measures described in Annex II of the

Appendix of the SCC in Exhibit C.

6.1.2 Without prejudice to Clause 8.6(a) SCC, if MyChatBot significantly modifies

measures specified in Annex Il of the Appendix of the SCC in Exhibit C, such

modifications have to meet the obligations pursuant to Clause 8.6(a) SCC.

MyChatBot shall make available to Customer a description of such modified

measures which enable customers to assess compliance with Art. 32 GDPR and

Clause 8.6(a) SCC. Unless Customer explicitly rejects the modified measures

within fourteen (14) days from receipt, the modified measures shall be deemed

as accepted by Customer and Customer’s Customers, whereas Customer and

Customer’s Customer shall not reject any modification that meets the

requirements pursuant to Art. 32 GDPR as well as Clause 8.6(a) SCC.

6.2 Documentation and Audit Rights

In order to comply with its obligation to make available all information to

demonstrate compliance in accordance Clauses 8.9(c) SCC, without prejudice to

the content of these Clauses, MyChatBot shall, upon request and subject to an

appropriate non-disclosure agreement, provide to Customer a comprehensive

documentation of the technical and organizational data security measures in

according to industry standards. The effectiveness of MyChatBot’s technical

and organizational security measures will be audited by an independent

third-party on an annual basis. In addition, MyChatBot may, in its discretion, provide

data protection compliance certifications issued by a commonly accepted

certification issuer which has been audited by a data security expert, by a publicly

certified auditing company or by another customer of MyChatBot.

MyChatBot will allow for and contribute to audits in accordance with Clause 8.9(c)

SCC Controller to Processor and Clause 8.9(d) SCC Processor to Processor,

without prejudice to the content of this Clause, if Customer has justifiable reason

to believe that MyChatBot is not complying with this MyChatBot DPA and, in particular,

with the obligation to implement and maintain the agreed technical and

organizational data security measures, once per year (unless there are specific

indications that require a more frequent inspection). Customer agrees to be

subject to an appropriate non-disclosure agreement when performing the audit.

In deciding on a review or audit, Customer may take into account relevant

certifications held by MyChatBot (the corresponding Clause 8.9(c) s 2 SCC

Controller to Processor and Clause 8.9(d) s 3 SCC Processor to Processor shall

remain unaffected). The costs associated with such audits and/or for providing

additional information shall be borne by Customer unless such audit reveals

MyChatBot’s material breach with this MyChatBot DPA.

In accordance with Clause 8.9(c) and (d) SCC and without prejudice to the

content of these Clauses, the aforementioned audit right can be exercised by (i)

requesting additional information, (ii) accessing the databases which process

Customer Personal Data or (iii) by inspecting MyChatBot's working premises

whereby in each case no access to personal data of other customers or

MyChatBot’s confidential information will be granted.

If Customer intends to conduct an audit at MyChatBot’s premises or physical

facilities, MyChatBot will allow for such audits in accordance Clause 8.9(d) s 2 SCC

Controller to Processor and Clause 8.9(f) s 2 SCC Processor to Processor,

without prejudice to the content of this Clause, whereas Customer shall, where

appropriate, give reasonable notice to MyChatBot and agree with MyChatBot on the time and duration of the audit while inspections shall be made during regular

business hours and in such a way that business operations are not disturbed. At

at least one employee of MyChatBot may accompany the auditors at any time.

MyChatBot may memorialize the results of the audit in writing which shall be

confirmed by Customer.

6.2.5 In accordance with Clause 8.9(d) s 1 SCC Controller to Processor and Clause

8.9(f) s 1 SCC Processor to Processor and without prejudice to the content of this

Clause, Customer may also engage third party auditors to perform the audit in

according to Sections 6.3.2, 6.3.3 and 6.3.4 on its behalf. Customer may not

appoint a third party as auditor who (i) MyChatBot reasonably considers to be in a

competitive relationship to MyChatBot, or (ii) is not sufficiently qualified to conduct

such an audit, or (iii) is not independent (the corresponding Clause 8.9(d) s 1

SCC Controller to Processor and Clause 8.9(f) s 1 SCC Processor to Processor

shall remain unaffected). Any such third-party auditor shall only be engaged if the

auditor is bound by an appropriate non-disclosure agreement in favor of MyChatBot

prior to conducting any audit or is bound by statutory confidentiality obligations.

Notification Duties

Without prejudice to Clauses 10(a) and 15.1(a) SCC,

MyChatBot shall inform Customer without undue delay in text form (e.g. letter, fax or email) of

threats to Customer Personal Data in possession of MyChatBot by garnishment, confiscation,

insolvency and settlement proceedings or other similar incidents or measures by third

parties.

In such a case, MyChatBot shall immediately inform the respective responsible person/entity

that Customer holds the sovereignty and ownership of the personal data.

Data Subject Rights Requests

Without prejudice to Clause 10(a) SCC, MyChatBot will promptly notify Customer of any request it has received from a data subject, who will, where appropriate, promptly notify Customer's Customer about

such a request. If a data subject addresses MyChatBot with claims for access, rectification, erasure,

restriction, objection or data portability, MyChatBot shall refer the data subject to

Customer, who will, where appropriate, refer data subject to Customer’s Customer.

In the case that claims are based on Art. 82 GDPR are raised against Customer, MyChatBot

shall reasonably support Customer with its defense to the extent the claim arises in

connection with the processing of personal data by MyChatBot in connection with

performing the Services to Customers.

CUSTOMER’S OBLIGATIONS

Customer’s obligations shall be as stipulated in the SCC, whereas these obligations

shall be specified in accordance with Clause 2(a) s 2 of the SCC as follows, without

prejudice to the obligations set out in the SCC:

Customer shall provide all Instructions of its own and/or of its Customer’s Customers

pursuant to this MyChatBot DPA to MyChatBot in written, electronic or verbal form (the

corresponding Clause 8.1(a) SCC Controller to Processor and Clause 8.1(b) s 1 SCC

Processor to Processor shall remain unaffected). Verbal Instructions shall be confirmed

immediately in written form thereafter.

Customer shall notify MyChatBot in writing of the names of the persons who are entitled to

issue Instructions to MyChatBot. Any consequential costs incurred resulting from

Customer’s failure to comply with the preceding sentence shall be borne by Customer. In

any event, the managing directors of Customer are entitled to issue Instructions.

Customer shall inform MyChatBot immediately if processing by MyChatBot might lead to a

violation of data protection laws and regulations.

In the case that claims are based on Art. 82 GDPR are raised against MyChatBot, Customer

shall reasonably support MyChatBot with its defense to the extent the claim arises in

connection with the processing of personal data by MyChatBot in connection with

performing the Services to Customers.

Customer shall name a person responsible for dealing with questions relating to

applicable data protection law and data security in the context of performing this

MyChatBot DPA.

SUBPROCESSING

In accordance with Clause 9(a) SCC option 2, and without prejudice to the content of this

Clause, MyChatBot has Customer’s and/or Customer’s Customers general authorization for

the engagement of the sub-processor(s) listed in Exhibit B.

In accordance with Clause 9(b) SCC and without prejudice to the content of this Clause,

any sub-processor is obliged before initiating the processing, to commit itself by way of

written contract to comply with, in substance, the same data protection obligations as the

ones under this MyChatBot DPA.

In order to fulfill its obligation under Clause 9(a) option 2 SCC and without prejudice to

the content of this Clause, MyChatBot may provide a website or provide another written

notice that lists all sub-processors to access Customer Personal Data as well as the

limited or ancillary services they perform. In accordance with Clause 9(a) option 2 s 2

SCC and without prejudice to the content of this Clause, MyChatBot will update its website

and/or notify Customer in light of any change of sub-processors, whereas Customer will

immediately forward such notification to Customer’s Customers, and grant Customer and

Customer’s Customers the opportunity to object to such change in conformity with the

time period specified in the aforementioned Clause before authorizing any new

sub-processor to access personal data. In the case that Customer and/or Customer’s

Customer, as immediately communicated by Customer to MyChatBot, object/s to the

change of sub-processors, MyChatBot can choose to either not engage the sub-processor

or to terminate the MyChatBot Terms of Use with two (2) months prior written notice. Until

the termination of the MyChatBot Terms of Use, MyChatBot may suspend the portion of the

Services which are affected by the objection of Customer and/or Customer’s Customer.

Customer and/or Customer’s Customers shall not be entitled to a pro-rata refund of the

remuneration for the Services, unless the objection is based on justified reasons of

non-compliance with applicable data protection law.

Customer herewith agrees for itself and also on behalf of Customer’s Customers,

whereas Customer warrants to be duly authorized by Customer’s Customers to do so, to

the sub-processors as set out in Exhibit B.

LIABILITY

In clarification of Clause 12 SCC and without prejudice to the content of this Clause, as

regards the internal liability and without any effect as regards the external liability

towards data subjects, the Parties agree that notwithstanding anything contained

hereunder, when providing the Services, MyChatBot’s liability for breach of any terms and

conditions under this MyChatBot DPA shall be subject to the liability limitations agreed in

the MyChatBot Terms of Use. Further, no Customer Affiliate shall become beneficiary of

this MyChatBot DPA without being bound by this MyChatBot DPA and without accepting this

liability limitation. Customer will indemnify MyChatBot against any losses that exceed the

liability limitations in the MyChatBot Terms of Use suffered by MyChatBot in connection with

any claims of Customer Affiliates or data subjects who claim rights based on alleged

violation of this MyChatBot DPA including the SCC.

COSTS FOR ADDITIONAL SERVICES

If Customer’s and/or Customer’s Customers’ Instructions lead to a change from or

increase of the agreed Services or in the case of MyChatBot’s compliance with its

obligations pursuant to Clauses 8.6(c), (d), and 10(b) SCC as well as Section 7.4 to

assist Customer with Customer’s own statutory obligations, MyChatBot is entitled to charge

reasonable fees for such tasks which are based on the prices agreed for rendering the

Services and/or notified to Customer in advance. This shall be without prejudice to the

obligations of MyChatBot under the aforementioned Clauses of the SCC.

CONTRACT PERIOD

The duration of this MyChatBot DPA depends on the duration of the MyChatBot Terms of Use.

It commences with the initiation of the Services and shall terminate upon termination of the agreed Services under the MyChatBot Terms of Use, unless otherwise stipulated in the

provisions of this MyChatBot DPA.

MODIFICATIONS

MyChatBot may modify or supplement this MyChatBot DPA, with two (2) weeks prior notice to

Customer, (i) if required to do so by a supervisory authority or other government or

regulatory entity, (ii) if necessary to comply with Applicable Law, (iii) to implement

amended standard contractual clauses laid down by the European Commission or (iv) to

adhere to a code of conduct or certification mechanism approved or certified pursuant to

Art. 40, 42 and 43 of the GDPR. Customer shall notify MyChatBot if it does not agree to a

modification, in which case MyChatBot may terminate this MyChatBot DPA and the MyChatBot

not based on non-compliance of the modifications with applicable data protection law,

MyChatBot shall remain entitled to claim its agreed remuneration until the end of the agreed

Services.

CHOICE OF LAW AND PLACE OF JURISDICTION

This MyChatBot DPA is governed by, and shall be interpreted in accordance with, the law

that is stipulated by the Parties under Clause 17 SCC in Exhibit C, whereas the place of

jurisdiction shall be as stipulated by the Parties under Clause 18(b) SCC in Exhibit C.

CUSTOMER PERSONAL DATA SUBJECT TO UK AND SWISS DATA

PROTECTION LAWS

To the extent that the processing of Customer Personal Data is subject to UK data protection laws, the UK Addendum set out in Exhibit E shall apply. To the extent that the processing of Customer Personal Data is subject to Swiss data protection laws, the Swiss Addendum set out in Exhibit F shall apply.

MISCELLANEOUS

In the event a clause under the MyChatBot Terms of Use has been found to violate the

GDPR or any other Applicable Law, the Parties will mutually agree on modifications to

the MyChatBot Terms of Use to the extent necessary to comply with Applicable Law.

Exhibit A — Specifications of the Processing

1. Data Exporter

The Customer and/or Customer’s Customers are creators of chatbots using MyChatBot’s

bot-building platform.

2. Data Importer

MyChatBot is engaged in providing a platform-as-a-service-platform to Customers and Customer’s

Customers to build, host, and manage chatbots to be used on Facebook/Instagram

messenger.

3. Categories of data subjects

The categories of data subjects whose personal data are transferred: Individual online consumers of Customer and Customer’s Customers.

4. Categories of personal data

The transferred categories of personal data are:

Customer and Customer’s Customers’ online consumers / bot users’ first name, last name,

Facebook/Instagram avatar photo, time zone, language settings and gender, as long

as those pieces of information are available in the public Facebook/Instagram

profiles, as well as any other data contained in the chatbot conversation transcripts.

5. Special categories of personal data (if applicable)

The transferred personal data includes the following special categories of data: MyChatBot is not

aware of any such data but Customers can create bots that could potentially also collect all

sorts of special categories of personal data.

The applied restrictions or safeguards that fully take into consideration the nature of the data

and the risks involved, such as for instance strict purpose limitation, access restrictions

(including access only for staff having followed specialized training), keeping a record of access

to the data, restrictions for onward transfers or additional security measures are: As MyChatBot is

not aware of special categories of personal data being processed by Customers through bots,

the safeguards and measures outlined under Annex II of the Appendix of the SCC in Exhibit C

will apply.

6. Frequency of the transfer

The frequency of the transfer is: The transfer is performed on a continuous basis.

7. Subject matter of the processing

The subject matter of the processing is: MyChatBot is a platform that allows its Customers and

Customer’s Customers’ online consumers to get in contact with the Customer or Customer’s

Customers by communicating with the provided chatbots via Facebook/ Instagram

Messenger.

8. Nature of the processing

The nature of the processing includes the collection, recording, organization, structuring,

storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,

dissemination or otherwise making available, alignment or combination, erasure of data.

9. Purpose(s) of the data transfer and further processing

The purpose of the data transfer and further processing is: MyChatBot uses personal data to

enable bot admins to customize and improve bot experiences based on users’ public

Facebook/Instagram profiles and data users share with the bot.

10. Duration

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period is: The duration shall be as stipulated and referenced in Section

11 of the Terms of the Processing.

For transfers to sub-processors, specify subject matter, nature and duration of the processing:

As stipulated in the second column to the right of the table set out in Exhibit B of the MyChatBot

DPA or, where applicable, in a separate document which MyChatBot uses to inform / notify

Customer in relation to utilized sub-processors.

Exhibit C - Standard Contractual Clauses for International Data Transfers (Module Two:

Transfer controller to processor / Module Three: Transfer processor to processor

Standard Contractual Clauses

Customer is hereinafter referred to as the "data exporter" with respect to the personal data

provided to MyChatBot. Whenever the Customer is acting as a processor for Customer’s Customers

as outlined under Section 3.2.2., the Clauses of Module three (processor to processor) as

highlighted below shall respectively apply.

MyChatBot is hereinafter referred to as the "data importer".

The data exporter and the data importer, each a "party" and collectively "the parties" HAVE

AGREED on the following SCC in order to implement adequate safeguards with respect to the

protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data

exporter to the data importer of the personal data specified in Appendix 1.

SECTION |

Clause 1

Purpose and scope

(a) The purpose of these standard contractual clauses is to ensure compliance with the

requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of

27 April 2016 on the protection of natural persons with regard to the processing of personal

data and on the free movement of such data (General Data Protection Regulation) (1) for the

transfer of personal data to a third country.

(b) The Parties:

(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter

‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data

exporter’), and

(ii) the entity/ies in a third country receiving the personal data from the data exporter,

directly or indirectly via another entity also Party to these Clauses, as listed in Annex

|.A (hereinafter each ‘data importer’)

have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).

(d) |The Appendix to these Clauses containing the Annexes referred to therein forms

an integral part of these Clauses.

Clause 2

Effect and invariability of the Clauses

These Clauses set out appropriate safeguards, including enforceable data subject rights and

effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU)

2016/679 and, with respect to data transfers from controllers to processors and/or processors

to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU)

2016/679, provided they are not modified, except to select the appropriate Module(s) or to

add or update information in the Appendix. This does not prevent the Parties from including

the standard contractual clauses laid down in these Clauses in a wider contract and/or to add

other clauses or additional safeguards, provided that they do not contradict, directly or

indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

These Clauses are without prejudice to obligations to which the data exporter is subject

by virtue of Regulation (EU) 2016/679.

Clause 3

Third-party beneficiaries

Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against

the data exporter and/or data importer, with the following exceptions:

(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii) Clause 8 — Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and

(d) and Clause 8.9(a), (c), (d), (e), (f) and (g);

(iii) Clause 9 —Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);

(iv) Clause 12 —Clause 12(a), (d) and (f);

(v) Clause 13;

(vi) Clause 15.1(c), (d) and (e);

(vii) Clause 16(e);

(viii) Clause 18 — Clause 18(a) and (b).

Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4

Interpretation

Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those

terms shall have the same meaning as in that Regulation.

These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU)

2016/679.

These Clauses shall not be interpreted in a way that conflicts with rights and

obligations provided for in Regulation (EU) 2016/679.

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements

between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these

Clauses shall prevail.

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred

and the purpose(s) for which they are transferred, are specified in Annex I.B.

SECTION II - OBLIGATIONS OF THE PARTIES

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organizational measures, to satisfy

its obligations under these Clauses.

8.1 Instructions

The data importer shall process the personal data only on documented instructions from the

data exporter. The data exporter may give such instructions throughout the duration of the

contract.

The data importer shall immediately inform the data exporter if it is unable to follow those instructions.

8.2 Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex |.B, unless on further instructions from the data exporter.

8.3 Transparency

On request, the data exporter shall make a copy of these Clauses, including the Appendix as

completed by the Parties, available to the data subject free of charge. To the extent necessary to

protect business secrets or other confidential information, including the measures described in

Annex II and personal data, the data exporter may redact part of the text of the Appendix to these

Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject

would otherwise not be able to understand its content or exercise his/her rights. On request, the

Parties shall provide the data subject with the reasons for the redactions, to the extent possible

without revealing the redacted information. This Clause is without prejudice to the obligations of the

data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

8.4 Accuracy

If the data importer becomes aware that the personal data it has received is inaccurate, or has

become outdated, it shall inform the data exporter without undue delay. In this case, the data

importer shall cooperate with the data exporter to erase or rectify the data.

8.5 Duration of processing and erasure or return of data

Processing by the data importer shall only take place for the duration specified in Annex I.B. After

the end of the provision of the processing services, the data importer shall, at the choice of the data

exporter, delete all personal data processed on behalf of the data exporter and certify to the data

exporter that it has done so, or return to the data exporter all personal data processed on its behalf

and delete existing copies. Until the data is deleted or returned, the data importer shall continue to

ensure compliance with these Clauses. In case of local laws applicable to the data importer that

prohibit return or deletion of the personal data, the data importer warrants that it will continue to

ensure compliance with these Clauses and will only process it to the extent and for as long as

required under that local law. This is without prejudice to Clause 14, in particular the requirement

for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the

contract if it has reason to believe that it is or has become subject to laws or practices not in line

with the requirements under Clause 14(a).

8.6 Security of processing

(a)The data importer and, during transmission, also the data exporter shall implement appropriate

technical and organizational measures to ensure the security of the data, including protection

against a breach of security leading to accidental or unlawful destruction, loss, alteration,

unauthorized disclosure or access to that data (hereinafter ‘personal data breach’). In assessing

the appropriate level of security, the Parties shall take due account of the state of the art, the

costs of implementation, the nature, scope, context and purpose(s) of processing and the risks

involved in the processing for the data subjects. The Parties shall in particular consider having

recourse to encryption or pseudonymisation, including during transmission, where the purpose

processing can be fulfilled in that manner. In case of pseudonymisation, the additional

information for attributing the personal data to a specific data subject shall, where possible,

remain under the exclusive control of the data exporter. In complying with its obligations under

this paragraph, the data importer shall at least implement the technical and organizational

measures specified in Annex II. The data importer shall carry out regular checks to ensure that

these measures continue to provide an appropriate level of security.

(b)The data importer shall grant access to the personal data to members of its personnel only to

the extent strictly necessary for the implementation, management and monitoring of the

contract. It shall ensure that persons authorized to process the personal data have committed

themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

(c)In the event of a personal data breach concerning personal data processed by the data importer

under these Clauses, the data importer shall take appropriate measures to address the breach,

including measures to mitigate its adverse effects. The data importer shall also notify the data

exporter without undue delay after having become aware of the breach. Such notification shall

contain the details of a contact point where more information can be obtained, a description of

the nature of the breach (including, where possible, categories and approximate number of data

subjects and personal data records concerned), its likely consequences and the measures taken

or proposed to address the breach including, where appropriate, measures to mitigate its

possible adverse effects. Where, and in so far as, it is not possible to provide all information at

the same time, the initial notification shall contain the information then available and further

information shall, as it becomes available, subsequently be provided without undue delay.

(d)The data importer shall cooperate with and assist the data exporter to enable the data exporter

to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the

competent supervisory authority and the affected data subjects, taking into account the nature of

processing and the information available to the data importer.

8.7 Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions,

religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the

purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or

sexual orientation, or data relating to criminal convictions and offenses (hereinafter ‘sensitive data’),

the data importer shall apply the specific restrictions and/or additional safeguards described in

Annex |.B.

8.8 Onward transfers

The data importer shall only disclose the personal data to a third party on documented instructions

from the data exporter. In addition, the data may only be disclosed to a third party located outside

the European Union’ (in the same country as the data importer or in another third country,

hereinafter ‘onward transfer’) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:

(i) the onward transfer is to a country benefiting from an adequacy decision pursuant to Article

45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47

Regulation of (EU) 2016/679 with respect to the processing in question;

(iii) the onward transfer is necessary for the establishment, exercise or defense of legal claims in the context of specific administrative, regulatory or judicial proceedings; or

(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person. Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

8.9 Documentation and compliance

(a)The data importer shall promptly and adequately deal with enquiries from the data exporter that

relate to the processing under these Clauses.

(b)The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data

importer shall keep appropriate documentation on the processing activities carried out on behalf

of the data exporter.

(c)The data importer shall make available to the data exporter all information necessary to

demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s

request, allow for and contribute to audits of the processing activities covered by these Clauses,

at reasonable intervals or if there are indications of non-compliance. In deciding on a review or

audit, the data exporter may take into account relevant certifications held by the data importer.

(d)The data exporter may choose to conduct the audit by itself or mandate an independent auditor.

Audits may include inspections at the premises or physical facilities of the data importer and

shall, where appropriate, be carried out with reasonable notice.

(e)The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.

The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal

market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU)

2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data

importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.

MODULE THREE: Transfer processor to processor

Clause 8

Data protection safeguards

8.1 Instructions

(a)The data exporter has informed the data importer that it acts as processor under the instructions

of its controller(s), which the data exporter shall make available to the data importer prior to

processing.

(b)The data importer shall process the personal data only on documented instructions from the

controller, as communicated to the data importer by the data exporter, and any additional

documented instructions from the data exporter. Such additional instructions shall not conflict

with the instructions from the controller. The controller or data exporter may give further

documented instructions regarding the data processing throughout the duration of the contract.

(c)The data importer shall immediately inform the data exporter if it is unable to follow those

instructions. Where the data importer is unable to follow the instructions from the controller, the

data exporter shall immediately notify the controller.

(d)The data exporter warrants that it has imposed the same data protection obligations on the data

importer as set out in the contract or other legal act under Union or Member State law between

the controller and the data exporter (5).

8.2. Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as

set out in Annex |. B., unless on further instructions from the controller, as communicated to the

data importer by the data exporter, or from the data exporter.

8.3 Transparency

On request, the data exporter shall make a copy of these Clauses, including the Appendix as

completed by the Parties, available to the data subject free of charge. To the extent necessary to

protect business secrets or other confidential information, including personal data, the data

exporter may redact part of the text of the Appendix prior to sharing a copy, but shall provide a

meaningful summary where the data subject would otherwise not be able to understand its content

or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for

the redactions, to the extent possible without revealing the redacted information.

8.4 Accuracy

If the data importer becomes aware that the personal data it has received is inaccurate, or has become

outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to rectify or erase the data.

8.5 Duration of processing and erasure or return of data

Processing by the data importer shall only take place for the duration specified in Annex I.B. After

the end of the provision of the processing services, the data importer shall, at the choice of the data

exporter, delete all personal data processed on behalf of the controller and certify to the data