Welcome to mybestclick.mobi (the "Site"). This site is owned and operated by MYBESTCLICK LTD ("MYBESTCLICK LTD", or "We").

By using the Site you ("You") accept and agree to be bound by the following terms of use ("Terms of Use"), as well as to our Data Protection Addendum and all applicable laws and regulations governing the site.

MYBESTCLICK LTD reserves the right to change these terms of service at any time, effective immediately upon posting on the site. Please read them carefully.

MYBESTCLICK LTD does not warrant that the access to or use of the Site will be uninterrupted or error free. MYBESTCLICK LTD may on its sole discretion at any time and without notice suspend or discontinue the operation of the Site or remove, change or add content.

You must not try to log in to non-public parts of the Site unless you are a validly registered user and have received a valid password from MYBESTCLICK LTD

INTELLECTUAL PROPERTY RIGHTS

All content included on this Site, such as, but not limited to, images, text, graphics, logos, and button icons, is the property of MYBESTCLICK LTD and is protected by copyright laws. All content on this Site that is not the property of MYBESTCLICK LTD is used with permission. The arrangement and compilation of all content on this Site are the exclusive property of MYBESTCLICK LTD and are protected by copyright laws.

TRADEMARKS

Certain marks used on our Site are registered trademarks or service marks of MYBESTCLICK LTD, its artists or its suppliers, worldwide. Certain graphics, logos, page headers, button icons, scripts, and service names are trademarks or service marks of MYBESTCLICK LTD or its affiliates. MYBESTCLICK LTD trademarks and service marks may not be used for any commercial or other purposes by any party other than MYBESTCLICK LTD or its affiliates without the prior written consent of MYBESTCLICK LTD. All other trademarks and service marks not owned by MYBESTCLICK LTD or its affiliates or subsidiaries that appear on this Site are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by MYBESTCLICK LTD.

Allowed use of the Site and the Content

The viewing, printing or downloading of any content, video, audio, graphic, form or document from the Site grants you only a revocable, nonexclusive license for use solely by you for personal, noncommercial purposes limited to the use as is reasonably required to view and listen to the content and navigate through the pages and links generally available to the public using a standard Internet browser and standard media player, and not for republication, distribution, assignment, sublicense, sale, preparation of derivative works or other use. No part of any content, graphic, form or document may be reproduced in any form or incorporated into any information retrieval system, electronic or mechanical, other than for your personal, noncommercial use (but not for resale or redistribution).

ADVERTISER ACCOUNTS

When You sign up as an advertiser at MYBESTCLICK LTD, You may be asked to provide a password. You are solely responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and You agree to accept responsibility for all activities that occur under your account or password. You agree that the information You provide to MYBESTCLICK LTD on registration and at all other times will be true, accurate, current, and complete. You also agree that You will ensure that this information is kept accurate and up-to-date at all times. If You have reason to believe that your account is no longer secure (e.g., in the event of a loss, theft or unauthorized disclosure or use of your account ID, password, or any credit, debit or charge card number, if applicable), then You agree to immediately notify MYBESTCLICK LTD. You may be liable for the losses incurred by MYBESTCLICK LTD or others due to any unauthorized use of your Site account.

You must be at least 18 years old in order to use our services and to be eligible to receive payments from us.

COMPLIANCE POLICY

1. Placement of Ads

In order to be eligible to become an MYBESTCLICK LTD advertiser (the "Advertiser" or "You"), all advertisements or affiliated websites or Advertisers must not include any spoofing, redirecting, or trafficking from adult-related websites in an effort to gain traffic, unless expressly permitted and specified in the details of the campaign.

You represent and warrant that you will not promote via advertisement or link to websites containing any pornographic, racial, ethnic, political, software pirating (e.g. Warez) or hacking, hate-mongering, or otherwise objectionable or non-permitted content.

Without derogating from the aforesaid, You may NOT place any MYBESTCLICK LTD advertisements on alternative publishers or websites without written consent and approval of MYBESTCLICK LTD. You will not place MYBESTCLICK LTD advertisements on pornographic/offensive, and/or warez, and/or illegal MP3 sites/directories, and/or P2P (not approved by RIAA) / Bit-Torrent sites, and/or Spyware or malicious code of any sort and/or alternatively questionable areas.

In case where advertisements are placed in such locations, MYBESTCLICK LTD reserves the right to withhold payment for the entire campaign and/or submit an immediate legal action against You and/or demand financial compensation, based on the damages incurred by MYBESTCLICK LTD as a result thereof.

2. Advertiser Guidelines

Desktop Traffic / Offers - Forbidden Attributes

By using mybestclick.mobi, you agree to our terms and conditions, and commit that you will not direct traffic to any ad containing the following mechanisms / contents.

This list should be considered as a general guideline and can be updated at any time. Moreover, mybestclick.mobi reserves the right to stop the promotion of any ad at any time at its sole discretion. We constantly check the content that is displayed on ads, so please make sure your content meets our demands.

We reserve the right to immediately block or permanently ban any account that violates mybestclick.mobi's rules.

The following list contains the types of contents and mechanisms that are not allowed on our platform:

• Adult offers (unless expressly permitted and specified in the details of the campaign)
• Freeze Screen Simulation
• Illegal activity (i.e. hacking, content related to drug abuse or drug dealing, how to build a bomb and more)
• Hate-speech (racial, ethnic, political, gender-based, religious, personal etc.)
• Repeated Javascript alerts that offer no exit button
• Ads with a Blue/Red Screen Background
• Ads containing a repeated or Automatic Download
• 'Google Safe Browsing' Identification
• Purchase of weapons or military equipment
• If the landing page contains one of the alerts listed in this category as well as an alarming sound
• Misleading Brand Reference / Counterfeiting - Unauthorised use of known logos or brand names (e.g. Microsoft, Apple, Sun, Google, Adobe)
• Malware / Scareware / Phishing/Tech Support

Mobile-web Traffic / Offers - Forbidden Attributes

• Adult offers containing explicit sexual content unsuitable for minors (unless expressly permitted and specified in the details of the campaign)
• APK Download
• If the landing page contains one of the alerts listed in this category as well as forced Device Vibration.
• If the landing page contains one of the alerts listed in this category as well as an alarming sound.

3. Cloaking

Cloaking refers to the practice of disguising (cloaking) an offer with different content or landing page. E.g. presenting a landing page for an ecommerce site, and after campaign approval changing it to a different landing page with different content. Cloaking is considered as breaching and violation of MYBESTCLICK LTD self-advertise Guidelines. MYBESTCLICK LTD keeps the right, in proven cloaking attempts, to banned accounts, to confiscate funds and to take all necessary legal actions to repair the damage caused by this violation.

TERMINATION

By signing up as an advertiser, you represent and warrant that the content on your advertisements or their subject matter does not infringe any third party's intellectual property rights or facilitate the infringement of such rights. Without prior notice, MYBESTCLICK LTD may in its sole discretion temporarily deactivate or permanently terminate any advertiser account upon receiving a complaint from a third party that a publisher's website or advertiser's advertisement or subject matter advertised infringes the intellectual property rights of that third party or facilitates such infringement.

INFORMATION YOU SEND TO MYBESTCLICK LTD

If you send information or material to the Site by any means or in any way, all such information or material will be treated as non-confidential and non-proprietary, unless otherwise clearly indicated. MYBESTCLICK LTD may without compensating you in any manner, use such information and material for its own or third parties' purposes.

REFUND POLICY

MYBESTCLICK LTD (powered by MYBESTCLICK LTD) ("We") gives you the opportunity to pause your activity in your account at any time that you wish to do so. We will refund the unused balance in your account (if there is any), within 30 business days from the day of confirmation of your request by MYBESTCLICK LTD In any case a promotional code was used during the activity period, it will be deducted from the account and will not be refundable.

A refund will be given only for the amount that hasn't been charged to your account. A refund will not be made for services that already been provided to you. Refunds for "promotional funds" will not be given in any circumstances.

We will only send refunds to the source from which payment was made (if you paid by credit card, we will only refund the same credit card). You may be required to provide additional information or documentation in order for MYBESTCLICK LTD to confirm your identity, before any refund request will be processed.

In case of breaching MYBESTCLICK LTD Terms of use, MYBESTCLICK LTD may suspend or ban your account. If MYBESTCLICK LTD bans your account, MYBESTCLICK LTD will refund the unused balance remaining in your account (if there is any) within 30 days of breach. A damage charge of thirty (30%) of the remaining balance will be applied.

LINKS TO OTHER WEBSITES

The Site and/or MYBESTCLICK LTD advertising widget may now, or hereafter from time to time, contain links to third-party Web sites, services or products (hereinafter :"Web sites"). We do not control, investigate, monitor or check such Web sites, we are not responsible for the computer programs available from, content in or opinions expressed at such Web sites. We provide such third-party links only as a convenience to visitors of the Site, and the inclusion of a link does not imply approval or endorsement of the linked site by us. If you decide to leave the Site and access any third-party Web site, you do so at your own risk and we assume no liability whatsoever for the content or opinions expressed on those websites. You access and use any linked website at your own risk.

INDEMNIFICATION

You agree to indemnify and keep MYBESTCLICK LTD, its officers, employees, agents and shareholders harmless from any liability, loss, claim and expense, including reasonable attorneys' fees, arising from (1) your use of the Site, the content or breach of these Terms of Use, (2) any claim that your advertisements or Web sites infringe or misappropriate any patent, copyright, trade secret, trademark, intellectual property or other proprietary right of any third party, or (3) any claim that your services facilitate, either directly or indirectly, the sale, distribution, or marketing of any product that infringes or misappropriates any patent, copyright, trade secret, trademark, intellectual property or other proprietary right of any third party.

PRIVACY POLICY

You should review the terms and conditions of our Privacy Policy, by which you also agree to be bound as a condition of visiting the Site and/or using the Widget.

NO REPRESENTATION OR WARRANTIES

Notwithstanding anything to the contrary in these terms of service MYBESTCLICK LTD expressly does not make any representations or warranties regarding the content of any of its publishers' Web sites or advertiser's advertising. To the extent a third party informs MYBESTCLICK LTD that one of MYBESTCLICK LTD's publishers or advertisers is violating rights owned by that third party, MYBESTCLICK LTD will generally request that the third party address the alleged rights violation directly with the publisher or advertiser, including utilizing any publisher or advertiser notice-and-take-down procedure or other mechanism for addressing such violation. However, the decision to take such action, any other action, or no action, is solely within MYBESTCLICK LTD's discretion and will be made as MYBESTCLICK LTD deems appropriate under the circumstances.

LIMITED LIABILITY

YOU USE THE SITE AND THE CONTENT AT YOUR OWN RISK. MYBESTCLICK LTD DOES NOT ASSUME ANY LIABILITY WHATSOEVER FOR ANY CONSEQUENCES ARISING FROM YOUR USE OF THE SITE OR THE CONTENT. THE SITE, ALL CONTENT AND FUNCTIONS AVAILABLE TO YOU IS PROVIDED "AS IS" AND "AS AVAILABLE". MYBESTCLICK LTD DOES NOT MAKE ANY EXPRESSED OR IMPLIED REPRESENTATIONS OR WARRANTIES OF ANY KIND AND, TO THE FULLEST EXTENT PERMISSIBLE BY LAW, DISCLAIMS ANY LIABILITY WHATSOEVER (I) FOR THE ACCURACY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, OF ANY CONTENT PUBLISHED ON OR MADE AVAILABLE THROUGH THE SITE, AND (II) FOR ANY VIRUSES OR HARMFUL COMPONENTS OR SOFTWARE CODE THAT MAY CAUSE DAMAGE TO YOUR HARDWARE, SOFTWARE OR DATA AS A CONSEQUENCE OF YOUR USE – IN ANY WAY OR MANNER – OF THE SITE OR THE CONTENT. ALL INFORMATION ON THE SITE ARE PROVIDED WITH ALL FAULTS AND THE ENTIRE RISK AS TO THE QUALITY AND ACCURACY OF THE INFORMATION IS WITH YOU AS THE USER. MYBESTCLICK LTD SHALL UNDER NO CIRCUMSTANCES WHATSOEVER, INCLUDING BUT NOT LIMITED TO MYBESTCLICK LTD'S NEGLIGENCE, BE LIABLE FOR LOSS OF SALES, PROFITS OR REVENUE, LOSS OF GOODWILL, LOSS OF DATA OR ANY OTHER DIRECT, INDIRECT, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES CAUSED YOU OR ANY THIRD PARTY FROM THE USE OF (OR INABILITY TO USE) THE SITE OR THE CONTENT, EVEN IF MYBESTCLICK LTD HAS BEEN ADVISED OF THE RISK FOR SUCH DAMAGES. MYBESTCLICK LTD'S TOTAL LIABILITY TO YOU SHALL UNDER NO CIRCUMSTANCES WHATSOEVER EXCEED 1000 USD.

GOVERNING LAW

By visiting the Site, you agree that the laws of the state of Bulgaria, without regard to principles of conflict of laws, will govern these Terms of Service.

SEVERABILITY

If any provision of these Terms of Service or any Guidelines is held to be unlawful, void, or for any reason unenforceable, then that provision will be limited or eliminated from these Terms of Service to the minimum extent necessary and will not affect the validity and enforceability of any remaining provisions.

PRE-PAYMENT PROCESSING FEES

By default, each Advertiser pays in advance for the service and will also be responsible for paying the processing fees, which will be deducted from the totaling amount the Advertiser deposits in his account, as follows:

• Deposits through Paypal - 5% processing fee;
• Deposits through Wire Transfer - $25 processing fee;

POST PAYMENT

By default, each Advertiser pays in advance for the service. In case MYBESTCLICK LTD gave Advertiser approval (in writing) to pay post payment, Advertiser shall pay to MYBESTCLICK LTD based on the rate determined and monthly reports issued by MYBESTCLICK LTD. Invoices are to be submitted following the completion of the month. Terms are net 30 days of invoice date. Payments will be based solely and exclusively upon the statistics compiled by MYBESTCLICK LTD tracking and reporting system. Each party is solely and separately responsible for its own taxes, fees, or other levies. All overdue payments shall accrue monthly interest at the rate of 2%. All payments due hereunder are in U.S. dollars and are exclusive of any applicable taxes. Advertiser shall be responsible for all applicable taxes.

VAT

According to the law in Bulgaria, every Bulgarian and / or Bulgarian company, registered in the platform, is required to pay VAT.

WAIVER

The failure of MYBESTCLICK LTD to exercise or enforce any right or provision of these Terms will not constitute a waiver of such right or provision. Any waiver of any provision of these Terms of Service will be effective only if in writing and signed by MYBESTCLICK LTD.

PROMO CODES

MYBESTCLICK LTD and its affiliates (collectively, "MYBESTCLICK LTD" or "we") welcomes you ("Participant(s)" or "you") to use our "Promo Code".

THE FOLLOWING TERMS AND CONDITIONS GOVERN YOUR PROMO CODES USE. BY USING THE PROMO CODE YOU AGREE TO BE BOUND THE FOLLOWING TERMS AND CONDITIONS (THE "TERMS") WHICH INLUDE BY REFERENCE MYBESTCLICK LTD'S TERMS OF USE (AT mybestclick.mobi) AND PRIVACY POLICY (AT mybestclick.mobi) AND TO COMPLY WITH ALL APPLICABLE LAWS AND REGULATIONS REGARDING THE USAGE. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS PLEASE DO NOT USE OUR PROMO CODE.

• From time to time, we may offer promo codes which may apply to any, or certain specified users of mybestclick.mobi platform.
• Each Promo Code will be subject to specific terms & conditions specified at the time the promo code is issued (including the length of time to use the code) by mybestclick.mobi platform.
• The use of the promo code is designated to use on mybestclick.mobi platform only.
• Promo-code is a single-use code per user and can be used by mybestclick.mobi's registered user and/or account only.
• The use of the promo code is conditional to 100USD new deposit in the user's mybestclick.mobi registered account.
• Promo codes are non-transferable, non-refundable, non-reusable and cannot be exchanged for cash.
• If a promo code is offered by the Company and can't run properly because of fraud, tampering, technical errors or anything else that is beyond our control which affects the running, administration, security or fairness of the promo code, we reserve the right to cancel, modify or suspend the promo code.
• The company reserves the right to suspend a campaign and/or deny the user's access to his account and/or cancel user's rights to use of a promo code in any case of abuse by the user (i.e. - reuse of a promo code by the same user under different accounts etc.)
• The Company reserves the right to cancel promo code that may breach mybestclick.mobi Terms & Conditions.
• The Company reserves the right to amend these terms and conditions at any time.

ANY ATTEMPT BY A USER OR ANY OTHER INDIVIDUAL TO DELIBERATELY CIRCUMVENT, DISRUPT OR DAMAGE ORDINARY AND NORMAL OPERATION OF THIS ACTIVITY, TELEPHONE SYSTEMS OR WEBSITE, OR UNDERMINE THE LEGITIMATE OPERATION OF THIS ACTIVITY WILL CONSIDER AS A VIOLATION. SHOULD SUCH AN ATTEMPT BE MADE, MYBESTCLICK LTD RESERVES THE RIGHT TO SEEK DAMAGES FROM ANY SUCH PARTICIPANT TO THE FULLEST EXTENT PERMITTED BY LAW.

All requests for further information regarding Promo Codes should be directed to: contacts@mybestclick.mobi

DATA PROTECTION ADDENDUM

Mybestclick Ltd. and its subsidiaries and affiliated companies (collectively, “MYBESTCLICK LTD,” or ‘Mybestclick” or “we “, “us”, “our”), and the legal entity who entered into an agreement for the provision of the Services (“Services”) described in the [MYBESTCLICK LTD Terms of Use] (as amended from time to time, the “Agreement”) regardless of the form of organization (“Customer”), are agreeing to these terms of this Data Protection Addendum ("Addendum" or “DPA”).

This Addendum will be effective and replace any previously applicable terms relating to their subject matter, as of the Agreement affective date.

If you are accepting this Addendum on behalf of Customer, you warrant that: (a) you have full legal authority to bind Customer to this Addendum; (b) you have read and understand this Addendum; and (c) you agree, on behalf of Customer, to this Addendum. If you do not have the legal authority to bind Customer, please do not accept this Addendum.

1. Definitions

1.1 In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

1.1.1 "Applicable Laws" means (a) European Union or Member State laws with respect to any Company Personal Data; and (b) any other applicable law with respect to any Company Personal Data;

1.1.2 "Company Personal Data" means any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement;

1.1.3 "Customer Personal Data" means any Personal Data Processed by a Contracted Processor on behalf of Customer pursuant to or in connection with the Principal Agreement;

1.1.4 "Contracted Processor" means Company, Customer or a Subprocessor;

1.1.5 "Subprocessor" means any third-party processor appointed by or on behalf of the parties (or by any other Subprocessor appointed by the parties) to Process Personal Data on behalf of either the Company and/or Customer in connection with the Principal Agreement.

1.1.6 "Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;

1.1.7 "EEA" means the European Economic Area;

1.1.8 "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;

1.1.9 "GDPR" means EU General Data Protection Regulation 2016/679;

1.1.10 "Restricted Transfer" means:

1.1.10.1 a transfer of Company Personal Data from Company to a Contracted Processor; or

1.1.10.2 an onward transfer of Company Personal Data from a Contracted Processor to a Contracted Processor, or between two establishments of a Contracted Processor,

in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of a mechanism as approved by the European Commission to ensure adequate safeguards for Personal Data transferred from the EU to countries which the European Commission has not found to offer adequate protection for personal data;

1.1.11 "Services" means the services and other activities to be supplied to or carried out by or on behalf both the Customer and Company pursuant to the Principal Agreement;

1.2 The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

1.3 The word "include" shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.

2. Introduction

2.1 This DPA reflect the parties’ agreement on the processing of Personal Data in connection with the Data Protection Laws.

2.2 Any ambiguity in this DPA shall be resolved to permit the parties to comply with all Data Protection Laws.

2.3 In the event and to the extent that the Data Protection Laws impose stricter obligations on the parties than under this DPA, the Data Protection Laws shall prevail.

3. Application of this DPA

3.1 This DPA will only apply to the extent all of the following conditions are met:

3.1.1 Company (or a Subprocessor on its behalf) processes Personal Data that is made available by the Customer in connection with the Principal Agreement.

3.1.2 Customer (or a Subprocessor on its behalf) processes Personal Data that is made available by the Company in connection with the Principal Agreement.

3.1.3 The Data Protection Laws applies to the processing of Personal Data.

3.1.4 This DPA will only apply to the Services for which the parties agreed to in the Agreement, which incorporates the DPA by reference.

4. Processing of Personal Data

4.1 Independent Controllers. Each party:

4.1.1 may act as an independent Controller of Personal Data under the Data Protection Laws and as such, will individually determine the purposes and means of its processing of Personal Data; and

4.1.2 will comply with the obligations applicable to it under the Data Protection Laws with respect to the processing of Personal Data.

4.1.3 instruct the Contracted Processor (and authorise it to instruct each Subprocessor) with respect to the processing of its Personal Data and/or the transfer of Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement.

4.2 Contracted Processors. Each Party shall:

4.2.1 comply with all applicable Data Protection Laws in the Processing of each other’s Personal Data; and

4.2.2 not Process each other’s Personal Data other than on documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted is subject, in which case it shall, to the extent permitted by Applicable Laws, inform the other Party of that legal requirement before the relevant Processing of that Personal Data.

4.3 Sharing of Personal Data. In performing its obligations under the Principle Agreement, a Party may provide Personal Data to the other Party. Each party shall process Personal Data only for (i) the purposes set forth in the Principle Agreement or as (ii) otherwise agreed to in writing by the parties, provided such processing strictly complies with (iii) Data Protection Laws, (ii) Relevant Privacy Requirements and (iii) its obligations under this DPA (the “Permitted Purposes”). Each Party shall not knowingly share any Personal Data with the other Party (i) that allows Data Subjects to be directly identified (for example by reference to their name and e-mail address); (ii) that contains Personal Data relating to children under 13 years.

4.4 Lawful grounds and transparency. Each Party shall maintain a publicly-accessible privacy policy on its mobile apps and websites that is available via a prominent link that satisfies transparency disclosure requirements of Data Protection Laws. Each Party warrants and represents that it has provided Data Subjects with appropriate transparency regarding data collection and use and all required notices and obtained any and all consents or permissions necessary under Data Protection Laws. With respect to processing Personal Data for cross Advertising and/or in connection with collection of precise geo-location data, each Party shall ensure that proper affirmative act of consent from Data Subjects in accordance with Data Protection Law and Relevant Privacy Requirements was given in order for itself and the other Party to Process such Personal Data as set out herein. The foregoing shall not derogate from either Party’s responsibilities under the Data Protection Laws (such as the requirement to provide information to the data subject when the Personal Data in connection with the processing of Personal Data). Both parties will cooperate in good faith in order to identify the information disclosure requirements and each party hereby permits the other party to identify it in the other party’s privacy policy, and to provide a link to the other party’s privacy policy in its privacy policy.

4.5 Data Subject Rights. It is agreed that where either party receives a request from a Data Subject in respect of Personal Data controlled by such Party, then such Party shall be responsible to exercise the request, in accordance with Data Protection Laws.

5. Personal Data Transfers

5.1 Transfers of Personal Data Out of the European Economic Area. Either party may transfer Personal Data outside the European Economic Area if it complies with the provisions on the transfer of Personal Data to third countries in the Data Protection Laws (such as through the use model clauses or transfer of Personal Data to jurisdictions as may be approved as having adequate legal protections for data by the European Commission).

6. Security and Protection of Personal Data.

6.1 The parties will provide a level of protection for Personal Data that is at least equivalent to that required under Data Protection Laws. Both parties shall implement appropriate technical and organizational measures to protect the Personal Data. In the event that a party suffers a confirmed Security Incident, each party shall notify the other party without undue delay and the parties shall cooperate in good faith to agree and action such measures as may be necessary to mitigate or remedy the effects of the Security Incident.

7. Subprocessing

7.1 Company authorises Customer (as a Contracted Processor) to appoint (and permit each Subprocessor appointed in accordance with this section to appoint) Subprocessors in accordance with this section and any restrictions in the Principal Agreement.

7.2 Customer may continue to use those Subprocessors already engaged by Customer as of the date of this Addendum, subject to Customer in each case as soon as practicable meeting relevant the obligations set out in this Addendum.

7.3 Customer shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within 30 days of receipt of that notice, Company notifies Customer in writing of any objections (on reasonable grounds) to the proposed appointment, Customer will not appoint (nor disclose any Company Personal Data to) the proposed Subprocessor except with the prior written consent of Company.

7.4 With respect to each Subprocessor, Customer shall:

7.4.1 before the Subprocessor first Processes Company Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement;

7.4.2 ensure that the arrangement between on the one hand (a) Customer, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this Addendum and meet the requirements of article 28(3) of the GDPR;

7.4.3 if that arrangement involves a Restricted Transfer, ensure the use of an approved mechanism for achieving adequacy, and

7.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Company may request from time to time.

8. Data Protection Impact Assessment and Prior Consultation

8.1 Customer shall provide reasonable assistance to Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

9. Deletion or return of Company Personal Data

9.1 Subject to sections 9.2 and 9.3 Customer shall promptly delete and procure the deletion of all copies of Company Personal Data upon cessation of any Services involving the Processing of Company Personal Data.

9.2 Each Contracted Processor may retain Company Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Customer shall ensure the confidentiality of all such Company Personal Data and shall ensure that such Company Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.

9.3 Customer shall provide written certification to Company that it has fully complied with this section 10.

10. Liability

10.1 Notwithstanding anything else in the Agreement, the total liability of either party towards the other party under or in connection with this DPA will be limited to the maximum monetary or payment-based amount at which that party’s liability is capped under the Agreement (for clarity, any exclusion of indemnification claims from the Agreement’s limitation of liability will not apply to indemnification claims under the Agreement relating to the Data Protection Laws).

11. General Terms

Governing law and jurisdiction

11.1.1 the parties to this Addendum hereby submit to the choice of jurisdiction stipulated in the Principal Agreement with respect to any disputes or claims howsoever arising under this Addendum, including disputes regarding its existence, validity or termination or the consequences of its nullity; and

11.1.2 this Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Principal Agreement.

Order of precedence

11.2 Nothing in this Addendum reduces Customer's obligations under the Principal Agreement in relation to the protection of Personal Data or permits Customer to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Principal Agreement. In the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Principal Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this Addendum, the provisions of this Addendum shall prevail.

Changes in Data Protection Laws

11.3 Company may propose any variations to this Addendum which Company reasonably considers to be necessary to address the requirements of any Data Protection Law.

11.4 If Company gives notice under section 11.4, the parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Company's notice as soon as is reasonably practicable.

Severance

11.5 Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.