JOINT CONTROLLERSHIP AGREEMENT

Last updated: February 10, 2025

This Joint Controllership Agreement (the ‘Agreement’) defines the regulation of the relationship between Snovio Inc. (the ‘Company’, ‘Snov.io’, ‘Snovio’, ‘we’, ‘us’ or ‘our’) and Clients of the Company who use the Company’s services (the ‘Client’, ‘you’ or ‘your’) regarding the processing of Prospects’ personal data by Snovio and a Client (hereinafter referred to individually as a ‘Party’ or together as the ‘Parties’) and supplements the Snovio’s Terms and Conditions (hereinafter ‘Terms’), the agreement between you and Snovio Inc., which is governing your use of the Services.

ALL CLIENTS OF THE COMPANY ARE REQUIRED TO READ THIS JOINT CONTROLLERSHIP AGREEMENT TO UNDERSTAND HOW THE COMPANY USES, PROCESSES, AND STORES PROSPECTS’ PERSONAL DATA WHILE PROVIDING SERVICES TO THE CLIENTS. .mb-0

1. DEFINITIONS

‘Applicable Laws and Regulations’ means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, the United Kingdom, the United States and its states, Brazil, applicable to the processing of personal data under the Terms as amended from time to time, such as the GDPR, UK Data Protection Laws, Brazil’s Data Protection Laws, or other applicable laws and regulations.

‘Standard Contractual Clauses published by the Brazilian Data Protection Authority’ means standard contractual clauses, prepared and approved by the Brazilian Data Protection Authority (ANPD), that establish minimum guarantees and valid conditions for carrying out an international data transfer based on item II(b) of Article 33 of Law No. 13,709, of August 14, 2018, as currently set out at https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/documentos-de-publicacoes/regulation-on-international-transfer-of-personal-data.pdf.

‘Data Exporter’ means a legal entity or a natural person that acts as a Data Controller in the meaning of the Applicable Laws and Regulations and transfers Personal Data to a Data Importer under this Agreement.

‘Data Importer’ means a legal entity or a natural person that acts as a Data Controller that receives Personal Data from the Data Exporter under this Agreement.

‘controller’, ‘processor’, ‘data subject’, ‘personal data’, and ‘processing’ have the meanings given in Applicable Laws and Regulations.

‘International Data Transfer’ means the transfer of personal data to a foreign country or to an international organization of which the country is a member.

‘Joint Controller’ means the natural or legal person, public authority, agency, or other body, which, jointly with other controllers, determines the purposes and means of the processing of Personal Data.

‘Personal Data’ means any information relating to a data subject, namely an identified or identifiable natural personal.

‘Prospect’ means a third-party data subject whose personal data related to their business interests or occupation is used in the process of providing services by us to our Clients within our Platform.

‘Public Authority’ means a government agency or law enforcement authority, including judicial authorities.

‘Services’ means sourcing, lead generation and sales automation services provided by the Company via the online platform and web application to Clients.

‘Supervisory Authority’ means an independent public authority to be responsible for monitoring the application of the data protection legislation.

‘Platform’ means collectively the website https://snov.io/, web and mobile application app Snov.io, and API methods available by api.snov.io hostname.

‘Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

‘GDPR’ means the regulation (EU) 2016/679 of the European Parliament and of the Council of the 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

‘Brazil’s Data Protection Laws’ means Law No. 13,709, of August 14, 2018, as amended by Law No. 13,853 of July 8, 2019 (Lei Geral de Proteção de Dados (LGPD)) and Resolution 19/2024, approving the Regulation on international data transfers and the content of standard contractual clauses;

‘Profiling’ means any automated profiling, namely any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyze or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior.

‘UK Addendum’ means International Data Transfer Addendum to the EU Standard Contractual Clauses that have been issued by the Information Commissioner for Parties making Restricted Transfers in the meaning of the UK Data Protection Laws, as currently set out at https://ico.org.uk/media/for-organisations/documents/4019483/international-data-transfer-addendum.pdf

‘UK Data Protection Laws’ means the Data Protection Act 2018 and the UK GDPR (retained version of the EU GDPR).

2. GENERAL PROVISIONS

2.1. When processing personal data of Prospects, Parties shall respect the obligations set forth in this Agreement and in the Applicable Laws and Regulations.

2.2. Snovio and you may act as the Joint Controllers of the following personal data of Prospects: email address and/or first name, last name, corporate email, location (not precise), industry, current and previous position, place of work, links to social media (the ‘Prospect Data’) that you have provided to us manually, via integrations, or generated/collected through Snovio’s tools.

2.3. Snovio and you are the Joint Controllers of the Prospect Data regarding the processing of such personal data.

2.4. Parties jointly determined that the purposes of the processing of the Prospect Data are as follows:

for Clients, to process (store, use, delete, etc.) the Prospect Data within the Platform to be able to use the Services;

for Snovio, to provide Services to you and other Clients and maintain the operation of the Platform.

2.5. Parties jointly determined that the Prospect Data hereunder shall be processed by the means specified in Snovio’s Terms and Conditions incorporated by reference hereunder.

2.6. Snovio processes Prospect Data on the basis of Article 6(1)(f) of the GDPR and pursuant to the respective warranties specified in section 4 hereunder, based on our, your and your potential business partner’s legitimate interests, namely to:

contribute to business cooperation between you and your potential business partners;

create and assist in discovering new business-targeted marketing and sales opportunities for you and your potential business partners;

allow you to expand your database of potential business partners;

develop a new unique platform that simplifies and facilitates professional interaction between businesses;

allow you to use an online platform for businesses that combines sales, CRM, analytics, marketing, and email service functionality;

allow your potential business partners to approach new potential and verified clients or suppliers;

allow your potential business partners to commercialise the use of their publicly posted information related to their professional or business interests/occupations.

2.7. Snovio has completed the balancing test and verified that the fundamental rights and freedoms of the Prospects that require protection of the Prospect Data do not override the legitimate interests of Snovio, Clients, and Prospects specified in clause 2.6 herein.

2.8. Snovio stores Prospect Data for the entire period during which you use the Services and for 3 (three) months after the termination of the Client’s account on the Platform. However, Snovio may store particular Prospect Data thereafter for the entire period during which other Clients use the Services if you and other Clients have simultaneously provided such Prospect Data to Snovio, but in any case only as long as necessary to provide Services to you and other Clients hereunder. In any case, such information can be deleted if we obtain a deletion request from a Prospect.

2.9. Snovio and you may have other processing roles and statuses during other processing operations involving the Prospect Data or other personal data as provided under Snovio’s Privacy Policy and other personal data policies/agreements.

3. DATA TRANSFER

3.1. In certain circumstances, Snovio may transfer Prospect Data to its contractors located in third countries outside the EU, UK, or Brazil. This includes the onward transfers of personal data from the third countries to other third countries, inter alia, to the USA.

3.2. Snovio may transfer Prospect Data as specified in clause 3.1 afore to the following contractors:

Name	Country of location	Website	Data transfer policy
Amazon Web Services	USA	https://aws.amazon.com/?nc2=h_lg	https://aws.amazon.com/privacy/?nc1=f_pr
Snovio’s outsource technical, legal, sales, and marketing specialists	Ukraine, USA, Brazil, China		Non-Disclosure Agreements and Data Processing Agreements signed between Snovio and each outsource specialist.

3.3. If so, Snovio may transfer Prospect Data to its contractors located in third countries outside the EU, UK, and Brazil, including the onward transfers of the personal data from the third countries to other third countries, only on a basis of the appropriate safeguards, namely standard data protection clauses between Snovio and its contractors. Such standard data protection clauses embodied in the Company’s public documents may be provided either by Snovio or by Snovio’s contractors.

3.4. Snovio undertakes appropriate technical and organizational measures to secure the transfer of Prospect Data to its contractors located in third countries outside of the EU, UK, Brazil and onward, namely:

written information and access security policies and procedures;

encryption of all transferred data;

protected server and admin panel access via corporate VPN network only;

two-factor authentication of Snovio team members who access Prospect Data;

limitation of access to Prospect Data based on authority and tasks of the departments;

security measures implemented by contractors specified in their data transfer policies enlisted in clause 3.2 afore, e.g. key management, threat detection, DoS and DDoS protection, rotate, manage, and retrieve secrets, deployment of public and private SSL/TLS certificates, etc.

4. REPRESENTATIONS AND WARRANTIES

4.1. Each Party undertakes to implement appropriate technical and organizational measures that comply with applicable laws and regulations designed to:

ensure and protect the security, integrity, and confidentiality of the Prospect Data;

and

protect the Prospect Data against any unauthorized processing, loss, use, disclosure, or acquisition of or access.

4.2. Each Party ensures that the Prospect Data is accurate and undertakes to notify the other Party with undue delay if it becomes aware of inaccuracies in the Prospect Data.

4.3. You hereby represent and warrant that:

you collected the Prospect Data on a lawful basis provided under the Applicable Laws and Regulations;

transfer of the Prospect Data to Snovio and further processing of the Prospect Data by Snovio do not violate the Prospects’ rights and interests AND rights and interests of any third Parties AND comply with the requirements of the Applicable Laws and Regulations;

you will comply with the provisions of Applicable Laws and Regulations, in particular with the controller’s transparency obligations to provide all data subjects whose Prospect Data you obtain using Snovio services and tools with all the information indicated in the Applicable Laws and Regulations, including at the latest at the time of the first communication to that data subject as (i) informing all data subjects whose Prospect Data you provide Snovio with regarding the processing of their data constitutes disproportionate efforts for Snovio and (ii) processing of the Prospect Data does not always allow Snovio to obtain the correct contact details of the data subject to inform them on the fact of data processing;

you will inform us of any Prospects’ complaints, claims, or requests related to the respective Prospect Data and will not undertake any actions in this regard without the approval of Snovio;

you will fulfill all data subjects’ requests related to the processing of personal data as specified herein without undue delay and according to your capacity; whether your capacity does not allow you to fulfill the particular data subject’s request, you will undertake the best possible efforts to facilitate the fulfillment of such request;

you informed all Prospects whose Prospect Data you transferred to Snovio of the possible risks of the data transfer specified in section 3 hereof pursuant to the absence of an adequacy decision under the Applicable Laws and Regulations in this regard, and none of the respective Prospects objected to such transfer;

you will inform us of any complaints, claims, or requests from supervisory authority related to the respective Prospect Data and will not undertake any actions in this regard without the approval of Snovio;

you will promptly and properly deal with all inquiries from Snovio regarding the processing of the Prospect Data;

you will promptly notify Snovio of the commencement of any litigation or proceedings against Snovio or any of its officers/employees/contractors etc., in connection with the processing of the Prospect Data as specified hereunder;

you apply the appropriate security measures to protect the Prospect Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation.

4.4. Snovio fully relies on the representations and warranties provided above during the processing of the Prospect Data as specified hereunder.

4.5. You agree to indemnify and hold harmless Snovio and each of its directors, officers, employees, contractors, and any person, if any, who controls Snovio against any loss, liability, claim, damages, or expense (including the reasonable cost of investigating or defending any alleged loss, liability, claim, damages, or expense and reasonable counsel fees incurred in connection therewith) arising, including without limitation by reason of:

any actions or omissions committed by you, your directors, officers, employees, contractors, or any related person;

violation of any representations or warranties specified afore;

filing complaints regarding the processing of the Prospect Data as specified hereunder, regardless of whether such complaints were filed by the Prospect(s) or not; and

decision of the supervisory authority.

5. DATA SUBJECTS RIGHTS

5.1. Data subjects whose personal data are processed as specified hereunder may exercise the following rights:

right to access, namely to know whether their personal data are being processed and, if so, access such data;

right to rectification, namely to ask the Snovio or you to correct his/her personal data if they are inaccurate;

right to erasure (‘right to be forgotten’), namely to obtain from Snovio the erasure of his/her personal data without undue delay, and Snovio has to erase such personal data without undue delay;

right to restriction of processing, namely to limit the processing of his/her personal data with several exceptions under the scope of the Applicable Laws and Regulations;

right to be informed, namely, you are obliged to inform data subjects of what data is being collected, how it’s being used, how long it will be kept, and whether it will be shared with any third parties; this information must be communicated concisely and in plain language;

right to data portability, namely to obtain and reuse his/her personal data for his/her own purposes across different services; this right only applies to personal data that the data subject has provided Snovio/you with by way of the consent;

right to object, namely to object to the processing of personal data that are being processed by Snovio; Snovio stops processing of personal data unless Snovio can demonstrate the compelling legitimate grounds for the processing that overrides the interests, rights, and freedoms of the individual or if the processing is undertaken for the establishment or exercise of defense of legal claims;

right not to be subject to a decision based solely on automated processing, namely to object to Profiling that is occurring without consent; herewith, data subjects may request their personal data to be processed with human involvement;

right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.

5.2. Any data subject may exercise any of the rights provided above by sending a request to the email address help@snov.io or by contacting Snovio via the Platform’s chat window available at https://snov.io/ or realize the right to erasure or right to object via Snovio’s Clear from list tool to automatically delete their email address from the Platform for further use by Clients within the Platform. Any request of the data subject must include the name, contact information of the data subject, rights which the data subject wants to exercise, personal data processed by Snovio/Client, details, and reason/justification of such request.

5.3. Periods of the fulfillment of data subjects’ requests (taking into account that periods start from the moment Snovio/Client receives the request) are defined by Applicable Laws and Regulations.

5.4. In some cases, a data subject has the right to lodge a complaint about the use of his/her personal data with a data protection authority. If so, the data subject shall contact his/her national data protection authority. Parties hereby represent and warrant to cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between the data subject and any of the Parties.

6. REQUESTS OF PROSPECTS

6.1. If you receive any complaint, claim, or request from the Prospect regarding the use of the respective Prospect’s Data, you shall undertake to inform us of it immediately and avoid taking any actions in reaction to the received complaint/claim/request without the approval of Snovio.

6.2. Subject to the consultation with/approval of Snovio, you warrant to fulfill all data subjects’ requests related to the processing of personal data as specified herein without undue delay and according to your capacity. Provided that your capacity does not allow you to fulfill the particular data subject’s request, you will undertake the best possible efforts to facilitate the fulfillment of such request.

6.3. If Snovio receives any complaint, claim, or request from the Prospect regarding the use of the respective Prospect’s Data, we shall immediately notify you of this request and take the necessary preliminary actions, e.g., send a response to the Prospect acknowledging the receipt of the request/claim/complaint and informing them of the proposed further action to be taken on our part.

6.4. You undertake to respond to Snovio’s notification specified in clause 6.3. herein within twenty four (24) hours and provide the necessary explanations, required information, any other details, and available instructions requested by Snovio to serve the Prospect’s complaint/claim/request. If you fail to respond, you hereby authorize Snovio to choose the way of fulfillment of such complaint/claim/request at our sole discretion, including the erasure of the Prospect Data specified by the Prospect.

7. DATA BREACHES

7.1. Parties will notify each other as soon as possible of any potential or actual loss of the Prospect Data and/or any breach of the technical and/or organizational measures taken, but, in any event, within 24 hours after identifying any potential or actual loss and/or breach.

7.2. Parties will provide each other with reasonable assistance as required to facilitate the handling of any Data Breach.

8. RESOLUTIONS OF DISPUTES AND CLAIMS RELATED TO PERSONAL DATA

If the Prospect, data protection authority, or any other person brings a dispute or claim concerning the processing of the Prospect Data against Snovio or both Parties, Parties will inform each other about such disputes or claims and will cooperate with each other as far as permitted by the Applicable Laws and Regulations.

9. COMMENCEMENT, DURATION AND SURVIVAL

9.1. This Agreement shall commence on the date specified in the beginning of the Agreement and shall last for the entire period of provision of Services and processing of the Prospect Data as specified hereunder.

9.2. The obligations set forth in this Agreement shall survive the expiration or termination (for whatever reason) of the Parties’ cooperation for as long as the processing of the Prospect Data as specified hereunder will take place.

10. NULLITY

If any provision of this Agreement is null and void or cannot be otherwise enforced, the remaining provisions will remain in full force. Parties will then agree on a provision that approximates the scope of the void or unenforceable provision as much as possible. .mb-0

11. GOVERNING LAW AND RELATED DOCUMENTS

11.1. All disputes relating to this Agreement, its execution and interpretation, OR any Prospect Data hereunder will be governed by the substantive law of the State of Delaware, USA.

11.2. All disputes relating to this Agreement, its execution and interpretation OR any Prospect Data hereunder will be submitted to the competent courts in the State of Delaware, USA.

11.3. The following documents and policies constitute an integral part of this Agreement:

Snovio’s Terms and Conditions are available at https://snov.io/t_and_c;

Snovio’s Privacy Policy is available at https://snov.io/privacy-policy.

12. TRANSFER OF PERSONAL DATA

12.1. Parties agree that when the processing of Prospect Data in connection with Services constitutes a transfer under Applicable Laws and Regulations, and appropriate safeguards are required, such processing will be subject to the EU Standard Contractual Clauses, UK Addendum, Standard Contractual Clauses published by the Brazilian Data Protection Authority, which are deemed to incorporated into and form part of this Agreement as further described in subsections 12.5., 12.6. and 12.7. of this Agreement. If and to the extent the EU SCCs, UK Addendum, and/or SCCs published by the Brazilian Data Protection Authority, as applicable, conflict with any provision of the Agreement, the EU SCCs, UK Addendum, and SCCs published by the Brazilian Data Protection Authority shall prevail to the extent of such conflict.

12.2. You acknowledge and agree that with regard to the transfer of personal data under this Agreement, you can be considered a Data Controller, and Snovio can be simultaneously considered as a Data Controller (as defined by the Applicable Laws and Regulations), as further described in this section.

12.3. The EU SCCs, UK Addendum, and/or SCCs published by the Brazilian Data Protection Authority form an integral part of this Agreement and shall not apply to situations where Snovio acts as a Data Processor in accordance with Snovio’s Privacy Policy and respective Data Processing Addendum (DPA).

12.4. Both Parties agree to abide by and process personal data protected by the Applicable Laws and Regulations, including the Standard Contractual Clauses approved by the European Commission decision 2021/914 of 4 June 2021, UK Addendum to the EU Standard Contractual Clauses that has been issued by the Information Commissioner for Parties making Restricted Transfers in the meaning of the UK Data Protection Laws and the relevant Standard Contractual Clauses published by the Brazilian Data Protection Authority in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons for transfer of personal data. For the purposes of the descriptions in subsections 12.5., 12.6. and 12.7., both Parties agree that Snovio is the ‘Data Exporter’ and you are the ‘Data Importer’.

12.5. Transfers under the GDPR. When the processing of Prospect Data in connection with Services constitutes a ‘transfer’ under the GDPR, Module 1 of Standard Contractual Clauses shall apply.

For the purpose of the EU SCCs, we are a ‘Data Exporter’, and you are a ‘Data Importer’. The relevant provisions contained in the EU SCCs are incorporated by reference and are an integral part of this Agreement. Clauses and annexes of the EU SCCs are deemed to be completed as follows:

(i) in Clause 7, the optional docking clause shall not apply;

(ii) in Clause 11, the optional provision shall not apply;

(iii) in Clause 13, Option 2 shall apply, the Data Exporter is not established in an EU Member State but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679 and the supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Schedule 1, shall act as competent supervisory authority;

(iv) in Clause 17, Option 1 shall apply. The EU SCCs shall be governed by the law of the Federal Republic of Germany;

(v) in Clause 18(b), disputes shall be resolved by the courts of the Federal Republic of Germany;

(vi) Annex I of the EU SCCs is deemed completed with the information set out in Schedule 1 of this Agreement;

(vii) Annex II of the EU SCCs is deemed completed with the information set out in Schedule 2 of this Agreement.

12.6. Transfers under UK Data Protection Laws. When the processing of Prospect Data in connection with Services constitutes a ‘restricted transfer’ under UK Data Protection Laws, the UK Addendum shall apply. When the Company and Client act as Data Controllers, Module 1 of Standard Contractual Clauses shall apply as completed in subsection 12.5. of this Agreement.

For the purpose of the UK Addendum, we are an ‘Exporter’, and you are an ‘Importer’. The relevant provisions contained in the UK Addendum are incorporated by reference and are an integral part of this Agreement. Tables in the UK Addendum are deemed to be completed as follows:

(i) Table 1 in Part 1 is deemed completed with the information set out in Schedule 1 of this Agreement, and the official registration number of the Exporter is 6896854, and the official registration number of the Importer is contained in the Client’s account, if any;

(ii) Table 2 in Part 1 is deemed completed accordingly with the information set out in subsection 12.5. of this Agreement;

(iii) Table 3 in Part 1 is deemed completed with the information set out in Schedules 1, 2 and 3 of this Agreement;

(iv) in Table 4 in Part 1, neither Party may end this Addendum as set out in Section 19 of the UK Addendum.

12.7. Transfers under the Brazil’s Data Protection Laws. When the processing of Prospect Data in connection with Services constitutes an ‘International Data Transfer’ under Brazil’s Data Protection Laws, the Standard Contractual Clauses published by the Brazilian Data Protection Authority shall apply.

For the purpose of the UK Addendum, we are an ‘Exporter’, and you are an ‘Importer’. The relevant provisions contained in the SCCs, published by the Brazilian Data Protection Authority, are incorporated by reference and are an integral part of this Agreement. Clauses and annexes of the SCCs published by the Brazilian Data Protection Authority are deemed to be completed as follows:

(i) in Clause 1, the tables with the information about the Exporter and Importer are deemed to be completed with the information as defined in this Agreement. The Company is the ‘Exporter’ and ‘Controller’, and the Client is the ‘Importer’ and ‘Controller’;

(ii) in Clause 2, the table with a description of the International Data Transfers is deemed to be completed with the information as defined in Schedule 1;

(iii) in Clause 3, Option A shall apply;

(iv) in Clause 4, Option A shall apply. In subsection 4.1. (a), the Exporter is responsible for publishing the document as provided in Clause 14. The respective document is Snovio’s Privacy Policy. At the same time, the Importer holds the responsibilities as defined in subsection 4.3 of this Agreement. In subsection 4.1. (b), the Party is responsible for responding to requests from Data Subjects dealt with in Clause 15 as defined in section 6 of this Agreement. In subsection 4.1. (c), the Party is responsible for notifying the security incident provided in Clause 16 as defined in section 7 of this Agreement;

(v) SECTION III is deemed to be completed with the information set out in Schedule 2 of this Agreement;

(vi) SECTION IV is deemed to be completed with the information set out in this Agreement that is not reflected in the Clauses in this subsection. The date of signing SCCs is the date of registering on the Platform and execution of Terms. The place of the signed SCCs is the place of the Company’s registration.

COMPANY DETAILS:

Snovio Inc., a Delaware company, company number 6896854;

Address: 220 East 23rd Street, 5th Floor, Office 500, New York, 10010 USA.

External Data Protection Officer:

Privacity GmbH

Germany, Hamburg,

Neuer Wall 50, 20354

Email: snovio_dpo@snov.io.

SCHEDULE 1 - DESCRIPTION OF PROCESSING

A. LIST OF PARTIES

Data exporter

Name: Snovio Inc.

Address: 220 East 23rd Street, №401, New York, NY, USA 10010

Contact person’s name, position, and contact details: Director, Oleksii Kratko, admin@snov.io

Activities relevant to the data transferred under these Clauses: the provision of Services as defined by Terms when the Parties act as joint controllers.

Signature and date: the Parties agree that execution of Terms by the Data Importer shall constitute execution of this Agreement by both the Data Importer and Data Exporter. The date of the registration of the account on the Platform shall be considered the date of execution of this Agreement.

Role: controller

Data importer

Name: You, ‘Client’, ‘User’

Address: the relevant information is contained in the Client’s account.

Contact person’s name, position, and contact details: the relevant information is contained in the Client’s account.

Activities relevant to the data transferred under these Clauses: the provision of Services as defined by Terms when the Parties act as joint controllers.

Signature and date: the Parties agree that execution of Terms by the data importer shall constitute execution of this Agreement by both the Data Importer and Data Exporter. The date of the registration of the account on the Platform shall be considered the date of execution of this Agreement.

Role: controller

B. DESCRIPTION OF TRANSFER

1. Categories of data subjects whose personal data is transferred:

Prospects

2. Categories of personal data transferred:

personal data can include the following information:
- email address;
- first name;
- last name;
- corporate email;
- location (not precise);
- industry;
- current and previous position;
- place of work;
- links to social media.

3. Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved:

The Data Exporter does not collect any special categories of data (sensitive data), and the Data Importer does not obtain access to the special categories of data (sensitive data).

4. The frequency of the transfer:

The personal data is transferred on a continuous basis.

5. Nature of the processing:

Personal data processing consists of the following: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, alignment or combination, restriction, erasure or destruction.

6. Purpose(s) of the data transfer and further processing:

The purpose of the data processing under this Agreement is the provision of Services under the Terms concluded between the Data Exporter and the Data Importer.

7. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

The personal data shall be stored for the duration of this Agreement concluded between the Data Exporter and the Data Importer, unless otherwise agreed in writing or the Data Importer is required by Applicable Laws and Regulations to retain some or all of the transferred personal data.

8. For transfers to (sub-) processors, also specify the subject matter, nature, and duration of the processing:

The Data Importer may engage other processors, for example, to provide secure transfer and storage of personal data on servers. Such processing may involve the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, alignment or combination, restriction, erasure, or destruction of personal data. The personal data transferred to processors shall be deleted after the end of the provision of the services by the Data Exporter under the Terms unless the Data Importer is required by Applicable Laws and Regulations or contractual obligations to retain some or all of the transferred personal data.

C. COMPETENT SUPERVISORY AUTHORITY

In accordance with Clause 12 of the EU SCCs, the competent supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) (Federal Republic of Germany).

SCHEDULE 1 - TECHNICAL AND ORGANISATIONAL MEASURES, INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

The technical and organizational measures implemented by the Data Importer(s) to ensure an appropriate level of security, taking into account the nature, scope, context, and purpose of the processing, and the risks for the rights and freedoms of natural persons are described in the Data Importer’s Privacy Policy or in any other document provided that such document contains the list of technical and organizational measures implemented by the Data Importer.