This Data Processing Addendum (this “DPA”) forms part of the Master Subscription License Agreement, or other agreement between Customer and Macrobond governing Customer’s use of the Macrobond Products (“Agreement”), between Macrobond Financial AB (“Macrobond”) and the party identified as “Customer” and/or “End User” in the Agreement (“Customer”) (each a “Party” and together, the “Parties”).
The effective date of this DPA is the effective date of the Agreement or, if executed separately, the date of the last signature of this DPA (“Effective Date”).
This DPA describes the commitments of the Parties concerning the processing of Personal Data in connection with Customer’s use of the Products. Any capitalized term not defined in this DPA will have the meaning given it in the Agreement.

This Addendum was last updated on May 2026.

The Parties agree as follows:

1.Definitions.The following capitalized terms, when used in this DPA, will have the corresponding meanings provided below:

a. “Applicable Data Protection Laws” means all worldwide privacy and data protection laws, regulations, rules, ordinances and other decrees applicable to the Personal Data, including (but not limited to): (i) European Data Protection Laws; and (ii) all laws and regulations of the United States, including the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 et seq.) (CCPA); as may be amended, superseded or replaced.
b. “Customer Personal Data” means any Personal Data processed by Macrobond on behalf of Customer as a service provider or processor (as applicable) in connection with the Products and/or services, as more particularly described in Annex A of this DPA.
c. “EEA” means the Member States of the European Union, plus Iceland, Liechtenstein, and Norway.
d. “European Data Protection Laws” means: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (“e-Privacy Directive”); (iii) any applicable national implementations of (i) and (ii); (iv) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance (“Swiss FDPA”); and (v) in respect of the United Kingdom, the Data Protection Act 2018 and any applicable national legislation that replaces or converts into domestic law the GDPR, e-Privacy Directive or any other law relating to data and privacy as a consequence of the UK leaving the European Union (collectively, “UK Data Protection Laws”); in each case as may be amended, superseded or replaced.
e. “Model Clauses” means, depending on the circumstances unique to Customer, any of the following: (i) the standard contractual clauses for processors as approved by the European Commission pursuant to its decision 2021/914 (the “2021 Standard Contractual Clauses”), and (ii) the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, Version B1.0, in force from March 21, 2022, (“UK IDTA”), each alternatively referred to as Standard Contractual Clauses, incorporated by reference and forming part of this DPA.
f. “Personal Data” means any information that relates to an identified or identifiable natural person and which is protected as “personal data”, “personal information” or “personally identifiable information” under Applicable Data Protection Laws.
g. “Security Incident” means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Personal Data transmitted, stored or otherwise processed by Macrobond and/or its Sub-processors in connection with the provision of the Products and/or services. The Parties acknowledge and agree that “Security Incident” shall not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
h. “Sub-processor” means any processor engaged by Macrobond or its Affiliates to assist in fulfilling its obligations with respect to providing the Products and/or services pursuant to the Agreement or this DPA. Sub-processors may include third parties or Macrobond Affiliates but shall exclude any Macrobond employee, contractor or consultant.
i. The terms “controller”, “processor” and “processing” shall have the meanings given to them in the GDPR, and “process”, “processes” and “processed” shall be interpreted accordingly; and the terms “business”, “service provider” and “sell” shall have the meanings given to them in the CCPA.

2.Role and Scope of Processing

a. Scope. Subject to Section 2(b), this DPA applies to the extent that Macrobond processes as a processor or service provider (as applicable) any Customer Personal Data protected by Applicable Data Protection Laws.
b. Role of the Parties. The Parties acknowledge and agree that Customer is the relevant business, controller or processor (as applicable) of Customer Personal Data, and Macrobond is a service provider, processor or sub-processor (as applicable) on behalf of Customer, as further described in Annex A of this DPA. Macrobond shall not determine the purposes or means of processing Customer Personal Data other than as strictly necessary to provide the Products in accordance with the Agreement. Each Party will comply with all laws, rules and regulations applicable to it and binding on it in the performance of this DPA, including any Applicable Data Protection Laws.
c. Macrobond processing of Personal Data. Macrobond agrees that it shall process Customer Personal Data only for the purposes described and documented in this DPA and in accordance with Customer’s documented lawful instructions. The Parties agree that the Agreement (including this DPA) sets out the Customer’s complete and final instructions to Macrobond in relation to the processing of Customer Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Macrobond. Without prejudice to Section 2(d) (Customer responsibilities), Macrobond shall notify Customer in writing, unless prohibited from doing so under Applicable Data Protection Laws, and may suspend processing of Customer Personal Data, if it becomes aware or believes that any data processing instructions from Customer violates Applicable Data Protection Laws.
d. Customer responsibilities. Customer has sole responsibility for (i) the accuracy, quality and legality of Customer Personal Data, (ii) the means by which Customer acquired Customer Personal Data, and (iii) complying with all notice, consent, transparency and lawful basis requirements under Applicable Data Protection Laws.

3.Sub-processing

a. Authorized Sub-processors. Customer acknowledges and agrees that Macrobond may engage Sub-processors for the performance of the Products and services, a current list of which will be supplied upon request.
b. Sub-processor Obligations. To the extent required under the Applicable Data Protection Law, Macrobond will: (i) enter into a written agreement with each Sub-processor imposing data protection terms no less protective of Customer Personal Data as Macrobond’s obligations under this DPA to the extent applicable to the services provided by each Sub-processor; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Macrobond to breach any of its obligations under this DPA.
c. Objections to Sub-processors. Customer may object to the appointment of a new Sub-processor on reasonable grounds relating to data protection. Examples of reasonable bases for objection include where the Sub-processor cannot provide its services in compliance with Applicable Data Protection Law, or its use creates a material security risk. In the event of any such reasonable objection, the Parties shall cooperate in good faith to address such objection. Macrobond shall not be required to suspend or terminate the Products unless expressly agreed in writing.

4.Security and Audits

a. Security Measures. Macrobond shall implement and maintain appropriate technical and organizational security measures designed to protect Customer Personal Data in its control from Security Incidents and to preserve the security and confidentiality of the Customer Personal Data, taking into account the state of the art and industry best practices, the costs of implementation and the nature, scope, context and purposes of processing (“Security Measures”). Such Security Measures will include, at a minimum, those measures described in Annex B of this DPA. Macrobond shall ensure that any person who is authorized by Macrobond to process Customer Personal Data under this DPA shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
b. Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that Macrobond may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Products purchased by the Customer.
c. Customer Security Responsibilities. Customer shall implement and maintain appropriate technical and organizational security measures designed to protect from Security Incidents and to preserve the security and confidentiality of Customer Personal Data under its control. Customer is responsible for (i) protecting the security of all Customer credentials used to access the Products; (ii) securing any Customer system (with such steps to include, without limitation, encryption and protection of access keys and other industry standard steps to preclude unauthorized access); (iii) backing up and securing Customer Personal Data under Customer’s control or other Customer controlled system; and (iv) reviewing the information made available by Macrobond relating to data security and privacy and making an independent determination as to whether the Products meet Customer’s requirements and legal obligations under Applicable Data Protection Law.
d. Security Incident Notifications. Macrobond will notify Customer without undue delay after becoming aware of a Security Incident, as required by applicable laws.  Macrobond will make reasonable efforts to identify the cause of and remediate the Security Incident and mitigate any further risk. Macrobond’s notification of or response to a Security Incident under this Section 4(d) shall not be construed as an acknowledgment by Macrobond of any fault or liability with respect to the Security Incident. The obligations set forth herein shall not apply to Security Incidents to the extent they are caused by Customer or its Designated Users.
e. Security Audits. Macrobond shall make available to Customer, upon written request and on a confidential basis, information reasonably necessary to demonstrate Macrobond’s compliance with this DPA, including third-party audit reports or summaries produced under Macrobond’s audit and assurance programme provided that Customer shall not exercise this right more than once in any twelve (12) month rolling period. Customer shall not be entitled to conduct on-site audits or inspections of Macrobond or its Sub-processors.

5.International Transfers

a. Processing locations. Customer acknowledges and agrees that as part of providing the Products and/or services, Macrobond may transfer Customer Personal Data to locations where Macrobond, its Affiliates or its Sub-processors maintain data processing operations. Macrobond shall at all times ensure such transfers are made in compliance with the requirements of Applicable Data Protection Laws and this DPA.

6.Transfer Mechanisms

a. Transfers Governed by European Data Protection Laws. To the extent that Macrobond processes (or causes to be processed) any Personal Data protected by European Data Protection Laws in a third country not recognized as providing adequate protection for personal data (as described in European Data Protection Laws), then the terms and conditions of Annex C (Transfers of Data) will apply and Customer (as data exporter) will be deemed to have entered into the Model Clauses with Macrobond (as data importer) and Macrobond agrees to abide by and process such Customer Personal Data in compliance with the Model Clauses, which are incorporated in full by reference and form an integral part of this DPA.
For the purposes of the descriptions in the Model Clauses:
(A) Macrobond agrees that it is a “data importer” and Customer is the “data exporter” (notwithstanding that Customer may itself be an entity located outside the EEA or the United Kingdom);
(B) Annex A and Annex B of this DPA shall replace Appendix 1 and Appendix 2 of the Model Clauses.
It is not the intention of either party, nor the effect of this DPA, to contradict or restrict any of the provisions set forth in the Model Clauses. Accordingly, if and to the extent the Model Clauses conflict with any provision of this DPA, the Model Clauses shall prevail to the extent of such conflict. The Model Clauses will not apply to Customer Personal Data that is not transferred, either directly or via onward transfer, outside the EEA or the United Kingdom.
b. Alternative Transfer Mechanism. If and to the extent that Macrobond adopts an alternative data export solution for the transfer of Customer Personal Data as prescribed by applicable European Data Protection Laws (“Alternative Transfer Mechanism”), the Alternative Transfer Mechanism shall apply instead (but only to the extent such Alternative Transfer Mechanism applies to the transfer).
c. Additional Transfer Requirements. If, at any time, Applicable Data Protection Laws require any further steps to be taken in order to permit the transfer of Customer Personal Data as set out in this DPA  and/or the transfer mechanisms in this DPA are amended, replaced, repealed or otherwise terminated under the Applicable Data Protection Law, then Customer and Macrobond agree to work together in good faith to take all steps reasonably required to enable a transfer in compliance with Applicable Data Protection Laws.

7.Deletion of Customer Personal Data

a. Upon termination or expiry of the Agreement, Macrobond shall delete Customer Personal Data unless retention is required by Applicable Data Protection Laws.

8.Data Subject Requests

a. Macrobond shall provide reasonable cooperation to assist Customer to respond to any requests from individuals or applicable data protection authorities relating to the processing of Customer Personal Data under the Agreement. In the event that any such request that identifies Customer is made to Macrobond directly, Macrobond shall not respond to such communication directly without Customer’s prior authorization, unless legally compelled to do so. If Macrobond is required to respond to such a request, Macrobond shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

9.Limitation of Liability

a. Each Party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA (including the Model Clauses) whether in contract, tort (including negligence) or under any other theory of liability, shall be subject to the limitations and exclusions of liability in the Agreement, and any reference in provisions to the liability of a party means the aggregate liability of that party and all of its Affiliates under and in connection with the Agreement and this DPA together.

10.U.S State Privacy Laws (Including CCPA/CPRA)

a. To the extent the CCPA/CPRA applies, Macrobond acts as a service provider/processor and shall not (i) sell or share Customer Personal Data, (ii) retain, use or disclose such data for any purpose other than providing the Products, or (iii) combine Customer Personal Data with personal data obtained from other sources, except as permitted by Applicable Data Protection Laws.

11.Miscellaneous

a. In the event of any conflict between this DPA and the Agreement, the Parties agree that the terms of this DPA shall prevail, provided that if and to the extent there is any conflict between the Standard Contractual Clauses and any other terms in this DPA, the provisions of the Standard Contractual Clauses will prevail with respect to processing governed by the Standard Contractual Clauses.
b. The Parties agree to attempt in good faith to resolve any dispute arising out of or relating to this DPA, before and as a prior condition for commencing legal proceedings of any kind. Any and all negotiations pursuant to this Section 11(b) are confidential and will be treated as compromise and settlement negotiations for purposes of applicable rules of evidence.
c. Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect.
d. This DPA may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument.
e. If any provision or part-provision of this DPA is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of the DPA.
f. This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless required otherwise by European Data Protection Laws.
g. Except as expressly set out in this DPA or required by Applicable Data Protection Laws, Customer may not impose additional data protection, security, audit or compliance obligations on Macrobond without Macrobond’s prior written agreement expressly referencing this DPA.

 

Annex A
Data Processing Description
This Annex A forms part of the DPA and describes the processing that Macrobond will perform on Customer Personal Data as processor or Sub-processor on behalf of Customer as the controller or processor, as applicable.

Customer Personal Data Duration
The duration of the data processing under this DPA is until the termination of the Agreement in accordance with its terms plus the period from the expiry of the Agreement until deletion of personal data by Macrobond in accordance with the terms of the Agreement (including this DPA).

Categories of data
The personal data to be processed concern the following categories of data (please specify):

  • Personal Data in Support content or through the Amplify Product: Personal Data provided by or on behalf of Customer or Authorized Users in a support ticket or as part of the Amplify Product.
  • Name, email address and phone number.

Special categories of data (if appropriate)
The Parties do not intend for any special category data to be processed under the Agreement.

Data subjects
The personal data to be processed concern the following categories of data subjects (please specify):

  • Data subjects include individuals about whom data is provided to Macrobond via the Products by or at the direction of Customer, including Designated Users. Data subjects may include Customer’s customers, employees, suppliers and End Users.

Processing operations
The personal data will be subject to the following basic processing activities (please specify):

  • processing to provide the Products in accordance with the Agreement;
  • processing to perform any steps necessary for the performance of the Agreement;
  • processing initiated by Customer in its use of the Products; and
  • processing to comply with other reasonable instructions provided by Customer (e.g. via email or support tickets) that are consistent with the terms of the Agreement.

Frequency
The personal data may be transferred continuously.

 

Annex B
Security Measures
This Annex describes Macrobond’s Security Measures. Customer acknowledges that the Products operate pursuant to a shared responsibility model, which requires, among other things, that Customer take certain steps such as protecting the security of Customer Personal Data. If and to the extent Macrobond processes Customer Personal Data on behalf of Customer in connection with the Products, Macrobond shall implement and maintain the following Security Measures:

Data encryption measures

  • Macrobond Analysis uses HTTPS with TLS v1.2 or v1.3 or newer to communicate with Macrobond servers - using only TLS ciphers considered to be cryptographically strong.
  • Macrobond employees have fully encrypted disks via BitLocker functionality with XTS-AES 128 or stronger cipher, additionally protected by a TPM PIN code.
  • All Customer Personal Data stored by Customer on Macrobond servers is stored on fully encrypted drives (using mechanisms built into Linux kernels, using cipher AES-XTS-plain with 256 bits key or stronger) with secure key management.
  • Communication between Macrobond data centers and back offices is carried either via encrypted protocols, like HTTPS, SSH, or via encrypted VPNs to ensure integrity and confidentiality.

Availability and recoverability measures

  • Macrobond maintains Business Continuity and Disaster Recovery Policy and procedures that are designed to reasonably ensure the availability of the Products and Services.
  • On an annual basis, Macrobond disaster recovery processes are reviewed and updated as necessary, ensuring alignment with the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) defined in the Macrobond Backup Policy, based on performance metrics and calculations from previous restoration activities.
  • Macrobond backend relies on replication. Data centers serving the Macrobond Products are located in Europe, Asia and North America.
  • Multiple data centers, supported by different operators and ISPs, allow that the failover mechanism built into the Macrobond Products automatically identifies the nearest / best-performing Customer-facing site and connects to it. Redundancy is built into the system infrastructure supporting the Products and Services. If one Customer-facing site fails, the redundant infrastructure in another location is configured to take its place.
  • Execution of backups is done every 24 hours and transferred over 500km away from the nearest Macrobond data center. Backups are rotated offline weekly and kept for at least 30 weeks. Backups are immutable and stored on fully encrypted drives.
  • On an annual basis, a backup restoration test is performed where operations personnel restore a backup from a snapshot to ensure that Customer Data could be recovered in the event of an incident.
  • Completeness of backups is verified in real time; any failures are properly addressed.

Organizational security measures

  • Macrobond has established a formal Information Security Program in order to protect the confidentiality, integrity and availability of the Macrobond offering and information systems, and to ensure the effectiveness of security controls over data and information systems.
  • Employees are required to undergo Anti-Bribery & Corruption, Ethics and Code of Conduct, Data Privacy and annual Security Awareness Training.
  • Employees are obliged to comply with Confidentiality obligations upon hire.
  • Formal policies and procedures are in place for employee onboarding and offboarding activities. Account provisioning and de-provisioning processes are defined and implemented.
  • Employee access is removed upon termination or adjusted as required as a result of role change.
  • Multi-factor Authentication (MFA) is enforced for access to critical resources.
  • Password complexity requirements are enforced.
  • Segregation of responsibilities and duties is implemented to reduce opportunities for unauthorized or unintentional modification or misuse.
  • Macrobond networks are segregated based on trust levels and protected by strict firewall rules.
  • Macrobond has established a Vulnerability Management Policy that defines a process for identification, prioritization, and remediation of vulnerabilities.

Logging and monitoring measures

  • Logging of user activities, exceptions, faults, and information security events is enabled. Logs are retained, as necessary.
  • All logs can be accessed only by authorized Macrobond employees and access controls are in place to prevent unauthorized access.
  • Write access to logging data is strictly prohibited. Logging facilities and log information are protected against tampering and unauthorized access through use of access controls and security measures.
  • Macrobond has various monitoring measures in place to generate security alerts and identify irregular activity overseen by a Security Operations Center working 24/7.
  • Macrobond IT regularly reviews security alerts and their underlying configuration to ensure they are operating as intended and that controls are modified as conditions change.
  • Macrobond has a documented Incident Management Policy and Breach Notification Policy establishing procedures for breach detection, investigation, notification and remediation.
  • Macrobond engages independent third-party service providers for annual penetration testing and appropriately remediates findings of such tests according to internally defined SLAs.
  • Technical detection capabilities are deployed to alert unexpected network activity across all Macrobond internal networks.

Access control measures

  • Macrobond implements an Access Control Management Policy and control access across the database, network, and application layers and follows principles of least privilege.
  • Password complexity requirements are enforced.
  • Macrobond has role permission templates to support proper segregation of duties.
  • Access to operational, production and disaster recovery environments is protected by use of unique user accounts, strong passwords, use of Multi-Factor Authentication (MFA), role-based access, and principle of least privileges.
  • Access is granted on the need-to-know basis, where possible using group-based permissions to facilitate mass management of users.
  • Remote access to Macrobond infrastructure is controlled and managed.
  • Authorization requests and provisioning are logged, tracked and audited.
  • Privileged access is given only with business justification.
  • Mobile device management controls are in place.

Physical security measures

  • The Macrobond Products backend infrastructure is deployed in geographically distributed data centers operated by industry-recognized cloud service providers such as OVH, Bahnhof and Technopark.
  • Physical access to all facilities containing sensitive data is restricted and managed.
  • All information resource facilities (e.g. network closets and storerooms) are physically protected in proportion to the criticality or importance of their function.
  • Access to information resource facilities is granted only to Macrobond employees and contractors whose job responsibilities require access to those facilities.
  • Equipment is protected to reduce the risks from environmental threats, hazards, and opportunities for unauthorized access.
  • Only selected Macrobond IT engineers are authorized to visit Macrobond data centers. Macrobond data centers are located outside Macrobond offices.

Governance

  • Macrobond has established a formal Information Security Program in order to protect the confidentiality, integrity and availability of Macrobond Products and Services and information systems, and to ensure the effectiveness of security controls over Customer Data and information systems.
  • Macrobond has documented and approved Information Security Policy in place, including supporting documentation.
  • The authority and responsibility for managing Macrobond’s Information Security Policy has been delegated to the individual who is authorized by senior management to take actions necessary to establish, implement, and manage Information Security Policy.
  • Third parties that provide critical services to Macrobond or have access to critical systems/data undergo risk-based assessments before onboarding.

Minimum access to data

  • Privacy and security assessments are performed related to implementation of new products/services and processing of personal data by third parties.
  • Data collection is limited to the purposes of the processing (or the data that the Customer chooses to provide).
  • Security measures are in place to provide only the minimum amount of access necessary to perform required functions by Macrobond employees and contractors.
  • Macrobond has established an Access Control Management Policy to put necessary controls to ensure only authorized users and services can obtain access to Macrobond systems and premises.

Data subject access requests

  • Processes are in place that allow individuals to exercise their privacy rights (e.g. right of erasure or right to data portability), as described in Macrobond’s publicly available Privacy Policy.

Macrobond will continue to analyze the European Data Protection Board’s recent guidance on supplementary measures to meet the adequacy requirement of the GDPR, and any others issued by European data protection authorities as they arise. Macrobond may update or modify these measures from time to time, provided such updates do not materially reduce the overall level of security.

 

Annex C
Transfers of Data
This Annex sets forth the terms and conditions that apply when Customer’s use of the Products requires an onward transfer mechanism to lawfully transfer personal data from a jurisdiction to Macrobond located outside of that jurisdiction.

1.The 2021 Standard Contractual Clauses. For data transfers that are subject to the GDPR, the 2021 Standard Contractual Clauses will apply in the following manner:

a. Module Two (Controller to Processor) will apply where Customer is a controller of Customer Personal Data and Macrobond is a processor of Customer Personal Data;
b. Module Three (Processor to Processor) will apply where Customer is a processor of Customer Personal Data and Macrobond is a Sub-processor of Customer Personal Data;
c. For each module, where applicable:

i. In Clause 7, the optional docking clause will apply and the Parties shall cooperate in good faith to take the necessary steps to apply the 2021 Standard Contractual Clauses to another party;
ii. in Clause 9(a), Option 2 will apply, and the time period for prior notice of sub-processor changes will be as set forth in Section 3 (Sub-processing) of this DPA;
iii. in Clause 11, the optional language will not apply;
iv. in Clause 17 (Option 2), the 2021 Standard Contractual Clauses will be governed by the law of the EU member state in which the Data Exporter is established, and if no such law, the laws of the Republic of Ireland; provided that with respect to any transfers of data subject to the data protection laws of a country outside the EEA in which the competent authority has approved the use of the 2021 Standard Contractual Clauses (including but not limited to Switzerland) (an “Adopting Country”), the 2021 Standard Contractual Clauses will be governed by the data protection laws of the Adopting Country.
v. In Clause 18(b), disputes will be resolved before the courts of the EU member state in which the Data Exporter is established, and if no such law, the courts of the Republic of Ireland; provided that with respect to any transfers of data subject to the data protection laws of an Adopting Country, any dispute arising from the 2021 Standard Contractual Clauses will be resolved by the courts of the Adopting Country.
vi. In Annex I, Part A:
Data Exporter Customer and authorized Affiliates of Customer.
Contact Details Customer’s email address(es) specified as the relevant account to receive communications under the Products.
Data Exporter Role Customer is the controller or processor of Customer Personal Data, as applicable.
Activities Relevant to the Data Transferred: Receipt of software and services from Macrobond and Affiliates.
Signature & Date By entering into the Agreement and DPA, Data Exporter is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the DPA.
Data Importer Macrobond, Inc.
Contact Details: Macrobond Legal Team – legal@Macrobond.com
Data Importer Role: Macrobond is the processor or sub-processor of Customer Personal Data, as applicable.
Activities Relevant to the Data Transferred: Provision of software and services.
Signature & Date: By entering into the Agreement and DPA, Data Importer is deemed to have signed these Standard Contractual Clauses, incorporated herein, including their Annexes, as of the Effective Date of the DPA.
vii. In Annex I, Part B: The categories of data subjects are described in Annex A of this DPA.
The sensitive data transferred is described in Annex A of this DPA.
The frequency of the transfer is on a continuous basis for the duration of the Agreement.
The nature of the processing is described in Annex A of this DPA.
The purpose of the processing is described in Annex A of this DPA.
The period of the processing is described in Annex A of this DPA.
viii. In Annex I, Part C: The supervisory authority of the EU member state specified in Section 1(d)(iv) of this Annex C above shall act as competent supervisory authority; provided that with respect to any transfers of data subject to the data protection laws of an Adopting Country, the supervisory authority is the data protection authority of the Adopting Country.
ix. Annex B of this DPA serves as Annex II of the Standard Contractual Clauses.
x. The Parties agree that the following describe the Parties’ understanding of certain obligations under the Standard Contractual Clauses:

1. Audits: Data Exporter instructs Data Importer to comply with any audits by complying with the audit provisions of Section 4(e) of the DPA.
2. Liability: To the extent permitted under European Data Protection Laws, Data Importer’s liability under the 2021 Standard Contractual Clauses will be subject to any aggregate limitations on liability set out in the Agreement.

2.Transfers of Data from Switzerland.Where the transfer of Personal Data is subject to the Swiss FDPA, the terms of Section 1 above will apply with the following modifications:

a. any references in the Standard Contractual Clauses to “Directive 95/46/EC” or “Regulation (EU) 2016/679” shall be interpreted as references to the Swiss FDPA;
b. any references to “EU”, “Union”, “Member State” and “Member State law” shall be interpreted as references to Switzerland and Swiss law, as the case may be; and
c. any references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Swiss Federal Data Protection and Information Commissioner and competent courts in Switzerland.

3.Transfers of Data from the United Kingdom. Where the transfer of Personal Data is subject to UK Data Protection Laws, the Parties agree:

a. The provisions of the IDTA, including Part 2 ‘Mandatory Clauses’, shall apply in full;
b. For the purposes of Table 1 of the UK IDTA, the names of the Parties, their roles and their details shall be set out in the attached Annex C;
c. For the purposes of Tables 2 and 3 of the UK IDTA, the 2021 Standard Contractual Clauses incorporated into this DPA by reference, including the information set out in the attached Annexes, shall apply; and
d. For the purposes of Table 4 of the UK IDTA, either party may end the UK IDTA if, after a good faith effort by the Parties to amend this DPA, the Parties are unable to come to a mutual agreement.
e. To the extent permitted under UK Data Protection Laws, Data Importer’s liability will be subject to any aggregate limitations on liability set out in the Agreement.