General Terms and Conditions of Hospitality Digital GmbH – INTERNET PRESENCE Software

Hospitality Digital GmbH, Metro-Straße 1, 40235 Düsseldorf ("H.d") offers companies in the hotel and restaurant industry ("Customer") services that are described in more detail below ("Services").

1. Scope

1.1 H.d renders Services regarding “Internet Presence” exclusively on the basis of the following contractual conditions (“T&C”).

1.2 H.d provides the Services exclusively to Customers who are not consumers within the meaning of Section 13 of the German Civil Code (BGB).

1.3 Deviating terms and conditions of the Customer shall not apply even when H.d does not expressly reject them and/or provides services and/or products without reservation despite knowledge of the contrary and/or deviating terms and conditions of the Customer.

2. Scope of Services

2.1 H.d provides the following Services to the Customer for the duration of the agreement:

(a) H.d shall provide the Customer with Storage Space to be used on the systems of H.d, which the Customer may access via the Internet ("Storage Space"), see section 4.

(b) H.d shall grant the Customer online access to software that enables the Customer to create simple websites with pre-set layouts and automatically generated texts and to store these on the Storage Space, to manage the Storage Space, and/or to make it accessible to third parties ("Software"), see section 5.

(c) The functional scope of the software includes a so-called “claiming service”, through which H.d enables the Customer to automatically transmit published information about its local availability (i.e. in particular, details about the Customer’s local and time-specific availability, e.g. company’s address and opening hours) to third-party providers on its website. See Clause 6.

(d) H.d shall offer to the Customer a sub-domain under the domain name "eatbu.com" of H.d in accordance with the sample xyz.eatbu.com, which the Customer may select depending upon availability and that is linked to the Storage Space ("Sub-Domain"), see section 7.

(e) H.d may from time to time provide additional Services to Customer, especially regarding the setup and use of the Software (“Consulting Services”), see section 8.

2.2 H.d can offer the Customer additional services in connection with Software and Storage Space, the scope of which is agreed upon with the Customer and which is provided in each case under the terms of these T&Cs.

2.3 H.d may adjust the Services and other benefits to the state of the art and technical developments or necessities, provided the respective adjustment is within reason for the Customer. H.d may discontinue the Services and other services with a reasonable notice period. H.d shall inform the Customer about the discontinuation of the Services in a timely manner.

3. Obligations of the Customer

3.1 The Customer is obligated to retain the business and contact data specified during the conclusion of the contract as up-to-date during the contract period and to immediately notify H.d of any change in writing or by e-mail. The Customer must also ensure that the e-mail address communicated to H.d is regularly retrieved to receive information relevant to the contract.

3.2 Access data which the Customer receives from H.d are not to be shared with third parties, and third parties should be prevented from gaining access. The Customer will inform H.d immediately should the Customer have reasonable suspicion or knowledge about a possible misuse of the provided access data. In this case, H.d is entitled to block the access data of the Customer to Storage Space and Software temporarily until the suspicion of abuse is alleviated. If there is an actual case of abuse, H.d is entitled to permanently block the access data and to assign other access data to the Customer.

3.3 The Customer is aware that their website may be associated with H.d. Therefore, the Customer shall take all steps necessary to keep the services offered by Customer and the services offered by H.d or third parties separate in terms of their content.

3.4 Should the Customer find out that their use of the Services or other benefits lead to a violation of the law, the Customer shall be required to immediately cease and desist from violating the law and delete any illegal content.

4. Special Storage Space Provisions

4.1 The Storage Space is provided to the Customer free of charge. Consequently, H.d cannot guarantee a particular availability of the Storage Space. Furthermore, the Storage Space shall be unavailable during necessary maintenance work. H.d shall strive to keep any impairment caused by maintenance work as low as possible. H.d shall provide the Customer with the other performance specifications of the Storage Space prior to the conclusion of the agreement.

4.2 The Customer undertakes and warrants that all files, including HTML and other documents, texts, pictures, graphics, fonts, videos, etc., ("Content") shall be stored, published, and/or made available on the Storage Space and/or with the help of the Software in accordance with applicable law. The Customer shall specifically only store Content on the Storage Space and/or with the help of the Software for which the Customer holds the required rights, including use and exploitation rights under copyright law, and that such Content does not infringe any personal rights of third parties. Furthermore, the Customer shall not store, publish, and/or make available on the Storage Space and/or with the help of the Software any Content that is of an immoral, in particular pornographic, racist, or discriminatory nature. H.d shall be entitled to delete any Content that is stored on the Storage Space and/or with the help of the Software in violation of this section 4 and of which H.d is informed by government agencies, courts, the holder of rights, or other third parties or of which it gains knowledge in another way.

4.3 The Customer shall grant H.d the necessary rights to all Content that the Customer stores, publishes, and/or makes publicly available on the Storage Space and/or with the help of the Software, in particular the rights required to store the Content, to make technical adjustments to it, to make it publicly available, and to copy it. H.d may only have access to the Customer's Content on the Storage Space to the extent this is technically necessary to provide and/or publish the Content and to the extent this corresponds to the contractually granted authorizations.

4.4 Furthermore, the Customer may not run or arrange to run any automated processes, scripts, software or other data and/or Content on the Storage Space and/or or take any steps or have any steps taken (with the help of the Software), which would more than even insignificantly impair systems, networks, and/or other hardware and software such as network components of H.d and/or third parties. In the event that H.d learns of such impairment, H.d shall be entitled to stop such impairment and/or prevent it.

4.5 The Customer shall perform data backups on a daily basis in order to be able to recover the Content of the Storage Space without any additional cost.

4.6 The Customer may only make websites publicly available on the Storage Space that were created with the help of the Software.

5. Special Software Provisions

5.1 The Customer shall be granted access to the Software exclusively for the creation of a website for the Customer and for the administration of their Storage Space. H.d shall grant access at the handover point to the public network.

5.2 The Customer may not access or use the Software on behalf of a third party or for other purposes. The Customer shall specifically not be authorized to copy the Software, to make it available to third parties, to disassemble the Software, or to modify it in any other way.

6. Special Provisions of the Claiming Service

6.1 H.d enables the Customer to publish information about its local availability (e.g. address and opening hours) on the website created by the Customer using the Software, and at the same time transmit this data to third-party providers for publication on online platforms operated by them.

6.2 H.d is obligated to provide the claiming service to the Customer until further notice; this applies in any case with respect to the automatic transmission of contents to Google My Business, entered by the Customer for this purpose using the software.

6.3 The transmission of this data to further third-party providers represents an optional service provided by H.d as part of the claiming service, which the Customer may or may not wish to avail of. If the Customer wishes to avail of this service, it hereby simultaneously consents to the transmission of this data to the third-party providers selected by it.

6.4 H.d may terminate the “claiming service” at any time at its own discretion (e.g. if third-party providers no longer offer certain services). When making such a decision, H.d shall take due consideration of the Customer’s legitimate interests.

7. Special Sub-Domain Provisions

7.1 When registering the Sub-Domain with H.d, the Customer must comply with the requirements of the Internet Corporation for Assigned Names and Numbers ("ICANN"), which is the entity that assigns .com domains. The Customer may register a maximum of three Sub-Domains with H.d.

7.2 The Customer undertakes and warrants that the Sub-Domain shall be selected only in accordance with applicable law and that, in particular, the Customer shall only select names for the Sub-Domain for which the Customer owns the respective rights including trademark and/or name rights. The Customer shall furthermore not register any domain names for the Sub-Domain that are contrary to public policy or immoral. H.d shall be entitled to delete any Sub-Domains that were chosen in violation of this section 7.2 and of which H.d is informed by government agencies, courts, the holder of rights, or other third parties or of which it gains knowledge in another way.

8. Special Provisions for Consulting Services

8.1 H.d. may offer Consulting Services to the Customer, especially regarding the initial setup of the Software, the best possible long-term use of the Software (e.g. which features to add) and how such use may improve the Customer’s overall business situation. Consulting Services may further include the recommendation of additional tools and services to Customer which correspond to the Software.

8.2 Consulting Services may be provided by Affiliates of H.d. The Annex to these T&C contains information on which Affiliate provides the Consulting Services at the Customer’s place of business. With acceptance of these T&C, the Customer agrees that the Consulting Services may be provided by the Affiliate based at the Customer’s place of business.

8.3 For the provision of Consulting Services, H.d shares personal data and other data with the respective Affiliate to enable such Affiliate to provide the above mentioned services.

8.4 H.d does not guarantee any specific service levels or a specific or continuous availability of the Consulting Services.

9. Special Provisions for Additional Services

9.1 Notwithstanding section 2.1(d), the Customer may register their own domain name and/or use an already registered domain name and link it to the Storage Space. H.d shall refer the Customer to an external service provider for the registration. The agreement for the registration of such an own domain name is concluded between the Customer and external service providers. H.d shall be neither a contracting nor any other party to that agreement.

9.2 H.d shall provide the Customer with technical support for linking of their own domain name with the Storage Space.

10. Conclusion of the Contract, Term, Termination

10.1 The Customer offers to conclude a contract for the use of Storage Space and Software on the basis of these General Terms and Conditions by registering for access to the Storage Space and Software on the website provided by H.d. Acceptance by H.d is usually triggered by commencement of service provision by H.d.

10.2 The contract is concluded for an indefinite period and can be terminated by the Customer at any time, by H.d with a notice period of two (2) weeks.

10.3 Terminations must be made in writing or via e-mail.

10.4 The right of the parties to terminate the contract without notice for good cause remains unaffected. Good cause applies especially when the Customer breaches an obligation arising from sections 3, 4, 5, 7, 12.2, and 12.3.

10.5 When the termination takes effect, all data of the Customer will be deleted by H.d within thirty (30) days, unless the Customer performs the deletion themselves with the help of the Software or unless there is a legal obligation to store the data. In this case, the data is deleted after the corresponding retention period has expired.

11. Warranty and Liability, Indemnity

11.1 H.d shall exclusively compensate the Customer for such damages which arise from fraudulently concealed defects in the Services. H.d shall not bear any further liability for defects of title and/or material defects for Services and benefits provided free of charge.

11.2 H.d, its vicarious agents or legal representatives are liable for the services only in cases of intentional acts, gross negligence or culpable injury to life, body or health as well as malice. Liability under the German Product Liability Act remains unaffected.

11.3 The Customer shall release H.d, its vicarious agents and legal representatives and the companies affiliated with H.d according to Article 15 German Stock Corporation Act - AktG (“Affiliates”) at their first request from third-party claims asserted against H.d, its vicarious agents and legal representatives and/or the companies affiliated with H.d due to or in connection with the Services, including third-party claims due to illegal use of data and/or a lack of data subjects’ consent and/or breaches of the personality rights of the Customer’s employees. This indemnity also includes the required legal and arbitration costs.

11.4 The limitations on liability set out in sections 11.1 and 11.2 apply accordingly to Affiliates of H.d.

11.5 Only the Customer shall be responsible for the Content and the name of the Sub-Domain. Therefore, the Customer shall upon first request indemnify and hold H.d, their vicarious agents and legal representatives, and all companies affiliated with H.d pursuant to Sec. 15 of the German Stock Corporation Act (”Affiliates”) harmless of any third-party claims asserted against H.d, their vicarious agents, legal representatives and/or companies affiliated with H.d due to or in connection with the Services and other benefits. This shall specifically apply for all trademark, copyright, data protection, and competition violations. This indemnification shall comprise the necessary legal costs including costs for arbitration proceedings as well.

12. Data Protection, Confidentiality

12.1 The processing of personal data in connection with the provision of services by H.d is subject to the privacy policy, which can be accessed at any time on the website stated in the service description.

12.2 Insofar as H.d processes personal data on behalf of the Customer, the Data Processing Agreement annexed to these T&Cs applies.

12.3 The parties are obliged not to disclose confidential information to third parties even after the end of the contract period and not to use it for other purposes not serving the contract. All information regarding all technical information and know-how made available to the Customer as well as other information that is marked as confidential by one of the two parties and that has economic value are considered confidential. This expressly includes business and trade secrets.

12.4 The secrecy obligation does not apply to information which has already become known to the other party or the public without either party breaching Clause 7.2, or which must be made accessible due to a legal, judicial or official order or which will be subject to close inspection by third parties obliged to maintain secrecy in the scope of an intended company acquisition.

13. Remuneration

13.1 The Customer shall not owe any remuneration for the provision of the Services by H.d. The Services shall be provided free of charge.

13.2 Any third party services provided within the context of expanded services shall not be affected by section 13.1.

14. Other Provisions

14.1 H.d may subcontract any or all of the acts owed by H.d under this Agreement, in particular Services. H.d may transfer this contract to an affiliated company in accordance with § 15 AktG after prior notification, unless this is unreasonable for the Customer.

14.2 H.d may change these T&Cs after prior notification, including the intended changes towards the Customer. H.d can make changes to the T&Cs only to the extent this is reasonable to the Customer, the changes do not affect the essential contractual obligations, and the Customer is not worse off as a result of the change. The Customer may object to a change in the T&Cs within four (4) weeks of receipt of the notification or terminate the contract without notice. Insofar as the Customer does not object to the change in the T&Cs or fails to do so in due time, the Customer's agreement to change the T&Cs will be deemed granted. H.d will notify the Customer of the consequences of an omitted objection and of the right to terminate the contract without notice in the event of notification of changes to the T&Cs.

14.3 If a provision of this contract is or becomes completely or partially void, invalid, impracticable or unenforceable (a “ Defective Provision”), then this shall not affect the validity or enforceability of the remaining provisions. Rather, the parties undertake now to replace the Defective Provision with one which approaches that which the parties would have agreed according to the sense and purpose of the contract, had they recognized that the provision was defective. If the defectiveness of a provision is based on a measure of performance or time specified therein (time limit or deadline), then the provision shall be consistent with a legally permissible level closest to the original level. The same applies to any loopholes in this contract. It is the express intention of the parties that this severability clause does not result in a mere reversal of the burden of proof, but that Article 139 BGB is waived altogether.

14.4 The contract and all claims and rights arising from, or in connection with the contract are exclusively subject to German law to the exclusion of the conflict of laws, and must be interpreted and enforced in accordance with German law. The application of the United Nations Convention on Contracts for the International Sale of Goods (CISG) is excluded. The place of performance is Düsseldorf.

14.5 The exclusive place of jurisdiction for all disputes arising from or in connection with this contract, its conclusion or its execution is, where legally permissible, Düsseldorf.

Stand: July 2019/ AG


Data Processing Agreement

By confirming the above General Terms and Conditions, the Customer ("Controller") and H.d ("Processor"), collectively referred to as "Parties", individually as "Party", also enter into the following Data Processing Agreement ("DPA").

Preamble

In the context of its business activities and in accordance with the above General Terms and Conditions, the Processor receives personal data for which the Controller is accountable. The Parties agree on the provisions of this DPA, in order to comply with the data protection obligations of the parties in accordance with European data protection law, in particular the General Data Protection Regulation (Article 28 GDPR).

1. Definitions

1.1 Personal Data means any information relating to an identified or identifiable natural person ("Person Concerned"). A natural person is considered to be identifiable when they can be directly or indirectly identified in particular by association with an identifier, such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person (hereinafter "Data").

1.2 Data processing on behalf of someone is the collection, processing, or use of data by the Processor on behalf of the Controller.

2. Subject and Content of the Order

2.1 Subject and Duration of the Order

The details and the duration of the order result from the above General Terms and Conditions.

2.2 Type of data

• Personal master data (e.g. name, surname, date of birth,)

• Communication data (e.g. telephone, e-mail, address)

• Place, date and time of customer reservations made via the Software

• IP addresses

2.3 Purpose of the Collection, Processing, or Use of Data

The purpose of the collection, processing, or use of the data is described in more detail in the General Terms and Conditions and Privacy Policy.

2.4 Nature and Extent of the Collection, Processing, or Use of Data

The nature and extent of the collection, processing, or use of the data is described in more detail in the General Terms and Conditions and Privacy Policy.

2.5 Category of Persons Concerned

Customers of Customer

2.6 Technical and Organizational Measures

(a) The technical and organizational measures to be implemented by the Processor shall be set out in the Annex (see below) to this DPA. The Processor will regularly adapt these measures to the prior art at his own expense, provided that the agreed level of protection is not lowered and the Persons Responsible are immediately informed.

(b) The Processor is required to allow the Controller to verify on-site compliance with the technical and organizational measures before commencing the processing activities under this contract. The audit right of the Controller according to Number 2.10 remains unaffected.

(c) The processor shall ensure that the data processing systems used in the framework of the DPA comply with the standards of "privacy by design" and "privacy by default" in accordance with the prior art.

2.7 Correction, Deletion and Blocking of Data, Right to Data Portability, and Right to Object

(a) The rights of the persons involved in the processing of data by the Processor, in particular rectification, erasure and blocking, data portability, and opposition shall be asserted against the Controller. He alone is responsible for the protection of these rights.

(b) In the course of his work for the Controller, the Processor is obligated to forward any request addressed to him by affected persons to the Controller for proper processing without delay. If the Controller and the Processor jointly act as external persons responsible, the Processor is entitled to answer this request independently.

(c) The Processor is also required to assist the Controller with appropriate technical and organizational measures to comply with his obligation to reply to the persons concerned.

(d) In accordance with the instructions of the Controller, the Processor shall rectify, suspend, and/or erase data immediately, but no later than within five (5) days, and inform the Processor by that deadline.

2.8 Duties of the Processor

(a) The Processor may collect, process, and use data only in the context of the order and the documented instructions of the Controller.

(b) The Processor has to comply with the technical and organizational measures, as defined in Clause 2.6 of this DPA at regular intervals and submit it on request.

(c) The Data Protection Officer is named as contact person for data protection at the Processor. The Data Protection Officer can be reached at privacy@hd.digital. If necessary, the Processor also appoints a representative in accordance with the requirements of Art. 27 GDPR.

(d) The Processor is responsible for maintaining confidentiality. Any person at the Processor authorized to access the data of the Controller shall be required to be bound by a duty of confidentiality or subject to reasonable professional secrecy and must be informed of the special data protection obligations arising from this DPA, as well as, the existing instructions and purpose. The Processor will document these obligations in writing and provide them at the request of the Controller.

2.9 Justification of Subcontracting Conditions

(a) The justification for subcontracting relationships is permitted. The Processor shall inform the Controller about the corresponding change in advance. The Controller has a right to object.

(b) In the case of a commissioning from other processors, the Processor shall contractually ensure that the obligations of the Processor assigned under this DPA also apply in accordance with the other processor.

(c) The Processor shall control the technical and organizational measures taken by the other processors on an ad hoc and regular basis during the subcontracting period to protect the data he has provided. The transfer of data is only permitted if the other processor has implemented the necessary technical and organizational measures at least in accordance with the specifications of this DPA.

(d) The Processor shall be fully liable for the subcontractors he employs.

2.10 Audit Rights of the Controller

The Controller is authorized to verify compliance with applicable data protection regulations and the DPA during normal business hours. The Processor agrees to provide the Controller with all information reasonably necessary to carry out the inspection within a reasonable period of time. Where the Controller considers that an on-site audit is required of the Processor, the Processor shall ensure that the Controller for carrying out the audit has access to the Processor's office and an on-site inspection of the stored data and the data processing programs. The Controller is entitled to have the test carried out by a third party (examiner) to be named in individual cases. The Controller must announce the execution of such an audit in writing at least twenty (20) working days in advance. The cost of carrying out the audit and the costs incurred by the Processor at normal market rates are borne by the Controller.

2.11 Notifications of Violations by the Processor

(a) The Processor shall notify the Controller without delay and at the latest within forty-eight (48) hours of such discovery of all cases in which the Processor or persons or subcontractors employed by him/her have infringed the rules governing the protection of the data of the Controller or the conditions set out in this DPA.

(b) The Controller shall be notified of any incidents of loss or unlawful transmission or receipt by third parties, regardless of the cause. The Processor shall, in consultation with the Controller, take appropriate measures to safeguard the data and to mitigate the possible adverse consequences for the persons concerned. To the extent that the persons responsible meet the notification obligations, the Processor shall assist the Controller in fulfilling these obligations.

2.12 Instructions by the Controller

(a) The processing of data of the Controller by the Processor shall be carried out solely in the context of the DPA and the specific instructions reported by the Processor.

(b) The Processor shall, without delay, comply with (individual) instructions concerning the nature, extent and method of processing, or, if applicable, within the time limit set by the Controller.

(c) The Processor shall notify the Controller without delay if, in the opinion of the Processor, instructions issued by the Controller violate data protection regulations. The Processor shall be entitled to suspend the execution of the relevant instruction until it has been confirmed or changed by the Controller.

2.13 Deletion after Completion of the Order

After completion of the contractual work, the Processor must hand over all data that he has processed for the Controller or, with prior consent of the Controller, destroy it according to data protection or delete it in accordance with the prior art. A right of retention is excluded with regard to the documents, data, processing, and usage results and the associated data carriers, unless the law of the European Union or of an EU member state requires the data to be stored.

3. Further Obligations of the Processor

3.1 The Processor uses the data provided for data processing for no other purpose. Copies or duplicates without knowledge and without prior written consent of the Controller may not be created, unless this is due to the services ordered in the DPA. The Processor shall ensure that the data processed by him for the Controller is separated from other data. A transmission of data of the Controller by the Processor to third parties does not take place without written consent of the Controller.

3.2 The Processor shall provide reasonable assistance to those responsible in defending against claims based on a purported or actual breach of data protection requirements. The Controller will, for his part, investigate the complaints of data subjects in the context of the data protection responsibility of the Controller in an appropriate manner and process complaints from data subjects.

3.3 The Processor acknowledges that information is given to affected persons on the basis of a right to information exclusively via the Controller or a person authorized by the Controller. The Processor is obliged to provide the Controller with the required information in good time and to support the Controller. If the Processor himself also acts as the external Controller, these inquiries can also be answered accordingly and the Controller informed accordingly.

3.4 The Processor shall assist the Controller in the preparation of necessary procedure indexes, where applicable.

3.5 The Processor shall assist the Controller in carrying out data protection impact assessments when a type of processing is likely to result in a high risk to the rights and freedoms of natural persons.

3.6 The Processor agrees to inform the Controller without delay of the results of inspections by the data protection supervisory authorities, insofar as these are related to this DPA. The Processor will inform those responsible about any complaints by the data protection supervisory authorities that relate to the area of ​​responsibility of the Processor and will remedy any identified complaints as required by law.

4. Liability

4.1 The Controller is responsible for the permissibility of the data processing, as well as for the protection of the rights of the data subjects.

4.2 By derogation from section 4.1, the Processor is responsible for claims of data subjects due to violations of the applicable legal provisions or the provisions of the DPA.

4.3 In relation to the Controller, the Processor is only liable for intent and gross negligence within the scope of the legally permissible exclusion of liability and limitations.

5. Final Provisions

5.1 The Controller shall inform the Processor immediately and in full if he finds errors or irregularities in the processing of the data by the Processor during the audit.

5.2 This DPA may be modified and terminated under the same terms and conditions as the above General Terms and Conditions.

5.3 The invalidity of one or more provisions of this DPA does not affect the effectiveness of the DPA. In the case of the ineffectiveness of one or more provisions of this DPA, the Parties shall take a legally effective substitute provision as economically as possible in the case of the ineffective provision. The same applies in case of a loophole.

5.4 The DPA is subject to the same right as the above General Terms and Conditions.

5.5 In case of contradictions between the DPA and other agreements between the parties, the provisions of this DPA prevail.

Status: 2019/ AG


Technical and Organizational Measures

Taking into account the prior art, the implementation costs and the nature, scope, circumstances, and purposes of the processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk; These measures include, inter alia, the following:

• the pseudonymisation and encryption of the data;

• the ability to permanently ensure the confidentiality, integrity, availability, and resilience of processing systems and services;

• the ability to rapidly restore data availability and accessibility in the event of a physical or technical incident;

• a process for the periodic review, assessment, and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing.

Without prejudice to the foregoing, the following specific measures will be taken:

1. Access Control

Measures to prevent unauthorized persons from gaining access to the data processing system used to process the data:

• Specification of the authorized group of persons and corresponding documentation;

• Electronic access control;

• Issuance of access IDs;

• Introduction of guidelines for external individuals;

• Alarm or security outside working hours;

• Distribution of properties into different security zones;

• Introduction of guidelines for handling keys (cards);

• Security doors (electronic door opener, ID reader, CCTV);

• Introduction of measures for on-site security (e.g. intrusion detection/notification).

2. Access Control

Measures to prevent unauthorized persons from using the data processing system and procedures:

• Definition of the group of people who have access to data processing systems;

• Introduction of guidelines for external individuals;

• Password protection for personal computers.

3. Access Control

Measures to ensure that persons authorized to use the data-processing techniques can only access the data subject to their authorization:

• Introduction of limited access rights based on the respective data and functions;

• Obligation to identify to data processing equipment (e.g. through ID and authentication);

• Introduction of policies about access and user roles;

• Evaluation of protocols in case of a harmful event.

4. Transfer Control

Measures to ensure that the data cannot be read, copied, altered, or removed during electronic transmission or during its transport or storage on data carriers, and that it is possible to check and determine at which points a transmission of the data by means of data transmission is provided.

• Encryption

5. Entry Control

Measures to ensure that it is possible to subsequently verify and determine whether and by whom the data has been entered, altered, or removed from IT systems.

• Recording of data entries.

6. Order Control

Measures to ensure that data processed on order can only be processed in accordance with the instructions of the Controller.

• Documentation of the different competences and obligations between the Controller and the Processor;

• Formal commissioning;

• Control of the work results.

7. Availability Control

Measures to ensure that the data is protected against accidental destruction or loss.

• Implement a plan for regular backups;

• Secure storage of data backups in fire and water-resistant safety cabinets;

• Introduction and regular control of an emergency power system and a surge protection system;

• Introduction of an emergency plan;

• Protocol on the introduction of crisis and/or emergency management.

8. Separation Control

Measures to ensure that data collected for different purposes can be processed separately.

• Separation of the data of the Processor’s respective clients.

Status: July 2019 / AG