Common use of Data Categories Clause in Contracts

Data Categories. The following types or categories of data are subject to collection, processing and/or use by the contractor: No. Data field name Group of people Data type according to deletion concept 001 First name Authorized persons Master data of the authorized persons 002 Surname Authorized persons Master data of the authorized persons 003 Company Authorized persons Master data of the authorized persons 004 Email address Authorized persons Master data of the authorized persons 005 Date of birth (optional, can be deactivated) Authorized persons Master data of the authorized persons 006 ID number (optional, can be deactivated) Authorized persons Master data of the authorized persons 007 If applicable, information about increased or normal body temperature (binary information yes/no), if the function is used Authorized persons Master data of the authorized persons 008 Cut-out photograph of the authorized person from the identification document Authorized persons Cut-out photograph of the authorized person from the identification document 009 Photo of the authorized person taken by the self-service kiosk Authorized persons Photo of the authorized person taken by the self- service kiosk 010 First name Users / employees / access managers Employee data 011 Surname Users / employees / access managers Employee data No. Data field name Group of people Data type according to deletion concept 012 Email address Users / employees / access managers Employee data 013 Password Users / employees / access managers Employee data 014 Start time of the appointment Authorized persons / persons responsible for access Access data 015 End time of the appointment Authorized persons / persons responsible for access Access data 016 Check-in time Authorized persons / persons responsible for access Access data 017 Check-out time Authorized persons / persons responsible for access Access data 018 Name of the person responsible for access Authorized persons / persons responsible for access Access data 019 Location of the appointment Authorized persons / persons responsible for access Access data If necessary, further user-defined data fields can be collected, processed and stored as part of the "master data of authorized persons" if the customer's administrator activates further data in the essentry SaaS platform for querying at the self-service kiosk or the reception dashboard. 1. Pseudonymization and encryption of personal data (Art. 32 section 1 lit. a GDPR)

Data Categories. The following types or categories of data are subject to collection, processing and/or use by the contractor: No. Data field name Group of people Data type according to deletion concept 001 First name Authorized persons Master data of the authorized persons 002 Surname Authorized persons Master data of the authorized persons 003 Company Authorized persons Master data of the authorized persons 004 Email address Authorized persons Master data of the authorized persons 005 Date of birth (optional, can be deactivated) Authorized persons Master data of the authorized persons 006 ID number (optional, can be deactivated) Authorized persons Master data of the authorized persons 007 If applicable, information about increased or normal body temperature (binary information yes/no), if the function is used Authorized persons Master data of the authorized persons 008 Cut-out photograph of the authorized person from the identification document Authorized persons Cut-out photograph of the authorized person from the identification document 009 Photo of the authorized person taken by the self-service kiosk Authorized persons Photo of the authorized person taken by the self- service kiosk 010 First name Users / employees / access managers Employee data 011 Surname Users / employees / access managers Employee data No. Data field name Group of people Data type according to deletion concept 012 Email address Users / employees / access managers Employee data 013 Password Users / employees / access managers Employee data 014 Start time of the appointment Authorized persons / persons responsible for access Access data 015 End time of the appointment Authorized persons / persons responsible for access Access data 016 Check-in time Authorized persons / persons responsible for access Access data 017 Check-out time Authorized persons / persons responsible for access Access data 018 Name of the person responsible for access Authorized persons / persons responsible for access Access data 019 Location of the appointment Authorized persons / persons responsible for access Access data If necessary, further user-defined data fields can be collected, processed and stored as part of the "master data of authorized persons" if the customer's administrator activates further data in the essentry SaaS platform for querying at the self-service kiosk or the reception dashboard. 1. Pseudonymization and encryption of personal data (Art. 32 section 1 lit. a GDPR)