Common use of Data Processing and Data Protection Clause in Contracts

Data Processing and Data Protection. 10.1. The information provided in Clause 10 is only an informative introduction to data protection. Information concerning data privacy and security are addressed in SFM’s Privacy Policy at ▇▇▇▇▇://▇▇▇.▇▇▇-▇▇▇▇▇▇▇▇.▇▇▇/privacypolicy.html. Such Privacy Policy is incorporated herein by reference. SFM may update or change this Privacy Policy from time to time. Any change to this Privacy Policy will become effective when we post the revised Privacy Policy on the Website. SFM encourages you to periodically review this Privacy Policy to stay informed about how we collect, use, and share personal data. 10.2. SFM will process personal data which as per the definition found in the General Data Protection Regulation (“GDPR”) means any information relating to an identified or identifiable natural person also referred to as data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The processing of data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, retrieval, consultation, adaption or alteration, use, disclosure by transmission, dissemination and suppression of such personal data or otherwise making available, alignment or combination, restriction, erasure or destruction. The recipients of the personal data may include SFM affiliated companies acting as subcontractors or auxiliaries, the registered agents in the jurisdictions relevant to the services, our IT suppliers or financial providers such as our payment acquirers, other third-party service providers, including Banks, that the Client has expressly requested to be introduced to, the public companies’ registries, or the legal authorities. All these disclosures which have been listed shall only occur in accordance with the GDPR and/or any applicable data privacy law. Our business relationship with these third party providers shall be a contractual one whereby both parties agree to abide by the obligations found in the GDPR and/or any applicable data privacy law such as the obligation of confidentiality on whoever is handling the personal data of the data subjects. To comply with “Know your client” obligations and ensure the correct service delivery, the processed data will include particulars of the Client, such as the full legal name(s), the nationality, the date of birth, domicile and residential addresses, passport numbers, passport validity dates, and contact details of identifiable individuals, as well as supporting documents evidencing such personal data and service instructions from the Client. The Client is under an obligation to maintain his/her personal data up to date during the entire contractual relationship with SFM, and to submit any required supporting document in relation to his/her update obligation in the exact form prescribed by SFM. 10.3. Affiliated companies of SFM or a registered agent may act as the processor of personal data on behalf of SFM, who shall remain the controller of such personal data. A more detailed explanation regarding with whom we share the data is found in our Privacy Policy at ▇▇▇▇▇://▇▇▇.▇▇▇-▇▇▇▇▇▇▇▇.▇▇▇/privacypolicy.html. 10.4. The Client acknowledges that more information regarding data processing may be obtained by contacting SFM or by e-mail to ▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. Any communication will be made in English. Any other language may only be used at SFM’s sole discretion and as a courtesy to the Client. 10.5. The Client is informed that he/she has a right to withdraw his/her consent to the collection, processing and use of his/her personal data, which must have been given freely and in a clear and affirmative manner in the first instance. The withdrawal of consent shall neither affect the lawfulness of processing based on consent before its withdrawal, nor the lawfulness of a continuation of the data processing where another valid purpose exists, such as the purpose of complying with the law. The Client warrants he/she has secured the valid legal authorization of any applicable data subject whose personal data he/she transferred to SFM and that such data subject has freely and in a clear and affirmative manner given his/her consent to the processing of personal data by or through SFM for the purpose of the service performance or in application of due diligence obligations. 10.6. SFM, its directors, employees or agents, are required to handle data with confidentiality. Despite all security precautions, data including e-mail electronic communications and personal financial data may be accessed by unauthorized third parties when communicated between the Client and SFM. Communicating with SFM may require the Client to use software produced by third parties including, but not limited to, browser software that supports a data security protocol compatible with the protocol used by SFM. 10.7. Nothing in Clause 10 purports, nor shall it be construed, to extend to any person any right, or impose on SFM any ▇▇▇▇▇ n, except as available pursuant to applicable law.

Data Processing and Data Protection. 10.1. The information provided in Clause 10 is only an informative introduction to data protection. Information concerning data privacy and security are addressed in SFM’s Privacy Policy at ▇▇▇▇▇://▇▇▇.▇▇▇-▇▇▇▇▇▇▇▇.▇▇▇/privacypolicy.html. Such Privacy Policy is incorporated herein by reference. SFM may update or change this Privacy Policy from time to time. Any change to this Privacy Policy will become effective when we post the revised Privacy Policy on the Website. SFM encourages you to periodically review this Privacy Policy to stay informed about how we collect, use, and share personal data. 10.2. SFM will process personal data which as per the definition found in the General Data Protection Regulation (“GDPR”) means any information relating to an identified or identifiable natural person also referred to as data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The processing of data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, retrieval, consultation, adaption or alteration, use, disclosure by transmission, dissemination and suppression of such personal data or otherwise making available, alignment or combination, restriction, erasure or destruction. The recipients of the personal data may include SFM affiliated companies acting as subcontractors or auxiliaries, the registered agents in the jurisdictions relevant to the services, our IT suppliers or financial providers such as our payment acquirers, other third-party service providers, including Banks, that the Client has expressly requested to be introduced to, the public companies’ registries, or the legal authorities. All these disclosures which have been listed shall only occur in accordance with the GDPR GD PR and/or any applicable data privacy law. Our business relationship with these third party providers shall be a contractual one whereby both parties agree to abide by the obligations found in the GDPR and/or any applicable data privacy law such as the obligation of confidentiality on whoever is handling the personal data of the data subjects. To comply with “Know your client” obligations and ensure the correct service delivery, the processed data will include particulars of the Client, such as the full legal name(s), the nationality, the date of birth, domicile and residential addresses, passport numbers, passport validity dates, and contact details of identifiable individuals, as well as supporting documents evidencing such personal data and service instructions from the Client. The Client is under an obligation to maintain his/her personal data up to date during the entire contractual relationship with SFM, and to submit any required supporting document in relation to his/her update obligation in the exact form prescribed by SFM. 10.3. Affiliated companies of SFM or a registered agent may act as the processor of personal data on behalf of SFM, who shall remain the controller of such personal data. A more detailed explanation regarding with whom we share the data is found in our Privacy Policy at ▇▇▇▇▇://▇▇▇.▇▇▇-▇▇▇▇▇▇▇▇.▇▇▇/privacypolicy.html. 10.4. The Client acknowledges that more information regarding data processing may be obtained by contacting SFM or by e-e- mail to ▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. Any communication will be made in English. Any other language may only be used at SFM’s sole discretion and as a courtesy to the Client. 10.5. The Client is informed that he/she has a right to withdraw his/her consent to the collection, processing and use of his/her personal data, which must have been given freely and in a clear and affirmative manner in the first instance. The withdrawal of consent shall neither affect the lawfulness of processing based on consent before its withdrawal, nor the lawfulness of a continuation of the data processing where another valid purpose exists, such as the purpose of complying with the law. The Client warrants he/she has secured the valid legal authorization of any applicable data subject whose personal data he/she transferred to SFM and that such data subject has freely and in a clear and affirmative manner given his/her consent to the processing of personal data by or through SFM for the purpose of the service performance or in application of due diligence obligations. 10.6. SFM, its directors, employees or agents, are required to handle data with confidentiality. Despite all security precautions, data including e-mail electronic communications and personal financial data may be accessed by unauthorized third parties when communicated between the Client and SFM. Communicating with SFM may require the Client to use software produced by third parties including, but not limited to, browser software that supports a data security protocol compatible with the protocol protoc ol used by SFM. 10.7. Nothing in Clause 10 purports, nor shall it be construed, to extend to any person any right, or impose on SFM any ▇▇▇▇▇ nburden, except as available pursuant to applicable law.