Common use of Sub-Processing Clause in Contracts

Sub-Processing. 7.1. DT engages Sub-Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement with a Sub-Processor, DT: (i) Carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where a Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner for the performance of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.

Sub-Processing. 7.15.1. DT engages Sub-Customer authorizes AppsFlyer and each AppsFlyer Affiliate to appoint (and permit each Sub Processor appointed in accordance with this Section 5 to appoint) Sub Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement in accordance with a Sub-Processor, DT: (i) Carries out reviews this Section 5 and requires or receives adequate assurances that any restrictions in the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,Agreement. 7.25.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at The Sub Processors used by AppsFlyer are specified at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/subprocessors as Sub- Processors(“Sub Processors Website”). 7.35.3. AppsFlyer may appoint new Sub Processors at any time and shall update the Sub Processors Website upon such appointments. If Customer wishes to receive notice of any new Sub Processors, it may request to receive such notice by subscribing at the Sub Processors Website. If, within ten (10) days of such notice, Customer notifies AppsFlyer in writing of any reasonable objections to the proposed appointment, AppsFlyer shall not utilize such Sub Processor to Process Customer Personal Data until reasonable steps have been taken to address the objections raised by Customer, and Customer has been provided with a reasonable written explanation of the steps taken. Where such steps are not sufficient to relieve Customer’s reasonable objections then Customer or AppsFlyer may, by written notice to the other Party, with immediate effect, terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor, without bearing liability for such termination. 5.4. With respect to each Sub Processor, AppsFlyer shall: (a) take reasonable steps to ensure that the Sub Processor is committed to provide the level of protection for Personal Data required by the Agreement; (b) ensure that the arrangement between AppsFlyer and the Sub Processor is governed by a Sub-Processor fails written contract, including terms which, to fulfill its data the extent applicable to the nature of services provided by the Sub Processor, offer a level of protection obligations or statementsthat, DT will in all material respects, are consistent with the levels set out in this DPA and the Agreement; and (c) remain fully liable to Supply Partner the Customer for the performance of the Sub-Sub Processor's ’s data protection obligations where the Sub Processor fails to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processorfulfill such obligations. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.

Sub-Processing. 7.15.1. DT engages Sub-Controller authorizes Processor and each Processor Affiliate to appoint (and permit each Sub Processor appointed in accordance with this Section 5 to appoint) Sub Processors in accordance with this Section 5 and any restrictions in the Agreement. 5.2. Processor and each Processor Affiliate may continue to use those Sub Processors already engaged by Processor or any Processor Affiliate as of the date of this DPA, including for the purpose of cloud hosting services by reputable Sub Processors, to the extent necessary to perform certain Processor's obligations under the Agreement, as well as any Sub Processors whom Controller requested Processor to use. 5.3. Processor may appoint new Sub Processors and shall give notice of the appointment of any new Sub Processor (for instance by e-mail), whether by general or specific reference to such Sub Processor (e.g., by name or type of service), including relevant details of the Processing to be undertaken by the new Sub Processor. If, within seven (7) days of Supply Partner such notice, Controller notifies Processor in writing of any objections (on reasonable grounds) to the proposed appointment, Processor shall not appoint for the processing of Controller Personal Data on Supply Partner’s behalf. Prior the proposed Sub Processor until reasonable steps have been taken to an engagement address the objections raised by Controller, and Controller has been provided with a Sub-reasonable written explanation of the steps taken. Where such steps are not sufficient to relieve Controller’s reasonable objections then Controller or Processor may, by written notice to the other Party, with immediate effect, terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor without bearing liability for such termination. 5.4. With respect to each new Sub Processor, DT: Processor shall: 5.4.1. before the Sub Processor first Processes Controller Personal Data, take reasonable steps (ifor instance by way of reviewing privacy policies as appropriate) Carries out reviews and requires or receives adequate assurances to ensure that the Sub-Sub Processor complies with obligations substantially is committed to provide the level of protection for Controller Personal Data required by the Agreement; and 5.4.2. ensure that the arrangement between the Processor and the Sub Processor is governed by a written contract, including terms which offer materially similar to the obligations level of protection for Controller Personal Data as those set out in this Addendum; and (ii) ensures DPA that a Statutory Data Transfer Agreement or such other appropriate methods meet the requirements of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where a Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner for the performance of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Applicable Laws.

Sub-Processing. 7.14.1 The Customer shall authorize the following: (a) Processor may engage Sub Processors in connection with the provision of the Services. (b) Processor may continue to use those Sub Processors already engaged by the Processor at the date of this Addendum and the Agreement, subject to the Sub Processor in each case meeting the obligations set out in section 4. DT engages Sub-The Processor uses the Sub Processors specified in Privacy Policy at the date of this Addendum. (c) Processor shall give Customer prior written notice of the appointment of any new Sub Processor, including full details of the Processing to perform certain Processing be undertaken by the Sub Processor. If, within 30 days of Supply Partner receipt of that notice, Customer notifies the Processor in writing of any reasonable objections (e.g., if making Personal Data on Supply Partner’s behalf. Prior available to an engagement the Sub Processor may violate applicable Data Protection Law or weaken the protections for such Personal Data) to the proposed appointment. (d) Processor shall work with the Customer in good faith to make available a Sub-commercially reasonable change in the provision of the Services which avoids the use of that proposed Sub Processor; and (e) where such a change cannot be made within 30 days from Processor's receipt of Customer's notice, DT: notwithstanding the provisions of the Agreement, Customer may by written notice to Processor with immediate effect terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor. 4.2 Where no objectin is provided, the Processor shall: (ia) Carries before the Sub Processor first Processes Customer Personal Data, carry out reviews and requires or receives adequate assurances due diligence to ensure that the Sub-Sub Processor complies with obligations substantially similar to is capable of providing the obligations level of protection for Customer Personal Data required by this Addendum and the Agreement; (b) ensure that the arrangement between the Processor and the Sub Processor is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum; Addendum and provides for sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of Data Protection Laws; (iic) ensures that a Statutory Data Transfer Agreement or provide to the Customer for review such other appropriate methods copies of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement Processors’ agreements with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon Sub Processors (which may be redacted to remove confidential commercial information not relevant to the execution requirements of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval ) as Customer may request from time to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processorstime. 7.3. 4.3 Where a Sub-the Authorized Sub Processor fails to fulfill fulfil its data protection obligations or statementsobligations, DT will the Processor shall remain fully liable to Supply Partner the Customer for the performance of the Sub-that Authorized Sub Processor's ’s obligations to the same extent that DT would be liable to Supply Partner directly provided under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.

Sub-Processing. 7.1. DT engages 2.1 Customer generally authorizes Aforza to appoint Sub-Processors in accordance with this Paragraph 2. 2.2 Aforza may continue to perform certain Processing use those Sub-Processors already engaged by ▇▇▇▇▇▇ as at the date of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement this DPA (as those Sub-Processors are shown, together with a their respective functions and locations, in Annex 4 (Authorized Sub-Processors). 2.3 Aforza shall give Customer prior written notice of the appointment of any proposed Sub-Processor, DT: (i) Carries out reviews and requires or receives adequate assurances that including reasonable details of the Sub-Processor complies with obligations substantially similar Processing to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and be undertaken by the Sub-Processor, if the engagement by providing Customer with an updated copy of the Sub-Processor involves List via a Personal Data Transfer ‘mailshot’ or similar bulk distribution mechanism sent via email to Customer’s contact point as set out in Attachment 1 to Annex 1 (European Annex). If, within fourteen (14) days of Supply Partner Personal Data,receipt of that notice, Customer notifies Aforza in writing of any objections (on reasonable grounds) to the proposed appointment: (a) Aforza shall use reasonable efforts to make available a commercially reasonable change in the provision of the Services, which avoids the use of that proposed Sub-Processor; and (b) where: (i) such a change cannot be made within sixty (60) days from Aforza’s receipt of Customer’s notice; (ii) no commercially reasonable change is available; and/or (iii) Customer declines to bear the cost of the proposed change, then either Party may by written notice to the other Party with immediate effect terminate the Agreement, either in whole or to the extent that it relates to the Services which require the use of the proposed Sub-Processor, as its sole and exclusive remedy. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval 2.4 If Customer does not object to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where ’s appointment of a Sub-Processor fails during the objection period referred to fulfill its data protection obligations or statementsin Paragraph 2.3, DT will remain fully liable Customer shall be deemed to Supply Partner for have approved the performance engagement and ongoing use of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object 2.5 With respect to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new each Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner Aforza shall maintain a written contract between Aforza and the same Sub- Processor that includes terms which offer at least an equivalent level of Service without protection for Personal Data as those set out in this DPA (including the use Security Measures). Aforza shall remain liable for any breach of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to this DPA caused by a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.

Sub-Processing. 7.16.1. DT engages Sub-The Client authorizes Syndigo to appoint (and permit each Contracted Processor appointed in accordance with this Section 6 to appoint) Contracted Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement in accordance with a Sub-Processorthis Section 6 and any possible further restrictions, DT: (i) Carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,Agreement. 7.26.2. Upon Syndigo may continue to use those Contracted Processors already engaged by ▇▇▇▇▇▇▇ as of the execution date of this Addendum, Supply Partner hereby gives DT Supply Partnersubject to Syndigo meeting the obligations set out in Section 6.4. The list of Syndigo’s approval to engage Contracted Processors as of the companies detailed Effective Date is available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇/subprocessors /subscription/clients/subprocessors/. 6.3. Syndigo shall provide the Client prior written notice of the appointment of any new Contracted Processor by updating the list of Syndigo Contracted Processors. If the Client requires prior notification of any updates to the list of Contracted Processors, the Client can subscribe to receive updates. If, within thirty (30) days of posting of each such notice, the Client notifies Syndigo in writing of any reasonable objections to the proposed appointment, Syndigo shall not appoint or disclose any Client Personal Data to that proposed Contracted Processor until reasonable steps have been taken to address the objections raised by the Client and, in turn, the Client has been provided with a reasonable written explanation of the steps taken to account for any such objections. If the Client, nevertheless, objects to the proposed appointment, it shall be entitled to terminate the Agreement as Sub- Processorsa remedy. 7.36.4. Where a Sub-With respect to each Contracted Processor, Syndigo shall: (a) carry out adequate due diligence to ensure that the Contracted Processor fails to fulfill its data is capable of providing the level of protection obligations or statementsand security for Client Personal Data required by this Addendum, DT will remain fully liable to Supply Partner for the performance of Agreement, and Applicable Data Protection Laws before the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly Contracted Processor first Processes Personal Data or, where applicable, in accordance with Section 6.2; and (b) where required under the terms of this AddendumExhibit B, except as otherwise set forth in ensure that the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-arrangement between Syndigo and any prospective Contracted Processor is governed by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner contract that includes terms which offer at least the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable protection for Client Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded those set out in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Lawsthis Addendum (excluding its Exhibits).

Sub-Processing. 7.16.1. DT engages Sub-Customer authorizes Processor and each Processor Affiliate to appoint (and permit each Sub Processor appointed in accordance with this Section 6 to appoint) Sub Processors in accordance with this Section 6 and any restrictions in the Agreement. 6.2. Processor and each Processor Affiliate may continue to perform certain use those Sub Processors already engaged by Processor or any Processor Affiliate as of the date of this DPA. It is acknowledged and agreed that as of the date of this DPA Processor uses Amazon Web Services and Akamai as Sub Processors for the purpose of cloud hosting services and content delivery network, which use is subject to the respective Amazon and Akamai applicable guidelines. 6.3. Processor may appoint new Sub Processors and shall give notice of the appointment of any new Sub Processor (for instance as part of a Privacy Policy amendment), whether by general or specific reference to such Sub Processor (e.g., by name or type of service), including relevant details of the Processing to be undertaken by the new Sub Processor. If, within seven (7) days of Supply Partner such notice, Customer notifies Processor in writing of any objections (on reasonable grounds) to the proposed appointment, Processor shall not appoint for the processing of Customer Personal Data on Supply Partner’s behalf. Prior the proposed Sub Processor until reasonable steps have been taken to an engagement address the objections raised by Customer, and Customer has been provided with a Sub-reasonable written explanation of the steps taken. Where such steps are not sufficient to relieve Customer’s reasonable objections then Customer or Processor may, by written notice to the other Party, with immediate effect, terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor without bearing liability for such termination. With respect to each new Sub Processor, DT: Processor shall: 6.4.1. before the Sub Processor first Processes Customer Personal Data, take reasonable steps (ifor instance by way of reviewing privacy policies as appropriate) Carries out reviews and requires or receives adequate assurances to ensure that the Sub-Sub Processor complies with obligations substantially is committed to provide the level of protection for Customer Personal Data required by the Agreement; and 6.4.2. ensure that the arrangement between the Processor and the Sub Processor is governed by a written contract, including terms which offer materially similar to the obligations level of protection for Customer Personal Data as those set out in this Addendum; and (ii) ensures DPA that a Statutory Data Transfer Agreement or such other appropriate methods meet the requirements of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where a Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner for the performance of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Applicable Laws.

Sub-Processing. 7.16.1. DT engages Sub-Customer authorizes Processor and each Processor Affiliate to appoint (and permit each Sub Processor appointed in accordance with this Section 6 to appoint) Sub Processors in accordance with this Section 6 and any restrictions in the Agreement. 6.2. Processor and each Processor Affiliate may continue to perform certain use those Sub Processors already engaged by Processor or any Processor Affiliate as of the date of this DPA. It is acknowledged and agreed that as of the date of this DPA Processor uses Amazon Web Services as Sub Processors for the purpose of cloud hosting services and content delivery network, which use is subject to the respective Amazon applicable guidelines. 6.3. Processor may appoint new Sub Processors and shall give notice of the appointment of any new Sub Processor (for instance as part of a Privacy Policy amendment), whether by general or specific reference to such Sub Processor (e.g., by name or type of service), including relevant details of the Processing to be undertaken by the new Sub Processor. If, within seven (7) days of Supply Partner such notice, Customer notifies Processor in writing of any objections (on reasonable grounds) to the proposed appointment, Processor shall not appoint for the processing of Customer Personal Data on Supply Partner’s behalf. Prior the proposed Sub Processor until reasonable steps have been taken to an engagement address the objections raised by Customer, and Customer has been provided with a Sub-reasonable written explanation of the steps taken. Where such steps are not sufficient to relieve Customer’s reasonable objections then Customer or Processor may, by written notice to the other Party, with immediate effect, terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor without bearing liability for such termination. With respect to each new Sub Processor, DT: Processor shall: 6.4.1. before the Sub Processor first Processes Customer Personal Data, take reasonable steps (ifor instance by way of reviewing privacy policies as appropriate) Carries out reviews and requires or receives adequate assurances to ensure that the Sub-Sub Processor complies with obligations substantially is committed to provide the level of protection for Customer Personal Data required by the Agreement; and 6.4.2. ensure that the arrangement between the Processor and the Sub Processor is governed by a written contract, including terms which offer materially similar to the obligations level of protection for Customer Personal Data as those set out in this Addendum; and (ii) ensures DPA that a Statutory Data Transfer Agreement or such other appropriate methods meet the requirements of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where a Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner for the performance of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Applicable Laws.

Sub-Processing. 7.16.1. DT engages Sub-Customer authorizes ▇▇▇▇▇▇▇▇ and each Devtodev Affiliate to appoint (and permit each Sub Processor appointed in accordance with this Section 6 to appoint) Sub Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement in accordance with a Sub-Processor, DT: (i) Carries out reviews this Section 6 and requires or receives adequate assurances that any restrictions in the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,Agreement. 7.26.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at The Sub Processors used by Devtodev are specified at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/subprocessors as Sub- Processors(“Sub Processors Website”). 7.36.3. Devtodev may appoint new Sub Processors at any time and shall update the Sub Processors Website upon such appointments. If the Customer wishes to receive notice of any new Sub Processors, it may request to receive such notice by following the updates on the Sub Processors Website. If, within ten (10) days of such notice, Customer notifies Devtodev in writing of any reasonable objections to the proposed appointment, Devtodev shall not utilize such Sub Processor to Process Customer Personal Data until reasonable steps have been taken to address the objections raised by Customer, such as a change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub Processor. Where such steps are not sufficient to relieve Customer’s reasonable objections and a Sub-solution has not been found within a reasonable period of time, which shall not exceed twenty (20) days from Customer’s objection notification, then Customer or Devtodev may, by written notice to the other Party, with immediate effect, terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor, without bearing liability for such termination. 6.4. With respect to each Sub Processor, Devtodev shall: (a) take reasonable steps to ensure that the Sub Processor fails is committed to fulfill its data providing the level of protection obligations or statementsfor Personal Data required by the Agreement; (b) ensure that the arrangement between Devtodev and the Sub Processor is governed by a written contract, DT will including terms which, to the extent applicable to the nature of services provided by the Sub Processor, offer a level of protection that, in all material respects, are consistent with the levels set out in this DPA and the Agreement; and (c) remain fully liable to Supply Partner the Customer for the performance of the Sub-Sub Processor's ’s data protection obligations where the Sub Processor fails to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processorfulfill such obligations. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.

Sub-Processing. 7.15.1. DT engages Customer acknowledges and agrees that Netlify may utilize the authorized Sub- processorsset forth in Exhibit 1 Annex III. Customer can subscribe to receive email notification of updates to Sub-Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement with a Sub-Processor, DT: processors by submitting (i) Carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; email address for such notifications and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods the full name of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processorsubscribing legal entity, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,applicable. 7.25.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at Netlify shall by email inform ▇▇▇▇://▇▇▇.▇▇.▇ who has subscribed to receive notifications of any changes concerning the addition or replacement of sub-processors, at least ten (10) business days prior to such change(s), thereby giving Customer the opportunity to object to such changes. Customer may object in writing to ▇▇▇/subprocessors as Sub- Processors. 7.3. Where a ▇▇▇▇’s intended change concerning Netlify’s Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner for the performance of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice processors within five (5) business days of receipt of said such notice. 5.3. If Supply Partner objects it is not possible for Netlify and Customer to resolve the issue within a reasonable time despite both parties’ good faith efforts, notwithstanding anything in the Principal Agreement, Customer may suspend or terminate the Principal Agreement to the new extent thatit relates to Services which require the use of the proposed Sub-Processor, DT processor. 5.4. Netlify will make commercially reasonable efforts to provide Supply Partner enter into a written agreement with each Sub-processor containing terms whichoffer at least the same level of Service without the use of such protection for Customer Personal Data as those set out in thisDPA, imposing in particular that each Sub-Processorprocessor provides sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of the GDPR. 5.5. NotwithstandingNetlify shall remain fully liable to Customer for the performance of its Sub-processor's obligations to the same extent Netlify would be liable if performing the Services directlyunder the terms of this DPA. 5.6. If Customer and Netlify have entered into Standard Contractual Clauses as described in Section 11 (Transfer Mechanisms for Data Transfers), Supply Partner(i) the above authorizations will constitute Customer’s objection and prior written consent to the results thereof will not amend, alter or reduce Supply Partner’s obligations subcontracting by Netlify of the processing of Personal Data if such consent is required under the Agreement. Supply Partner will not be entitled to any refund Standard Contractual Clauses, and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination (ii) the parties agree that the copies of the Agreement, in connection agreements with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding processors that must be provided by Netlify to Customer pursuant to Clause 9(c) of the provisions here above (e.g. prior consent by Supply Partner)Standard Contractual Clauses may have commercial information, Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, or information unrelated to the extent necessaryStandard Contractual Clauses or their equivalent, at DT sole discretionremoved by Netlify beforehand, to duly perform the Service on condition and that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT copies will be treated as if concluded in provided by the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required Netlify only upon request by Data Protection LawsCustomer.

Sub-Processing. 7.1. DT engages 10.1 The Customer acknowledges and expressly agrees that IZIX may use Third Party Sub-Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement with a Sub-Processor, DT: (i) Carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where a Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner processors for the performance provision of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except IZIX Services as otherwise set forth described in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of 10.2 Any such Sub-Processorprocessors that provide services to and process Personal Data for IZIX shall be permitted to Process Personal Data only to deliver the services IZIX has entrusted them with and shall be prohibited from Processing such Personal Data for any other purpose. Notwithstanding, Supply PartnerIZIX remains fully responsible for any such Sub-processor’s objection and the results thereof will not amend, alter or reduce Supply Partnercompliance with IZIX’s obligations under the Agreement. Supply Partner will not be entitled , including this DPA. 10.3 IZIX shall, prior to the entrusting of services to a Sub- processor, carry out any refund relevant due diligence on such Sub- processor to assess whether it is capable of providing the level of protection for the Personal Data as is required by this Data Processing Agreement and will hold DT harmless from and against provide evidence of such due diligence to the Customer where requested by the Customer or a regulator. 10.4 IZIX shall enter into written agreements with any claimssuch Sub- processor which contain obligations no less protective than those contained in this DPA, suits and demands associated with or related respect to Supply Partner’s termination the protection of Personal Data to the extent applicable to the nature of the AgreementIZIX Services provided by such Sub-processor, in connection with Supply Partnerincluding the obligations imposed by the Standard Contractual Clauses, as applicable. 10.5 Upon the Customer’s objection written request, IZIX shall make available to the Customer the current list of Sub-processors for the provision of IZIX Services. 10.6 If the Customer objects to the use of a new Sub-Processor. 7.5processor that shall be processing the Customer’s Personal Data, then the Customer shall notify IZIX in writing within 30 calendar days after being informed of the processing activities of said Sub-processor. Notwithstanding In such a case, IZIX shall use reasonable efforts to change the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT affected Services or to sub-contract recommend a commercially reasonable change to the Customer’s use of the affected Services to avoid the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that Personal Data by the Sub-Processors provide sufficient guarantees in relation processor concerned. If IZIX is unable to required level of data protectionmake available or propose such change within 60 calendar days, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from Customer may terminate the relevant Supervising Authorities and to perform any submissions and registrationspart of the Agreement regarding those Services which cannot be provided by IZIX without the use of the Sub-processor concerned. To that end, as required by Data Protection Lawsthe Customer shall provide written notice of termination that includes the reasonable motivation for non-approval.

Sub-Processing. 7.16.1. DT engages Customer hereby grants general written authorization to ASAPP to appoint Sub-Processors to perform certain specific Processing of Supply Partner Personal Data activities on Supply Partner’s its behalf. Prior to an engagement with a SubA list of sub-Processor, DT: (i) Carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out Processors currently engaged by ASAPP in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement connection with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed Services can be found at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/subprocessors /sub-processors/ (as may be updated by ASAPP from time to time in accordance with this DPA) (³6X-3EURFHVV).RU 6LWH´ 6.2. ASAPP shall make available on its Sub-Processor Site a mechanism to subscribe to notifications of new Sub-Processors. ASAPP shall provide such notification to those emails that have subscribed at least twenty-eight (28) days in advance of allowing the new Sub-Processor to Process Customer Personal Data O(bjtecthioen Per“iod”). During the Objection Period, obje of the new Sub-Processor must be provided to ASAPP in writing and based on reasonable grounds. In such event, the Parties will discuss those objections in good faith with a view to achieving resolution. If it can be reasonably demonstrated to ASAPP that the new Sub-Processor is unable to Process Customer Personal Data in compliance with the terms of this DPA and ASAPP cannot provide an alternative Sub- ProcessorsProcessor, or the Parties are not otherwise able to achieve resolution as provided in the preceding sentence, Customer, as its sole and exclusive remedy, may terminate the Order Form(s) with respect to only those aspects which cannot be provided by ASAPP without the use of the new Sub-Processor by providing advance written notice to ASAPP of such termination. ASAPP will refund Customer any prepaid unused fees of such Order Form(s) following the effective date of such termination. 7.36.3. Before engaging any Sub-Processor to Process Customer Personal Data, ASAPP will enter into a binding written agreement with the Sub-Processor that imposes on the Sub-Processor obligations that are no less protective than those imposed on ASAPP under this DPA. Where a the Sub-Processor fails to fulfill fulfil its data protection obligations or statementsobligations, DT ASAPP will remain fully liable to Supply Partner Customer for the performance of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-ProcessorProcessors obligations. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.

Sub-Processing. 7.16.1. DT engages Each Company Group Member authorises Vendor to appoint (and permit each Sub-Processors processor appointed in accordance with this section 6 to perform certain appoint) Sub-processors in accordance with this section 6 and any restrictions in the Agreement. 6.2. Vendor may continue to use those Sub-processors already engaged by Vendor as at the date of this Addendum, subject to Vendor in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3. Vendor shall give Company prior written notice of the appointment of any new Sub-processor, including full details of the Processing to be undertaken by the Sub-processor. If, within 30 (thirty) calendar days of Supply Partner receipt of that notice, Company notifies Vendor in writing of any objections (on reasonable grounds) to the proposed appointment: 6.3.1. Vendor shall work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Sub-processor; and 6.3.2. where such a change cannot be made within 30 (thirty) calendar days from Vendor's receipt of Company's notice, notwithstanding anything in the Agreement, Company may by written notice to Vendor with immediate effect terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub-processor. 6.4. With respect to each Sub-processor, Vendor shall: 6.4.1. before the Sub-processor first Processes Company Personal Data on Supply Partner’s behalf. Prior (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to an engagement with a Sub-Processor, DT: (i) Carries out reviews and requires or receives adequate assurances ensure that the Sub-Processor complies with obligations substantially similar to processor is capable of providing the obligations level of protection for Company Personal Data required by the Agreement 6.4.2. ensure that the arrangement between the Vendor the Sub-processor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this Addendum; Addendum and (iimeet the requirements of article 28(3) ensures of the GDPR 6.4.3. if that arrangement involves a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement executed between DT on the Vendor and the Sub-Processorprocessor, if the engagement with or before the Sub-Processor involves a processor first Processes Company Personal Data Transfer procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 6.4.4. provide to Company for review such copies of Supply Partner Personal Data,. 7.2. Upon the execution Contracted Processors' agreements with Sub-processors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval ) as Company may request from time to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processorstime. 7.36.5. Where a Vendor shall ensure that each Sub-Processor fails processor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner for the performance Processing of the Company Personal Data carried out by that Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendumprocessor, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded it were party to this Addendum in the name and on behalf place of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection LawsVendor.

Sub-Processing. 7.16.1. DT engages Sub-Customer authorizes AppsFlyer and each AppsFlyer Affiliate to appoint (and permit each Sub Processor appointed in accordance with this Section 6 to appoint) Sub Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement in accordance with a Sub-Processor, DT: (i) Carries out reviews this Section 6 and requires or receives adequate assurances that any restrictions in the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,Agreement. 7.26.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at The Sub Processors used by AppsFlyer are specified at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/subprocessors as Sub- Processors(“Sub Processors Website”). 7.36.3. AppsFlyer may appoint new Sub Processors at any time and shall update the Sub Processors Website upon such appointments. If Customer wishes to receive notice of any new Sub Processors, it may request to receive such notice by subscribing at the Sub Processors Website. If, within ten (10) days of such notice, Customer notifies AppsFlyer in writing of any reasonable objections to the proposed appointment, AppsFlyer shall not utilize such Sub Processor to Process Customer Personal Data until reasonable steps have been taken to address the objections raised by Customer, such as a change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor. Where such steps are not sufficient to relieve Customer’s reasonable objections and a Sub-solution has not been found within reasonable period of time which shall not exceed twenty (20) days from Customer’s objection notification, then Customer or AppsFlyer may, by written notice to the other Party, with immediate effect, terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor, without bearing liability for such termination. 6.4. With respect to each Sub Processor, AppsFlyer shall: (a) take reasonable steps to ensure that the Sub Processor fails is committed to fulfill its data provide the level of protection obligations or statementsfor Personal Data required by the Agreement; (b) ensure that the arrangement between AppsFlyer and the Sub Processor is governed by a written contract, DT will including terms which, to the extent applicable to the nature of services provided by the Sub Processor, offer a level of protection that, in all material respects, are consistent with the levels set out in this DPA and the Agreement; and (c) remain fully liable to Supply Partner the Customer for the performance of the Sub-Sub Processor's ’s data protection obligations where the Sub Processor fails to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processorfulfill such obligations. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.

Sub-Processing. 7.15.1. DT engages Sub-Customer authorizes RedTrack and each RedTrack Affiliate to appoint (and permit each Sub Processor appointed in accordance with this Section 5 to appoint) Sub Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement in accordance with a Sub-Processor, DT: (i) Carries out reviews this Section 5 and requires or receives adequate assurances that any restrictions in the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,Agreement. 7.25.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at The Sub Processors used by RedTrack are specified at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/subprocessors as Sub- Processors/gdpr/ (“Sub Processors Website”). 7.35.3. RedTrack may appoint new Sub Processors at any time and shall update the Sub Processors Website upon such appointments. If a Customer wishes to receive notice of any new Sub Processors, it may request to receive such notice by subscribing at the Sub Processors Website. If, within ten (10) days of such notice, Customer notifies RedTrack in writing of any reasonable objections to the proposed appointment, RedTrack shall not utilize such Sub Processor to Process Customer Personal Data until reasonable steps have been taken to address the objections raised by Customer, and Customer has been provided with a reasonable written explanation of the steps taken. Where a Sub-Processor fails such steps are not sufficient to fulfill its data protection obligations relieve Customer’s reasonable objections then Customer or statementsRedTrack may, DT will remain fully liable to Supply Partner for the performance of the Sub-Processor's obligations by written notice to the same other Party, with immediate effect, terminate the Agreement to the extent that DT would be liable it relates to Supply Partner directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to Services which require the use of new or additional Sub-the proposed Sub Processor, without bearing liability for such termination. 5.4. With respect to each Sub Processor, RedTrack shall: (a) take reasonable steps to ensure that the Sub Processor is committed to provide the level of protection for Personal Data required by sending DT the Agreement; (b) ensure that the arrangement between RedTrack and the Sub Processor is governed by a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processorcontract, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdictionincluding terms which, to the extent necessaryapplicable to the nature of services provided by the Sub Processor, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required offer a level of data protectionprotection that, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement in all material respects, or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded are consistent with the levels set out in this DPA and the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Laws.Agreement; and

Sub-Processing. 7.18.1 The Customer authorises the Processor to appoint Sub processors to carry out parts of the Service, according to the procedures and restrictions in this Art. DT engages Sub-Processors 8. 8.2 If the Processor intends to perform certain Processing appoint a Sub processor, he shall notify the Customer and inform him which part of Supply Partner the Service will be undertaken by the Sub processor. If the Customer does not object to that notice within 7 days of its receipt, he is considered to have approved the Sub processing. If the Customer objects within that time, the Processor shall not share any Customer Personal Data on Supply Partner’s behalf. Prior with the Sub processor, until appropriate arrangements have been made to an engagement with react to the objections of the Customer and those arrangements have been explained to the Customer. 8.3 In all instances when a Sub-ProcessorSub processor is appointed the Processor shall: 8.3.1 Before the Sub processor initiates any processing, DT: (i) Carries carry out reviews and requires or receives adequate assurances sufficient due diligence to make sure that the Sub-Processor complies Sub processor can provide the level of protection for Customer Personal Data that the Agreement requires; 8.3.2 Conclude an agreement with obligations substantially similar to the obligations as set out in this Addendum; Sub processor that satisfies the requirements of Para 3 Art 28 GDPR, and (ii) that ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into when the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where a Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner for the performance Sub processor carries out any processing of the Sub-Processor's obligations to the same extent Customer Personal data, he is bound by terms that DT would be liable to Supply Partner directly under are in no way less secure then the terms of this AddendumProcessing Agreement; and 8.3.3 If the Customer so requests, except as otherwise set forth provide him with a copy of the agreement referred to in Art. 8.3.2, when appropriate after commercially sensitive information has been deleted. 8.3.4 If a Sub processor does not comply with his data protection obligations, the Processor remains liable to the Customer for such obligations, on the basis and under the conditions provided for in this Processing Agreement, as if DT would have performed the obligations of the Sub-Processorno Sub Processor had been appointed. 7.48.4 The Processor shall ensure that the Sub processor adheres to all obligations under Art. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object 4.1, Error! Reference source not found., Error! Reference source not found., 9.1, 10.2 and 13.1, as they apply to the use processing of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Customer Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded carried out by DT will be treated the Sub processor, as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible he was himself party to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection Lawsthis Processing Agreement.

Sub-Processing. 7.1. DT engages ‌ 10.1 The Customer acknowledges and expressly agrees that IZIX may use Third Party Sub-Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement with a Sub-Processor, DT: (i) Carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/subprocessors as Sub- Processors. 7.3. Where a Sub-Processor fails to fulfill its data protection obligations or statements, DT will remain fully liable to Supply Partner processors for the performance provision of the Sub-Processor's obligations to the same extent that DT would be liable to Supply Partner directly under the terms of this Addendum, except IZIX Services as otherwise set forth described in the Agreement, if DT would have performed the obligations of the Sub-Processor. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of 10.2 Any such Sub-Processorprocessors that provide services to and process Personal Data for IZIX shall be permitted to Process Personal Data only to deliver the services IZIX has entrusted them with and shall be prohibited from Processing such Personal Data for any other purpose. Notwithstanding, Supply PartnerIZIX remains fully responsible for any such Sub-processor’s objection and the results thereof will not amend, alter or reduce Supply Partnercompliance with IZIX’s obligations under the Agreement. Supply Partner will not be entitled , including this DPA. 10.3 IZIX shall, prior to the entrusting of services to a Sub-processor, carry out any refund relevant due diligence on such Sub-processor to assess whether it is capable of providing the level of protection for the Personal Data as is required by this Data Processing Agreement and will hold DT harmless from and against provide evidence of such due diligence to the Customer where requested by the Customer or a regulator. 10.4 IZIX shall enter into written agreements with any claimssuch Sub-processor which contain obligations no less protective than those contained in this DPA, suits and demands associated with or related respect to Supply Partner’s termination the protection of Personal Data to the extent applicable to the nature of the AgreementIZIX Services provided by such Sub- processor, in connection with Supply Partnerincluding the obligations imposed by the Standard Contractual Clauses, as applicable. 10.5 Upon the Customer’s objection written request, IZIX shall make available to the Customer the current list of Sub-processors for the provision of IZIX Services. 10.6 If the Customer objects to the use of a new Sub-Processor. 7.5processor that shall be processing the Customer’s Personal Data, then the Customer shall notify IZIX in writing within 30 calendar days after being informed of the processing activities of said Sub-processor. Notwithstanding In such a case, IZIX shall use reasonable efforts to change the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT affected Services or to sub-contract recommend a commercially reasonable change to the Customer’s use of the affected Services to avoid the Processing to Sub-Processors based outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition that Personal Data by the Sub-Processors provide sufficient guarantees in relation processor concerned. If IZIX is unable to required level of data protectionmake available or propose such change within 60 calendar days, e.g. through a sub-contracting agreement which is based on a Statutory Data Protection Agreement , or based on such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from Customer may terminate the relevant Supervising Authorities and to perform any submissions and registrationspart of the Agreement regarding those Services which cannot be provided by IZIX without the use of the Sub-processor concerned. To that end, as required by Data Protection Lawsthe Customer shall provide written notice of termination that includes the reasonable motivation for non-approval.

Sub-Processing. 7.15.1 The Parties acknowledge that Data Protection Laws permit the Partner to provide the Company a written authorization to Sub Processing. DT engages Under the DPA, Partner authorises Company to appoint (and permit each Sub Processor appointed in accordance with this section 5) Sub Processors in accordance with this section and any restrictions in the Agreement. 5.2 A list of Company’s current Sub-Processors to perform certain Processing of Supply Partner Personal Data on Supply Partner’s behalf. Prior to an engagement with a Sub-Processor, DT: (i) Carries out reviews and requires or receives adequate assurances that the Sub-Processor complies with obligations substantially similar to the obligations as set out in this Addendum; and (ii) ensures that a Statutory Data Transfer Agreement or such other appropriate methods of Personal Data transfer are at all relevant times incorporated into the agreement executed between DT and the Sub-Processor, if the engagement with the Sub-Processor involves a Personal Data Transfer of Supply Partner Personal Data,. 7.2. Upon the execution of this Addendum, Supply Partner hereby gives DT Supply Partner’s approval to engage the companies detailed is available upon demand at ▇▇▇▇://▇▇▇@▇▇▇▇.▇▇▇.▇▇▇/subprocessors as Sub- Processors. 7.35.3 Company shall provide Partner with advance notice before a new Sub Processor processes any Personal Data, including full details of the processing to be undertaken by the Sub Processor. Where Partner may object to the new Sub Processor within fifteen (15) days of such notice on reasonable grounds relating to the protection of Personal Data In such case, Company shall have the right to cure the objection through one of the following options: (1) Company will cancel its plans to use the Sub Processor with regards to processing of Personal Data or will offer an alternative to provide the Services without such Sub Processor; or (2) Company will take the corrective steps requested by Partner in its objection notice and proceed to use the Sub processor or (3) Company may elect to proceed with its use of the new sub-processor in which case Partner or Customer may decide (a) not to use, whether temporarily or permanently, the particular aspect or feature of the Services that would involve the use of such Sub Processor (b) in case (a) is not feasible to terminate its use of the Services. 5.4 Company shall: (a) enter into a Sub-written agreement in accordance with same requirements as set forth on Data Protection Laws with any Sub Processor fails to fulfill its data protection obligations or statements, DT that will remain fully process Personal Data and b) ensure that each such written agreement contains terms that are no less protective of Personal Data than those contained in this DPA and (c) be liable to Supply Partner for the performance acts and omissions of the Sub-Processor's obligations its Sub Processors to the same extent that DT Company would be liable to Supply Partner if it were performing the Services of each of those Sub Processors directly under the terms of this Addendum, except as otherwise set forth in the Agreement, if DT would have performed the obligations of the Sub-ProcessorDPA. 7.4. DT will inform Supply Partner of DT’s engagement with a new Sub-Processor. Supply Partner may object to the use of new or additional Sub-Processor by sending DT a written notice within five (5) business days of receipt of said notice. If Supply Partner objects to the new Sub-Processor, DT will make commercially reasonable efforts to provide Supply Partner the same level of Service without the use of such Sub-Processor. Notwithstanding, Supply Partner’s objection and the results thereof will not amend, alter or reduce Supply Partner’s obligations under the Agreement. Supply Partner will not be entitled to any refund and will hold DT harmless from and against any claims, suits and demands associated with or related to Supply Partner’s termination of the Agreement5.5 The Company, in connection with Supply Partner’s objection to a new Sub-Processor. 7.5. Notwithstanding providing the provisions here above (e.g. prior consent by Supply Partner), Supply Partner hereby authorizes DT to sub-contract the Processing to Sub-Processors based Services shall transfer Personal Data outside of Supply Partner’s jurisdiction, to the extent necessary, at DT sole discretion, to duly perform the Service on condition EEA. Company ensures that the Sub-Processors provide sufficient guarantees in relation to required level of data protection, e.g. through a sub-contracting agreement which is based on a Statutory Company will comply with any requirements (such as Standard Contractual Clauses and any other legal transfer mechanism) under Data Protection Agreement , or based on Laws with regard to such other applicable Personal Data Transfer mechanisms. Any such Statutory Data Protection Agreement concluded by DT will be treated as if concluded in the name and on behalf of Supply Partner. Supply Partner will be responsible to obtain regulatory approvals from the relevant Supervising Authorities and to perform any submissions and registrations, as required by Data Protection LawsTransfers.