Common use of TO THE STANDARD CONTRACTUAL CLAUSES Clause in Contracts

TO THE STANDARD CONTRACTUAL CLAUSES. (Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c)) This Appendix forms part of the Clauses and must be completed and signed by the parties. Medius maintains security measures appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected, taking into account the state of the art and the cost of implementation. The technical and organisational security measures that Medius has in place for any system that processes Personal Data with regard to prevent improper destruction, alteration, disclosure, access, and other improper forms of processing of information exported by the data exporter to the data importer, include the following areas: - Access control - Information Classification (and handling) - Physical and Environmental Security - Acceptable Use of Assets - Clear Desk and Clear Screen - Information Transfer - Mobile Device and Teleworking - Restrictions on Software Installation and Use - Backup Routines - Malware-protection - Management of Technical Vulnerabilities - Cryptographic Controls - Communications Security - Privacy and Protection of Personally Identifiable Information - Subcontractor Relationship SCHEDULE A LIST OF SUB-PROCESSORS The parties below or their subsidiaries may provide services to one or more Services offered under the Agreement. Subprocessor Location Comment

TO THE STANDARD CONTRACTUAL CLAUSES. (Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c)) This Appendix forms part of the Clauses and must be completed and signed by the parties. Medius maintains security measures appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected, taking into account the state of the art and the cost of implementation. The technical and organisational security measures that Medius has in place for any system that processes Personal Data with regard to prevent improper destruction, alteration, disclosure, access, and other improper forms of processing of information exported by the data exporter to the data importer, include the following areas: - Access control - Information Classification (and handling) - Physical and Environmental Security - Acceptable Use of Assets - Clear Desk and Clear Screen - Information Transfer - Mobile Device and Teleworking - Restrictions on Software Installation and Use - Backup Routines - Malware-protection - Management of Technical Vulnerabilities - Cryptographic Controls - Communications Security - Privacy and Protection of Personally Identifiable Information - Subcontractor Relationship SCHEDULE A LIST OF SUB-PROCESSORS The parties below or their subsidiaries may provide services to one or of more Services offered under the Agreement. Subprocessor Location Comment

TO THE STANDARD CONTRACTUAL CLAUSES. (Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c)) This Appendix forms part of the Clauses and must be completed and signed by the parties. Medius maintains security measures appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected, taking into account the state of the art and the cost of implementation. The technical and organisational security measures that Medius has in place for any system that processes Personal Data with regard to prevent improper destruction, alteration, disclosure, access, and other improper forms of processing of information exported by the data exporter to the data importer, include the following areas: - Access control - Information Classification (and handling) - Physical and Environmental Security - Acceptable Use of Assets - Clear Desk and Clear Screen - Information Transfer - Mobile Device and Teleworking - Restrictions on Software Installation and Use - Backup Routines - Malware-protection - Management of Technical Vulnerabilities - Cryptographic Controls - Communications Security - Privacy and Protection of Personally Identifiable Information - Subcontractor Relationship SCHEDULE A LIST OF SUB-PROCESSORS The parties below or their subsidiaries may provide services to one or more Services offered under the Agreement. Subprocessor Location Comment

TO THE STANDARD CONTRACTUAL CLAUSES. (Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c)) This Appendix forms part of the Clauses and must be completed and signed by the parties. Medius maintains security measures appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected, taking into account the state of the art and the cost of implementation. The technical and organisational security measures that Medius has in place for any system that processes Personal Data with regard to prevent improper destruction, alteration, disclosure, access, and other improper forms of processing of information exported by the data exporter to the data importer, include the following areas: - Access control - Information Classification (and handling) - Physical and Environmental Security - Acceptable Use of Assets - Clear Desk and Clear Screen - Information Transfer - Mobile Device and Teleworking - Restrictions on Software Installation and Use - Backup Routines - Malware-protection - Management of Technical Vulnerabilities - Cryptographic Controls - Communications Security - Privacy and Protection of Personally Identifiable Information - Subcontractor Relationship SCHEDULE A LIST OF SUB-PROCESSORS The parties below or their subsidiaries may provide services to one or more Services offered under the Agreement. Subprocessor Location CommentInformation