RIVA DATA PROCESSING AND GDPR ADDENDUM

THIS  DATA PROCESSING  ADDENDUM  (the “Addendum”)  is made by and between  Riva International, Inc.

(“Licensor”)  and                                             (“Licensee”)   and   is   incorporated   into   the   TERMS AND

CONDITIONS OF USE Agreement (“Agreement”) between the Licensor and Licensee.

By signing this Addendum, Licensee enters into this Addendum on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of its Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement

This Addendum applies in respect of the Processing of Licensee Personal Data (as defined below) by the Licensor on behalf of the Licensee in connection with the provision of the Web Services or Licensed Software to the Licensee as set out in the Agreement. This Addendum shall be effective for the term of the Agreement.

This Addendum shall not replace or supersede any agreement or addendum relating to processing of personal data negotiated by Licensee and referenced in the Agreement, and any such individually negotiated agreement or addendum shall apply instead of this Addendum

1.              DEFINITIONS

“Licensee Personal Data” means the Personal Data described under Section 2 of this Appendix, in respect of which the Licensee is the Controller;

“Controller” has the meaning given in the GDPR;

“Data Protection Legislation” means all applicable legislation relating to data protection and privacy including without limitation the EU Data Protection Directive 95/46/EC and all local laws and regulations which amend or replace any of them, including the GDPR, together with any national implementing laws in any Member State of the European Union or, to the extent applicable, in any other country, as amended, repealed, consolidated or replaced from time to time;

“Data Subject” has the meaning given in the GDPR;

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;

“Personal Data”, “Personal Data Breach”, “Process”, “Processing,” “Processor” each have the meaning given in the GDPR.

Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement.

2.              DETAILS OF THE PROCESSING

3.              PROCESSING OF LICENSEE PERSONAL DATA

4.              CONFIDENTIALITY

5.              SECURITY MEASURES

6.              SUB-PROCESSING

7.              COOPERATION

  1. enable Licensee to respond to (i) any request from Data Subjects to exercise any of their rights under the Data Protection Legislation, (ii) address any other requests or complaints received by Licensee from Data Subjects or from data protection or other competent authorities;
    1. facilitate the Licensee to conduct (i) a Data Protection Impact Assessment if the Licensee is required to do so under the Data Protection Legislation and (ii) consultation with Data Protection Authorities, if the Licensee is required to engage in consultation under the Data Protection Legislation in relation to Processing of Licensee Personal Data.

8.              PERSONAL DATA BREACHES

(ii) take such actions as may be necessary or required by Licensee to minimize the effects of the Personal Data Breach, (iii) provide all such timely information and cooperation as Licensee may require in order for Licensee to meet any obligations to report or inform Data Subjects or the relevant Data Protection Authorities of the Personal Data Breach under the Data Protection Legislation.

9.              RETURN OR DELETION OF LICENSEE PERSONAL DATA

10.            INFORMATION

  1. Licensor shall make available to the Licensee all information necessary to demonstrate compliance with the obligations laid down in this Appendix and allow for and contribute to audits, including inspections, conducted by the Licensee or an auditor mandated by the Licensee. Licensor shall immediately inform the Licensee if, in its opinion, an instruction infringes the Data Protection Legislation

11.            LICENSEE DATA

  1. Use of the Software may depend on Licensee’s transmission of certain data (“Data”). Licensee retains all rights and ownership in Data. Licensor does not claim any ownership rights to Licensee’s Data. Licensee represents and warrants that Licensee has the necessary rights and licenses required to provide Licensee Data to Licensor in connection with Licensee’s use of the Software and that by providing Licensee Data in this manner, Licensee will not violate any intellectual property rights of third parties, confidential relationships, contractual obligations or laws. Without limiting the generality of the foregoing, Licensee shall provide all notices to, and obtain any consents from, any data subject as required by any applicable law, rule or regulation in connection with the processing of any personally identifiable information of such data subjects via the internet or any other network by Licensor and/or Licensee. Licensee shall be solely responsible for ensuring that any processing of Licensee Data by Licensor and/or Licensee via the internet or other communication service does not violate any applicable laws. Licensee shall not process or submit to the Software any Licensee Data that includes any: (i) “personal health information,” as defined under the Health Insurance Portability and Accountability Act, unless it enters into a separate agreement with Licensor relating to the processing of such data; (ii) government issued identification numbers, including Social Security and Social Insurance numbers, driver’s license numbers and other government-issued identification numbers; (iii)

financial account information, including bank account numbers; (iv) payment card data, including credit card or debit card numbers; or (iv) “sensitive” personal data, as defined under Directive 95/46/EC of the European Parliament (“EU Directive”) and any national laws adopted pursuant to the EU Directive, about residents of Switzerland and any member country of the European Union, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, or the commission or alleged commission any crime or offense.

  1. User Option to Encrypt. Licensor provides Licensee with the option to encrypt the transmission of Licensee Data. Licensee acknowledges that it is Licensee’s responsibility to encrypt the transmission of Licensee Data should Licensee wish to protect it. In the event Licensee decides not to utilize encryption and transmit Licensee Data unencrypted over a network, Licensee assumes all related risks for doing so. Licensor will not be liable for any liabilities arising from Licensee’s use of the Web Services (including Licensee’s transmission of Licensee Data) over the internet or other network.
  1. For non-EMEA clients, Licensor processes Licensee Data and provides Services from the United States and Canada. By using and accessing the Service, Licensee understands and agrees to the storage and processing in this region of Licensee Data and any other information Licensee chooses to provide. Licensor reserves the right to store and process Licensee Data and any other information Licensee chooses to provide outside of the United States and will endeavor to give Licensee 30 days’ notice in the event of such a change.

12.            NOTICES

  1. In the event of a data privacy breach, as stipulated in Section 8, Licensor shall provide notices to Licensee’s specified Data Privacy Officer (“DPO”). Contact information for Licensee’s DPO is as follows:

Name:

Title:

E-mail:

Phone Number:

Mailing Address:

  1. Notices, inquiries or requests from Licensee to Licensor can be initiated by e-mailing privacy@rivaengine.com

13.            CONFLICTING PROVISIONS AND ORDER OF PRECENDENCE.

  1. The provisions of the Addendum shall take precedence over any previous agreements or conflicting provision in any pre-printed terms and conditions contained on the reverse of any Purchase Order issued by Licensee, on web sites or elsewhere in connection with the licensing of the Web Services or Licensed Software. The provisions of the Addendum shall take precedence over any shrink-wrap, click-wrap, browse-wrap or similar license which is made applicable by acceptance on the internet or by incorporation in the Web Services or Licensed Software, Licensor’s proposal, or other similar means.