Introduction and legal Notice

Notice: This is a legally binding agreement between the recipient/s of this Service (the “user”) and MYCDD ltd (“MYCDD”). Please read it carefully.

If you accept the Service:

1. You agree that as a registered user that you will be bound to the terms of these Cloud Services Terms and Conditions (the “Agreement”);
2. You represent and warrant that you have authority to enter into this agreement; and
3. You represent and warrant that you have read and agreed to the terms of this agreement. Alternatively, by using the Service, as a registered user that you agree to be bound by these terms.
4. If you do not agree with the terms of this agreement, do not accept the Transaction Agreement, and do not use the Service.

Cloud Services Terms and Conditions (CST)

These Cloud Services Terms and Conditions (this “Agreement”) is a binding agreement between you (“the User”) and MYCDD Ltd (“MYCDD”) (collectively, the “Parties” and each, a “Party”).

MYCDD provides the Service on the terms and conditions outlined in this agreement and on the condition that the user accepts and complies with such terms and conditions. By accepting the terms and conditions outlined in this agreement, the user (a) accepts this agreement and agrees that user is legally bound by its terms and (b) if the user is a corporation, limited liability company, or other business organisation, that user has the right, power, and authority to enter into this agreement on behalf of such corporation, limited liability company, or other business organisation. If the user does not agree to the terms and conditions outlined in this agreement, the user will not and does not have any right to access, use, the Service.

NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, NO RIGHT TO ACCESS, USE, OR LICENSE THE SERVICE IS GRANTED (WHETHER EXPRESSLY, BY IMPLICATION, OR OTHERWISE) UNDER THIS AGREEMENT, AND THIS AGREEMENT EXPRESSLY EXCLUDES ANY RIGHT, CONCERNING ANY USE THAT USER DID NOT ACQUIRE LAWFULLY OR THAT IS NOT A LEGITIMATE, AUTHORISED ACCESS OF THIS SERVICE.

The Transaction Agreement executed by the Parties and entered into accordance with (1) to (4):

• Cloud Services Terms and Conditions (CST)
• MyCDD General Terms and Conditions (GTC)
• the Cloud Services Addendum; (CSA)
• the Data Processing Addendum (as applicable); and
• the Transaction Agreement executed by the Parties and entered into in accordance with (1) to (4).

MYCDD General terms and conditions

1. Definitions

1.1. Definitions. The following capitalized terms used in this Agreement shall have the respective meanings specified below or as otherwise outlined in this Agreement:
“Addenda” means two or more Addendum.
“Addendum” means any of the following: Cloud Services Addendum and Data Processing Addendum (if applicable).
“Affiliates” means, as to any entity, any other entity that, directly or indirectly, Controls, is Controlled by or is under common control with such entity. To avoid misunderstanding, for MYCDD “Affiliates” means any direct or indirect wholly-owned subsidiary of MYCDD ltd.
“Agreement” has the meaning outlined in the Preamble.
“Confidential Information” has the meaning outlined in Section 5.1 (Confidential Information).
“Control” means, concerning any entity, the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through the ownership of voting securities (or other ownership interest), by contract or otherwise.
“CST’s” has the meaning outlined in the Preamble.

“Customer” has the same meaning as in the AML/CFT Codes of Practice.

“Disclosing Party” has the meaning outlined in Section 5.1 (Confidential Information).
“Documentation” has the meaning outlined in the applicable Addenda or Schedules, as applicable and as the context may require.
“Document Owner” means a person who submits documents to MYCDD (also defined in GDPR as a natural person, and a customer in the CDD legislation)

“Effective Date” means the date that User accepts this Agreement by signing.
“Export Control Laws” has the meaning outlined in Section 14.10 (Export Restrictions).
“Force Majeure” has the meaning outlined in Section 14.3 (Force Majeure).
“Hosting Services” shall mean the hosting of software, by MYCDD for the User under this Agreement through a cloud infrastructure provided by MYCDD or by a third party on behalf of MYCDD.
“Initial Term” has the meaning outlined in Section 10.1 (Term of CST’s).
“Intellectual Property Rights” means any patent rights, copyrights, trademarks, trade secrets, moral rights, and other proprietary or intellectual property rights worldwide.
“MYCDD” has the meaning outlined in the Preamble.
“MYCDD Indemnitees” has the meaning outlined in Section 9.3 (Indemnification by User).

“Party” and “Parties” have the meaning outlined in the Preamble.
“Receiving Party” has the meaning outlined in Section 5.1 (Confidential Information).
“Records” means all of the data (files) submitted by a Document Owner

“Renewal Term” has the meaning outlined in Section 10.1 (Term of CST’s).
“Restricted Person” has the meaning outlined in Section 14.11 (Sanctions).
“SaaS Service” means the subscription-based, hosted software-as-a-Service Service that is provided to User by MYCDD.
“Sanctions Laws” has the meaning outlined in Section 14.11 (Sanctions).
“Schedule” means the SaaS Service Schedule (as applicable) or Hosting Service Schedule (as applicable) specified in an applicable Transaction Agreement.
“Service” means the SaaS Service or Hosting Services, as applicable, that is provided to User by MYCDD under a Transaction Agreement or on an evaluation basis or as a free trial as outlined in Section 2.2.
“Streamlined Rules” has the meaning outlined in Section 14.12 (Binding Arbitration).
“TA Effective Date” has the meaning outlined in Section 10.2 (Transaction Agreement Term).
“TA Term” has the meaning outlined in Section 10.2 (Transaction Agreement Term).
“Term” has the meaning outlined in Section 10.1 (Term of CST’s).
“Third-Party Service” means any service (including any software-as-a-Service Service) and software of a third-party vendor-supplied by MYCDD or incorporated by MYCDD into its Service.
“Transaction Agreement “ means an order form entered into by the Parties under which MYCDD provides Service to User under this Agreement.

“User” has the meaning outlined in the Preamble, and refers to all users both regulated business use and customer (Document Owner).
“User Content” means all data (including personal data), information, text, images, audio, video, photographs, and other content and material, in any format, provided by User, any of User's users, or on behalf of User that is stored in, or run on or through, the Service.

“User Storage Limitation” means free User Content be subject to storage limitation, in upload size, document count and total size limitation. Addition storage may be available subject to additional fees.

Upload of a single document is limited to 2Mb;

Total documents held free of charge: 50 documents

 “£” shall mean lawful money of Great Britain.

1.2. References. Except where otherwise specified, all Pound amounts are expressed in UK Pounds (GBP)

2. Use of the service

2.1. Right to Use. Under the terms of the Agreement, MYCDD will deliver and make the Service as listed in the Transaction Agreement available to the user through the MYCDD Website and or its API. The user has the right to use the Service as outlined in the Transaction Agreement and this Agreement, and within the User Storage Limitation as defined.

2.2. Evaluation of Service and Free Service. If the Service is provided by MYCDD on an evaluation basis or as a free trial, then subject to User's compliance with this Agreement, MYCDD grants to the user a nonexclusive, worldwide, non-transferable, no sublicensable, limited, revocable right during the applicable evaluation or free trial term to use the Service solely for evaluating whether User wishes to purchase a commercial right to access and use such Service. Notwithstanding anything to the contrary in this Agreement, MYCDD does not provide maintenance and support, warranties, Service levels and applicable credits, indemnification, with respect to such a Service.

2.3. Transaction Agreement. User may purchase Service from time to time by entering into Transaction Agreement. Each Transaction Agreement will refer to this Agreement. Depending on which Service the User purchases in the Transaction Agreement, the User may be subject to additional terms included in the Addenda, which are hereby incorporated into and made a part of this Agreement. User shall comply with any of the applicable Addenda, as indicated on the relevant Transaction Agreement.

3. Payments and invoicing

3.1. Invoicing. In accordance with the invoicing schedule outlined in the applicable Transaction Agreement, MYCDD shall provide User with an invoice specifying the fees for the Service provided according to the applicable Transaction Agreement.

3.2. Payment. Unless otherwise agreed in the applicable Transaction Agreement, User shall pay all fees specified in the applicable invoice for the Service within thirty (30) days from the invoice date. User shall pay a late charge of 10% per month on all payments which are not paid when due.

3.3. Taxes. Fees and other charges described in the Agreement do not include taxes. User will pay any sales tax, GST, value-added or other similar taxes imposed by applicable law based on the Service that User has contracted, except for taxes based on MYCDD's income. If MYCDD is required to pay taxes, User shall reimburse MYCDD for such amounts. If User is required by law to make any tax withholding from amounts paid or payable to MYCDD under the Agreement, (i) the amount paid or payable shall be increased to the extent necessary to ensure that MYCDD receives a net amount equal to the amount that it would have received had no taxes been withheld and (ii) User shall provide proof of such withholding to MYCDD.

3.4. Non-Refundable Fees. User acknowledges and agrees that orders placed by User for Service will be non-cancellable and the fees paid are non-refundable unless otherwise expressly stated in this Agreement.

4. Intellectual property rights

4.1. MYCDD Ownership. All Intellectual Property Rights in and to the Service, design contributions, related knowledge or processes, and any update, upgrade, modification, enhancement or derivative works of the foregoing, regardless whether or not solely created by MYCDD or jointly with the Client, shall belong to, and vest in, MYCDD or, as applicable, its licensors. All rights not expressly granted to User are reserved to MYCDD or, as applicable, its licensors.

4.2. Rights to ‘Document Owner’ Content. The ‘Document Owner’ retains all right, title, and interest in and to the User Content. During the Term, the Document Owner hereby grants to MYCDD and its Affiliates a global, royalty-free, non-exclusive license to use, copy, distribute, modify, display, and perform the User Content as necessary for MYCDD to perform its obligations under the Agreement and to provide the Service.

4.3. Non-Assertion of Rights. User covenants, on behalf of itself and its successors and assigns, not to assert against MYCDD, its Affiliates or licensors, any rights, or any claims of any rights, in any Service and Documentation, and User hereby voluntarily waives any right to demand from MYCDD, its Affiliates or licensors any rights to any Service and Documentation, except the rights which are expressly granted to User under the Agreement.

4.4. Suggestions and Residual Knowledge. MYCDD shall have all right, title and interest, including, without limitation, all Intellectual Property Rights, in and to, and the unrestricted royalty-free right to use and incorporate into the Service, any suggestions, enhancement requests, recommendations or other feedback provided by User, relating to the Service. Furthermore, User acknowledges and agrees that MYCDD is free to use its general knowledge, skills and experience, and any ideas, concepts, know-how and techniques, related to or derived from the performance of this Agreement.

5. Confidentiality

5.1. Confidential Information. From time to time, either Party (the “Disclosing Party”) may disclose or make available to the other Party (the “Receiving Party”), whether orally or in physical form, confidential or proprietary information of or in the possession of the Disclosing Party (including confidential or proprietary information of a third party that is in the possession of the Disclosing Party) in connection with the Agreement. The term “Confidential Information” means any information in any form that Disclosing Party provides to Receiving Party in the course of the Agreement and that either (i) has been marked as confidential; or (ii) is of such nature that a reasonable person would consider confidential under like circumstances. For the avoidance of doubt, Confidential Information includes the Service and any information relating to the Service (including, but not limited to, MYCDD data, concepts, designs, specifications, listings, and any other Documentation, whether or not embedded on a device or another form of media). Notwithstanding the foregoing, Confidential Information shall not include any information, however designated, which the Receiving Party can show (a) is or has become generally available to the public without breach of the Agreement by the Receiving Party, (b) became known to the Receiving Party before disclosure to the Receiving Party by the Disclosing Party, (c) was received from a third party without breach of any nondisclosure obligations to the Disclosing Party or otherwise in violation of the Disclosing Party's rights, or (d) was developed by the Receiving Party independently of any Confidential Information received from the Disclosing Party.

5.2. Confidentiality Obligations. Each Party or third party whose Confidential Information has been disclosed retains ownership of its Confidential Information. Each Party agrees to (i) protect the Confidential Information received from the Disclosing Party in the same manner as it protects the confidentiality of its proprietary and confidential materials but in no event with less than reasonable care; and (ii) use the Confidential Information received from the Disclosing Party solely for the Agreement. Upon termination of the Agreement or upon written request submitted by the Disclosing Party, whichever comes first, the Receiving Party shall return or destroy, at the Disclosing Party's choice, all of the Disclosing Party's Confidential Information. Notwithstanding the foregoing, MYCDD or the User shall not be required to return or destroy any such Confidential Information if such return or destruction is impracticable or technically infeasible or contrary to any applicable law or regulation that MYCDD or the User may be governed by. Except concerning its Affiliates, employees, contractors, or agents who need to know Confidential Information to support the performance of such Party's obligations related to the Agreement, and who are contractually bound by confidentiality obligations that are at least as protective as those contained in the Agreement, neither Party shall disclose to any person any Confidential Information received from the Disclosing Party without the Disclosing Party's prior written consent. The Receiving Party will be responsible for any breach of this Section 5 (Confidentiality) by its Affiliates, employees, contractors, and agents and any third party to whom it discloses Confidential Information in accordance with this Section 5 (Confidentiality). For Confidential Information that does not constitute a “trade secret” under applicable law, these confidentiality obligations will expire three (3) years after the termination or expiration of the Agreement. For Confidential Information that constitutes a “trade secret” under applicable law, these confidentiality obligations will continue until such information ceases to constitute a “trade secret” under such applicable law. However, the Receiving Party may disclose Confidential Information according to an order of a court or governmental agency, provided, that, if permitted by applicable law, the Receiving Party shall first notify the Disclosing Party of such order and allow the Disclosing Party to seek a protective order relating to such disclosure. Notwithstanding anything to the contrary contained in this Agreement, User authorizes MYCDD to collect, use, disclose, and modify in perpetuity information or data (including, but not limited to, general usage information and measurements) that is provided by User in connection with the use or receipt of the Service (or generated or created in the course of MYCDD providing the Service) to develop, improve, optimise, and deliver the Service; provided, however, that any disclosure of such data shall only include information or data that MYCDD develops or derives from such collected data or information (but such disclosure will not include the actual underlying Confidential Information of User).

5.3. Press Releases and User List Reference. Neither Party shall issue any press release concerning the other Party's work without the other Party's consent. Notwithstanding the foregoing, MYCDD may identify User as a user of MYCDD and use User's name and logo and release an announcement regarding the award of the Agreement and MYCDD is hereby granted a license for the term of the Agreement to use User's name and logo for this purpose from time to time as needed. MYCDD may generally describe the nature of the work in MYCDD's promotional materials, presentations, case studies, qualification statements, and proposals to current and prospective users.

6. Data protection

6.1. User Content. The ‘Document Owner’ and / or User is responsible for the User Content and entering it into the Service. The ‘Document owner’ and / or User has sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of User Content, and for obtaining all rights related to User Content required in connection with the performance, receipt or use of the Service. User will collect and maintain all personal data contained in the User Content in compliance with applicable data privacy and protection laws (including GDPR) and the Data Processing Addendum (if applicable).

6.2. Security. User will maintain reasonable security standards for the use of the Service by its users. User is solely responsible for determining the suitability of the Service for User's business processes and for complying with all applicable legal requirements regarding User Content and its use of the Service. User will provide reasonable assistance required in connection with the provision of the Service and the support by MYCDD. User acknowledges and agrees that User's reasonable assistance is a necessary precondition for MYCDD's correct performance of its obligations under the Agreement. The user bears all consequences and costs resulting from a breach of its duties.

7. Disclaimer of warranties

Except for the express representations and warranties outlined in the agreement, MYCDD and its licensors disclaim all other warranties, representations, or statements, whether express, implied or statutory including, without limitation, any implied warranties of merchantability or fitness for a particular purpose except to the extent that any warranties implied by law cannot be validly waived. No oral or written information or advice given by MYCDD, its dealers, distributors or agents or employees shall create a warranty or in any way increase the scope of the warranties outlined in the agreement and user may not rely on any such information or advice. MYCDD does not warrant that the service will meet user's requirements, that the service will operate in combinations other than as specified in MYCDD's documentation (as applicable), that the operation of the service will be uninterrupted or error-free or that the service will protect against all possible security threats, internet threats or other threats or interruptions. The service is provided on an “as is” and “as available” basis and may be subject to transmission errors, delivery failures, delays and other limitations inherent in the use of the internet and electronic communications.

8. Limitation of liability

• Save as provided herein, MYCDD will not be liable for any loss suffered by you in connection with the performance or non-performance by MYCDD of MYCDD's obligations and duties hereunder including the provision of the Identity Verification and Address Verification services, in the absence of:
  • MYCDD's fraud, wilful default, wilful misconduct or bad faith; or
  • material breach of this Agreement, applicable law or gross negligence by MYCDD, provided that, in the case of gross negligence or material breach of this Agreement, it results in a material adverse effect on you.
• The provisions of this Clause 4 shall survive the termination of this Agreement.

9. Terms and termination

9.1. Term of CST’s. The initial term of these CST’s begins on the Effective Date and shall continue thereafter for five (1) years unless terminated earlier by a Party according to these CST’s (including, but not limited to, this Section 10 (Term and Termination)) (the “Initial Term”). The CST’s will auto-renew for one (1) year periods following the Initial Term (each, a “Renewal Term”) until either Party provides notice of intention to not renew sixty (60) days before the end of the then-current Initial Term or Renewal Term. The Initial Term and each Renewal Term shall collectively be referred to as the “Term”.

9.2. Transaction Agreement Term. The initial term of each Transaction Agreement shall commence on the effective date specified in the Transaction Agreement (the “TD Effective Date”) and continue thereafter until: (a) the end of the term of the Transaction Agreement as specified in the Transaction Agreement ; (b) if specified in the Transaction Agreement, delivery of the Service under the Transaction Agreement; or (c) earlier termination by either Party under Section 10 (Term and Termination) (the “TD Term”).

9.3. Evaluation Term. If User is using the Service on an evaluation basis or as a free trial, then the term for such Service will be specified in the Transaction Agreement. If no such term is specified, the term shall be forty-five (45) days from the date the Service is delivered.

9.4. Termination for Material Breach. Either Party may terminate these CST’s or a Transaction Agreement for cause if the other Party commits a material breach of this Agreement or Transaction Agreement (including, without limitation, a delay in User's payment of any money due under this Agreement or any Transaction Agreement ) and fails to cure such breach within thirty (30) days (or concerning the User's payment failure, within ten (10) days) of receipt of a notice of default from the non-defaulting Party.

9.5. Termination for Financial Deterioration. Either Party may terminate this Agreement or a Transaction Agreement immediately if the other Party files for bankruptcy, ceases or threatens to cease carrying on business, becomes insolvent, or makes an appointment, assignment or novation for the benefit of creditors.

9.6. Effect of Termination. If these CST’s are terminated before the completion of one (1) or more Transaction Agreement s, then the Transaction Agreement s that are not terminated shall continue to be governed by the CST’s for the remainder of the applicable TD Term.

10. Insurance

For as long as any Transaction Agreement remains in effect, MYCDD will maintain, at its sole cost and expense, comprehensive general liability and property damage insurance in an amount not less than GBP 1 million in the aggregate. Additionally, MYCDD will maintain, at its sole cost and expense, workers' compensation insurance under statutory requirements.

11. Third-party service

11.1. Third-Party Service. Unless otherwise agreed in writing by MYCDD, if Third-Party Service is supplied by MYCDD to the User, such Third-Party Service is provided on a “pass-through” basis only and are subject to the terms and conditions of the third-party vendor, including but not limited to warranties, licenses, indemnities, limitation of liability, prices and changes thereto.

12. Training

MYCDD provides its standard training, e-training for Service. Any fees required for such training will be outlined in the applicable Transaction Agreement.

13. Miscellaneous

13.1. Assignment. The Agreement shall extend to and be binding upon the Parties to the Agreement, their successors, and assigns, provided, however, that neither Party shall assign or transfer the Agreement (including any Transaction Agreement ) without the other Party's prior written consent, which shall not be unreasonably withheld, delayed or conditioned. Notwithstanding the foregoing limitation, MYCDD may assign or transfer the Agreement, in whole or in part, without obtaining the consent of User, to a parent company or subsidiary or in connection with the transfer or sale of its entire business or in the event of a merger, divestiture, internal reorganization or consolidation with another company.

13.2. Independent Contractor. MYCDD is an independent contractor, and each Party agrees that no partnership, joint venture, agency, fiduciary, or employment relationship exists between the Parties.

13.3. Force Majeure. Except for the User's payment obligations, neither Party shall be liable for delays caused by conditions beyond their reasonable control, (“Force Majeure”), provided notice thereof is given to the other Party as soon as practicable. All such Force Majeure conditions preventing performance shall entitle the Party hindered in the performance of its obligations under the Agreement to an extension of the date of delivery of the Service by a period equal to the period of delay incurred as a result of the Force Majeure or to any other period as the Parties may agree in writing.

13.4. Waiver. The waiver (whether express or implied) by either Party of a breach or default of any of the provisions of the Agreement (including any Transaction Agreement ) by the other Party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either Party to exercise or avail itself of any right power or privilege that it has or may have hereunder operated as a waiver of any breach or default by the other Party.

13.5. Notices. All notices and other communications required or permitted under the Agreement will be in writing and delivered by confirmed transmission. All such notices, approvals, consents and other communications will be sent to the addresses set forth on the Transaction Agreement or to such other address as may be specified in writing by either Party to the other in accordance with this Section.

13.6. Invalidity and Severability. If any provision of the Agreement (including any Transaction Agreement ) shall be found by any court to be invalid or unenforceable, the invalidity or unenforceability of such provision shall not affect the other provisions of the Agreement and all provisions not affected by such invalidity or unenforceability shall remain in full force and effect. The Parties hereby agree to attempt to substitute for any invalid or unenforceable provision a valid or enforceable provision which achieves to the greatest extent possible the economic, legal and commercial objectives of the invalid or unenforceable provision.

13.7. Negotiated Terms. The Parties agree that the terms and conditions of the Agreement are the result of negotiations between the Parties and that the Agreement shall not be construed in favour of or against either Party by reason of the extent to which such Party or its professional advisors participated in the preparation of the Agreement.

13.8. Survival of Provisions. The provisions of the Agreement that by their nature survive expiration or termination of the Agreement will survive expiration or termination of the Agreement, including, but not limited to, the following Sections: 3 (Payments and Invoicing), 4 (Intellectual Property Rights), 5 (Confidentiality), 7 (Disclaimer of Warranties), 8 (Limitation of Liability), 9.2 (Indemnification by User), 10 (Term and Termination), 12 (Third-Party Service), and 14 (Miscellaneous).

13.9. Governing Law and Jurisdiction. The validity of the Agreement and the rights, obligations and relations of the Parties under the Agreement and in any dispute between them will be construed and determined under and following the substantive laws of the Bailiwick of Jersey, without regard to such state's principles of conflicts of law. If a court must enter or enforce an arbitration award or the binding arbitration provision outlined in Section 14.12 (Binding Arbitration) is deemed invalid or ineffective, then each Party irrevocably agrees to submit to the exclusive jurisdiction of (and waives any objection to the venue of) the courts located in Jersey.

13.10. Export Restrictions. User agrees to comply fully with all applicable international and national laws, regulations, orders, decrees, and lists (collectively, “Export Control Laws”), including, but not limited to GDPR, The Data Protection Jersey Law (2018), (each as amended, updated, supplemented, or otherwise modified from time to time), to assure that no Service (or any Service or data thereof) is (i) exported, directly or indirectly, in violation of any Export Control Laws or (ii) is intended to be used for any purpose prohibited by Laws. For the avoidance of doubt, User agrees that no data, information, or materials resulting from any Service will be exported, directly or indirectly, in violation of any applicable Laws.

13.11. Sanctions. User will comply with all UN, EU, US, UK and any other applicable jurisdiction's trade and economic sanctions laws, regulations, embargoes or similar restrictive measures (“Sanctions Laws”). User will ensure that it and any distributors appointed by the User will not resell any (or incorporate any Service in other Service or Services to be sold) to persons or entities in violation of Sanctions Laws, including the UK's Consolidated List of Financial Sanctions Targets, as amended, updated or restated from time to time. Furthermore, no member, employee, director or officer of User or, as far as User is aware, any person acting on its behalf, in violation of Sanctions Laws or designated on a UN, EU, US, UK or other applicable sanctions list (a “Restricted Person”) or controlled (directly or indirectly) by a Restricted Person.

13.12. Binding Arbitration. Any controversy or claim arising out of or relating to the Agreement, including any breach of the Agreement, shall be determined by the exclusive jurisdiction of the Jersey courts.

13.13. Third-Party Beneficiary. Except as expressly outlined in the Agreement, the Parties do not intend to create rights for any person as a third-party beneficiary of the Agreement.

13.14. Entire Agreement; Amendments; Execution. The Agreement constitutes the entire agreement between the Parties relating to its subject matter and supersedes all prior or contemporaneous representations, understandings or agreements whether written or oral, relating to its subject matter. The Agreement will prevail over any additional, conflicting, or inconsistent terms and conditions that may be contained in any purchase order or other document furnished by User to MYCDD. The Agreement may be amended or modified only by a writing that is signed by or on behalf of both Parties. The Agreement may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. An executed facsimile or electronic copy of the Agreement shall be construed as if it were an original.

Cloud Services Addendum (CSA)

This Cloud-Services Addendum (the “Cloud Services Addendum”) supplements and is hereby incorporated into and made a part of those certain CST’s by and between MYCDD and User, to which this Cloud Services Addendum is included. Capitalized terms used in this Cloud Services Addendum without definition shall have the same meanings ascribed to them in the CST’s.

1. Definitions for CSA

1.1 “Acceptable Use Policy” means the then-current acceptable use policy of MYCDD, which is currently located at https://legal/usage-policy/, as may be updated, modified, supplemented, or otherwise amended from time to time.

1.2 “Account Administrator” means the Representative(s) set out in the Transaction Agreement, which, in the management of the Service, has the exclusive right to grant access or use to any Users of the Service on behalf of User.

1.3 “Account Information” means any information about User, its Affiliates, and any Users which User or any User provides to MYCDD in connection with the creation or administration of their accounts (including, but not limited to, any Usage Credentials or Usage Metrics).

1.4 “MYCDD Website” shall mean MYCDD's platform for managing user subscriptions and accessing the Hosted Services.

1.5 “Billing Metrics” means any information collected, processed, or stored by or on behalf of MYCDD for the purposes of computing fees for a Service.

1.6 “User Submission” means any software, data (including Personal Data), information, text, image, audio, video, photograph, or other content or material, in any format, that User or a User posts, uploads, or otherwise submits (or is posted, uploaded, or submitted on User's or a User's behalf) to opened areas.

1.7 “Daily Active Users” or “DAU” refers to the total number of Users that have been identified by MYCDD as accessing the Service during a calendar day, as measured in Greenwich Mean Time or GMT.

1.8 “Data Source” means a piece of equipment or other systems providing one or more Data Points to the Service and is being represented and managed as an inbound connection to the Service. Data Sources may be outlined in a Transaction Agreement as applicable to the Service purchased.

1.9 “Documentation” means the User reference manual, technical documentation, program specifications, operations manuals, and other documentation as are available on the Service (or through MYCDD for such Service), which may be updated, modified, supplemented, or otherwise amended by MYCDD from time to time.

1.10 “High-Risk Use” has the meaning outlined in Section 10.

1.11 “Monthly Active Users” or “MAU” means the total number of Users that have been identified by MYCDD as accessing the Service during a calendar month, as measured in Coordinated Universal Time (UTC).

1.12 “Named User” means a unique, named individual who has logged-in or otherwise access the Service. The uniqueness of an individual is determined through a combination of (i) the credentials or other identifying information provided during any login sequence and any one or more of the following (ii) the internet address, network address, equipment identifier, International Mobile Equipment Identity or other items that identify the device being used to access the Service.

1.13 “Permitted Third Party” means any third party specifically listed in a Transaction Agreement and has issued a Permitted Third-Party Undertaking to MYCDD (if requested by MYCDD).

1.14 “Permitted Third-Party Agreement” means a letter, commitment, or agreement, in form and substance satisfactory to MYCDD in its sole discretion, requiring such third party to comply with all terms and conditions contained in the Agreement, (and to be responsible for any non-compliance).

1.15 “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person).

1.16 “Privacy Policy” means the then-current privacy policy of MYCDD, which is currently located at https://mycdd.com/privacy-statement/, as may be updated, modified, supplemented, or otherwise amended from time to time.

1.17 “Representatives” means any employees, officers, representatives, or advisers of a Party.

1.18 “Service Level” means any Service level for a Service that is outlined in a Schedule for such Service.

1.19 “Content” means (i) all data and information submitted to MYCDD by or on behalf of User, (ii) obtained, developed or produced in connection with the provision, receipt or use of the Service, or (iii) to which MYCDD has access in connection with the provision of the Service.

1.20 “Usage Metrics” means any information or data that is reasonably necessary to understand, aggregate, compute, measure, or support User's use of the Service.

1.21 “User Credentials” means the username and password of each User as provided by MYCDD to use the applicable Service.

1.22 “User” has the meaning outlined in Section 3.1.

2. Transaction documents

2.1. From time to time, MYCDD and the User may enter into Transaction Agreement/s whereby MYCDD provides Service to the User. Each Transaction Agreement shall constitute a contract between MYCDD and User separate and distinct from any other Transaction Agreement. Each Transaction Agreement shall be deemed to incorporate the terms of the CST’s (whether or not stated on the face of the Transaction Agreement ).

3. Use of service

3.1. Use of Service. During the TD Term and subject to User's compliance with all terms and conditions of the Agreement (including payment of any applicable fees), MYCDD grants to User a personal, non-exclusive, non-transferable limited right to access and use the Service and Documentation, solely for the internal business operations of User and subject to any usage restrictions set forth for such Service in the Agreement (including any Transaction Agreement s or applicable Schedule). User shall not make such Service accessible or available for use by Affiliates or Permitted Third Parties unless expressly permitted in the Transaction Agreement; provided, however, that User will always be liable for any acts or omissions of Users, Affiliates, and Permitted Third Parties (including for any non-compliance with terms of the Agreement). User may allow Account Administrator, employees, contractors, and agents authorized by User, as applicable, to use the Service on User's behalf under the Agreement and the Transaction Agreement (the “Users”). For a Service that is specifically designed to allow User's users, agents, users, suppliers or other third parties to access the Service to interact with User, such third parties will be considered “Users” subject to the terms of the Agreement and the Transaction Agreement. User shall cause the Users to comply with the Agreement and shall be responsible for the acts and omissions of the Users. Following the expiration or termination of the TD Term, User shall not be able to access or use the Service or Documentation. Notwithstanding the foregoing, MYCDD recognizes and agrees that certain users of the Service may be OEM users of MYCDD (an “OEM User”). In such an instance, MYCDD understands that such OEM User may make the Service available to the OEM User's third-party users. MYCDD consents to such use of the Service by the OEM User provided the OEM User abides by MYCDD's separate conditions and procedures relating to operating as an OEM User of MYCDD.

3.2. Restrictions on Use.

3.2.1 Copy Restrictions. Copyright laws and international treaties protect the Service, including the Documentation. Unauthorized copying of the Service, the Documentation or any part thereof, is expressly prohibited. All titles trademark, and copyright and restricted rights notices will be reproduced in such copies.

3.2.2 Use Restrictions. The Agreement only gives User some rights to use and access the Service and MYCDD and its licensors reserve all other rights. User does not acquire any rights, express or implied, other than those expressly granted in the Agreement. Unless applicable law gives User more rights despite this limitation, User may use the Service only as expressly permitted in the Agreement. In doing so, User agrees that it will comply with any technical limitations in the Service that only allows User to use the Service in certain ways. User agrees that it will not, nor will User permit others to:

(a) reverse engineer, reproduce, decompile, decompile, disassemble, merge, modify, adapt or translate the Service or any component thereof (including Documentation), or create derivative works based on the Service (including Documentation), except and only to the extent that (a) applicable law expressly permits, despite this limitation, (b) MYCDD gives it prior written consent, or (c) the Documentation accompanying the Service expressly permits;
(b) incorporate the Service into any other software program or software-as-a-Service Service not provided by MYCDD, except (a) for the incorporation of such Service with application program interfaces that MYCDD makes publicly available for such Service or (b) to the extent permitted to customize the Service under the accompanying Documentation;
(c) remove, obliterate, destroy, minimize, block or modify any logos, trademarks, copyright, digital watermarks, or other notices of MYCDD or its licensors that are included in the Service, except as may be permitted when using application program interfaces that MYCDD makes publicly available for such Service;
(d) work-around any technical limitations in the Service;
(e) make more copies of the Service than as allowed in the Agreement or by applicable law, despite this limitation;
(f) publish (or otherwise make available) the Service, including any application programming interfaces included in the Service, or any programs or materials resulting from the Service (excluding User Content);
(g) transfer, sublicense, rent, lease, sell, lend, distribute, outsource, permit timesharing or Service bureau use of, commercially exploit, make available, or assign the Service or any part thereof (including any materials or programs, such as underlying software programs) to any other person or entity (except as expressly permitted by the Agreement);
(h) transfer the Service to another location or other equipment without the prior written consent of MYCDD (except as otherwise expressly permitted according to the Agreement);
(i) use the Service to store or transmit infringing, libellous, or otherwise unlawful or tortious material (or to store or transmit material in violation of law or third-party privacy rights);
(j) use the Service in a way intended to access or use the underlying infrastructure or to avoid incurring fees or exceed usage limitations;
(k) perform or disclose any of the following security testing of the Service or associated infrastructure without MYCDD's prior written consent: network discovery, port and Service identification, vulnerability scanning, password cracking, remote access testing, or penetration testing;
(l) use or access the Service in a manner not permitted by (or otherwise inconsistent with) the Documentation; or
(m) use the Service to build or support, directly or indirectly, Service or Services competitive to the Service or any other Service or Services of MYCDD.

3.3. Acceptable Use Policy. User shall comply with the Acceptable Use Policy and shall not use or permit the use of the Service in a manner that violates the Acceptable Use Policy, which is incorporated herein by reference.

4. Provision of service

4.1. Provision of Service. MYCDD will provide the Service to users through MYCDD website and or API substantially under the Agreement.

4.2. Subscription Models. MYCDD may offer to the User various subscription models for the Service. The basic subscription models are as detailed below. Terms and Conditions, along with any modification to the Subscription Model will be detailed in the TA.

(a) Document Owner. A named person granted access to the service for the creation, deletion (erasure) and updating of their (Document Owners) personal information. Access to and use of the Service shall be limited to the document owner plus one optional named person.
(b) User Subscription Model. If the Service has been subscribed to on a per Record-Based Subscription Model basis, then User's access to and use of the Service shall be limited to and shall not exceed the number of ‘User Records’ outlined in the Transaction Agreement. The User will purchase User-Records the start of the initial term and on each renewal term. The User's rights to use such ‘User Records’ will expire on the initial term and any renewal term on which the ‘User Records’ were purchased. Where User purchases additional ‘User Records’, such additional ‘User Records’ and will be purchased at the agreed rate.

4.3. Hosting. Unless a specific hosting region is specified in an applicable Transaction Agreement for a Service, MYCDD shall host and provide the Service from such centre(s) and location(s) as MYCDD may determine (including as may be necessary for any redundancy or backup purposes).

4.4. Disclaimer of Third-Party Service. The Service may enable User to access, use, or purchase Third-Party Service (including through external websites). Any access, use, or purchase of the Third-Party Service (including, but not limited to, any content, data, information, pictures, or other materials available or provided through such Third-Party Service) will be solely at User's own risk and MYCDD disclaims all liability or obligation relating to such Third-Party Service (including any content, data, information, pictures, or other materials offered or available through such Third-Party Service). Any contract entered into, and any transactions completed, via a Third-Party Service is between User and the relevant third party, not MYCDD.

4.5. Modifications or Discontinuance of Content. At any time, MYCDD may modify or discontinue any of the following that is made available or accessible through a Service that is not material to the Service.

4.6. Modifications or Discontinuance of Service. At any time, MYCDD may modify or update the features, specifications, or functionality of, or discontinue, any Service and any Documentation, in whole or in part.

4.7. Collection of Usage and Billing Metrics. MYCDD and its licensors may collect, and process Usage Metrics, Billing Metrics and other information relating to the provision or use of the Service (i) for MYCDD's internal purposes, (ii) to ensure User's compliance with the Agreement and (iii) to prevent fraud.

5. Security measures and data privacy

5.1. Security Measures. MYCDD will implement commercially reasonable measures to secure and protect the Service, including against accidental or unlawful loss, access, or disclosure. However, MYCDD accepts no liability for any security breaches, including, without limitation, security breaches resulting from computer hackers, unlawful entry, unauthorized access, or theft.

5.2. Usage of Personal Data. Notwithstanding any prohibition on the uploading of Personal Data contained in Section 6.4, User acknowledges and agrees that MYCDD may use Personal Data (including any Account Information) under MYCDD's then-current Privacy Policy and each Party shall comply with the Data Processing Addendum. Except as requested by MYCDD to set up User Credentials, User shall not upload any Personal Data as User Content.

5.3. User Security Requirements. User acknowledges and agrees that User has reviewed the security features and responsibilities as described in the Agreement (including the applicable Documentation) and has determined that such features and responsibilities meet User's needs. User is solely responsible for determining the appropriate procedures and controls regarding the security of the User Content and for the implementation of any such procedures and controls. If the current security, procedures, and controls offered by MYCDD concerning the Service do not meet User's requirements, then User should not use the Service.

6. User obligations and content

6.1. User Content. User shall obtain all rights related to User Content required in connection with the performance, receipt or use of the Service and hereby grants all necessary rights and permissions to enable MYCDD, its Affiliates, its subcontractors, and its sub processors to host, use, copy, provide, store, distribute, transmit, process, modify, display, and perform the User Content using the Service or to fulfil MYCDD's obligations under the Agreement, including, without limitation, making necessary disclosures and obtaining all licenses, permits, approvals, or consents required in connection with the personal data or regulated content in the User Content. User is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of User Content. Without prejudice to the Data Processing Addendum, User is responsible for

(a) any security vulnerabilities, and the consequences of such vulnerabilities, arising from User Content, including any viruses, or other malware, worms or other harmful programming routines contained in the Users Content, and

(b) any use by User or User's Users of the Service in a manner that is inconsistent with the Agreement. To the extent User discloses or transmits User Content to a third party, MYCDD is no longer responsible for the security, integrity, or confidentiality of such content outside of MYCDD's control.

6.2. Provision of Information. To use or access the Service, User must provide details as specified by MYCDD during the registration process for at least one Account Administrator. The Account Administrator can then register for User Credentials for Users for their access to the Service. User Credentials are personal, and User may not sell, transfer, sublicense, or otherwise assign them to any other person or entity.

6.3. Specific User Responsibilities. User is solely responsible for User's and Users' use of the Service and shall: (a) make all Users aware of the terms of the Agreement; (b) be liable for any fees for Users who the Account Administrator has registered to the Service; (c) not allow any User Credentials to be used by more than one individual User unless it has been reassigned in its entirety to another individual, in which case the prior User shall no longer have any right to use or access the Service; (d) ensure that the use and access of the Service and provision and submission of any User Content or User Submission does not violate any MYCDD policy, applicable law, or the Agreement, including the AUP; (e) provide any reasonably necessary information and cooperation for MYCDD to provide the Service; (f) be responsible and liable for all activities of Users and for any use of User's User Credentials and shall ensure that the User Credentials are kept confidential and secure (MYCDD will not be responsible for any unauthorized access through User's User Credentials); (g) ensure that User Content is compatible with the application program interfaces; (h) ensure that User's network and systems comply with relevant specifications and requirements that may be provided by MYCDD from time to time; (i) be solely responsible for User Submissions, including the accuracy, legality, reliability, integrity, and quality of such User Submissions; (j) be solely responsible for procuring and maintaining any systems, network connections, and telecommunications links necessary to access any Service (including any application program interfaces); and (k) use commercially reasonable efforts to prevent any unauthorized use of or access to the Service (and upon becoming aware of such unauthorized use or access, promptly notify MYCDD of such use or access).

6.4. No Special or Specific Data. Unless otherwise specified in the applicable Transaction Agreement or Schedule for a particular Service, User Content may not include any sensitive or special data that imposes specific data security, data protection obligations, or governmental regulations on MYCDD, including, but not limited to: applicable laws and non-governmental standards protecting personal data (including Payment Card Industry Data Security Standard (PCI-DSS) and Payment Application Data Security Standard (PA-DSS)); (iv) all laws concerning the protection, transport, storage, use and processing of data (including the EU General Data Protection Regulation); and all applicable laws similar to those laws.

6.5. Return of User Content During TD Term. Without prejudice to the Data Processing Addendum, User may request in writing during the TD Term that MYCDD return to User any User Content stored on the Service. Following receipt of such request, MYCDD will (at User's expense) use commercially reasonable efforts to return (in MYCDD's standard format or any other format selected by MYCDD) such User Content within sixty (60) days after receipt of such request or as required by applicable Privacy legislation.

6.6. Return of User Content Following Expiration or Termination. Without prejudice to the Data Processing Addendum, upon User's request before the sixtieth (30th) day after the expiration or termination of the applicable Transaction Agreement, MYCDD will return (in MYCDD's standard format or any other format selected by MYCDD) or remove User Content from the Service, except where required to retain such User Content under applicable law. MYCDD may charge for certain activities performed at User's request (such as delivering User Content in a specific format). Following the sixtieth (30th) day after the expiration or termination of the applicable Transaction Agreement, MYCDD shall have no obligation to continue to hold, export, store, or return User Content (and MYCDD will have no liability for the deletion of any User Content under the Agreement).

6.7. User Content. The Parties acknowledge and agree that “User Content” shall not be deemed to include the Service, the software agents, applications and tools that MYCDD makes available to User for download, the MYCDD Service and Services, the MYCDD Intellectual Property Rights, and all derivative works of the foregoing. However, “User Content” shall be deemed to include any Third-Party Content that is brought by User into the Service by User's (or any User's) use of the Service.

6.8. Legal and Regulatory Requirements. User acknowledges and agrees that User is solely responsible for User's compliance with any laws, rules, and regulations. User is solely responsible for ensuring that the Service meets any requirements (whether technical, functional, legal or otherwise) that are necessary for User to fulfil its compliance obligations. If the Service does not meet User's requirements, then User should not use the Service.

6.9. Data Retention System. User acknowledges and agrees that the Service is not intended to act as a document or data retention system for User. The Service has limited capacity to store User's data (including the User Content) and User must store and backup such data (including the User Content) in a separate system. User is also responsible for any individual's personal information or any information User considers confidential that is included in the User Content.

7. Suspension of service

7.1. Suspension Rights. MYCDD may immediately suspend User's or any User's right to access or use all or any part of a Service upon notice to User if, in MYCDD's reasonable opinion, the use of or access to such Service (i) poses a security risk to MYCDD or others or impacts the functionality of the Service, (ii) adversely impacts MYCDD's or its licensor's systems or the Service, (iii) is in breach of applicable laws, (v) adversely impacts the access to or use by MYCDD's other users of such Service, or (v) is in breach or violation of the Agreement. If MYCDD suspends User's or User's right to access or use all or any part of a Service, then MYCDD will use reasonable efforts to provide advance notice to User to the extent practicable.

7.2. Restoration of Service. If MYCDD suspends any right to access or use the Service under Section 7.1, then MYCDD will use commercially reasonable efforts to restore such access or use as soon as practicable after User has resolved the problem or incident giving rise to such suspension.

7.3. Material Breach of Agreement. Any incident or problem that would permit MYCDD to suspend any use or access rights according to Section 7.1 shall be deemed to be a material breach of the Agreement.

8. Service levels

MYCDD may change or discontinue Service Levels from time to time but will provide ninety (90) days' prior notice to User before any material change to a Service Level.

9. Disclaimer

User acknowledges and agrees that in no circumstance will MYCDD be liable for

• investments, expenditures, or commitments related to the access or use of a Service,
• MYCDD's reliance on any information provided by an individual, entity, or other organization using User's account and password (or any User account and password), or
• (iii) temporary unavailability of all or parts of a Service.

10. High-risk use

The Service is designed to be fault-tolerant and secure but is not guaranteed to be error-free or to operate uninterrupted. Unless MYCDD gives its prior written consent, User has no right to use (and must not use) the Service in any application or situation where the failure of the Service could lead to serious Financial, Personal or Business damage (“High-Risk Use”).

11. Audits and verification

11.1. Record Keeping. During the TA Term and for two (2) years thereafter, User shall maintain complete and accurate records documenting the location and use of the Service in a manner sufficient to permit MYCDD to conduct an audit under Section 11.2 of this Cloud Services Addendum.

11.2. Audit Right. During the TD Term and for two (5) years thereafter, MYCDD shall be permitted to audit and shall be permitted to have its designee audit (at least once annually and under MYCDD's standard procedures, which may include on-site or remote audits of facilities, systems, records, and personnel) the usage of the Service and User's compliance with the Agreement. MYCDD will conduct any such audit during regular business hours. User shall cooperate reasonably in the conduct of such audits. Additionally, MYCDD may at any time audit User's access to or use of the Service through any functionality contained in the Service to verify User's compliance with the terms of the Agreement. Any reasonable and actual costs incurred by MYCDD for such audit shall be paid by User if the audit results indicate usage over the permitted quantities or levels, underpayment of any fees, or breach of the Agreement.

12. Support services and maintenance

MYCDD will maintain and support the Service under MYCDD's then-current maintenance and support processes.

13. Subcontractors and data centres

User understands and agrees that MYCDD, its Affiliates, and its subcontractors may perform certain aspects of the Service, such as (but not limited to) Service administration, hosting, support, and/or disaster recovery, from data centres and other facilities located throughout the world, so long as these services are compliant with relevant laws, in particular relevant data protection and privacy laws. As such, User acknowledges and agrees that use of the Service may result in the User's data (including, but not limited to, any User Content) being collected, transferred, processed, and/or used in any area of the world. MYCDD reserves the right to contract with third-party subcontractors to provide all or part of the Service on behalf of MYCDD and MYCDD may change or replace such subcontractors at any time in its sole discretion.

14. Disclaimer of warranties

14.1. Disclaimer of all other warranties. for the avoidance of doubt, the disclaimer of warranties outlined in section 7 (disclaimer of warranties) of the CST’s is incorporated into this cloud services addendum by reference.

15. Additional indemnification

In addition to User's indemnification obligations outlined in Section 9 (Indemnification by User) of the CST’s, the User shall defend, indemnify, and hold harmless MYCDD and its Affiliates against claims brought against MYCDD by any third party arising from or related to (a) MYCDD's or User's use of or access to Third-Party Service; (b) MYCDD's use of or access to User's software, machines, equipment, systems, information technology environment, or premises in connection with the provision of any support Services; and (c) User's use of the Service in connection with any High-Risk Use.

16. Notice

Notwithstanding the notice provisions contained in Section 14.5 (Notices) of the CST, any notices or other communications required or permitted to be provided under this Agreement may be provided by MYCDD to User

• on the MYCDD portal for the Service or
• by electronic mail to User's email address on record in MYCDD's account information records.

17. Modification or amendment of agreement

Notwithstanding the provisions contained in Section 14.17 (Entire Agreement; Amendments; Execution) of the CST’s, User agrees and acknowledges that MYCDD may modify or amend any terms and conditions contained in this Agreement, in whole or in part, at any time by issuing a copy of amendments via email. If any modifications or amendments to the Agreement have a material adverse impact on User's use of the Service, then User may terminate the Agreement as it relates to the impacted Service by providing MYCDD with a notice of termination on or before the tenth (10th) day following the posting of such modifications or amendments (or the modified or amended Agreement). If User terminates the Transaction Agreement as it relates to the impacted Service, then MYCDD shall provide to User a refund of any prepaid but unused subscription fees paid to MYCDD for such Service under the applicable Transaction Agreement for the corresponding remaining portion of the Term.

Data processing addendum

1. Definitions

1.1. References to Personal Data, Data Subject, Data Controller, Data Processor, Processing, or Personal Data Breach shall be as defined under the Data Protection Legislation.

1.2. “User Personal Data” shall mean the Personal Data that is uploaded into the Service or otherwise provided to MYCDD or its representatives according to the delivery of Service under a valid license or other agreement with the User.

1.3. “Data Protection Legislation” shall mean

• the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the Data Protection (Jersey) Law 2018 (the Jersey DP Law) and any national implementing laws, regulations, and secondary legislation, as amended or updated from time to time, and then
• any successor legislation to the GDPR.

1.4. “Standard Contractual Clauses” shall mean the standard contractual clauses for the transfer of Personal Data from the European Union to processors established in third countries (controller-to-processor transfers), as set out in the Annex to Commission Decision 2010/87/EU.

2. Data protection

2.1. This Data Processing Addendum shall only apply to the extent the Data Protection Legislation applies to Service and Services rendered according to the Agreement. To the extent the Data Protection Legislation applies, then this Addendum shall form a part of and become incorporated therein with the terms and conditions of the Agreement.

2.2. Both Parties will comply with all applicable requirements of the Data Protection Legislation. This Section 2.2 is in addition to, and does not relieve, remove or replace, a Party's obligations under the Data Protection Legislation.

2.3. The Parties acknowledge that for the purposes of the Data Protection Legislation, the Document Owner is the Data Controller for their own documents and MYCDD is the Data Processor. The following set out the details of the Data Processing to be undertaken by MYCDD.

· Scope

Processing of the User Personal Data according to the delivery of the Service.

· Nature of processing

Transfer, storage and such other processing activities that are specified by the User under the Services Terms and Conditions and or the Transaction Agreement.

· Purpose of processing

The provision of Service to the User.

· Duration of the processing

The duration that a valid agreement is in place with the User unless otherwise required by law.

· Types of Personal Data

The User Personal Data (as defined above) which may include but not be limited to Name, Email address, Phone number, passport copy, Device ID’s (with data about the vendor, version & features of the device), IP address and/or Postal code.

· Categories of Data Subject

The User's users, employees, suppliers.

2.4. Without prejudice to the generality of Section 2.2, the User will ensure that it has a legal basis for processing, including all necessary and appropriate consents and notices, to enable the lawful transfer of the Personal Data to MYCDD for the duration and purposes of this agreement.

2.5. MYCDD shall process the User Personal Data only on the written instructions of the User (as detailed in Section 2.3 above) unless MYCDD is required by the laws of any member of the European Union or by the laws of the European Union applicable to MYCDD to process Personal Data (“Applicable Laws”), which shall be undertaken upon notice to the User (where permitted). Confirming acceptance to these terms shall constitute the User's written instructions for MYCDD to undertake the processing detailed in Section 2.3.

2.6. MYCDD shall ensure that it has in place appropriate technical and organizational measures, to protect against unauthorized or unlawful processing of Personal Data and accidental loss or destruction of, or damage to, Personal Data, appropriate and proportionate to the harm that might result from the same, having regard to the state of technological development and the cost of implementing any measures.

2.7. MYCDD shall, in relation to any User Personal Data processed in connection with the performance by MYCDD of its obligations under this agreement:

2.7.1. ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and

2.7.2. not transfer any Personal Data outside of the European Economic Area or Jersey unless the prior written authorization of the User has been obtained and the following conditions are fulfilled:

1. the User or MYCDD has provided appropriate safeguards concerning the transfer which shall include use of the Standard Contractual Clauses
2. the data subject has enforceable rights and effective legal remedies;
3. MYCDD complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
4. MYCDD complies with reasonable instructions notified to it in advance by the User concerning the processing of the Personal Data;
5. taking into account the nature of the processing and the information available to MYCDD, assist the User, at the User's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation concerning security, breach notifications, impact assessments and consultations with supervisory authorities or regulators, as applicable;

2.7.3. notify the User without undue delay on becoming aware of a Personal Data Breach;

2.7.4. at the written direction of the User, delete or return Personal Data and copies thereof to the User on termination of the agreement unless required by Applicable Law to store the Personal Data; and

2.7.5. maintain complete and accurate records and information to demonstrate its compliance with this Section 2.7 and allow for audits by the User or the User's designated auditor.

2.8. The User consents to MYCDD appointing third-party processors of Personal Data under this agreement. MYCDD confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this Data Processing Addendum.