Connect & Engage - Services Specific Terms and Conditions

Version: February 1st 2023

The Services Specific Terms and Conditions for a particular Service apply solely to the extent Client uses the identified Service. Therefore Client’s use of the Services is subject to the Client’s compliance with these Service Specifics Terms and Conditions.

1. OTT, Social Media and Push Services

1.1 OTT, social media and Push Services provide the Client with the possibility to communicate, share information with, and regarding individual End Users using OTT, social media applications and/or in-app push messaging. It is the sole responsibility of the Client to ensure the communication, the information obtained and sent to the End User is sufficiently secured and protected, and that Client has obtained the required informed consent of each individual End User, or has a lawful basis, before Processing or transferring any information of said End User using OTT, social media channels or push messaging. CM.com shall not have any responsibility in this regard and CM.com shall provide (access to) OTT, social media and Push Services and all information on “as is” and “as available” basis.

1.2 The terms and conditions of the organizations providing the various OTT, social media platforms and services integrated in the Service are applicable to the use of the Service by Client. It is Client’s responsibility to ensure compliance with said general terms and conditions and Applicable Law. Client shall indemnify, defend, and hold harmless CM.com and its affiliates against all liabilities, losses, damages, claims, penalties, fines, and costs (including reasonable legal costs) resulting from or arising out of the failure by Client to comply with terms and conditions applicable to the Clients use of OTT, social media, and Push Services.

2. WhatsApp Business Solution

2.1 In the event that WhatsApp Business Solution is a part of the Service provided to Client under the Agreement, the following conditions apply and Client hereby unconditionally accepts and agrees to the WhatsApp Business Solution Terms: https://business.whatsapp.com/terms-and-conditions .Notwithstanding anything in the Agreement to the contrary, the provision of WhatsApp Business Solution is expressly conditional upon the positive outcome of and approval by CM.com following the CM.com client screening procedure (Know your Customer or "KYC"), onboarding, screening, and acceptance of Client by WhatsApp. In the event CM.com and/or WhatsApp do not approve and/or accept Client, the Agreement shall for the provision of WhatsApp Business Solution be null and void.In connection with Customer’s use of WhatsApp Business Solution, Client may not grant any third-party service provider (hereinafter referred to as ‘Independent Software Vendor’ and/or ‘ISV’) access to the WhatsApp Business account of Client and/or Client’s WhatsApp Business Traffic, unless the Client and ISV have signed the WhatsApp ISV Terms. CM.com reserves the right to immediately suspend Client’s use of WhatsApp Business Solution in the event Client provides access to and/or engages an ISV without prior acceptance of the ISV Terms by Client and the ISV, and approval of the ISV by WhatsApp. If Client intends to, or has engaged an ISV, Client shall immediately notify CM.com, provide the information of the ISV as reasonably requested and shall comply with the WhatsApp ISV Terms.

3. RCS Business Messaging

3.1 In the event that RCS Business Messaging is a part of the Service provided to Client under the Agreement, the following conditions apply and Client hereby unconditionally accepts and agrees to the RCS Business Messaging Terms: https://developers.google.com/business-communications/rcs-business-messaging/support/tos. Notwithstanding anything in the Agreement to the contrary, the provision of RCS Business Messaging is expressly conditional upon the positive outcome of and approval by CM.com following the CM.com client screening procedure (Know your Customer or "KYC"), onboarding, screening, and acceptance of Client by Jibe Mobile Inc. (a wholly owned subsidiary of Google LLC). In the event CM.com and/or Jibe do not approve and/or accept Client, the Agreement shall for the provision of RCS Business Messaging be null and void. RCS Business Messaging Traffic of Client may be processed by Jibe Mobile Inc. Client shall obtain and maintain any required consents necessary to permit the processing of personal data under RCS Business Messaging Terms by Jibe Mobile Inc. Client shall present or make available to each End User (in relation to RCS Business Messaging) an accurate, legally compliant, privacy policy and terms for Client’s End User Services associated with RCS Business Messaging. Such privacy policy and/or terms must (i) ensure the end user authorizes Jibe to conduct the data processing activities contemplated under the RCS Business Messaging Terms; and (ii) not conflict with or supersede the RCS Business Messaging Terms in any way.

4. Apple Messages for Business

4.1 In the event that Apple Messages for Business is a part of the Service provided to Client under the Agreement, the following conditions apply and Client hereby unconditionally accepts and agrees to the Apple Messages for Business Register Terms of Use : https://register.apple.com/resources/tou/register_en.html. Notwithstanding anything in the Agreement to the contrary, the provision of Apple Messages for Business is expressly conditional upon the positive outcome of and approval by CM.com following the CM.com client screening procedure (Know your Customer or "KYC"), onboarding, screening and acceptance of Client by Apple Inc. In the event CM.com and/or Apple do not approve and/or accept Client, the Agreement shall for the provision of Apple Messages for Business be null and void.

5. Voice

5.1 Client represents and warrants that it will refrain from: (i) using the Voice Services for other than normal use as intended by CM.com (ii) establish connections on a large scale to sales numbers or services, (iii) as well as every action as a result of which payments owing to CM.com are improperly restricted.

5.2 CM.com is obligated to use reasonable efforts to enable interoperability of services in order to make telephone numbers reachable from as many networks as possible. However, CM.com must rely on the interoperability of services of Operator(s) in each country for end-to-end connectivity. CM.com does not warrant and represent that all telephone numbers from all networks will be reachable at all times.

5.3 Client is required to send along the correct information with regard to the location where the call is initiated/set up (“Caller” or “Sender ID”) with every call that comes through the Platform of CM.com via the connection of Client. Withholding that actual location information - intentionally or by accident - is in any case, but certainly in the event of trying to lower costs, considered to be unreasonable use of the Service by Client, and is strictly forbidden. In this event, CM.com may take immediate proportionate measures including but not limited to applying a surcharge and disconnecting the Service.

6. CM Sign

6.1 Definitions

The capitalized terms used in this chapter and in these Terms and Conditions are defined and have the meanings set out in this clause.

Digital Signature: data in electronic form that are attached to or logically connected to the Document and that are used by the End User to sign a Document.

Document(s): the Client's documents that are offered digitally to End Users with the aid of the Service for approval or signature by means of a Digital Signature.

Certificate: the electronic file issued by the Certification Authority containing the identification details of the holder of the certificate and a cryptographic key for the verification of the electronic signature for which it is used.

Certification Authority: An organization responsible for creating, issuing, withdrawing, and managing certificates. GMO GlobalSign, Ltd. is the Certification Authority.

6.2 Service

a) The Service offers the Client the opportunity to send Documents that can be electronically signed by End Users by means of a Digital Signature that is created using the Certificate.

b) The Client is responsible for sending Documents to the relevant End Users. Once the End User has accepted the User Terms and Conditions, the End User will be given access to the Document. Depending on the Client's request, the End User will be asked to read, approve and/or electronically initial and/or sign the Document.

6.3 Execution of the Service

a) For the issuance of the Digital Signature CM.com uses the Certificate issued by Certification Authority Globalsign to CM.com B.V. CM.com uses this Certificate for the issue of the Digital Signature.

b) The Digital Signature shall be linked to the CM.com Certificate and the Document with a public key and the identity details.

c) CM.com shall endeavor to provide the Service to the Client in accordance with the description of the Service and with the necessary care.

6.4 Obligations of the Client

a) Without prejudice to the other provisions of the Services Specifics Terms and Conditions, the Client is fully responsible and liable for the content of each Document, the identity and identification of End Users and the power of representation of the End User. In respect of the foregoing, CM.com does not provide any guarantee and does not carry out any checks as to the identity or authority of End Users or the content of Documents.

b)Client guarantees and warrants that it has all necessary consents from the End User to send the Document, including the use of the End User's Personal Data and the use of electronic communication services for the provision of Documents to the End User.

c) Client indemnifies CM.com against damages and claims by third parties, including but not limited to the End User, which are the result of, or are based on the ground that the Documents contain inaccuracies, defects, or incompleteness, or are in conflict with Laws and Regulations.

d) It is not permitted to distribute information that infringes the rights of third parties or to offer content through the Service and/or Documents that is manifestly fraudulent, defamatory, racist, discriminatory and/or in any other way unlawful, spread spam, unsolicited communications, or malicious content such as viruses.

6.5 Storage of Documents

a) Subject to clause 6 of these Services Specifics Terms and Conditions, CM.com will treat all Documents as confidential information and store the Documents securely on the Platform.

b) Documents will be stored by CM.com on behalf of the Client for a limited period, unless agreed otherwise in writing. CM.com will not store the Documents for longer than is necessary for the delivery of the Service.

c) Client is responsible for the storage and retention of the Documents as made available to Client by CM.com through the Service.

7. Customer Data Platform (CDP)

7.1 Data shall be submitted by Client or suppliers of Client to CM.com in a secure manner, by uploading to CM.com servers via a secure connection or the delivery of data carriers in a format supported by CM.com.

7.2 Client is responsible for the safe and correct delivery of the data to CM.com by Client and its suppliers and shall ensure that a continuously working connection is set up and maintained between the Client’s platform and CM.com’s platform. If the data is held by suppliers of Client, Client shall instruct these suppliers to transfer the data to a location designated by CM.com.

7.3 Client is responsible for the data, the delivery of the data and the creation and management of End User profiles and guarantees that the data provided is free from any known viruses, worms, trap doors, time bombs, logic bombs, Trojan horses or similar items capable of altering, deleting or interfering with any data, information, software or (sub)systems of CM.com.

7.4 The Service and any results or reports generated by the Client using the Service provided by CM.com are based on the data, events and information provided by the Client and the concepts, disciplines and procedures used and adopted by CM.com, including the CM.com IP, and CM.com does not warrant that the same will necessarily be achieved by other parties.

7.5 Except as expressly set forth herein, the Service and the subsequent results are provided “as is” and “as available”. CM.com makes no further warranties or representations of any kind, express or implied for the Service and the results provided. CM.com disclaims any warranty of merchantability or fitness for a particular purpose and will not be responsible for any damages that may be suffered by Client or any third party resulting from the Service and/or the results provided. .

8. Professional Services

8.1 Fees

8.1.1 Client hereby acknowledges thatClient will be charged per hour at the fee rate specified in the Agreement;

8.1.2 The fee rates do not include travel, hotel or subsistence expenses or the cost of materials and external services incurred in performing the Professional Services. These shall be charged monthly in arrears;

8.1.3 Time worked beyond the normal Working Day including weekends and statutory holidays shall be charged on an hourly pro-rata basis to the overtime rate of CM.com. This is to be agreed in writing by the Client prior to CM.com undertaking time worked beyond the normal working day; and

8.1.4 The Professional Services are performed on a time and materials basis and thus any timetable of work, schedule of delivery dates or fixed or ascertainable sum in the Order Form or elsewhere relating to the whole or any part of the Professional Services shall be deemed to be estimates only, unless stated otherwise in the Order Form.

8.2 Staff

8.2.1 When CM.com staff is present on Client premises, CM.com shall comply with Client’s rules and regulations as notified in writing.

8.2.2. This sub-clause concerns the CM.com staff engaged in the Professional Services, as follows:

a) CM.com staff shall at all times remain under the direction of CM.com, although CM.com recognizes that the Professional Services may require CM.com staff to perform work in relation to an activity managed by the Client and in this event the Client shall be responsible for the direction and management of such activity.

b) The length of the normal working day for CM.com staff shall be 9a.m. to 5.00p.m. with one-hour midday break. CM.com undertakes to use its best endeavors to deliver the services described in the Order Form by the dates or timescales stated therein. Delivery timescales will be conditional on time not being lost due to lack of access to key staff or resources or lack of access to or approval of key documentation or specifications or as a result of actions or indecision by the Client.

8.3 Client obligations

8.3.1 Client hereby agrees to make available an authorized representative ("the Client Project Manager") who shall:

a) be authorized to make binding decisions for the Client with regard to the Agreement;

b) provide CM.com with all information concerning the Client's operations and activities, which may be required by CM.com for the performance of the Professional Services; and

c) to provide CM.com with office accommodation, facilities and access to the Client's premises as may be reasonably required for the conduct of the Professional Services.

9. Identity Services - General

9.1 The Agreement and the provision of the Services are expressly subject to CM.com's acceptance of the Client and the Client's successful completion of CM.com's due diligence procedures. CM.com may, in its sole discretion, decline to accept the Client at any time without providing further information. 9.2 CM.com may conduct continuous Client due diligence as it deems necessary to fulfil its compliance obligations under Applicable Law. The Client shall immediately notify CM.com of any changes relating to: i. the ownership structure of the group (entities) to which the Client belongs (which includes natural persons holding a qualifying shareholding (of more than 10%) in the Client's entity); ii. the governance of the Client's entity (by providing a recent extract from the Chamber of Commerce and a copy of the passport of the new directors); iii. change to the company description as recorded in the Commercial Register of the Chamber of Commerce in which the Client is listed; or v. any other change from the information provided by the Client to CM.com.

10. Identity Services – Additional terms and conditions iDIN

The provisions contained in this chapter 'Additional Terms and Conditions iDIN' shall apply in addition to the Terms and Conditions if CM.com provides iDIN to the Client.

10.1 Definitions

The capitalised terms included in the Agreement and these Terms and Conditions are defined and have the meaning set out in this article:

Acquirer: The person who provides the iDIN messaging between the Issuer and the DISP.

DISP: Digital Identity Service Provider. The role performed by CM.com. The DISP handles iDIN messaging between the bank and the Client.

User: the natural person who accesses the online services of his bank (the Issuer) and uses an Access Device provided to him by that bank for that purpose.

iDIN: the standards and rules managed by iDIN B.V., based in Amsterdam, on the basis of which CM.com can provide iDIN to Clients.

Issuer: the bank with whom User is a Client. Issuer has provided the User with one or more Access Means by which the User can access Issuer's online services. Means of Access: a means by which the User can make himself identifiable in order to purchase online services.

10.2 Obligations of DISP

10.2.1 The DISP shall make the iDIN data received from the Issuer available to the Client. The User consents to the set of data displayed by the Issuer and to this end identifies himself with an authentication means equal to or higher than the level requested by the Client in his iDIN message has requested.

10.2.2 The BIN for Client is unique and always the same if User uses an authentication means of the same Issuer (regardless of the means of identification).

10.3 Liability and suspension of services

10.3.1 The DISP provides the iDIN service as made available by the Acquirer and Issuer. DISP is not liable for disruptions or temporary unavailability on the part of the Acquirer and/or Issuer, any inaccuracies in data provided or fraudulent use of iDIN.

10.3.2. The iDIN Service is provided by Acquirer to DISP, and by DISP to Client as available, without any guarantee as to the accuracy, completeness, availability and timeliness of the personal data included in the iDIN provision. The Acquirer and DISP shall provide the User's personal data as recorded in the Issuer's records. Issuer and Acquirer shall not be liable to Client in connection with the use of iDIN. The Client shall not hold Issuer and/or Acquirer liable in connection with the use of iDIN, including disruptions, any inaccuracies in data provided, fraudulent use or (temporary) unavailability of iDIN and for (damages resulting from) errors in the iDIN provision. If the Client fails to comply with its obligation in this article, the Client shall indemnify the DISP for any damage suffered by DISP as a result of such failure.

10.3.3 The DISP may stop or limit the performance of the service or take other (emergency) measures if, in its opinion, there are urgent reasons to do so, including, but not limited to; legal requirements, a well-founded suspicion by the DISP of fraud on the part of the Client and/or the Users, if the DISP is obliged to do so under licence conditions in respect of iDIN, or if the Acquirer stops, limits or takes other (emergency) measures to perform the service towards the DISP. If the DISP ceases to provide the service under this article, it shall in no event be liable for damages to Client.

10.3.4 The DISP shall immediately resume the service in accordance with the Agreement if, in the DISP's opinion, a situation as described in Article 10.3.3 no longer exists. During the suspension, the DISP shall also retain all its other rights including the right to compensation for damages and/or termination of the Agreement.

10.3.5 The DISP is entitled, inter alia in the event of malfunctions, maintenance work or security incidents, to restrict and/or suspend iDIN in whole or in part. If possible, the DISP will give Client the opportunity in advance to take cognisance of a (proposed) suspension, unless the DISP considers this undesirable in connection with, for example, fraud prevention or detection or third-party interests. If CM.com discontinues the service on the basis of this article, it shall in no case be liable for damages towards Client.

10.3.6 Neither the Acquirer nor the Issuer nor the DISP are parties to the (service) relationship between Client and third parties (including User). Nor does the DISP vouch for the legal capacity or capacity to act of third parties (including User). Client shall indemnify DISP against any damage that DISP may suffer as a result of third party claims and/or User claims related to (legal) acts performed between User and Client and the use of iDIN therein, Client claims against Issuer and/or Acquirer, and shall compensate DISP for any damage suffered by DISP as a result of such claims. Client shall fully indemnify the DISP, the Issuer and the Acquirer for damages resulting from claims of third parties, including Users, related to the use of iDIN.

10.4 Implementation Guide

10.4.1 Client shall comply with the terms and conditions for iDIN as described in the iDIN Implementation Guide and such other instructions as may be given by the DISP from time to time. The DISP has provided Client with the iDIN Implementation Guide including API documentation. Client warrants compliance with this document.

10.4.2 The DISP is entitled to supplement, amend and/or replace the iDIN Implementation Guide. Where possible, the DISP will inform Client before the effective date of any addition, amendment and/or replacement. If Client does not agree to a supplement, amendment and/or replacement, Client must notify the DISP in writing by return of post with notice of termination of the Agreement as of the effective date of the supplement, amendment and/or replacement.

10.5 No resale of iDIN by Client

10.5.1 Client guarantees that it will only use the iDIN service for itself and will not act as an iDIN service provider to third parties. Client is not permitted to act as a reseller of iDIN.

10.6 Client undertakes that in relation to the iDIN request and in relation to communications about iDIN, it will use its statutory or trade names as it has contractually agreed with the DISP.

10.7 Complaint handling in connection with iDIN disclosures

10.7.1 Client shall ensure a proper complaints and escalation procedure, whereby Client shall be easily accessible at all times via email, telephone or other medium).

10.7.2 Client shall make information about the complaints procedure available to the Users in a clear manner and in an easily findable place.

10.7.3 Client shall reasonably resolve disputes with Users or others (whose data have been obtained by Client via iDIN provision) at its own expense and risk.

10.8 Use of data provided

10.8.1 Client acts as a data controller within the meaning of the General Data Protection Regulation. The Client shall process iDIN data in accordance with the GDPR.

10.8.2 iDIN may only be used (on websites) in the Netherlands. The personal data included in the iDIN provision may not be taken and processed outside EU countries.

10.9 Obligations of the Client

10.9.1 The Client requests the User's iDIN data for the purpose made clear to the User in advance.

10.9.2 Client shall fully cooperate without delay with information requests by the Acquirer and/or DISP and/or relevant regulator in the context of iDIN. Client warrants the accuracy and completeness of the information provided.

10.9.3 Client warrants that all software and electronic files are checked for viruses using the most adequate version of available anti-virus software and the latest updates of virus definitions.

10.9.4 Client warrants that adequate measures have been taken to secure all applications and supporting infrastructure against unauthorised access, security incidents or data breaches.

10.9.5 Client warrants that all Applicable Law is complied with in the conduct of business activities.

10.9.6 Client shall not conduct any transactions using iDIN that are contrary to the law, morality and/or public order.

10.9.7 Client accepts full responsibility for compliance with this Agreement, including when Client engages a third party in the performance of this Agreement. Before Client engages a third party, Client shall notify DISP of its intention to do so. Client shall ensure that the third parties engaged by Client are fully aware of, and bound by, the obligations arising for Client and/or third parties under the Agreement. The Client shall ensure that such third parties properly perform such obligations, and shall, at the first request of the DISP, enforce the performance of such obligations in court. The Client is aware that the engagement of third parties involves risks. The Client shall exercise due care in selecting such third parties.

10.10 Guarantees

10.10.1 Client warrants that Client will not use iDIN in the following cases: - Client knows or suspects fraud or other unlawful and/or criminal acts by or to the detriment of the User, Issuer, Acquirer or Client; - in the case of (legal) acts concerning goods or services, the existence, exploitation, trading, possession or use of which is punishable in the Netherlands or abroad; - for (legal) acts which are, or act contrary to mandatory Dutch or foreign laws or regulations; - if this may damage the reputation of the DISP and/or Acquirer and/or the image of iDIN; - if this may cause nuisance to Users or the financial institutions of those Users; - if the Client thereby acts contrary to the Agreement, the iDIN Implementation Guide and these Terms and Conditions.

10.11 Information and investigation

10.11.1 The Client grants DISP the right to have the Client's administration and (computer) systems examined by an independent party if DISP has reasonable grounds for doubting the proper performance by the Client or third parties engaged by it of its obligations under the Agreement. The Client shall cooperate fully with such party in carrying out the investigation. The costs of the investigation shall be borne by DISP, unless the investigation shows that the Client or a third party engaged by it has failed to comply with the obligations described in this article. In the latter case, the Client shall be obliged to reimburse DISP for the reasonable costs of the investigation.

10.12 iDIN PLATFORM

10.12.1 If and insofar as Customer can be designated as a platform and connects its own customers ("Sub-Merchants") for iDIN, the following conditions apply.
10.12.2 Customer must onboard its Sub-Merchants in accordance with the R&R Online appendix 'Minimum Acceptance Criteria for Merchants'.
10.12.3 Customer must clearly state on its website and in its terms and conditions how it offers iDIN and who Users should contact in case of incidents, disputes, or emergencies.
10.12.4 Customer must include all conditions applicable to it in its general terms and conditions and/or contract with its Sub-Merchants.
10.12.5 Customer must register its Sub-Merchant on the Acquirer's platform so that the Issuer can display the Sub-Merchant's name on the Issuer's screens and that the name is visible in reports to Currence.
10.12.6 Customer must ensure that the Sub-Merchants of the platform implement iDIN based on the specifications described in the 'Merchant Implementation Guide (MIG)'. Customer must take measures to ensure that its Sub-Merchants comply with these obligations.
10.12.7 Customer must ensure that Sub-Merchants do not pass on iDIN data to third parties.
10.12.8 Customer must additionally include the following conditions in its contract with the Sub-Merchants: i. The Sub-Merchant may offer iDIN, but Customer has the iDIN contract with the Acquirer or DISP; ii. The Sub-Merchant is prohibited from passing on iDIN data to third parties; iii. Customer is the processor and may only carry out the relevant processing on the instruction of the Sub-Merchant as the data controller.

11. Texter

11.1 Texter allows Client to test connection and network quality of worldwide telecom connection(s) with operators. Using Texter Client is provided with MSISDN’s for selected countries and selected MNO to test the delivery quality of A2P SMS messages sent by Client. Per test CM.com will provide one MSISDN available for testing purposes only. After sending the test message CM.com will provide a text report informing Client on the delivery quality of the test message.

11.2 CM.com provides Client with one (1) individual MSISDN per request. This MSISDN is provided for the performance of a single test for which a single text report will be made available to Client as part of the Texter Service. CM.com shall provide the Service and all information on “as is” and “as available” basis and CM.com shall not have any responsibility in this regard.

11.3 The individual MSISDN provided by CM.com may not be used for any other purpose other than the Client’s use of the Texter Service. It is strictly prohibited to process MSISDN’s obtained for any other purpose and/or to provide said MSISDN’s to any third party or retain the MSISDN’s for longer than strictly necessary.

11.4 The Texter Service and the information obtained shall only be used for Client’s internal business purposes. Under no circumstance is Client allowed to publish, sell, transfer or otherwise provide the information and the MSISDN’s obtained when using Texter to any third party.

11.5 Notwithstanding anything to the contrary contained in this Agreement, the name of Client, the Client company information and the fact that Client is using the Texter Service and has access to the individual MSISDN of the End User will be made available to all End Users who have installed the application on their mobile telephone. Client explicitly accepts the publishing of this information and the fact that Client has access to the MSISDN’s of the End Users, to all End Users using the application.

11.6 The MSISDN’s are collected by CM.com through an application operated and controlled by CM.com. End Users can install the application on their mobile telephone. By installing the application and agreeing to the terms and conditions, the End Users have consented to the use by CM.com and Client of their MSISDN and the receipt of SMS messages for testing purposes only.

11.7 Each party shall act as an independent Controller when processing Personal Data in relation to Texter. The following terms shall apply to the processing of said Personal Data:

i. The Parties acknowledge that they each independently determine the purposes and means of the processing of personal data as defined by the General Data Protection Regulation (GDPR) (EU) 2016/679.

ii. Each Party shall be individually responsible for ensuring compliance with their respective obligations under Applicable Data Protection Laws.

iii. The Parties shall cooperate and provide each other with information and assistance as reasonably required to fulfil their respective obligations under Applicable Data Protection Laws.

11.8 In the event a transfer between the Parties shall constitute a cross-border transfer of Personal Data requiring a transfer mechanism under GDPR, the following terms shall apply:

i. The Parties shall implement appropriate safeguards to ensure an adequate level of data protection for Cross-Border Data Transfers, in accordance with the requirements of the GDPR.

ii. Unless Parties can rely on an adequacy decision by the European Commission for the transfer of Personal Data, the Parties agree that the Standard Contractual Clauses “Module 1 Controller to Controller” adopted by the European Commission in decision 2021/914 for the transfer of Personal Data to controllers established in third countries (the "SCC") shall govern the transfer of Personal Data between them.