Data Processing Agreement

Thanks for your interest in Ventolytics UG (haftungsbeschränkt), who creates and maintains Sharefence. Ventolytics UG (haftungsbeschränkt) is a European company based in Germany, where the optd data infrastructure is hosted as well, covered by European data privacy laws, never leaving the EU. We take the protection and processing of personal data very seriously and would like you to read the following DPA that applies to Sharefence. In order to use our products and services, you need to accept our DPA. Using our Service constitutes your agreement to this DPA, without having to sign any additional paperwork. You are not required to notify us or any third party upon accepting our DPA but you are free to do so. This Data Processing Agreement (“DPA”) is an addendum to the Terms between Sharefence and the customer. In case you are accepting this DPA on behalf someone else, you warrant that: (a) you have full legal authority to bind your customer to this DPA; (b) you have read and understand this DPA; and (c) you agree, on behalf of your customer, to this DPA. These Terms incorporate the Sharefence Data Processing Agreement” (“DPA”), when the General Data Protection regulation (“GDPR”) applies to your use of the Sharefence services to process visitor data as defined in the DPA. We protect and secure your visitor data to the highest standards set out in this agreement.

Definitions “Control” signifies ownership, casting a ballot or comparative premium addressing 50% (half) or a greater amount of the complete interests then remarkable of the substance being referred to. The expression “Controlled” will be interpreted likewise. “Controller” signifies a substance that decides the reasons and method for the preparation of Personal Data. “Customer Data” signifies any information that Sharefence and additionally its Affiliates measures for Customer over the span of offering the Services under the Agreement. “Data Protection Laws” signifies all data protection, insurance and security laws and guidelines material to the preparation of Personal Data under the Agreement, including, where relevant, EU Data Protection Law. “EU Data Protection Law” refers to the (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced). “Privacy Shield” signifies the EU-US and Swiss-US Privacy Shield Frameworks, as directed by the German Federal Commissioner for Data Protection and Freedom of Information “Priavcy Shield Principles” signifies the Privacy Shield Framework Principles (as enhanced by the Supplemental Principles) contained in Annex II to the European Commission Decision of 12 July 2016 as per the Directive, subtleties of which can be found at “Processor” signifies an entity that measures Personal Data in the interest of the Controller. “Processing” has the significance given to it in the GDPR and “interaction”, “measures” and “prepared” will be deciphered appropriately. “Security Incident” signifies any unapproved or unlawful penetration of safety that prompts the inadvertent or unlawful obliteration, misfortune, adjustment, unapproved divulgence of or admittance to Personal Data. “Services” means any product or service provided by Ventolytics UG (haftungsbeschränkt) to the Customer pursuant to and as more particularly described in the Agreement. “Standard Contractual Clauses” signifies the standard legally binding statements given as per the European Commission Decision of February 5, 2010 on standard authoritative conditions for the exchange of individual information to processors set up in third nations under Directive 95/46/EC. “You” or “customer” refers to the company or organization that signs up to use Sharefence to analyze website’s visitors data. During the provide of the Service to customers pursuant to the agreement, Sharefence may process anonymized visitor data on behalf of the customer. The parties agree that the customer is the data controller and that Sharefence is its data processor in relation to visitor data that is processed in the course of providing the Service.

Privacy and security of your visitor data We take many measures to protect and secure your data through backups, redundancies, and encryption. When you use our service to measure your website stats, Sharefence will collect information about your visitors, but unlike other services, we do not place fingerprints on you by storing a unique hash for a given ip, user agent & domain. This means that we do not store any personally identifiable web traffic information. You entrust us with your site data and we take the responsibility to comply with all regulations. and agree that Sharefence may process your data as solely described in our data policy. You own all right, title, and interest to your website data. We obtain no rights from you to your website data, nor do we collect or analyze personal information from web users to sell data for advertising purposes. Using Sharefence, you maintain 100% ownership and control all of your website data. With Sharefence, all the site measurement is carried out absolutely anonymously. Cookies are not set and no personal data is collected. We do not generate any persistent device identifiers. We never store IP addresses in our database or logs. We’ve revolutionized the way to track the usage of a website, without tracking, collecting or storing any personal data, personally identifiable information (PII) or cookies, while respecting the privacy of your website visitors. That means, the data we process cannot be used to identify any single individual. Our complete data infrastructure is kept and managed fully secured, encrypted and hosted in Germany, covered by the European Union’s strict laws on data privacy. This means that your visitor data never leaves the EU.

Processor’s obligations with respect to the controller Sharefence will process visitor data only in accordance with instructions from customers through the settings of the Service;. (a) to operate, maintain and support the infrastructure used to provide the Service; (b) to comply with customer’s instructions and processing instructions in their use, management and administration of the Service; (c) as otherwise instructed through settings of the Service. Sharefence will only process visitor data in accordance with the agreement. Sharefence will notify customers without any delay if from optAnalytics point of view an instruction for the processing of visitor data given by customer infringes the applicable Data Protection Legislation. Sharefence shall keep and maintain and guarantee the confidentiality of visitor data processed hereunder. We as a company and employees (Internal-/External employees, Management) are able to access your data upon request, such as Customer Support requests, in order to assist you with support requests you make and to maintain Sharefence a secure and safe place for your data and the service as a whole. Sharefence is required to ensure that all employees are able to access the visitor data and are informed of the confidential nature of the data in order to comply with the obligations defined in this agreement. Sharefence shall implement, maintain and oversee the appropriate technical and organisational security measures and procedures designed to protect the visitor data against unauthorised, unlawful processing as well as accidental loss, destruction, damage, theft, alteration or disclosure. These measures that we undertake and implement shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the visitor data and having regard to the nature of the visitor data which is to be protected at all times. When we work with sub-processor, we list each vendor in our Privacy Statement, assess their commitment to privacy and upon approval a data processing agreement to ensure the compliance of the controller-processor Standard Contractual Clauses. Any such subcontractors will be permitted to process data only to deliver the services Sharefence has retained them to provide, and shall be prohibited from using data for any other purpose. If Sharefence becomes aware of any accidental, unauthorised or unlawful security breach, destruction, loss, alteration, or disclosure of the personal data that is processed by Sharefence in the course of providing the Service, it shall without any delay (not later than 48 hours after having become aware of it), notify the affected customer by email and provide the customer with a description of the incident as well as periodic updates to keep the customer informed about any proceedings on the incident, including its impact on customer content. Sharefence shall additionally take action to investigate the incident, perform due diligence on found evidence and take all measures to prevent or mitigate the effects of the incident. Sharefence shall not on its own authority rectify, erase or restrict the processing of visitor data that is being processed on behalf of the controller (unless this is required by law or the Processor Terms), but shall only do so on documented instructions from the controller and in accordance to the data retention rules associated to the controller subscription plan.

Account deletion Upon deleting your Sharefence account and thus deactivating the Service, all your data and information will be permanently deleted immediately. Please note that we cannot recover this information once it has been permanently deleted. Due to the nature of the deletion process, this data will never be retrievable again, for nobody, including us.

Responsibilities as an optd customer The Customer warrants that it has all required rights to provide Sharefence any visitor data for processing in connection with the provision of the Sharefence Services. The Customer shall at all times comply with Data Protection Legislations in respect of all visitor data it provided to Sharefence pursuant to the Agreement. The Customer is fully aware and understands, as a controller, that it is responsible as between customer and Sharefence for: classifying the lawfulness of any processing, performing any required data protection impact assessments, and accounting to regulators and individuals, as needed; providing correct and relevant privacy notices to the data subjects as may be required in your jurisdiction; assuring a proper implementation of your own adequate technical and organizational measures to ensure and demonstrate processing in accordance with this DPA; informing any relevant regulators or authorities of any incident as may be required by law in your jurisdiction.

Corporation To the degree that Customer can’t freely get to the significant Personal Data inside the Services, Sharefence will (to Customer’s expense) considering the idea of the preparing, providing sensible participation to help the Customer by fitting specialized and authoritative measures, to the extent that is conceivable, to react to any solicitations from people or relevant information assurance specialists identifying with the handling of Personal Data under the Agreement. If any such solicitation is made straightforwardly to Sharefence, Sharefence will not react to such correspondence straightforwardly without Customer’s earlier approval, except if legitimately constrained to do as such. In the event that Sharefence is needed to react to such a solicitation, Sharefence will quickly advise Customer and furnish it with a duplicate of the solicitation except if legitimately restricted from doing as such.

Liability and Indemnity You agree to indemnify and hold Sharefence, (“Ventolytics UG (haftungsbeschränkt)”) harmless from and against any and all claims, liabilities, damages (actual and consequential), losses and expenses (including attorneys’ fees) arising from or in any way related to any claims relating to (a) your use of the Services (including any actions taken by a third party using your account), and (b) your violation of this DPA.

Duration and Termination This DPA will be represented by and interpreted as per administering law and ward arrangements in the Agreement, except if required in any case by Data Protection Laws. The optd DPA is effective as of June 02, 2021. Termination or expiration of this DPA shall not release the parties from the confidentiality obligations herein. In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise.