POLICIES & CERTIFICATES

This Data Processing Agreement (“DPA”) governs the data processing relationship between UAB “TELTONIKA IoT GROUP” (including its Affiliates) (“Teltonika”) and the customer entity that subscribes to or uses Teltonika’s services and / or products (“Customer”).

This DPA applies to the Customer’s subscription to and use of Teltonika’s online service under the Terms of Service available at https://teltonika-iot-group.com/about-us/policies-certificates/terms-of-service/ or any other agreement between the Parties under which Teltonika processes personal data on behalf of the Customer (each separately or collectively the “Agreement”).

For the avoidance of doubt, this DPA applies solely to the extent Teltonika processes Customer Data on behalf of the Customer as a processor. The Customer remains solely responsible for any personal data it submits or processes through the use of services and / or products, including any personal data of its own clients, employees, or other third parties, and for ensuring that such data has been collected and processed in compliance with applicable Data Protection Laws. Teltonika shall not be responsible for the Customer’s compliance with laws applicable to the Customer’s processing of such personal data.

Furthermore, this DPA does not apply to any processing of personal data by Teltonika as an independent Controller, including, without limitation, in cases of personal data processing for account management, billing, support (including helpdesk), compliance, or marketing activities.

Capitalized terms used in this DPA shall have the meanings assigned to them in this DPA. Where a term is not expressly defined herein, it shall be interpreted by reference to the Agreement. If the term is not defined in the Agreement, it shall be interpreted in accordance with applicable Data Protection Laws, including the GDPR. If still undefined, the term shall be interpreted based on its plain and commonly accepted meaning within the applicable industry standards.

“Customer Data” means any personal data in any form or medium, that is provided to, collected by, generated through, derived from, or otherwise made available to Teltonika by or on behalf of the Customer in connection with the Customer’s use of the Service and / or products. Customer Data includes, without limitation, data evidenced by text, sound, video, image files, metadata, system logs, software outputs, or any other means, and is processed by Teltonika solely on behalf of the Customer and in accordance with the Customer’s documented instructions, as further described in this DPA.

“Data Privacy Framework” means (as applicable) the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework self-certification programs operated by the U.S. Department of Commerce, and their respective successors ("DPF").

“Data Protection Laws” means all data protection laws and regulations applicable to a party’s processing of Customer Data under the Agreement, including, where applicable, European Data Protection Laws and Additional Non-European Data Protection Laws.

“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

“Products or Services” means the Service provided by Teltonika to the Customer under the applicable Agreement, and any Teltonika Products that include or are integrated with such Service.

“Sensitive Data” means social security number, tax file number, passport number, driver’s license number, or similar identifier, employment, financial, credit, genetic, biometric or health information racial, ethnic, political or religious affiliation, account passwords or other information that falls within the definition of “special categories of data” under applicable Data Protection Laws.

“Sub-processor” means any processor engaged by Teltonika or its Affiliates to assist in fulfilling its obligations under this DPA or with respect to providing the Service pursuant to the Agreement. Sub-processors may include third parties or Affiliates of Teltonika but shall exclude Teltonika employees, contractors, or consultants.

“Teltonika Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with UAB “TELTONIKA IoT GROUP”.

The terms “personal data”, “controller”, “data subject”, “processor” and “processing” shall have the meaning given to them under applicable Data Protection Laws or if not defined thereunder, the GDPR, and “process”, “processes" and “processed”, with respect to any Customer Data, shall be interpreted accordingly.

3.1. Parties’ roles . For the Permitted Purposes (defined below), the parties acknowledge and agree that with regard to the processing of Customer Data, Teltonika processes Customer Data as a processor acting on behalf of Customer (whether itself a controller or a processor on behalf of a third party controller).

3.2. Purpose limitation . Teltonika shall process Customer Data, as further described in Annex A - Details of Data Processing of this DPA, only in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, or as otherwise agreed in writing (“Permitted Purposes”). Customer agrees that this DPA, together with the Agreement (including all applicable documentation), any other documentation communicated by Teltonika to the Customer by any means (if any), and the Customer’s use and / or configuration of features in the Products or Services, collectively constitute the Customer’s complete and documented instructions to Teltonika regarding the processing of Personal Data.

3.3. Processing of Personal Data . All Personal Data processed by Teltonika in connection with providing the Products and Services is obtained as part of either (a) Customer Data, or (b) data generated, derived or collected by Teltonika, including data sent to Teltonika as a result of a Customer’s use of Service or obtained by Teltonika from locally installed software. Personal Data provided to Teltonika by, or on behalf of, Customer through use of the Products or Service is also Customer Data.

3.4. Prohibited data . Customer will not provide (or cause to be provided) any Sensitive Data to Teltonika for processing under the Agreement, and Teltonika shall have no liability whatsoever for Sensitive Data transmitted or processed in violation of the foregoing, including in connection with any Security Incident or other breach. For the avoidance of doubt, the Customer remains solely responsible for ensuring that no Sensitive Data is submitted to the Services without Teltonika’s prior written consent, and any unauthorized submission shall not expand Teltonika’s obligations under this DPA.

3.5. Customer Responsibilities . The Customer represents and warrants that:

a) It has complied, and will continue to comply, with all applicable laws, including the Data Protection Laws, in relation to the collection, use, and disclosure of Customer Data and in relation to any instructions it issues to Teltonika regarding the processing of such data.

b) It has provided, and will continue to provide, all necessary notices to, and obtained, and will continue to obtain, all necessary consents or other valid legal grounds under the Data Protection Laws for Teltonika to process the Customer Data in accordance with the Agreement and this DPA.

The Customer remains solely responsible for the accuracy, quality, and legality of the Customer Data and the manner in which it was collected or otherwise obtained.

3.6. Lawfulness of Customer’s instructions . Customer shall ensure that its instructions to Teltonika regarding the processing of Customer Data comply with all applicable laws, regulations, and rules, including, without limitation, the Data Protection Laws. Customer further warrants that Teltonika’s processing of Customer Data in accordance with such instructions will not cause Teltonika to be in breach of any such laws.

Teltonika shall, without undue delay and unless prohibited by applicable European Data Protection Laws, notify Customer in writing if it becomes aware of or reasonably believes that any instruction given by Customer infringes European Data Protection Laws.

Where Customer acts as a processor on behalf of a third-party controller (or other intermediary acting on behalf of the ultimate controller), Customer warrants that its instructions to Teltonika under the Agreement and this DPA, including any authorization for the appointment of Sub-processors in accordance with this DPA, have been duly authorized by the relevant controller. The Customer shall remain the sole point of contact for all matters relating to the processing of Personal Data, including any inquiries, complaints, or requests from data subjects, third-party controllers, or supervisory authorities. Teltonika shall not be required to respond directly to any data subject, third-party controller, or supervisory authority, except where explicitly required by applicable law. Where appropriate, the Customer shall be responsible for responding to any data subject inquiries and for forwarding any communications received from Teltonika under this DPA to the relevant data subjects or third parties, if required.

4.1. Authorized Sub-processors . Customer hereby authorizes Teltonika, and any member of the Teltonika Group acting on Teltonika’s behalf or for Teltonika’s benefit, to engage Sub-processors (including any member of the Teltonika Group or third-party providers) to process Customer Data, in accordance with Section 3.2 of this DPA, for the purpose of assisting Teltonika in the performance of its obligations under the Agreement for the provision of the Service.

Teltonika shall inform the Customer in advance of any intended changes concerning the addition or replacement of Sub-processors (Article 28(2)). A list of Sub-processors currently engaged by Teltonika and authorized by Customer is available Annex C - Sub-processors.

4.2. Sub-processor obligations . Teltonika shall:

a) enter into a written agreement with each Sub-processor that includes data protection obligations no less protective of Customer Data than those set out in this DPA, to the extent relevant to the nature of the services provided by the Sub-processor, and

b) remain fully responsible for the performance of each Sub-processor’s obligations and for any acts or omissions of such Sub-processor that result in a breach of Teltonika’s obligations under this DPA.

Customer acknowledges and agrees that, where applicable, Teltonika satisfies its obligations under Clause 9 of the 2021 EU Standard Contractual Clauses for Controller-to-Processor and/or Processor-to-Processor transfers (as applicable) by complying with this Section 3.

Customer further acknowledges that Teltonika may be subject to confidentiality restrictions that prevent disclosure of the Sub-processor agreements. However, upon written request, Teltonika shall use reasonable efforts to provide Customer with any information it is lawfully permitted to disclose in relation to such agreements, to the extent necessary for Customer to assess compliance with the obligations set out in this DPA.

4.3. Objection to Sub-processors . Customer may object in writing to Teltonika’s appointment of a new Sub-processor within five (5) calendar days of receiving notice in accordance with Section 3.1. of the DPA, provided that such objection is based on reasonable grounds relating to data protection. In such event, the parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, Teltonika will, at its sole discretion, either not appoint such Sub-processor, or permit Customer to suspend or terminate the affected Service in accordance with the termination provisions in the Agreement without liability to either party (but without prejudice to any fees, chargers or costs incurred by Teltonika or payable by the Customer prior to the effective date of suspension or termination).

5.1. Security Measures . Teltonika shall implement and maintain appropriate technical and organizational measures designed to ensure the security, integrity, and confidentiality of Customer Data, and to protect such data against unauthorized or unlawful processing, accidental loss, destruction, or damage, including protection against Security Incidents. These measures shall be implemented in accordance with Teltonika’s security standards as set out in Section 4 Security and Annex B – Security measures of this DPA.

5.2. Data Access . Teltonika shall ensure that any person authorized to process Customer Data on its behalf, including employees, agents, and subcontractors, is subject to an appropriate obligation of confidentiality, whether arising under contract or applicable law. Access to Customer Data is governed by least privilege principles and role-based access controls, ensuring that individuals are granted access solely to the extent necessary for their role, for a legitimate purpose, and subject to management oversight and approval.

5.3. Updates to Security Measures . Customer is responsible for independently reviewing the information made available by Teltonika regarding data security and for determining whether the Service satisfies Customer’s own legal and regulatory requirements under applicable Data Protection Laws. Customer acknowledges that the Security Measures may evolve due to technical advancements or operational improvements, and agrees that Teltonika may update or modify such measures from time to time, provided that any such changes do not materially diminish the overall level of security of the Service provided to Customer.

5.4. Security Incident Notification . In the event of a Security Incident involving Customer Data, Teltonika shall notify Customer without undue delay after becoming aware of a Personal Data Breach, in accordance with Article 33(2) of the GDPR. Such notification shall include, to the extent reasonably available to Teltonika, the information required under Article 33(3) of the GDPR, to enable Customer to comply with its breach notification obligations.

5.5. In the event of a Personal Data Breach affecting Customer Data, Teltonika will notify the Customer without undue delay, in accordance with the notification procedures specified in this DPA. Teltonika shall not notify any data subjects directly, unless required to do so by applicable law. The Customer is solely responsible for determining whether to notify affected individuals and for ensuring that it maintains accurate and up-to-date contact details for receipt of such breach notifications.

5.6. Customer responsibilities . Notwithstanding the above, Customer acknowledges and agrees that, except as expressly provided in this DPA, it is responsible for the secure use of the Products or Service. This includes safeguarding its account authentication credentials, ensuring the security of Customer Data during transmission to and from the Product or Service, and taking appropriate measures to securely encrypt or back up any Customer Data uploaded to the Service.

6.1. Data center locations . The Customer acknowledges and authorizes Teltonika to transfer, store, and process Customer Data in Lithuania or in any other country where Teltonika or its Sub-processors operate, as necessary to provide the Products and/or Service under the Agreement.

6.2. European Data Transfers . To the extent that Teltonika receives Customer Data protected under European Data Protection Laws in a country outside of European Economic Area (EEA) that is not recognized as providing an adequate level of protection for personal data (as defined under applicable European Data Protection Laws), the parties agree to process such Customer Data in compliance with the following:

a) Data Privacy Framework (DPF) . Where applicable, Customer Data may be lawfully transferred to the United States in reliance on a Sub-processor’s certification under the EU-U.S. DPF, ensuring an adequate level of protection in accordance with European Data Protection Laws. The Customer acknowledges that reliance on the EU-U.S. Data Privacy Framework (DPF) is subject to the validity of the DPF under applicable European Data Protection Laws. Teltonika does not guarantee that the DPF will remain a valid basis for data transfers to the United States, and in the event that the DPF is invalidated, Teltonika shall rely on an alternative transfer mechanism, such as the Standard Contractual Clauses, to continue to lawfully transfer Customer Data.

b) Standard Contractual Clauses (SCCs) . If required under European Data Protection Laws—such as where the EU-U.S. Data Privacy Framework does not apply to a relevant data transfer to a Sub-processor, or if the Framework is invalidated—the SCCs shall be incorporated into and form an integral part of this DPA to ensure an adequate level of protection for Customer Data.

c) UK Data Transfers . With respect to data transfers subject to UK Data Protection Laws, the Standard Contractual Clauses (SCCs) shall apply, where appropriate as described in section (b) above, and shall be deemed amended in accordance with the UK International Data Transfer Addendum (the “UK Addendum”), available at: https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf. The UK Addendum shall be deemed executed by the parties and incorporated into, and form an integral part of, this DPA. Specifically:

• Tables 1 to 3 of Part 1 of the UK Addendum shall be deemed completed using the corresponding information set out in Annexes I and II of the applicable SCCs; and
• Table 4 of Part 1 shall be deemed completed by selecting “neither party” as the party with the ability to terminate the Addendum.

d) Swiss Data Transfers. With respect to transfers to which the Swiss DPA apply, the SCCs shall, where applicable in accordance with (b) above, apply with the following modifications: (i) references to "Regulation (EU) 2016/679" shall be interpreted as references to the Swiss DPA; (ii) references to specific Articles of "Regulation (EU) 2016/679" shall be replaced with the equivalent article or section of the Swiss DPA; (iii) references to "EU", "Union" and "Member State law" shall be replaced with "Switzerland"; (iv) Clause 13(a) and Part C of Annex II shall be deleted; (v) references to the "competent supervisory authority" and "competent courts" shall be replaced with "the Swiss Federal Data Protection and Information Commissioner" and "relevant courts in Switzerland"; (vi) Clause 17 shall be replaced to state "The Clauses are governed by the laws of Switzerland"; and (vii) Clause 18 shall be replaced to state "any dispute arising from these Clauses shall be resolved by the applicable courts of Switzerland. The parties agree to submit themselves to the jurisdiction of such courts".

6.3. Australian data . To the extent that Teltonika is a recipient of Customer Data protected by the Australian Privacy Law, the parties acknowledge and agree that Teltonika may transfer such Customer Data outside of Australia as permitted by the terms agreed upon by the parties and subject to Teltonika complying with this DPA and the Australian Privacy Law.

6.4. General Disclaimer on International Transfers . The Customer acknowledges that international data transfers may be subject to evolving legal and regulatory requirements, and Teltonika does not guarantee that any particular data transfer mechanism will remain valid or sufficient under applicable laws; however, Teltonika shall implement appropriate safeguards in accordance with applicable Data Protection Laws to protect Customer Data.

7.1. Customer may audit Teltonika’s compliance with its obligations under this DPA no more than once per calendar year, unless required more frequently by a supervisory authority. Audits shall be conducted during Teltonika’s normal business hours, upon no less than thirty (30) days' prior written notice, and in a manner that minimizes disruption to Teltonika’s operations.

7.2. Before any audit commences, the Customer and Teltonika shall mutually agree in writing on the scope, duration, timing, and method of the audit, including security and confidentiality controls and evidence requirements.

7.3. Customer shall bear all costs and expenses associated with any audit, including Teltonika’s reasonable internal costs for time and resources expended to support the audit. All audits shall be conducted by an independent, accredited third-party audit firm suggested by Customer and selected by Teltonika.

7.4. Customer acknowledges that no audit may:

a) provide access to data or information related to other Teltonika clients.

b) disclose or provide access to Teltonika’s confidential financial, commercial, or business information not related to the Services provided to the Client.

c) include access to Teltonika’s facilities or systems that are not directly related to the specific Service provided under this Agreement.

d) violate the confidentiality, security, or integrity requirements of Teltonika’s systems or environment, including any applicable security policies or regulatory requirements.

7.5. If an audit reveals any material non-compliance by Teltonika with this DPA, Teltonika shall promptly take commercially reasonable corrective actions. The audit report, and any information obtained during the audit, shall be treated as Confidential Information of Teltonika, unless disclosure is required by applicable law.

Upon termination or expiration of the Agreement, Teltonika shall take reasonable steps, in accordance with its technical capabilities and internal policies, to provide the Customer with tools or means to either delete or return all Customer Data (including any copies) in its possession or control. This obligation shall not apply to the extent Teltonika is required to retain certain Customer Data under applicable law, regulatory obligations, or industry standards, or where such data is stored in archived backup systems. In such cases, Teltonika shall securely isolate and protect the retained Customer Data from further processing (except as required by law) and delete it in accordance with its established deletion policies. The parties further agree that, where applicable, the certification of deletion referenced in Clauses 8.5 and 16(d) of the 2021 EU Standard Contractual Clauses (Controller-to-Processor and Processor-to-Processor, as applicable) shall be provided by Teltonika to Customer only upon Customer’s written request.

9.1. Data subject requests . In the event Teltonika receives a request directly from a data subject of Customer relating to the Products and Services for which Teltonika is acting as a processor or Sub-processor, Teltonika shall promptly notify the data subject to redirect their request to Customer. Customer shall be solely responsible for responding to such data subject requests, including, where applicable, through the use of the available functionality of the Products and Services.

Teltonika shall provide reasonable assistance to Customer, upon Customer’s written request and to the extent required under the GDPR, in responding to such data subject requests.

9.2. Data Protection impact assessment . To the extent required under applicable Data Protection Laws, Teltonika shall, taking into account the nature of the processing and the information available to it, provide the Customer with reasonable assistance to support data protection impact assessments (DPIAs) or prior consultations with supervisory authorities. Teltonika’s obligations under this section shall be fulfilled by: (i) implementing and maintaining the security measures described in Section 5 (Security) and Annex B; (ii) providing the information contained in the Agreement, including this DPA; and (iii) if the assistance described in (i) and (ii) is insufficient, providing additional reasonable assistance upon written request, provided that such additional assistance shall be at the Customer’s expense.

10.1. California Consumer Privacy Act (CCPA)

• If and to the extent that Teltonika acts as a processor or controller when processing Customer Data as set forth in Section 2 Roles and Responsibilities above, then Teltonika shall take the same processing role, as applicable, under all US Data Protection Laws other than the CCPA.

• With respect to personal data subject to the CCPA, parties agree and acknowledge that (i) Teltonika may act as a “Service Provider” under the CCPA in instances in which Teltonika acts as a Processor under other applicable Data Protection Laws and (ii) Teltonika shall have the right to process Customer Data for any and all purposes permitted for Service Providers under the CCPA. Teltonika shall comply with all requirements set forth in the CCPA and Section 7051 to the CCPA Regulations, and/or any successor Regulations, and such provisions are incorporated herein by reference.

• Teltonika’s obligations regarding data subject requests, as described in Section 8 Data Subject Rights and Assistance with Requests of this DPA, extend to rights requests under US Data Protection Laws. Teltonika shall provide the same level of protection to Customer Data as required by the CCPA and will: (i) assist Customer in responding to any request from a consumer (as defined under US Data Protection Laws) to exercise rights under US Data Protection Laws; and (ii) immediately notify Customer if it is not able to meet the requirements under US Data Protection Laws. In cases where Teltonika is a Service Provider under the CCPA but otherwise is a data controller under the Data Protection Laws, and a consumer makes a request to exercise rights under the CCPA directly to Teltonika, Customer hereby instructs Teltonika to respond to any such request directly to the consumer. Customer is responsible for ensuring that it has complied, and will continue to comply with the requirements of US Data Protection Laws in its use of the Services and its own processing of personal data.

• The parties acknowledge that Customer Data that Customer discloses to Teltonika is provided only for the limited and specified purposes set forth as Permitted Purposes. The parties agree that all Customer Data is disclosed to Teltonika by Customer for the Permitted Purposes and its use or disclosure by Customer to Teltonika is necessary to perform such Permitted Purposes.

• Notwithstanding any use restriction contained elsewhere in this DPA, Teltonika shall process Customer Data to perform the Service, for the Permitted Purposes and/or in accordance with Customer’s documented lawful instructions, or as otherwise permitted or required by applicable law.

• Without limiting any data use rights set forth in this Agreement, and in its capacity as a Service Provider, Teltonika shall not:

a) sell or share any Customer Data;

b) retain, use, or disclose any Customer Data:

- for any purpose other than the Permitted Purposes, including any commercial purpose; or

- outside the direct business relationship between the parties, except as necessary to perform the Permitted Purposes or as otherwise permitted under applicable U.S. Data Protection Laws; or

c) combine Customer Data received from or on behalf of Customer with personal data received from or on behalf of any other party, or with personal data collected by Teltonika through its own interactions with individuals, except as necessary to perform a Permitted Purpose in accordance with the CCPA (including its implementing regulations), the Agreement, and this DPA.

• Customer may take such reasonable and appropriate steps as may be necessary (a) to ensure that Customer Data collected is used in a manner consistent with the business’s obligations under the CCPA; and (b) to stop and remediate any unauthorized use of Customer Data, and (c) to ensure that any relevant personal data is used in a manner consistent with the CCPA.

10.2. Canada. The Personal Information Protection and Electronic Documents Act (PIPEDA).

• Teltonika takes steps to ensure that Teltonika’s Sub-processors, as described in Section 4 (Sub-processing) of the DPA, are third parties under PIPEDA, with whom Teltonika has entered into a written contract that includes terms substantially similar to this DPA. Teltonika conducts appropriate due diligence on its Sub-processors.

• Teltonika will implement technical and organizational measures as set forth in Section 5 - Security of the DPA.

• Teltonika may transfer Customer Data outside the jurisdiction from which Customer Data originates (i) in compliance with Applicable Data Protection Laws and (ii) provided that Teltonika shall take all steps required to ensure that Customer Data continues to be treated in accordance with Applicable Data Protection Law following any such transfer. Customer shall conduct all assessments necessary to facilitate such transfer.

The limitations and exclusions of liability set forth in the Agreement shall apply in full to this Data Processing Agreement. Nothing in this DPA shall be construed to expand Teltonika’s liability beyond the limitations agreed in the Agreement, except as otherwise required by applicable law, including Article 82 of the GDPR.

12.1. This DPA shall remain in effect for as long as Teltonika carries out Customer Data processing operations on behalf of Customer or until termination of the Agreement (and all Customer Data has been returned or deleted in accordance with Section 8 above).

12.2. The Parties agree that this DPA shall replace any existing data processing agreement or similar document that the Parties may have previously entered into in connection with the Service.

12.3. In the event of any conflict or inconsistency between this DPA and the Agreement, the provisions of the following documents (in order of precedence) shall prevail: (i) SCCs in the Agreement (if any); then (ii) this DPA;

12.4. Except for any changes made by this DPA, the Agreement remains unchanged and in full force and effect.

12.5. No one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.

12.6. This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.

This Agreement may be amended, supplemented or terminated only in writing.

These Clauses, together with the Data Processing Agreement of which they form a part (the "DPA"), shall be governed by and construed in accordance with the law governing the Agreement between the Parties, provided that such law ensures enforceable rights for third-party beneficiaries under these Clauses. Where the governing law of the Agreement is not the law of an EU Member State or does not ensure such rights, the Parties agree that these Clauses and the DPA shall be governed by the laws of Lithuania.

Any dispute arising out of or in connection with these Clauses or the DPA shall be resolved in accordance with the dispute resolution provisions set forth in the Agreement, to the extent that such provisions are not inconsistent with the requirements under applicable data protection laws, including the GDPR and the Standard Contractual Clauses (if applicable).

The Parties specifically agree that, unless otherwise required under applicable law, the courts identified in the Agreement shall have jurisdiction to resolve any disputes relating to these Clauses and the DPA. Where the Agreement provides for the jurisdiction of a court in an EU Member State, such court shall have jurisdiction for the purposes of these Clauses. In the absence of such designation, the courts of Lithuania shall have exclusive jurisdiction.

Notwithstanding the foregoing, a data subject may bring legal proceedings against either the data exporter or the data importer arising from these Clauses before the courts of the Member State in which the data subject has his or her habitual residence.

The Parties irrevocably agree to submit themselves to the jurisdiction of such courts for the purposes of any dispute arising from or in connection with these Clauses and the DPA, including any proceedings brought by a data subject as specified above.

a) Data subjects

Data subjects include the Customer’s representatives, contractors, and customers of the Customer. Depending on Customer’s use of Products of Services, Customer may elect to include personal data from any of the following types of data subjects:

• Employees, contractors and temporary workers of Customer (current, former).

• Customer’s partners, stakeholders or individuals.

• Users that are users of Customer’s services.

b) Categories of personal data

The personal data that is included in e-mail, documents and other data in an electronic form in the context of the Products and Services. Customer may upload, submit, or otherwise provide certain personal data to the Service, to extent of which is typically determined and controlled by Customer in its sole discretion, and may include the following categories of personal data:

• Basic personal data (for example mobile phone number, first name, last name, email address).

• Authentification data (for example username, audit trail).

• Contact information (for example addresses, email address, phone numbers).

• Unique identification numbers (for example unique identifier in tracking cookies or similar technology).

• Pseudonymous identifiers.

• Commercial information (for example history of purchases, special offers, subscription information, payment history).

• Location and movement data (for example data that indicates the geographic location or movement of a data subject, collected via GPS tracking devices or networking equipment (e.g., routers). This may include coordinates, timestamps, speed, and route history, and can be linked to individuals directly or indirectly through device or user identifiers.

To access detailed information regarding our technical and organizational measures, please contact your sales manager. Please note that disclosure of this information requires the prior execution of a Non-Disclosure Agreement (NDA).

Entity Name & Location

Previous version of this document can be found here