This Data Processing Agreement (“DPA”) forms part of Bettercast’s Terms Of Service Agreement (Agreement). The DPA applies in respect of the provision of the Bettercast’s Services to the Customer if the Processing of User Personal Data is subject to the GDPR, only to the extent the Customer is a Controller (or Processor, as applicable) of User Personal Data and Bettercast is a Processor or sub-Processor of User Personal Data (as defined below). This Addendum shall amend and supplement any provisions relating to the processing of User Personal Data contained in the Agreement and shall be effective for the term of the Agreement.

1. Definitions
   1. Capitalized terms used but not defined in this DPA shall have the meaning given to them in the Agreement or applicable Data Protection Laws.“User Personal Data” means Personal Data uploaded to or published, displayed or backed up through the Bettercast Services.“GDPR” means the General Data Protection Regulation (EU) 2016/679, together with any national implementing laws in any Member State of the European Union, as amended, repealed, consolidated or replaced from time to time.“DPA Effective Date” means, as applicable, (a) May 25, 2018 if Customer clicked to accept or otherwise agreed to this DPA prior to or on such date; or (b) the date on which Customer clicked to accept otherwise agreed to this DPA, if such date is after May 25, 2018.
   2. “Personal Data”, “Personal Data Breach”, “Data Subject”, “Data Protection Authority”, “Data Protection Impact Assessment”, “Process”, “Processor” and “Controller” will each have the meaning given to them in Article 4 of the GDPR.
2. Processing of User Personal Data
   1. For the purposes of this DPA, Bettercast and Customer agree that Customer is the Controller of User Personal Data and Bettercast is the Processor of such data, except when Customer acts as a Processor of User Personal Data, in which case Bettercast is a sub-Processor. If Customer is a Processor, Customer warrants that Customer’s instructions to Bettercast with respect to that User Personal Data, including Customer’s designation of Bettercast as a sub-Processor, have been authorized by the relevant Controller.
   2. Bettercast will only Process User Personal Data on behalf of and in accordance with the Customer’s prior instructions and for no other purpose. Bettercast is hereby instructed to Process User Personal Data to the extent necessary to enable Bettercast to provide the Bettercast Services in accordance with the Agreement.
   3. Each of the Customer and Bettercast will comply with their respective obligations under the GDPR, to the extent applicable to the Processing of any User Personal Data in the context of the provision of the Bettercast Services. Customer will (i) comply with all applicable privacy and data protection laws with respect to Customer’s Processing of User Personal Data and any Processing instructions that Customer issues to Bettercast, and (ii) ensure that Customer has obtained (or will obtain) all consents and rights necessary for Bettercast to Process User Personal Data in accordance with this Addendum.
   4. For Customers located in the EU, Customer acknowledges that Bettercast may process User Personal Data in countries outside of the EU as necessary to provide the Bettercast Services and in accordance with the terms of this Addendum. Where this is the case, Bettercast will take such measures as are necessary to ensure that the transfer is in compliance with applicable data protection laws.
   5. The Customer acknowledges that Bettercast is reliant on the Customer for direction as to the extent to which Bettercast is entitled to use and Process User Personal Data on behalf of Customer in the performance of the Bettercast Services. Consequently, Bettercast will not be liable under the Agreement for any claim brought by a Data Subject arising from any action or omission by Bettercast, to the extent that such action or omission resulted directly from the Customer’s instructions or from Customer’s failure to comply with its obligations under the applicable data protection law.
   6. If for any reason (including a change in applicable law) Bettercast becomes unable to comply with any instructions of the Customer regarding the Processing of User Personal Data, Bettercast will (a) promptly notify the Customer of such inability, providing a reasonable level of detail as to the instructions with which it cannot comply and the reasons why it cannot comply, to the greatest extent permitted by applicable law; and (b) cease all Processing of the affected User Personal Data (other than merely storing and maintaining the security of the affected User Personal Data) until such time as the Customer issues new instructions with which Bettercast is able to comply. If this provision applies, Bettercast will not be liable to Customer under the Agreement in respect of any failure to perform the Bettercast Services due to its inability to process User Personal Data until such time as the Customer issues new instructions in regard to such Processing.
3. Security Measures
   1. Bettercast will implement and maintain appropriate technical and organizational measures designed to protect or secure (i) Customer Data, including Customer Personal Data, against unauthorized or unlawful processing and against accidental or unlawful loss, destruction or alteration or damage, unauthorized disclosure of, or access to, Customer Data, and (ii) the confidentiality and integrity of Customer Data.
   2. Bettercast will take reasonable steps to ensure the reliability and competence of Bettercast team members engaged in the processing of Customer Personal Data. Bettercast will take appropriate steps to ensure that all Bettercast team members engaged in the processing of Customer Personal Data (i) comply with the Security Measures to the extent applicable to their scope of performance, (ii) are informed of the confidential nature of the Customer Personal Data, and (iii) have received appropriate training on their responsibilities and (iv) have executed written confidentiality agreements. Bettercast shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
4. Security Breach
   1. If Bettercast becomes aware of a Data Breach, Bettercast will: (a) notify Customer of the Data Breach without undue delay after becoming aware of the Data Breach; and (b) promptly take reasonable steps to minimize harm and secure Customer Data.
   2. Notification(s) of any Data Breach will be delivered to the Customer by direct communication (for example, by a phone call or email). The customer is solely responsible for ensuring that any contact information, including notification email address, provided to Bettercast is current and valid.
   3. Bettercast will not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. The customer is solely responsible for complying with data breach notification laws applicable to the Customer and fulfilling any third-party notification obligations related to any Data Breach.
   4. Bettercast’s notification of or response to a Data breach under this Section 4. (Security Breach) will not be construed as an acknowledgement by Bettercast of any fault or liability with respect to the Data Breach.
5. Customer’s Security Responsibilities and Assessment of Bettercast
   1. Customer agrees that without prejudice to Bettercast’s obligations under Section 3. (Security Measures) and Section 4. (Security Breaches):
   2. Customer is solely responsible for its use of the Services, including (i) making appropriate use of the Services and any Additional Security Information to ensure a level of security appropriate to the risk in respect of the Customer Data; (ii) securing the account authentication credentials, systems and devices Customer uses to access the Services; and (iii) backing up the Customer Data; and
   3. Bettercast has no obligation to protect Customer Data that Customer elects to store or transfer outside of Bettercast’s systems.
   4. Customer is solely responsible for reviewing the Security Measures and evaluating for itself whether the Services, the Security Measures, and Bettercast’s commitments under this Section 3 (Security Measures) will meet the Customer’s needs, including with respect to any security obligations of Customer under the Data Protection Laws. The customer acknowledges and agrees that the Security Measures implemented and maintained by Bettercast as set out in Section 3 (Security Measures) provide a level of security appropriate to the risk in respect of the Customer Data.
6. Data Protection Impact Assessment; Prior Consultation
   1. Bettercast will, at the Customer’s request and subject to the Customer paying all of Bettercast’s fees at prevailing rates, and all expenses, provide the Customer with reasonable cooperation and assistance needed to fulfil the Customer’s obligation under the GDPR to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Bettercast. Bettercast will provide reasonable assistance to Customer in the cooperation or prior consultation with the applicable data protection authority in the performance of its tasks relating to this Section 6 (Data Protection Impact Assessment) to the extent required under the GDPR.
7. Deletion of User Personal Data
   1. Bettercast will enable Customer to delete during the Term Customer Data in a manner consistent with the functionality of the Services. If Customer uses the Services to delete any Customer Data during the Term and that Customer Data cannot be recovered by Customer, this use will constitute an instruction to Bettercast to delete the relevant Customer Data from Bettercast’s systems in accordance with applicable law. Bettercast will comply with this instruction as soon as reasonably practicable within a maximum of 30 days unless the European Union or member state law requires storage.
   2. On the expiration of the Agreement, Customer instructs Bettercast to permanently and securely delete all User Personal Data in the possession or control of Bettercast, within a reasonable period of time, maximum of 30 days (unless the applicable law of the EU or of an EU Member State requires otherwise), except if the Customer requests, prior to the expiration of the Agreement, to have access to the Bettercast Services in order to retrieve User Personal Data. Customer acknowledges and agrees that Customer will be responsible for exporting before the Term expires, any Customer Data it wishes to retain afterwards.
8. Order of Precedence
   1. With regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Agreement, the provisions of this Addendum shall prevail.

Updated: February 24, 2021