Glossary​

• Live - Bambuser product, formerly known as "One-to-Many"
• Video Consultation - Bambuser product, formerly known as "One-to-One"
• Chat - Bambuser product, formerly known as "Chat"

Cookies​

Purchase conversion statistics is Bambuser's feature which measures how much revenue a certain video brings. It does that via setting up cookies on viewer's browser once they first initiate the video (clicking on a CTA button). The conversion statistics gives a video a measurable "score" which can, among other things, be used to constantly improve your live stream videos.

There are currently a number of Cookies being set once viewers interact with the Bambuser Widget (Player, Calls Widget or Messenger). Each cookie has a different name, expiration date and purpose and may be set for only one of the products. A full description of each cookie is described in the table below.

Steps​

1. The viewer watches a video, participate in a call, or chat with an agent
2. A subset of the above cookies will be written in the consumer's browser depending on what product they interacted with
3. Consumer buy and completes the checkout
4. If cookies exist (means the user has watched a video, had a call or used the chat in the last 30 days), some basic purchase data will be sent to Bambuser
5. Purchases and revenue will be displayed inside the Bambuser Dashboard for the relevant workspace

You can read about how to implement Shopper Events Tracking here.

Sub-processors​

The following sub-processors may Process the Personal Data:

Live​

• Company name: Amazon Web Services
• Country of establishment: US
• Country of processing: US, Ireland or Japan. Other regions may be available from time to time and presented to Customer. Region is automatically selected based on geographical location of the Host unless otherwise requested by Customer.
• Type of processor: Cloud service provider

• Company name: Google Cloud Platform
• Country of establishment: US
• Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
• Type of processor: Cloud service provider

• Company name: SFDC Ireland Limited
• Country of establishment: Ireland
• Country of processing: Amsterdam, Netherlands/Stockholm, Sweden
• Type of processor: Customer support function

• Only for customers using the dubbing features or Free trial account
• Company Name: Sieve
• Country of establishment: US
• Country of processing: US
• Nature of Processing: Sieve will be engaged to alter voices in videos and change the language of the voices. This involves the Processing of voice data (audio files) for the purposes of modification and translation. For free trial customers, we engage Sieve to process uploaded videos to ensure compliance with the trial agreement.
• Categories of Data Subjects: The categories of Data Subjects remain consistent with those outlined in the existing DPA, including but not limited to, individuals appearing in videos provided by the Data Controller.
• Type of Personal Data Processed: Audio files containing voice data, which may include identifiable information such as voice characteristics. For Trial accounts we also process the uploaded videos.
• Transfer mechanism: Standard Contractual Clauses

• Only for customers using the AI Chat Messages feature
• Company Name: OpenAI Ireland Limited
• Country of establishment: US
• Country of processing: US
• Nature of Processing: We transmit anonymized user-generated chat content to OpenAI’s API, which utilizes natural language processing techniques to analyze the data and generate response suggestions. These suggestions are then provided to chat moderators, who can choose whether to use them.
• Categories of Data Subjects: The chat participants and chat moderators.
• Type of Personal Data Processed: Chat content that can possibly include personal data. We always try to remove identifiers before sending the data to the subprocessor.
• Transfer mechanism: Standard Contractual Clauses

• Only for US customers or Free Trial customers
• Company Name: Google Ireland Limited
• Country of establishment: Ireland
• Country of processing: US
• Nature of Processing: We collect usage data in the admin interface (Bamhub), such as page views and user interactions, and transmit this information to Google Analytics. Google processes this data to provide insights into Bamhub traffic and behavior, enabling us to enhance user experience and optimize content.
• Categories of Data Subjects: The users that have access to the Bamhub.
• Type of Personal Data Processed: Website usage data, including IP addresses and user interactions. We implement measures to anonymize data before transmission to the subprocessor.
• Transfer mechanism: Standard Contractual Clauses

Shoppable Video​

• Company name: Amazon Web Services
• Country of establishment: US
• Country of processing: US, Ireland or Japan. Other regions may be available from time to time and presented to Customer. Region is automatically selected based on geographical location of the Host unless otherwise requested by Customer.
• Type of processor: Cloud service provider

• Company name: Google Cloud Platform
• Country of establishment: US
• Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
• Type of processor: Cloud service provider

• Company name: SFDC Ireland Limited
• Country of establishment: Ireland
• Country of processing: Amsterdam, Netherlands/Stockholm, Sweden
• Type of processor: Customer support function

• Only for customers using the dubbing features or Free trial account
• Company Name: Sieve
• Country of establishment: US
• Country of processing: US
• Nature of Processing: Sieve will be engaged to alter voices in videos and change the language of the voices. This involves the Processing of voice data (audio files) for the purposes of modification and translation. For free trial customers, we engage Sieve to process uploaded videos to ensure compliance with the trial agreement.
• Categories of Data Subjects: The categories of Data Subjects remain consistent with those outlined in the existing DPA, including but not limited to, individuals appearing in videos provided by the Data Controller.
• Type of Personal Data Processed: Audio files containing voice data, which may include identifiable information such as voice characteristics. For Trial accounts we also process the uploaded videos.
• Transfer mechanism: Standard Contractual Clauses

• Only for customers using the AI Chat Messages feature
• Company Name: OpenAI Ireland Limited
• Country of establishment: US
• Country of processing: US
• Nature of Processing: We transmit anonymized user-generated chat content to OpenAI’s API, which utilizes natural language processing techniques to analyze the data and generate response suggestions. These suggestions are then provided to chat moderators, who can choose whether to use them.
• Categories of Data Subjects: The chat participants and chat moderators.
• Type of Personal Data Processed: Chat content that can possibly include personal data. We always try to remove identifiers before sending the data to the subprocessor.
• Transfer mechanism: Standard Contractual Clauses

• Only for US customers or Free Trial customers
• Company Name: Google Ireland Limited
• Country of establishment: Ireland
• Country of processing: US
• Nature of Processing: We collect usage data in the admin interface (Bamhub), such as page views and user interactions, and transmit this information to Google Analytics. Google processes this data to provide insights into Bamhub traffic and behavior, enabling us to enhance user experience and optimize content.
• Categories of Data Subjects: The users that have access to the Bamhub.
• Type of Personal Data Processed: Website usage data, including IP addresses and user interactions. We implement measures to anonymize data before transmission to the subprocessor.
• Transfer mechanism: Standard Contractual Clauses

Video Consultation​

• Company name: Amazon Web Services
• Country of establishment: US
• Country of processing: US or Ireland, at Customer’s option
• Type of processor: Cloud service provider

• Company name: Google Cloud Platform
• Country of establishment: US
• Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
• Type of processor: Cloud service provider

• Company name: SFDC Ireland Limited
• Country of establishment: Ireland
• Country of processing: Amsterdam, Netherlands/Stockholm, Sweden
• Type of processor: Customer support function

Chat​

• Company name: Amazon Web Services
• Country of establishment: US
• Country of processing: US or Ireland, at Customer’s option
• Type of processor: Cloud service provider

• Company name: MongoDB Atlas (formerly mLabs)
• Country of establishment: Ireland
• Country of processing: Ireland.
• Type of processor: Database service provider

• Company name: Twilio
• Country of establishment: USA
• Country of processing: USA
• Type of processor: Messaging service
• Transfer mechanism: SCC

Supported browsers and operating systems:​

Live​

Dashboard Web​

• Chrome - Latest two major releases
• Firefox - Latest two major releases
• Safari - Latest two major releases
• Edge Chromium - Latest two major releases
• Opera - Latest two major releases

Shoppable Video​

Dashboard Web​

• Chrome - Latest two major releases
• Firefox - Latest two major releases
• Safari - Latest two major releases
• Edge Chromium - Latest two major releases
• Opera - Latest two major releases

Broadcaster Apps​

iOS​

• Latest two major releases

Android​

• Android 5.0 / API 21

Player​

TBD

Video Consultation​

Dashboard Web​

• Chrome - Latest two major releases
• Firefox - Latest two major releases
• Safari - Latest two major releases
• Edge Chromium - Latest two major releases
• Opera - Latest two major releases

Agent mobile apps​

iOS​

• iOS 14 or later (iOS 14 was released Q4 2020)

Android​

• Android 5.0 / API 21

Calls Widget​

• Chrome 65 or later (Chrome 65 was released Q1 2018)
• Microsoft Edge Chromium (any Edge after version 18)
• Firefox 62 or later (Firefox 62 was released Q4 2018)
• Safari 13 or later (iOS 13 was released Q4 2019)
• Samsung Browser (latest available major releases of Samsung browsers run on Samsung phone released in past three years)
• Opera Browser - latest two major releases.

Agent-Tool Web​

• Chrome - Latest two major releases.
• Edge Chromium - Latest two major releases.
• Safari - Latest two major releases.

Prohibited markets​

Bambuser will not deliver any service to the following markets (the list may be update from time to time at Bambuser's discretion)

• Belarus
• Cuba
• Central African Republic
• Iran
• Iraq
• Lebanon
• Libya
• Myanmar (Burma)
• Nicaragua
• North Korea
• Russia
• Venezuela
• Somalia
• Syria
• Ukraine
• Yemen
• Zimbabwe

Technical and Organizational Measures​​

This section contains a list of the technical and organizational measures which are applied by Bambuser. The measures are designed to:

• Safeguard the security and confidentiality of Personal Data, by following the principles of privacy by design.
• Protect against any anticipated threats or hazards to the security and integrity of Personal Data.
• Protect against any actual unauthorized processing, loss, use, disclosure or acquisition of or access to any Personal Data.

Policies​​

The organization has comprehensive policies for information security that are approved by management, published and effectively communicated to all employees and relevant external parties.

Organizational Controls​​

• All recruitments follow a screening process.
• A security and awareness program is implemented where participitation is mandatory for all employees.
• Employees and contract workers sign confidentiality agreements prior to commencing employment.
• Bambuser’s comprehensive Staff handbook includes a discrimination policy and a equality policy.
• Bambuser’s general recommendations regarding security measurement for personal devices are shared to all employees and consultants and is a part of the onboarding process. Employees and consultants are bound to follow policies by contract.
• Regular internal security audits are conducted to verify the security practice.
• Bambuser maintains internal data processing policies and procedures, process descriptions and regulations for programming.

Physical Security​​

• Access control and visitor management systems are implemented for all visitors/guests at Bambuser’s Headquater.
• Physical access reviews are performed periodically.
• Clean desk, clear screen and follow me printing are implemented.
• Fire alarm and fire-fighting systems implemented for employee safety.
• Fire evacuation drills are conducted at specified frequencies.

Data security and confidentiaity

Bambuser have implemented security measures to protect data confidentiality, integrity, and availability throughout the data lifecycle, from creation until deletion.

Such measures is designed to implement confidentiality and integrity of processing systems and services and include requirements for the protection of data during transmission and storage. Based on a risk assessment Bambuser will undertake a level of security appropriate to the risk, including:

• Full-disc encryption enabled on mobile devices.
• Vendor-supplied updates installed automatically on mobile devices.
• E-mails automatically scanned by anti-virus and anti-spam software.
• An MDM tool installed on all Bambuser owned mobile devices.​
• All information applies encryption and protection in relation to classification.
• All connectivity is encrypted with TLS 1.2 or higher.
• Intrusion detection software is run continuously.
• Pseudonymization and encryption of Personal Data where applicable.
• Customer Data (including back-ups and archives) only be stored for as long as it serves the purposes for which the data was collected.
• Information and documents are classified according to the information classification guidelines.

Data Access Management

Bambuser have implemented measures to provide security throughout the identity and access management lifecycle by ensuring access to data and systems are provisioned to the authorised people through correct channels. Measures includes:

• Access to systems is provided on a ‘need to know’ and ‘need to access’ basis taking into account segregation of duties.
• Proper controls implemented for requesting, approving, granting, modifying, and revoking user access to systems and applications are implemented.
• All access to critical applications is reviewed at least annually.
• All access requests need to be approved by a manager or the appointed asset owner.
• All access requests are approved based on individual role-based access.
• Multi-factor authentication enabled where available.
• Passwords meet password complexity requirements as defined in a password policy.

Access Control to Personal Data.​​

Employees with access to personal data can only access the data that are necessary for the purpose of the activities under their responsibility. Access logs are in place and the responsibility for access control is assigned. Following measures are in place:

• Obligation for employees to comply with the applicable Bambuser security policies and data protection policies.
• Work instructions on handling personal data.
• Identity authentication needed for access to Personal Data.
• Only employees with a clear business need are allowed to access Personal Data located on servers, within applications or databases.

Change Management​​

• Each change must be documented and the change should not be completed until tested, reviewed, and approved according to defined change management procedures.
• Development follows the stipulated SDLC (Software development life cycle).
• All changes are tracked with a version control system.
• Automated scanning tools (SAST, DAST, and dependency scanning) are continuously used to find and resolve security problems.
• All code changes must pass automated testing and peer review before being merged to the main code repository branch.

Information security incident management​​

• Management responsibilities and procedures have been established to safeguard a quick, effective and orderly response to information security incidents, within defined timeframes in the GDPR.
• A formal reporting procedure or guideline exists for users, to report security weaknesses in, or threats to, systems or services.
• There is a procedure for assessing information security problems and issues and classifying them as information security incidents.
• There are documented procedures in place for responding to information security incidents including reporting security incidents through appropriate management channels as quickly as possible.

Business Continuity and Disaster Recovery

Bambuser protects critical business processes from the effects of major failures of information systems or disasters and ensures their timely resumption in the event of an incident. These measures must include requirements for ensuring the ongoing availability and resilience of processing systems and services and for the ability to restore availability and access to data in a timely manner in the event of an incident.

Measures include:

• Implementation of a disaster recovery program that focuses on making information systems resilient against failures and disasters.
• Performance of data backups to enable resumption of system operations in an event of failure.
• Replication of data across multiple data center regions.
• Regular disaster recovery tests and, based on the learning from these tests, work to update and improve disaster recovery processes.

**Threat and Vulnerability Management **

Bambuser will maintain measures meant to identify, manage, mitigate and/or remediate vulnerabilities within the Bambuser environments. Security measures include:

• Patch management
• Anti-virus / anti-malware
• Threat notification advisories
• Vulnerability scanning
• Periodic penetration testing

Network Security​​

Bambuser implemented measures to securely design, protect and manage the supporting cloud network infrastructure. Measures include:

• Cloud security groups act as firewalls between different services. This setup will only allow explicitly declared communications to take place.
• Web Application Firewalls in front of the internet-facing services.

Cloud providers​​

Bambuser uses the following cloud providers for its services:

• Amazon Web Services (https://aws.amazon.com/security/)
• Google Cloud Platform (https://cloud.google.com/security).
• Salesforce (https://trust.salesforce.com/)

Our sub-processors have provided adequate guarantees on the protection of personal data they process on our behalf.

Service Level Agreement​

This Service Level Agreement shall apply to the Bambuser Solution as from the first live video/call session. Any defect or error occurring prior to this date shall be remedied by Bambuser within a commercially reasonable time. Customer further acknowledge that this Service Level Agreement only applies to the availability of the Bambuser Solution

1 Service levels

1.1 Bambuser shall use commercially reasonable efforts to make the Bambuser Solution available 24/7/365.

Business incident support team is available Monday through Friday, CET, business hours (the “Incident Support Hours”). The Response Times set forth in the tables below applies within the Incident Support Hours. Other support cases not defined as incidents are managed by the Customer Success Manager (“CSM”). The availability of the CSM is Monday through Friday applicable business hours of the region that the Customer is domiciled.

1.2 Upon Bambuser's failure to uphold agreed availability during a calendar month, the Customer shall, as sole and exclusive remedy, be entitled to a one-time reduction of the monthly Subscription License Fee applicable for such month in accordance with the table below:

1.3 To gain service level credits, the Customer must request such service level credit from Bambuser in writing via their designated account manager. Service level credits shall, unless otherwise agreed between the Parties, be settled against the next invoice or refunded by Bambuser, at Bambuser's discretion.

1.4 In order to receive service level credits, the Customer must notify Bambuser when the first occurrence of failure to uphold agreed availability becomes known to Customer, by immediately sending an email to support@bambuser.com. The Customer's notification must include the date and times of alleged unavailability.

1.5 Bambuser is not liable for any deviations from the agreed availability caused by any event outside Bambuser’s reasonable control including related to SDK, Customer's negligence or misuse of the Service, Customer's external communication solution including deficit internet access or a Force Majeure Event. Accordingly, Customer shall not be entitled to any services credit or other compensation from Bambuser. SDK related incidents will not be managed by Bambuser and is out of scope for this SLA.

1.6 Incident reporting and levels of Priority

All incidents must be reported to support@bambuser.com and include the following information where relevant:

- Org ID

- User ID

- Show ID

- Client's suspected level of Priority

- User Name

- Time when behavior was first noticed

- Website URL where the problem is occurring

- Device or Devices and their operating systems where the behavior is occurring

- Description of what is not functioning as expected and how to replicate the behavior

- Screenshots or video captures showing the problem

1.7 An incident shall be considered reported from the timestamp of the email sent to support@bambuser.com including sufficient information (as specified in Section 1.6 above) for the Bambuser staff to begin investigating the incident. Incidents with insufficient information will not be deemed as reported until such time as relevant details are provided, at which time they shall be considered reported from the timestamp on the email containing the necessary information.

1.8 After an incident has been reported it will be reviewed by Bambuser and a decision will be made as to the level of Priority of the incident as proposed by the Customer when it was reported. The incident reported will then be responded to within the response time stipulated in table below for the level of Priority that has been decided by Bambuser. Final decision on an incident's classification regarding priority level shall always reside with Bambuser.

1.9 The Bambuser Support team will endeavor to restore service within the time period specified by each level of priority. The Bambuser Support team will endeavor to resolve the underlying problem with the service within the time period specified by each level of priority.

Live​

Video Consultation​

Technical Specification Live​

General technical description of Live​

Live is a cloud-based service that enables the Customer to broadcast live video streaming with an integrated shopping feature. Live is an in-house developed software dependent on third-party services by AWS and Google Cloud. These third-party services are distributed by Bambuser (embedded in Live) and are not to be used on a stand-alone basis by the Customer. Live is built partly using open source software and the Customer acknowledges that Bambuser is using industry standard open source products.

To achieve the optimal user experience, Live requires either (i) a commitment from the Customer to implement the necessary JavaScript code on the Customer's website (often less than 100 rows), and optionally (ii) set iframe policies allowing the Customer's site to be embedded on itself (i.e. using X-Frame-Options and/or Content-Security-Policy headers).

Bambuser Solution​

A Customer may choose to split up their operations and reporting into multiple workspaces which will be subject to additional fees. For example, the Customer can have a multiple workspaces for different brands or departments within the Customer's organization. Each workspace can have multiple Hosts and multiple live videos can be broadcasted simultaneously within a workspace. Reporting and analytics are available in the Bambuser Dashboard for each workspace.

Technical Specification Shoppable Video​

General technical description of Shoppable Video​

Shoppable Video is a cloud-based service that enables the Customer to distribute recorded video content with an integrated shopping feature. Shoppable Video is an in-house developed software dependent on third-party services by AWS and Google Cloud. These third-party services are distributed by Bambuser (embedded in Shoppable Video) and are not to be used on a stand-alone basis by the Customer. Shoppable Video is built partly using open source software and the Customer acknowledges that Bambuser is using industry standard open source products.

To achieve the optimal user experience, Shoppable Video requires either (i) a commitment from the Customer to implement the necessary JavaScript code on the Customer's website (often less than 100 rows), and optionally (ii) set iframe policies allowing the Customer's site to be embedded on itself (i.e. using X-Frame-Options and/or Content-Security-Policy headers).

Bambuser Solution​

A Customer may choose to split up their operations and reporting into multiple workspaces which will be subject to additional fees. For example, the Customer can have a multiple workspaces for different brands or departments within the Customer's organization. Each workspace can have multiple Hosts and multiple live videos can be broadcasted simultaneously within a workspace. Reporting and analytics are available in the Bambuser Dashboard for each workspace.

Technical Specification Video Consultation​

General technical description of Video Consultation​

Video Consultation is a cloud-based service that enables the Customer to interact with consumers via a one-to-one call (video/audio and chat) with interactive features such as, compare, highlight and add-to-cart.

Video Consultation can be used by a Customer to facilitate calls between a visitor on the Customer's website and an agent who can assist, educate or sell products to potential customers. Video Consultation also allows the Customer's agent to schedule consultations for consumers by distributing invite links. All products discussed in a call can be highlighted, compared with other products, added to the cart and purchased during or after the one-to-one experience. The products are inserted in the native cart/check out on the Customer's website and no transactions take place within Video Consultation.

Video Consultation is an in-house developed software dependent on third party services by AWS and Google Cloud. These third party services are distributed by Bambuser (embedded in Video Consultation) and are not to be used on a stand-alone basis by the Customer. Video Consultation is built partly using open source software and the Customer acknowledges that Bambuser is using industry standard open source products. Bambuser follows the applicable licenses such as MIT and Apache.

Bambuser Solution​

A Customer may choose to split up their operations and reporting into multiple workspaces which will be subject to additional fees. For example, the Customer can have a multiple workspaces for different brands or departments within the Customer's organization. Each workspace can have multiple Agents/Users, Queues and Services. Reporting and analytics are available in the Bambuser Dashboard for each workspace.

Technical Specification Chat​

General technical description of Chat​

Chat is a cloud-based service that can be used by a Customer to facilitate text based messaging between a visitor on the Customer's website and an agent who can assist, educate or sell products to potential customers. Subject to Customer’s implementation and configuration, agents can use the catalog feature to share recommended products in the chat, or the video feature to convert the chat into a video call, or use the Contacts feature to stay in touch with a customer via SMS, email or WhatsApp after the chat experience. The checkout experience requires the native cart/check out of the Customer’s website and no transactions take place within Chat.

Chat is an in-house developed software dependent on third party services by AWS, Twilio and Google Cloud. These third party services are distributed by Bambuser (embedded in Chat) and are not to be used on a stand-alone basis by the Customer.

Bambuser Solution​

Implementation Services And Onboarding For Live​

Integration and implementation

A complete integration of the Bambuser Solution requires purpose-built JavaScript for administering the communication between the Bambuser Player and the Customer's on-site cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) the whitelisting of the Bambuser servers to enable the functionality of critical features such as embed script, magic link login, product scraper, Dashboard backends, webhooks and image transformer of the Bambuser Solution. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to test the integration.)

(ii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first live video.

Bambuser will for customers (with the exception for ignite, light and base tiers customer)

(i) Provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, our integration specialists will perform a high-level quality check of Player behavior on your website and provide feedback to the Customer if anything needs to be adjusted before the first live video.

(ii) Bambuser will make available to Customer all necessary information and specifications required to enable Customer to meet its responsibilities specified in Customer Responsibilities.

Onboarding

When the Subscription Order is signed by the Parties, Bambuser will support the Customer in the integration and onboarding process with staff specially trained in these areas. In general terms, Bambuser's "Customer Success Staff" will handle the onboarding of the Customer including project management, Customer contact and staff training, while Bambuser's integration team will act as technical support to assist the Customer with coaching and knowledge sharing when integrating the Bambuser Solution with the Customer's e-commerce platform.

Bambuser will assign an account manager to the Customer's account who is appropriately qualified in the fields necessary to provide the Services. The account manager will be the main point of contact and will coordinate a successful launch for the Customer's brands, referred to as the "Onboarding". The Onboarding serves as the technical alignment streamlined with the Customer's integration where the Customer receives all user necessary details in order to successfully launch the live videos. The client manager will serve as the primary Customer contact for the duration of the Subscription Order. The account manager will host recurring meetings, follow up key KPI:s, and provide the Customer with suitable 'best practice' cases as well as suggestions for improvement.

Customer Responsibilities

The Customer is responsible for creating a promotional plan driving to each live video.

The Customer is responsible for creating their own look and feel (brand) of the Player through the theming and configuration capabilities in Bambuser Dashboard.

The Customer is required to autonomously design and upload for welcome pause and end screens (curtains).

The Customer is required to provide legal chat terms applicable for the live video participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to approve Bambuser Player wording for all additional languages.

The Customer is required to manage user access to the Bambuser Dashboard.

The Customer is required to schedule tests and live broadcasts using the Bambuser Dashboard.

The Customer is required to embed the Bambuser Player on a webpage pertaining to the Customer. The Bambuser Player contains cookies available here which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from live video participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is responsible for the production of the Content for the broadcast.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) for Bambuser to perform Integration Check. (The Integration Check process involves the Bambuser Support team conducting a high-level review of Bambuser’s product functionality on the Customer’s website. However, since the Customer possesses a deeper understanding of the specific setup and nuances of their platform, Bambuser cannot guarantee the correctness of the integration.)

The Customer is responsible for providing Bambuser with a URL of the landing page where the Bambuser Solution is embedded on its website as well as a contact person and the contact details to that person during the live video so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

For the purpose of broadcasting a live video, the Customer may only use the operating system on their devices that is not more than one (1) generation older/behind than the current version.

The Customer is responsible to ensure it has equipment (of appropriate specification and compatible with the Applications and the Service) and sufficient Internet connection to enable the Customer to connect to the Applications and benefit from the Services.

Supported browsers and operating system can be found here.

Implementation Services And Onboarding For Video Consultation​

Integration and implementation

A complete integration of Video Consultation requires purpose-built JavaScript for administering the communication between the Bambuser Calls Widget and the Customer's on-site cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) the whitelisting of the Bambuser servers to enable the functionality of critical features such as embed script, magic link login, product scraper, Dashboard backends, webhooks and image transformer of the Bambuser Solution. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to test the integration.)

(ii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first video call.

Bambuser will for customers (with the exception for ignite, light and base tiers customer)

(i) provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, Bambuser's integration specialists will check that the integration is correct and provide feedback to the Customer if anything needs to be adjusted before the first video call.

(ii) monitor the call connections and call stability during the first day of launch and inform the Customer of any noticed irregularities such as network instabilities in Customer networks or error logs from integrations that the Customer may need to address for better stability and call quality. This can only be provided as long as the Customer inform Bambuser about their planned go live date at least 72 hours ahead of the launch date.

(iii) Provide the Customer with all necessary information and specifications required to enable Customer to meet its responsibilities specified in Customer responsibilities.

Onboarding

When the Agreement is signed by the Parties, Bambuser will support the Customer in the integration and onboarding process with staff specially trained in these areas. In general terms, Bambuser's "Customer Success Staff" will handle the onboarding of the Customer including project management, Customer contact and staff training, while Bambuser's integration team will act as technical support to assist the Customer with coaching and knowledge sharing when integrating Video Consultation with the Customer's e-commerce platform.

Bambuser will assign an account manager to the Customer's account who is appropriately qualified in the fields necessary to provide the Services. The account manager will be the main point of contact and will coordinate a successful launch for the Customer's brands, referred to as the "Onboarding". The Onboarding serves as the technical alignment streamlined with the Customer's integration where the Customer receives all user necessary details in order to successfully launch the video calls. The account manager will serve as the primary Customer contact for the duration of the Agreement. The account manager will Agent recurring meetings, follow up key KPI:s, and provide the Customer with suitable 'best practice' cases as well as suggestions for improvement.

Customer Responsibilities

The Customer is responsible for creating a promotional plan driving to each video call.

The Customer is responsible for creating their own look and feel (brand) of the Calls Widget through the theming and configuration capabilities in Bambuser Dashboard.

The Customer is required to provide legal chat terms applicable for the video call participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to provide legal chat terms applicable for the video call participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to approve player wording for all additional languages.

The Customer is required to manage user access to the Bambuser Dashboard.

The Customer is required to embed the Bambuser Calls Widget on a webpage pertaining to the Customer. The Bambuser Calls Widget contains cookies available here, which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from video call Participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is responsible for the production of the Content for the broadcast.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) of every test and video call that require dedicated support or technical verification.

The customer is responsible for providing Bambuser with a URL of the landing page where Video Consultation is embedded on its website as well as a contact person and the contact details to that person during the video call so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

The Customer is responsible to ensure it has equipment (of appropriate specification and compatible with the Applications and the Service) and sufficient Internet connection to enable the Customer to connect to the Applications and benefit from the Services.

Supported browsers and operating system can be found here.

Implementation Services And Onboarding For Chat​

Integration and implementation

A complete integration of Chat requires purpose-built JavaScript for administering the communication between the Chat Messenger and the Customer's site functions like e-commerce cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) the whitelisting of the Bambuser servers to enable the functionality of critical features of the Bambuser Solution. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to verify and test the integration.)

(ii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first live chat

Bambuser will for customers (with the exception for ignite, light and base tiers customer)

(i) provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, Bambuser's integration specialists will check that the integration is correct and provide feedback to the Customer if anything needs to be adjusted before the first video call.

(ii) Provide the Customer with all necessary information and specifications required to enable Customer to meet its responsibilities specified in Customer Responsibilities.

Onboarding

Onboarding process to be made available by Bambuser at Customer's request

Customer Responsibilities

The Customer is responsible to ensure it has equipment (of appropriate specification and compatible with the Applications and the Service) and sufficient Internet connection to enable the Customer to connect to the Applications and benefit from the Services.

The Customer is responsible for creating their own look and feel (brand) of the Chat Messenger through the theming and configuration capabilities in Bambuser Dashboard and the additional capabilities of styling through code on the Customer’s site.

The Customer is required to provide legal chat terms applicable for the chat participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is responsible to configure custom wording for all additional languages through the Bambuser Dashboard (All Doors) self-service UI.

The Customer is required to provide a list of Authorized users that should have access to the Bambuser Dashboard (All Doors) application

The Customer is required to manage Authorized user access to the Chat store app through the Bambuser Dashboard (All Doors).

The Customer is required to schedule tests and live broadcasts using the Bambuser Dashboard.

The Customer is required to embed the Bambuser Calls Widget on a webpage pertaining to the Customer. The Bambuser Calls Widget contains cookies available here, which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from video call Participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) of every test and video call that require dedicated support or technical verification.

The customer is responsible for providing Bambuser with a URL of the landing page where Video Consultation is embedded on its website as well as a contact person and the contact details to that person during the video call so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

Supported browsers and operating system can be found here.

DATA PROCESSING AGREEMENT​

BACKGROUND AND PURPOSE​

This Data Processing Agreement ("DPA") sets out the terms and conditions for the Processing of Personal Data within the scope of the Bambuser Solution and related support services where Bambuser acts as a Processor to Customer, acting as the Controller. Except as may be otherwise required under Data Protection Laws, Customer, on behalf of any other Controller (e.g., where applicable, companies within Customer's company group or other Controllers designated by Customer, in both cases subject to agreement between Customer and Bambuser), shall serve as a single point of contact for Bambuser with regard to all matters under this DPA and shall be responsible for the internal coordination, review and submission of instructions or requests to Bambuser as well as the onward distribution of any information, notifications and reports provided by Bambuser hereunder.

Unless otherwise stipulated, the provisions of the DPA shall take precedence over the provisions of the Agreement with respect to the subject matter hereof.

IT IS AGREED as follows:

1. DEFINITIONS​

Without prejudice to any definition of a term set out in Data Protection Laws, any terms not defined herein shall be given the meaning provided in the Agreement. In this DPA, the following definitions apply:

2. RESPONSIBILITIES​

2.1 Both Parties will comply with all applicable requirements of the Data Protection Laws. This DPA is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under the Data Protection Laws.

2.2 Both Parties will comply with all applicable requirements of the Data Protection Laws. With respect to California Consumer Privacy Act of 2018 ("CCPA"), Customer is defined as a "business" and Customer is engaging Bambuser as its "service provider" as defined in the CCPA. This DPA is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under the Data Protection Laws.

2.3 Bambuser shall Process Personal Data with all due care and skill, diligence and prudence, in a workmanlike manner in accordance with high professional standards, and in compliance with applicable Data Protection Laws. Bambuser must not use the Personal Data for any other purposes than those specified in the Agreement, this DPA and Customer's documented instructions from time to time. Customer's written instructions for Processing are set out in Appendix 1.

2.4 More specifically, Bambuser shall:

• a) Process the Personal Data only on documented instructions from Customer, unless required to deviate from such instructions in order to comply with applicable Data Protection Laws which Bambuser is subject to. In such a case, Bambuser shall inform Customer of that legal requirement before Processing, unless such Data Protection Laws prohibit such information on important grounds of public interest;

• b) ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

• c) assist Customer by appropriate technical and organizational measures, in so far as this is possible, for the fulfilment of Customer's obligation to respond to requests for exercising any Data Subject's rights under Data Protection Laws;

• d) assist Customer in ensuring compliance with its legal obligations in respect of Personal Data, such as, with Customer's data security, data protection impact assessment and prior consulting obligations set out by Data Protection Laws;

• e) make available to Customer all information necessary to demonstrate compliance with Bambuser's obligations set out in this DPA and in applicable Data Protection Laws, and allow for and contribute to audits, including inspections, conducted by Customer as set forth in this DPA; and

• f) Process Personal Data only during the term of this DPA.

2.5 Bambuser shall implement technical, physical, and organizational measures to make sure a high level of security of the Personal Data that it is Processing and to protect Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage, alteration, or disclosure. Bambuser's security measures shall at all times meet the requirements of applicable Data Protection Laws.

2.6 Subject to the terms of the Agreement, Bambuser shall implement and maintain technical and organizational measures to secure conformity with applicable Data Protection Laws to which Bambuser is subjected, inter alia, measures for:

• a) pseudonymization and/or encryption of Personal Data;

• b) ensuring confidentiality, integrity, availability and resilience of systems and services processing Personal Data;

• c) restoring availability and access to Personal Data in a timely manner in the event of a Personal Data Breach or other unexpected event interrupting Bambuser's processing of Personal Data;

• d) regularly testing, assessing and evaluating the effectiveness, readiness and integrity of technical and organizational measures for ensuring the security of the Processing; and

• e) conforming with current business practices, standards or recommendations concerning privacy protection and information safety.

2.7 A description of Bambuser's technical and organizational measures applicable upon the date of signing hereof is available at https://bambuser.com/docs/agreement-details/#technical-and-organizational-measure

2.8 Bambuser shall ensure that any person acting under the authority of Bambuser who has access to Personal Data shall not Process them except on documented instructions from Customer.

2.9 Customer (and/or, as the case may be, companies affiliated with Customer as may be agreed with Bambuser) is the Controller for all Personal Data which Customer (or persons on its behalf) shares with Bambuser for Processing under the Agreement and this DPA. In its capacity as Controller, Customer confirms (on its own part and, as applicable, on behalf of each other Controller) that: a) without prejudice to Bambuser's responsibilities as a Processor hereunder, Customer is solely responsible for any Personal Data provided or made accessible to Bambuser under this DPA and the means by which it has been acquired and collected as well as the accuracy, quality, legality and integrity thereof; b) Customer is entitled to provide access to the Personal Data to Bambuser for the purposes hereof and, consequently, that it has and will maintain a lawful basis for Bambuser's Processing of Personal Data for purposes of performance of the services under the Agreement and in accordance with this DPA; c) all instructions from Customer for the Processing of Personal Data hereunder shall comply with applicable Data Protection Laws, shall be reasonable and documented in writing, and shall relate to and be consistent with the services agreed to be provided by Bambuser under the Agreement, and Customer accepts that Bambuser disclaims any obligation or liability with regard to any instructions or requests being in violation of any of the aforesaid.

2.10 Customer is responsible for providing Bambuser with instructions for the Processing of Personal Data under this DPA. Bambuser shall only Process Customer's Personal Data in accordance with this DPA and Customer's instructions applicable from time to time. If Bambuser deems that instructions violate Data Protection Laws, Bambuser shall notify Customer thereof as soon as practicably possible. Bambuser shall for the avoidance of doubt not be obliged to perform a certain measure if, according to Bambuser's reasonable assessment, this would result in a breach of Data Protection Laws. Notwithstanding the foregoing, Bambuser shall not be obliged to perform any own investigations, surveys or assessments in order to establish whether instructions comply with Data Protection Laws or not. Bambuser reserves the right to charge Customer on a time and material basis for any work caused by Customer, and/or costs incurred, pursuant to the above or for other work or measures (including measures or work requested to be performed by Customer) not expressly covered in the DPA or which is in addition to Bambuser's standard business undertakings pertaining to its Processing of Personal Data.

3. TRANSFER OF PERSONAL DATA​

3.1 Bambuser shall ensure that no Personal Data is transferred, released, assigned, disclosed or otherwise made available to any third party without Customer's consent.

3.2 Processing activities (including storage) shall take place on the location(s) detailed at https://bambuser.com/docs/agreement-details/#sub-processors and in accordance with Customer's instructions in the Subscription Order. Should the Customer not make such an instruction, the geographical location for that processing will be based on Customer's location.

3.3. If the Processing carried out by the Processor includes the transfer of Personal Data to a country outside of the EU/EEA not granted an adequacy decision, the Processor shall enter into a supplementary agreement containing the then current European Commission’s Standard Contractual Clauses (SCC), in so far as the SCC provides a lawful transfer mechanism.

3.4. In the cases mentioned above, the Processor must enter into a supplementary written agreement with the sub-processor containing the SCC, before the Processor transfers any Personal Data to the sub-processor.

4. SUB-PROCESSORS​

4.1 The sub-processors engaged by Bambuser on the effective date of the Agreement are set out in https://bambuser.com/docs/agreement-details/#sub-processors. Bambuser is responsible for ensuring that all Processing of Personal Data performed by a sub-processor is governed by a written agreement with the sub-processor that corresponds to the requirements of this DPA and applicable Data Protection Laws, including but not limited to Article 28 of the GDPR. Customer acknowledges that appointment of sub-processors (as well as appointment of new sub-processors from time to time), is necessary in order for Bambuser to perform its services under the Agreement. Bambuser may only make changes to the sub-processors listed in https://bambuser.com/docs/agreement-details/#sub-processors in accordance with the below. In the event Bambuser adds or replaces a sub- processor Bambuser will provide Customer with thirty (30) days prior written notice. Customer shall have the right to object to the use of a specific sub-processor by written notice to Bambuser, without undue delay from the time Customer was notified of the use of that sub-processor. Such an objection shall be made in good faith and based on justifiable grounds. The Parties will in good faith discuss possible activities to mitigate the risks raised by such an objection. Customer acknowledges and accepts that its objection to a sub-processor may adversely affect Bambuser's ability to perform the services under the Agreement, therefore Bambuser shall be entitled to use such sub-processor despite Customer's objection as removal of such sub-processor would affect all Bambuser's customers. In the event the Parties are not able to reach an agreement in relation to such a sub-processor, Customer may terminate the Agreement with immediate effect and receive a refund of any prepaid, pro rata, fees for the remaining period of the agreement that Customer will not use the services.

5. DATA BREACH​

5.1 In the event of a Personal Data Breach, Bambuser shall without undue delay submit a written notice to Customer including the following information;

• a) a description of the nature of the Personal Data Breach including, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of data records concerned;

• b) name and contact details of the person responsible for Bambuser's data protection matters;

• c) a description of likely consequences and/or realized consequences of the Personal Data Breach; and

• d) a description of actions taken by Bambuser (and/or its sub-processors) to assess and address the Personal Data Breach; to mitigate its possible adverse effects; or to prevent the reoccurrence of the Personal Data Breach.

5.2 Where, and in so far as, it is not possible to provide the information requested in Section 5.1 at the same time, Bambuser may provide the requested information in phases without undue further delay. Furthermore, Bambuser shall document any Personal Data Breaches and upon Customer's request make the documentation available for Customer to ensure its compliance with applicable Data Protection Laws.

5.3 Bambuser shall take all the necessary steps to protect the Personal Data when made aware of a Personal Data Breach. Pursuant to the submission of a notice to Customer in accordance with Section 5.1, Bambuser shall, in consultation with Customer, take appropriate measures to secure the Personal Data and limit any possible detrimental effect to the Data Subjects. Bambuser shall cooperate with Customer, and with any third parties designated by Customer, to respond to the Personal Data Breach. The objective of the Personal Data Breach response will be to restore the confidentiality, integrity, and availability of the Personal Data Processed by Bambuser, to establish root causes and corrective actions, preserving evidence and to mitigate any damage caused to Data Subjects or Customer.

6. RECORDS​

6.1 Bambuser shall maintain and update a record in an electronic form ("Record"), of all Personal Data Processing carried out under this DPA and the Agreement on behalf of Customer.

6.2 Bambuser shall provide Customer with the Record without undue delay as from the Customer's request.

6.3 In case of a request by Data Subjects or a Supervisory Authority concerning Processing of Personal Data under this DPA (including requests to block, delete, transfer, amend Personal Data or any other actions), Bambuser shall, without undue delay, inform Customer of all such requests and shall assist Customer in its response or other action concerning such request. Bambuser may only correct, delete, amend or block the Personal Data Processed on behalf of Customer when instructed to do so by Customer or required by Data Protection Laws.

6.4 Bambuser shall notify Customer of any changes in its activities that may materially affect the data protection, security or integrity of Customer's Personal Data Processed hereunder.

7. AUDITS​

7.1 If Customer has reasonable grounds to suspect non-compliance with this DPA or Data Protection Laws on Bambuser's part, or if otherwise required under Data Protection Laws, Bambuser shall, upon Customer's written request, make all necessary information available to demonstrate compliance herewith and allow for audits, including inspections, to be performed by Customer or its appointed representative. Customer shall endeavor to perform such audit without causing significant disruption to Bambuser's regular operations (e.g. to perform any such measures under reasonable time, place and manner conditions, during regular business hours) and subject always to Bambuser's security policies. Customer will primarily rely on applicable existing audit reports or other available verification, if any, to confirm Bambuser's compliance and avoid unnecessary repetitive audits; unless required under Data Protection Laws, audits will not be made more than once in any twelve- month period. The audit shall not grant Customer access to trade secrets or proprietary information unless required in order to comply with Data Protection Laws (and Bambuser will never be obliged, with regard to any information request or audit, to provide access to prices, pricing structures or other commercial information). Customer shall notify, within a reasonable period of time (at least thirty (30) days), Bambuser in advance of such audit unless otherwise required by a Supervisory Authority. Customer and any persons conducting an audit must enter into adequate confidentiality undertakings prior to such audit and the audit must be conducted so as not to jeopardize the security of information belonging to other customers. In the event that Customer proposes to use a representative/third party auditor, then Bambuser may oppose such appointment only if such representative/auditor is a competitor of Bambuser or Bambuser has other justifiable grounds for objection. Notwithstanding the foregoing, Customer accepts that any requirements that Customer (itself or on behalf of any Controller referenced herein) may have with regard to the purposes of Processing Personal Data hereunder, or any requests for information, assistance or activities from Bambuser made by Customer or on its behalf hereunder, that extend beyond Bambuser's ordinary course of business, routines or policies, or what is otherwise commercially reasonable, shall be specifically agreed in writing and may be subject to additional fees and charges. Insofar as possible, Bambuser shall procure that Customer is similarly entitled to conduct audits in respect to sub- processors (or be provided with corresponding information from such sub-processors). Customer is however aware of and acknowledges that the scope of such audits/information may not correspond with the above and/or that conditions may apply.

8. TERM AND TERMINATION​

8.1 This DPA shall automatically terminate upon any termination or expiration of the Agreement, provided no separate assignments for Processing of Personal Data independent of the Agreement have been concluded by and between the Parties in accordance with Appendix 1. The terms of the DPA will however continue to apply for as long as any Personal Data is Processed by Bambuser.

8.2 Upon termination of this DPA, or upon Customer's written request, Bambuser shall destroy or return, either to Customer or to a third party designated by Customer, all Personal Data, unless otherwise required by Data Protection Laws. Bambuser shall verify in writing to Customer that such destruction or return has taken place, and, upon written request, provide Customer with written statement confirming that such Personal Data, including all copies thereof, have been permanently destroyed.

9. LIMITATION OF LIABILITY​

9.1 Subject to the below, the provisions on limitations of liability for Bambuser set out in the Agreement shall apply to this DPA.

9.2 The Parties shall cooperate and provide assistance in the event of an enforcement action or investigation by a Supervisory Authority with regards to activities conducted under this DPA, including promptly notifying the other Party of the threat and commencement of such measures. The Parties shall make all reasonable efforts to minimize the risk of damage incurred by the Parties due to such event.

9.3 WITHOUT PREJUDICE TO ANY EXPRESS RIGHT OR REMEDY AVAILABLE TO DATA SUBJECTS PROVIDED UNDER DATA PROTECTION LAWS, ANY LIABILITY FOR BAMBUSER ARISING OUT OF OR IN CONNECTION WITH THIS DPA (WHETHER IN CONTRACT, TORT OR OTHERWISE) IS, AS BETWEEN THE PARTIES, LIMITED TO DIRECT DAMAGES (EXCLUDING ANY INDIRECT, CONSEQUENTIAL, SPECIAL OR INCIDENTAL COST, LOSS OR DAMAGE OF ANY KIND) AND SUBJECT TO ANY APPLICABLE PROVISIONS ON LIMITATION OF LIABILITY CONTAINED IN THE AGREEMENT. CUSTOMER'S AND ANY OTHER CONTROLLER'S CLAIMS IN THE AGGREGATE, AND THE TOTAL AND AGGREGATE LIABILITY SHALL, IN ANY EVENT, FOR ANY CALENDAR YEAR BE CAPPED AT AN AMOUNT CORRESPONDING TO THE TOTAL FEES PAID BY CUSTOMER UNDER THE AGREEMENT FOR THE APPLICABLE SERVICES DURING TWELVE (12) MONTHS PRECEDING THE DATE OF THE OCCURRENCE OF THE CLAIM FORMING BASIS FOR LIABILITY. FOR CLARITY, ANY CLAIM, OR MULTIPLE INTERLINKED CLAIMS, SHALL BE SUBJECT TO THE LIABILITY CAP APPLICABLE AT THE DATE ON WHICH THE EVENT OR CIRCUMSTANCE FORMING THE BASIS FOR THE CLAIM(S) FIRST OCCURRED.

10. GOVERNING LAW AND DISPUTES​

10.1 This DPA and its appendices shall be considered to be part of the Agreement and therefore governed and construed in accordance with the same laws as the Agreement. Disputes shall be resolved in accordance with the provisions on dispute resolution contained in the Agreement.

PII Processing information​