Data Protection and Non-Disclosure Agreement

Between

MoBerries GmbH,

Schwedter Str. 9A, 10119 Berlin, Germany, registered with the commercial register of the local court of Berlin Charlottenburg under HRB 165716 B

(hereinafter referred to as “Client”)

and

You,

a company having registered for a “Company” account on the website https://moberries.com

(hereinafter referred to as “Contractor”)

1. Purpose of this Agreement

1.1 Contractor shall render services on behalf of Client. In this connection, Contractor may obtain knowledge of personal data or information on business and trade secrets or any other of Client’s confidential information.

1.2 The purpose of this agreement is to obligate Contractor to comply with the legal requirements with respect to the handling of personal data and information on business and trade secrets.

2. Confidential Information

- Confidential information as understood in this agreement shall be any and all information received by Contractor from Client in written, text or oral form. In particular, this shall include:

- Personal data as defined under Art. 4(1) General Data Protection Regulation (GDPR);

- Details on proposals, pricing, customers, cooperation partners, contractual partners, employees;

- Financial data;

- Scientific data;

- Information on products, merchandise or services that Client manufactures or has manufactured;

- Information on research and development;

- Information on intellectual property rights;

- Information on copyright; and

- Information that is designated as “confidential”, “secret”, “VS” [“classified”] or in similar manner.

3. General Obligations of Secrecy

3.1 Contractor hereby undertakes to treat any and all confidential information as defined under item 2 hereof with utmost confidentiality and not to share any such information with third parties without Client’s consent. Any consent by Client must be given in writing.

3.2 Contractor may only use confidential information where its use is necessary in order to perform services on behalf of Client.

4. Exceptions

This obligation to confidentiality shall not or no longer apply to such information for which Contractor is able to demonstrate that

- the information was developed by Contractor independently of the information obtained from Client, or

- Contractor already had knowledge of the information at the time it was disclosed by Client, or

- Contractor obtained the information lawfully from a third party without violating its obligation to confidentiality after it was disclosed by Client, or

- the information was already generally known or becomes generally known after its disclosure, or

- Contractor is required to disclose the information on the basis of a statutory provision or an official order. In such event, Contractor is to notify Client – to the extent permissible – of the intention to disseminate said information in writing in advance, while taking the precautions permissible and required by law to disseminate as little information as possible.

5. Contractor’s Obligations under Data Protection Law

5.1 Contractor shall be obligated to comply with the relevant obligations under data protection law when rendering its services on behalf of Client. In particular, this shall include compliance with the provisions of the GDPR and of the German Federal Data Protection Act.

5.2 Contractor undertakes to obligate all of its employees to confidentiality when processing personal data.

5.3 In particular, Contractor shall be obligated to take the necessary data security measures in accordance with Art. 32 GDPR and to demonstrate this to Client by way of appropriate means.

5.4 In the event of a personal data breach as defined under Art. 33 GDPR, Contractor shall notify Client thereof without undue delay if this incident also relates to Client’s confidential information. In such event, Contractor shall also notify Client of the measures it has taken with which to rectify the personal data breach and, where applicable, such measures with which to mitigate their potential adverse effects.

5.5 Upon instruction from Client, Contractor shall erase confidential information. The instruction must be given in written form. Where the instruction to erase relates to data that serve Client as demonstration of its performance or for which statutory retention obligations apply, which Contractor must adhere to, Contractor shall be obligated to encrypt the data in a manner in accordance with the achieved state of technological knowledge, which shall exclude third parties from perusing the data unauthorized.

6. Use of Third Parties

6.1 Contractor shall only be permitted to use processors processing personal data in connection with rendering services on behalf of Client if such use is in compliance with the stipulations of Art. 28 GDPR. The processor shall not be deemed a “third party” as defined in item 3 hereof.

6.2 Where, with the exception of cases as provided for in paragraph 1 hereinabove, it is necessary to contract third parties with the rendering of services in order to provide Contractor’s contractual services on behalf of Client, they must be contractually bound by Contractor in written form to comply with all of the obligations stipulated herein.

6.3 Where third parties are use, Contractor undertakes to only allow such parties access to the information as necessary in order to provide the services on behalf of Client.

7. Term

This agreement shall enter into effect as of the date it is signed by both parties hereto. It shall end at the time any other existing contractual relationships between the parties have terminated.

8. Termination

8.1 Contractor’s obligation of secrecy and the obligations under data protection law arising from this agreement shall survive the termination of this agreement for a period of three years.

8.2 Upon termination of this agreement, Contractor shall return to Client any and all information received from Client in physical form or shall destruct such upon instruction from Client (at least in accordance with DIN 66399 safety level 4).

8.3 Upon termination of this agreement, Contractor shall delete confidential information located on any data carriers that it used such that, based on the achieved state of technology, would make recovery of the data impossible.

8.4 Client may demand from Contractor an appropriate demonstration of such deletion according to paragraphs 2 and 3 hereinabove.

9. Final Provisions

9.1 This agreement shall be governed by and construed in accordance with the laws of the Federal Republic of Germany.

9.2 Where Contractor is a merchant, a public legal entity or special fund under public law, Contractor’s place of business shall be the exclusive legal venue for any and all disputes arising from this contractual relationship.

9.3 Should individual provisions of this agreement be ineffective in whole or in part, the effectiveness of the remaining provisions hereof shall remain unaffected. The parties undertake to replace the ineffective provision by an effective provision most closely resembling the economic intent of the ineffective provision.

9.4 Amendments of and supplements to this agreement must be in writing to be effective. This shall also apply to an amendment of this clause of written form itself.