This Personal Data Processing agreement (”Agreement”) shall be applied to all products and services delivered by Happierleads (”Happierleads”) to The Customer agreeing to these terms (”Customer”) from time to time.

The purpose of this Agreement is to agree on the privacy and data protection of the Personal Data of the Controller in the services of Happierleads. This Agreement constitutes a written agreement in accordance with the EU General Data Protection Regulation (679/2016) (“Regulation”) concerning the processing of personal data. Those obligations and rights that are directly based on the EU General Data Protection Regulation shall enter into force only when the application of the EU General Data Protection begins on 25 May 2018.

If the terms concerning the Processing of Personal Data of the Agreement and the Agreement are in conflict, the parties shall primarily apply the terms of this Agreement.

In accordance with the EU General Data Protection Regulation, the terms below are defined as follows:

“Controller” shall mean the Customer or the Customer’s client, who shall define the purposes and methods of Personal Data Processing.

“Processor” shall mean Happierleads, who shall Process Personal Data on behalf of the Controller based on the Agreement.

“Processing” or “Processing Activities” shall mean any operation or set of operation which is performed on Personal Data or sets of personal data using automated means or manually, such as data collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Personal Data” shall mean any information relating to an identified or identifiable natural person, hereafter ”Data Subject”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

Happierleads shall process the Personal Data of the Controller on behalf of, and commissioned by the Customer, on the grounds of the Agreement. The Personal Data that Happierleads Processes may relate to, e.g. customers or leads/prospects. The Customer or the Customer’s client shall be the Controller and Happierleads shall be the Processor of the Personal Data Processed in the service. The parties undertake to abide by the legislation, decrees and authority orders and guidelines concerning

Processing of Personal Data in force from time to time both in England and EU.

The Controller shall be liable for having the necessary rights and justifications, and for having obtained the necessary consents for the Processing of Personal Data. The Controller shall be liable for drafting the privacy policy and informing the Data Subjects. The Customer is responsible for the validity of the personal data is has delivered to Happierleads.

The Controller is entitled and obligated to define the purpose and methods of the Processing of Personal Data. The subject, character and purpose of Processing is defined in more detail in the agreement or description related to the product or service as well as in the annexes of this Agreement. The types of Personal Data and sets of data subjects Processed in the services have been defined in the form specifying the Processing operations, Annex 1.

Happierleads is entitled to Process the Personal Data and other data of the Controller only on the grounds of this Agreement and according to the written guidelines of the Customer and only to the extent and in a manner, it is necessary in order to provide services. Happierleads shall notify the Customer if any conflict with the data protection legislation of EU or England is detected in the guidelines and in such a case, Happierleads may immediately decline and stop the application of the guidelines of the Customer.

Happierleads shall maintain the service description or other record of the Processing Activities of the service in cases where it is required to do so by the EU General Data Protection Regulation. Happierleads is entitled to collect anonymous and statistic data of the use of the services pursuant to the Agreement, that does not specify the Customer nor data subjects and uses it for analyzing and developing its services.]

After the expiry of the Agreement, Happierleads shall return or delete, according to the guidelines of the Customer, all the personal data of the Controller and delete all duplicates, unless applicable legislation requires the retention of the Personal Data.

Happierleads may use subcontractors for Processing the Controller’s Personal Data. Happierleads is responsible for its subcontractor’s actions as for its own and shall draft written agreements with the subcontractors concerning the Processing of Personal Data. Happierleads shall inform the Customer beforehand of subcontractors Happierleads intends to use in processing the personal data pursuant to the

PROCESSING SPECIFICATION FORM (ANNEX 1)