Terms and Conditions

PLEASE READ THESE TERMS AND CONDITIONS (“Agreement”) CAREFULLY. LINKTRUST RESERVES THE RIGHTS TO MODIFY THESE TERMS AND CONDITIONS AT ANY TIME AND THESE TERMS AND CONDITIONS MAY HAVE CHANGED SINCE YOUR LAST VISIT TO THIS WEBSITE AND TO THE PRODUCTS. BY USING THIS WEBSITE OR THE PRODUCTS, YOU INDICATE YOUR ACCEPTANCE OF THESE TERMS AND CONDITIONS AND YOU AGREE TO CHECK FOR UPDATES TO THESE TERMS AND CONDITIONS EACH TIME YOU VISIT THE WEBSITE AND PRODUCTS. IF YOU DO NOT ACCEPT THESE TERMS AND CONDITIONS, THEN YOU MAY NOT ACCESS THIS WEBSITE OR THE PRODUCTS.

Requirements to Use LinkTrust

UNDER NO CIRCUMSTANCES IS PORNOGRAPHIC, ADULT ORIENTED, SEXUALLY EXPLICIT SITES OR CONTENT ALLOWED. You may request LinkTrust to review questionable campaigns for compliance prior to campaign launch. Campaigns will be deemed acceptable to LinkTrust on a case-by-case basis. LinkTrust retains the right to audit all campaigns and material You are distributing through LinkTrust. If reviewed material is deemed to violate the standards set forth in this Agreement, LinkTrust will request that You make changes to bring the campaign and material into compliance. If You fail to make the necessary changes LinkTrust may remove the campaign, materials or terminate this Agreement immediately, without liability to LinkTrust.

You further agree not to access, store, distribute or transmit any viruses or any material during the course of Your use of the Services that :

(i) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing, or racially or ethnically offensive;

(ii) facilitates illegal activity;

(iii) promotes unlawful violence;

(iv) is discriminatory based on race, gender, color, religious belief, sexual orientation, disability or the like; or

(v) is otherwise illegal or causes damage or injury to any person or property.

You shall comply with the CAN-SPAM Act or other applicable international SPAM laws for all campaigns, if Your Customer Affiliates are sending emails, then the Customer Affiliate must comply with the CAN- SPAM Act and other applicable International SPAM laws when sending such emails with LinkTrust code in the email. If You or Your Customer Affiliates are not in compliance as determined by LinkTrust in its sole discretion, LinkTrust may terminate this Agreement immediately, without liability to LinkTrust. LinkTrust does not permit violations of the CAN-SPAM Act or other international laws governing SPAM. If Your domain becomes ”blacklisted” and adversely affects LinkTrust and LinkTrust’s ability to serve its customers, LinkTrust will take appropriate steps to assist You in resolving the matter. If the SPAM agency will not remove Your domain from the “blacklist” or if a reasonable resolution cannot be reached, Your domain may be removed from LinkTrust’s IP space (including your use of the Site and/or Services) at LinkTrust’s sole discretion, without liability to LinkTrust..

Software and Services

Rent, Lease, or Transfer: You shall not and shall not permit any third-party to rent, lease, transfer or otherwise utilize rights to the Service or the Software, other than Customer Affiliates as contemplated by this Agreement.

Appropriate Accounts: You shall not and shall not permit any third-party to use a single account for multiple business entities, unless specifically authorized by LinkTrust in writing. You may not sell, assign, or transfer the Service or Your rights or obligations hereunder without the prior written consent of LinkTrust.

Reverse Engineering: You shall not and shall not permit any third-party to translate, reverse engineer, decompile, recompile, update, modify, or create derivative works based on the Service or the Software or any part of the Software, or merge the Software into any other software.

Ownership of Materials: All patents, copyrights, circuit layouts, mask works, trade secrets, and other proprietary rights in or related to the Software are and will remain the exclusive property of LinkTrust, whether or not specifically recognized or perfected under the laws of the jurisdiction in which the Software is used or licensed. You will not take any action that jeopardizes LinkTrust’s proprietary rights or acquire any right in the Software or the Confidential Information, as defined herein. Unless otherwise agreed on a case-by-case basis, LinkTrust will own all rights in any copy, translation, modification, adaptation, or derivation of the Software or other items of Confidential Information, including any improvement or development thereof. At LinkTrust’s request, You will immediately execute any and all instruments that may be necessary to assign these rights to LinkTrust or perfect these rights in LinkTrust.

Data Storage and Ownership

Data Storage: The Software and Your Data will be hosted on LinkTrust servers, unless otherwise agreed to in writing. LinkTrust does not warrant that Your use of the Services will be error-free or secure. In addition, the security mechanisms implemented by LinkTrust have inherent limitations that are out of the control of LinkTrust, and You must independently determine whether the Services sufficiently meet Your requirements. While LinkTrust shall make reasonable efforts to protect and backup Your and LinkTrust’s Data on a regular basis, other than the confidentiality obligations with respect to Your Confidential Information under the Agreement, LinkTrust is not responsible for Your Data residing on LinkTrust servers. You are responsible for making and keeping current copies of Customer Affiliates and their related information. You are responsible for all use of Customer Affiliate accounts and confidentiality of Customer Affiliate’s passwords and information.

Your Data: “Your Data” consists of the following: (i) information input into the LinkTrust interface by You or a Customer Affiliate; and (ii) user behavior on Your web site captured by the LinkTrust Service system on the Your behalf. LinkTrust agrees that You will own all Your Data. LinkTrust shall not use Your Data except directly in furtherance of the purposes of this Agreement. LinkTrust shall not disclose Your Data to any third-party unless directed by You, except: (a) when such disclosure is made by LinkTrust in response to a court order (provided LinkTrust has given You reasonable notice of such court order); or (b) when involving aggregate non-personally identifiable data. Upon Your request, You are entitled to, and LinkTrust will provide You, at Your sole expense, all Your Data, in a format reasonably determined by LinkTrust.

LinkTrust’s Data: Your Data specifically does not include any information and/or tracking methodologies generated by the LinkTrust system, regardless of whether or not the information or tracking methodology was generated as a result of Your use of the LinkTrust system. All data that is not Your Data belongs to LinkTrust (collectively “LinkTrust’s Data”). You agree that LinkTrust owns all LinkTrust’s Data. You shall have a non-exclusive license to use LinkTrust’s Data during the term of the Agreement only as necessary to use the Services.

Term and Termination

Term. This Agreement commences on the effective date specified in the Service Order and continues for the term specified in the Service Order, unless this Agreement is terminated earlier in accordance with the terms and conditions of this Agreement. This Agreement automatically renews for additional successive terms as outlined in the original Service Order unless at least 30 days before the end of the then-current Term either party provides written notice to the other party that it does not intend to renew. During any renewal Term, LinkTrust may adjust the annual fees.

Termination by LinkTrust: Upon written notice to You, Link Trust shall have the right to terminate this Agreement for an Event of Default (as defined below) in accordance with the terms and conditions of this Agreement. LinkTrust shall have the right to immediately terminate Your account if You engage in improper activity such as sending or encouraging emails in violation of CAN SPAM, Adult Content, or DDOS. LinkTrust reserves the right to manage and monitor You and Your Customer Affiliates’ activities through various mechanisms both internal and through third-parties to ensure network and service safety and compliance.

Termination by You: Upon written notice to LinkTrust, You shall have the right to terminate this Agreement at any time. In such event, LinkTrust shall discontinue its Services with respect to this Agreement. You shall remain obligated to pay LinkTrust for any outstanding invoices as outlined in the original Service Order.

Termination of Customer Affiliate: Upon written notice from LinkTrust of a Customer Affiliate’s improper activity, You will immediately suspend said Customer Affiliate’s ability to use the LinkTrust Service and work with said Customer Affiliate to correct the improper activity. You acknowledge that maintaining its network connection is of the utmost importance to LinkTrust, and You agree that if You or Your Customer Affiliate jeopardizes LinkTrust’s network connection, and/or jeopardizes LinkTrust’s business activities in any way, that Your account may be immediately terminated by LinkTrust. LinkTrust will assist You in resolving issues with Your Customer Affiliates prior to terminating Your account. Notwithstanding anything to the contrary herein, LinkTrust reserves the right to immediately suspend and/or terminate the Site login of any Customer Affiliate that violates the CAN-SPAM Act or any other applicable International SPAM laws, and to discontinue providing advertisements to such Customer Affiliate, as determined by LinkTrust in its sole discretion. If LinkTrust decides to take such action, LinkTrust shall promptly notify You of its decision in writing.

Transition Rights: Upon Your Termination of this Agreement, You shall provide to LinkTrust a written notice of transition (“Transition Notice”), setting forth the target date on which You plan to cut-over from LinkTrust’s system to a new system or otherwise not require the future services of LinkTrust (the “Target Cut-Over Date”). At least thirty (30) days prior to the actual cut-over date (“Actual Cut-Over Date”), You shall provide LinkTrust with written notice of the Actual Cut-Over Date. LinkTrust shall continue to provide to You all Services required by You (“Transition Period”). Services provided by LinkTrust during the Transition Period shall continue as necessary for an orderly transition to another system and You shall be obligated to pay for Services during the Transition Period.

Disposition of Your Data: Upon Termination for any reason, LinkTrust may destroy or otherwise dispose of any of Your Data in LinkTrust’s possession unless LinkTrust receives, no later than ten (10) days after the date of Termination, a written request for the delivery to You of the then most recent back-up of Your Data. LinkTrust shall use reasonable commercial means to deliver the back-up to You within 30-days of tis receipt of such written request, provided that You have, at that time, paid all fees and charges outstanding at and resulting from Termination (whether or not due at the date of Termination). You shall pay all reasonable expense incurred by LinkTrust in returning or disposing of Your Data.

Branded Platform Terms

Subject to the terms and conditions herein, LinkTrust may grant You the right to access and use a white-labeled version of the LinkTrust platform that is branded by LinkTrust and You (the “Branded Platform”) using such trademarks, service marks, trade names, trade dress, logos, and other marks or branding elements as designated by You from time to time (collectively, the “Your Marks”). You acknowledge and agree that access to and use of the Branded Platform may require the payment of additional fees. In addition to the terms and conditions herein, access to and use of the Branded Platform may require You to accept and abide by additional terms and conditions applicable to such Branded Platform and any services offered on or through the Branded Platform. If such additional terms and conditions are made available to You in connection with the Branded Platform, those additional terms and conditions also apply to Your access to and use of the Branded Platform.

By purchasing or otherwise obtaining the right to access and use the Branded Platform, You hereby grant to LinkTrust a non-exclusive, royalty-free, fully paid-up, worldwide right and license to use, reproduce, publish, display and distribute Your Marks on or in connection with the Branded Platform and related services. By designating any of Your Marks for use on or in connection with the Branded Platform or any related services, or by otherwise providing LinkTrust with access to Your Marks, You represent and warrant to LinkTrust that: (i) You have all the necessary rights, consents and licenses to use Your Marks and to grant the foregoing license to LinkTrust; and (ii) Your Marks do not and will not violate any applicable laws or infringe, misappropriate or otherwise violate any intellectual property rights or other proprietary rights of any third-party.

Subject to Your compliance with the terms and conditions herein, including the payment of any applicable fees when due to LinkTrust, LinkTrust may grant You the right to authorize or permit Your Customer Affiliates to access or use the Branded Platform in accordance with the terms and conditions herein. In no event shall You grant to Your Customer Affiliates any rights to the Branded Platform that are broader than, or otherwise inconsistent with, the rights expressly granted by LinkTrust to You hereunder. Prior to authorizing or permitting Your Customer Affiliate to access or use the Branded Platform, including any content, functionality or services offered on or through the Branded Platform, You shall enter into a written agreement with such Customer Affiliate (each, a “Customer Affiliate Agreement”) that requires each Customer Affiliate to accept, agree and adhere to all of the terms and conditions set forth herein. Each Customer Affiliate Agreement shall also include terms that are at least as protective of the rights and information of LinkTrust under the terms herein, including, without limitation, provisions protecting LinkTrust’s intellectual property that are at least as protective of LinkTrust’s proprietary interests in the LinkTrust platform, software, products, and services as those set forth herein, including appropriate restrictions on reverse engineering, disassembling, and decompiling the LinkTrust platform, software, products and services. In addition to and without limiting the foregoing, You shall also include the following required flow-down provisions in each Customer Affiliate Agreement and You shall not modify, or agree to any modifications to or waivers of, any of the following provisions unless approved in writing by LinkTrust on a case-by-case basis:

(i) Customer Affiliate hereby consents to Your disclosure of Customer Affiliate data to LinkTrust and LinkTrust’s Customer Affiliates, contractors and agents, and Your and LinkTrust’s, LinkTrust’s affiliates’, contractors’ and agents’ use and processing of Customer Affiliate data, in connection with Customer Affiliate’s access to and/or use of the Branded Platform and any related services.

(ii) Customer Affiliate acknowledges and agrees that: (i) LinkTrust may generate, receive, maintain, transmit and otherwise have access to technical, system, usage and related information, including information about LinkTrust’s platform, software, products and services, as well as Customer Affiliate’s products, services, systems and software, that is gathered periodically to facilitate the provision of the Branded Platform and related services (collectively, “LinkTrust Service Data”); and (ii) LinkTrust may use LinkTrust Service Data to provide, maintain, protect and improve the Branded Platform and other LinkTrust products and services and to create and develop new products and services, subject to LinkTrust’s compliance with applicable law. Notwithstanding anything to the contrary, LinkTrust will own all right, title and interest in and to any products, services and intellectual property and any derivatives thereof developed by or on behalf of LinkTrust from any LinkTrust Service Data.

(iii) LinkTrust provides no warranties, covenants or guarantees under or in connection with this Customer Affiliate Agreement, whether express, implied or statutory, all of which are hereby disclaimed. Customer Affiliate hereby forever releases and shall hold harmless LinkTrust from and against any and all claims, suits, demands, actions, proceedings, liabilities, damages, costs and expenses, of whatever nature, arising out of or in connection with this Customer Affiliate Agreement and/or the performance of, or any failure to perform under, this Customer Affiliate Agreement.

(iv) LinkTrust is an intended third-party beneficiary of this Customer Affiliate Agreement with rights to directly enforce the terms of this Customer Affiliate Agreement.

You shall be responsible and liable for the acts and omissions of each of Your Customer Affiliates and their respective employees, users, and agents to the same extent as if such acts or omissions were by You. You acknowledge and agree that any act or omission of Your Customer Affiliates or any of their respective employees, users or agents in connection with their access to or use of the Branded Platform and/or any related services, which act or omission would constitute a breach of the terms herein if undertaken by You, shall be considered a material breach by You hereunder. You shall supervise the activities and performance of each of Your Customer Affiliates and shall be jointly and severally liable with each such Customer Affiliate for any act or failure to act by such Customer Affiliate. If LinkTrust determines that the performance or conduct of any or Your Customer Affiliates is in violation of the terms herein, LinkTrust may immediately suspend or terminate (as determined by LinkTrust in its sole discretion) such Customer Affiliate’s right to access and use the Branded Platform and any related services without any refund to You or such Customer Affiliate, and without any penalty or liability whatsoever to LinkTrust. You shall indemnify LinkTrust and its members, managers, employees and agents for the acts and omissions of Your Customer Affiliates to the extent such acts or omissions would create indemnification obligations for You hereunder as if You would have performed (or failed to perform) such acts or omissions.

Service Level Agreement, Warranties and Liability

Service Level Agreement: LinkTrust does not warrant that the operation of the Software or the operation of the Software Products will be uninterrupted or error free.

General Warranties: LinkTrust warrants that it owns all rights, title, and interest in and to the Software, or that in the case of any third-party software that it has the right to grant a sublicense to use such third-party software, that all Software shall substantially conform to the Functional Specifications. LinkTrust further warrants that any Services provided by LinkTrust under this Agreement shall be performed in a workmanlike manner and in accordance with the prevailing professional standards of the software industry. This warranty coverage shall include any modifications made to the Software by LinkTrust. Such warranty shall extend for sixty (60) days from acceptance and shall survive inspection, test, acceptance, use, and payment.

Warranty Disclaimer: EXCEPT AS SET FORTH ABOVE IN GENERAL WARRANTIES, LINKTRUST MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE SOFTWARE, OR SERVICES OR THEIR CONDITION, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE OR USE BY PARTNER. LINKTRUST FURNISHES THE ABOVE GENERAL WARRANTIES IN LIEU OF ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Voiding of Warranties: Any and all warranties and indemnifications shall be void as to Services or Software where the non-compliance is caused by or related to (i) the acts or omissions of non-LinkTrust personnel, its agents, or authorized third-parties; (ii) misuse, theft, vandalism, fire, water, or other peril; (iii) any alterations or modifications made to any Software by You, Your representatives, or agents; (iv) use of the Software other than in the operating environment specified in the technical specifications; or (v) coding, information, or specifications created or provided by You.

European Data: If Your use of the Services involves the processing of data of individuals based in the European Economic Area, You agree to comply with the terms set forth in the Data Processing Addendum attached as Schedule 1 hereto and which is incorporated into this Agreement by this reference. You warrant and represent that You are solely responsible when using the Services for complying with applicable data protection, security, and privacy laws and regulations (including, where applicable, the EU General Data Protection Regulation and the EU e-Privacy Directive/Regulation), including without limitation, complying with any applicable notice and consent requirements.

DISCLAIMER OF LIABILITY: LINKTRUST SHALL NOT BE LIABLE FOR ANY (i) SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, ARISING FROM OR RELATED TO A BREACH OF THIS AGREEMENT OR THE OPERATION OR USE OF THE SOFTWARE AND SERVICES, INCLUDING WITHOUT LIMITATION, SUCH DAMAGES ARISING FROM LOSS OF DATA OR PROGRAMMING, LOSS OF REVENUE OR PROFITS, FAILURE TO REALIZE SAVINGS OR OTHER BENEFITS, DAMAGE TO EQUIPMENT, AND CLAIMS AGAINST YOU BY ANY THIRD-PARTY, EVEN IF LINKTRUST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; (ii) DAMAGES (REGARDLESS OF THEIR NATURE) FOR ANY DELAY OR FAILURE OF LINKTRUST TO PERFORM ITS OBLIGATIONS UNDER THIS AGREEMENT DUE TO ANY CAUSE BEYOND LINKTRUST’S REASONABLE CONTROL; OR (iii) CLAIMS MADE A SUBJECT OF A LEGAL PROCEEDING AGAINST LINKTRUST MORE THAN TWO YEARS AFTER ANY SUCH CAUSE OF ACTION FIRST AROSE.

LIMITATION OF LIABILITY: NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, BUT EXCLUDING ANY CLAIMS FOR INDEMNIFICATION UNDER THIS AGREEMENT LINKTRUST’S LIABILITIES UNDER THIS AGREEMENT, WHETHER UNDER CONTRACT LAW, TORT LAW, WARRANTY, OR OTHERWISE SHALL BE LIMITED TO DIRECT DAMAGES NOT TO EXCEED THE AMOUNTS ACTUALLY RECEIVED BY LINKTRUST UNDER THIS AGREEMENT.

Events of Default and Remedies

Events of Default: The parties acknowledge and agree that the following shall constitute events of default (“Events of Default”) and that the occurrence of one (1) or more of such Events of Default shall constitute a material breach of this Agreement, which shall allow a party, as applicable, to seek the rights and remedies set forth below:

(i) Your failure to timely pay any undisputed amount owed to LinkTrust, provided that such failure is not cured within fifteen (15) calendar days following receipt of written notice of such failure;

(ii) Your or Your Customer Affiliate’s breach of this Agreement, without cure, or if You or Your Customer Affiliate otherwise misuse the Software in contravention of this Agreement.

LinkTrust’s Rights and Remedies: Upon the occurrence of an Event of Default by You or Your Customer Affiliate or with respect to You or Your Customer Affiliate, LinkTrust shall be entitled to any or all of the following remedies: (i) terminate this Agreement in whole or in part; or (ii) seek to recover damages from You.

Your Rights and Remedies: You have the right to Terminate this Agreement at any time with prior written notice to LinkTrust. In the event of any breach of the warranties set forth in this Agreement by LinkTrust, Your sole and exclusive remedy shall be for LinkTrust to correct or replace, at no additional charge to You, any portion of the Software or Services found to be defective.

Confidential Information, Proprietary Rights & Indemnification

All information exchanged between the parties is confidential, as more fully set forth below.

Confidential Information: “Confidential Information” means any material, data, or information in whatever form or media of a party to this Agreement (“Disclosing Party”) that is provided or disclosed to the other party (“Receiving Party”), except for any information that is: (i) publicly available or later becomes available other than through a breach of this Agreement; (ii) known to the Receiving Party or its employees, agents, or representatives prior to such disclosure, or is independently developed by the Receiving Party or its employees, agents, or representatives subsequent to such disclosure; or (iii) subsequently lawfully obtained by the Receiving Party or its employees, agents, or representatives from a third-party without obligations of confidentiality.

Confidential Information shall include the following categories of information whether disclosed orally or not marked as confidential:

Intellectual Property, network configurations, network architecture, financial and operational information, and other matters relating to the operation of the parties’ business, including information relating to actual or potential customers and customer lists, customer usage or requirements, business and customer usage forecasts and projections, accounting, finance or tax information, pricing information, and any information relating to Your corporate and/or operational structure and Your Customer Affiliates, Software, Equipment, Deliverables, or Services rendered under the Agreement and any amendments thereto, any information exchanged between the parties pursuant to a nondisclosure agreement, and all information and materials relating to third-party vendors, systems integrators, or consultants that have provided or that may provide in the future any part of Your information or communications infrastructure to You. The Receiving Party shall exercise the same degree of care and protection with respect to the Confidential Information of the Disclosing Party that it exercises with respect to its own Confidential Information and shall not directly or indirectly disclose, copy, distribute, republish, or allow any third-party to have access to any Confidential Information of the Disclosing Party. Notwithstanding the above, LinkTrust may disclose Your Confidential Information to its employees and agents who have a need to know.

Intellectual Property: Any Custom Programming, including all source code and materials developed by LinkTrust, all intermediate and partial versions thereof, as well as all specifications, program materials, flow charts, notes, outlines, and the like created in connection therewith (collectively, “Custom Programming Materials”) shall be the sole and exclusive property of LinkTrust. All written reports, requirements documents (including newly created technical and non-technical data embodied therein), specifications, program materials, flow charts, notes, outlines, and the like that are developed, conceived, originated, prepared, or generated by LinkTrust in connection with LinkTrust’s performance under this Agreement including, without limitation, all copyright, trademark, trade secret, and all other proprietary rights therein and derivative works created therefrom (collectively, “Written Deliverables”), shall be the sole and exclusive property of LinkTrust. Such ownership of Custom Programming Materials and Written Deliverables shall inure to the benefit of LinkTrust from the date of the conception, creation, or fixation of the Custom Programming Materials and Written Deliverables in a tangible medium of expression, as applicable. You agree to assist LinkTrust in obtaining and enforcing all rights and other legal protections for the Custom Programming Materials and Written Deliverables and to execute any and all documents that LinkTrust may reasonably request in connection therewith, including any copyright assignment document(s). LinkTrust shall ensure that all Custom Programming Materials and Written Deliverables created hereunder (including each page of any document produced) will be marked as follows:

Ownership of Intellectual Property: Pre-existing intellectual property and all improvements thereto that LinkTrust uses in connection with performing the Services hereunder shall remain the sole and exclusive property of LinkTrust.

Residuals: LinkTrust will not be precluded by this Agreement from rendering services or developing work product that is competitive with, or functionally comparable to, the services rendered and deliverables provided hereunder. LinkTrust shall not be restricted in its use of ideas, concepts, know-how, methodologies, and techniques acquired or learned in the course of activities hereunder. This provisions shall not be construed to alter LinkTrust’s obligations under any nondisclosure agreements between the parties.

Employee/Agent Acknowledgment: The parties shall not disclose Confidential Information to any of their employees, agents, or representatives unless and until such employee, agent, or representative has been made aware that his or her obligations under this Agreement are subject to confidentiality. In addition to the above, if any country where Services are to be rendered under the Agreement has or enacts a data protection-related law that requires the execution of a data export agreement, then LinkTrust shall, upon Your request, execute and cause any subcontractors to execute such supplemental agreement promptly on such terms and conditions as shall be mutually agreed.

Indemnification: You agree to indemnify and hold harmless LinkTrust, from any liabilities, penalties, demands, or claims (including the costs, expenses, and reasonable attorneys” fees on account thereof) that may be made by any third-party, resulting from You, Your agents, Your employees, or Your Customer Affiliates resulting from Your or Your Customer Affiliates’ use of the Software, Software Products, and/or Services furnished hereunder. You agree to defend LinkTrust, at LinkTrust’s request, against any such liability, claim, or demand. If You fail to assume the defense of any actual or threatened action covered within the earlier of (i) any deadline established by a third-party in a written demand or by a court, and (ii) thirty (30) days of notice of the claim, LinkTrust may follow such course of action as it reasonably deems necessary to protect its interest and You shall indemnify LinkTrust for all costs reasonably incurred in such course of action.

The terms of this Section REGARDING Confidential Information, Proprietary Rights & Indemnification shall survive the expiration or termination of this Agreement.

General Provisions

Entire Agreement: This Agreement comprises the entire agreement among the parties with respect to the subject matter herein. This Agreement supersede any prior agreements or understandings with respect to the parties, whether written or oral. No representation, statement or condition not contained in this Agreement has any force or effect.

Modifications: This Agreement may only be modified in writing signed by both parties, and all such changes shall reference this Agreement and identify the specific sections of this Agreement that is amended or modified.

Governing Law: This Agreement, together with the exhibits and schedules hereto, and any claim, controversy, dispute or proceeding arising out of or related to this Agreement, will be governed by and construed in accordance with the laws of the State of Utah without giving effect to any choice or conflicts of law provision that would render applicable the laws of any other jurisdiction.

Jurisdiction and Venue: The parties hereto: (i) irrevocably submit to the exclusive jurisdiction of the state or federal courts located in Salt Lake County, State of in Utah for any suit, action, or proceeding arising out of or relating to this Agreement, and (ii) irrevocably waive, and agree not to assert by way of motion, defense, or otherwise, in any such action, any claim that it is not subject personally to the jurisdiction of the above-named courts, that its property is exempt or immune from attachment or execution, that the action is brought in an inconvenient forum, that the venue of the action is improper, or that this Agreement may not be enforced in or by any of the above-named courts.

Waiver: No waiver of breach or failure to exercise any option, right, or privilege under the terms of this Agreement on any occasion or occasions shall be construed to be a waiver of the same or any other option, right, or privilege on any other occasion.

Waiver of Right to Jury Trial: YOU HEREBY UNCONDITIONALLY WAIVE THE RIGHT TO A JURY TRIAL OF ANY CLAIM OR CAUSE OF ACTION ARISING DIRECTLY OR INDIRECTLY OUT OF, RELATED TO, OR IN ANY WAY CONNECTED WITH THE PERFORMANCE OR BREACH OF THIS AGREEMENT, AND/OR THE RELATIONSHIP THAT IS BEING ESTABLISHED THEREUNDER. The scope of this waiver is intended to be all encompassing of any and all disputes that may be filed in any court or other tribunal (including, without limitation, contract claims, tort claims, breach of duty claims, and all other common law and statutory claims).

THIS WAIVER IS IRREVOCABLE, MEANING THAT IT MAY NOT BE MODIFIED EITHER ORALLY OR IN WRITING, AND THE WAIVER SHALL APPLY TO ANY SUBSEQUENT AMENDMENTS, RENEWALS, SUPPLEMENTS, OR MODIFICATIONS TO THIS AGREEMENT, AND RELATED DOCUMENTS, OR TO ANY OTHER DOCUMENTS OR AGREEMENTS RELATING TO THIS TRANSACTION OR ANY RELATED TRANSACTION.

Force Majeure: LinkTrust shall not be responsible for any delay or failure in performance of any part of this Agreement to the extent that such delay or failure is caused by fire, flood, earthquake, explosion, default of suppliers or sub-contractors, war, embargo, strikes, lock-outs or other industrial disputes (whether involving LinkTrust or any other party) failure of a utility service or transport or telecommunications network, government requirement, civil or military authority, act of God, terrorism, cyber- terrorism, act or omission of carriers, or other similar causes beyond LinkTrust’s control. If any such an event of force majeure occurs and such event continues for ninety (90) days or more, the party delayed or unable to perform shall give immediate notice to the other party, and the party affected by the other’s delay or inability to perform may elect at its sole discretion to (i) terminate this Agreement upon mutual agreement of the parties; (ii) suspend such order for the duration of the condition and obtain or sell elsewhere Software or Services comparable to the Software or Services to have been obtained under this Agreement; or (iii) resume performance of such order once the condition ceases with the option of the affected party to extend the period of this Agreement up to the length of time the condition endured. Unless written notice is given within thirty (30) days after the affected party is notified of the condition, option (iii) shall be deemed selected.

Covenant of Good Faith: Each Party agrees that, in its respective dealings with the other Party under or in connection with this Agreement, it shall act in good faith.

No Partnership or Agency: Nothing herein is intended to or shall operate to create a partnership between the parties, or authorize either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the marking of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power.

Notices: All notices, demands, or other communications herein provided to be given or that may be given by any party to the other shall be deemed to have been duly given when made in writing and delivered in person, or upon receipt, if deposited in the United States mail, postage prepaid, certified mail, return receipt requested, as follows:

Notices to You will be sent to address included in signature document.

Notices to LinkTrust: LinkTrust

Attn: Office Manager

12884 S. Frontrunner Blvd. Ste.140

Draper, UT 84020

With a required copy to: John E. Wootton, Esq.

6605 S. Redwood Rd., Ste. 101

Salt Lake City, UT 84123

or to such address as the parties may provide to each other in writing from time to time.

Enumerations and Headings: The enumerations, and headings contained in this Agreement are for convenience of reference only and are not intended to have any substantive significance in interpreting this Agreement.

Incorporation of Appendices: Any appendices referred to in this Agreement and attached hereto are integral parts of this Agreement and are incorporated herein by this reference.

Severability: If any of the provisions of this Agreement shall be invalid or unenforceable under the laws of the jurisdiction where enforcement is sought whether on the basis of a court decision or of arbitral award applicable to the entire Agreement, such invalidity or unenforceability shall not invalidate or render unenforceable the entire Agreement but rather the entire Agreement shall be construed as if not containing the particular invalid or unenforceable provision or provisions and the rights and obligations of LinkTrust and You shall be construed and enforced accordingly.

DoS Protection: Upon determination of an incident, LinkTrust will immediately reroute traffic through its mitigation provider.

Definitions

Whenever used in this Agreement, the following terms shall have the meaning ascribed to them below. Other capitalized terms used in this Agreement are defined in the context in which they are used and shall have the meanings ascribed therein. The terms defined in this Agreement include the plural as well as the singular.

“Your Data” shall mean information input into the Software interface by You, and user behavior on Your web site captured by the Software on Your behalf, all of which shall be stored on LinkTrust servers.

“Customer Affiliate” shall mean those persons, entities, or companies that sign up with You and use LinkTrust Services in connection with Your business.

“Documentation” shall mean collectively: all of the written, printed, electronic, or other format materials published or otherwise made available by LinkTrust that relate to the functional, operational, and/or performance capabilities of the LinkTrust and/or any Software; all user, operator, system administration, technical, support, and other manuals and all other written, printed, electronic, or other format materials published or otherwise made available by LinkTrust that describe the functional, operational, and/or performance capabilities of the LinkTrust and/or any Software including but not limited to the Functional Specifications and Software Acceptance Plan; any other Deliverable that is not Hardware or Software. Documentation shall not include Source Code.

“License” shall mean any personal, nonexclusive, nontransferable, non-assignable license or licenses for Your internal use only granted by LinkTrust to You to use the Software under this Agreement.

“Services” shall mean the work done by LinkTrust in support of the Software, including but not limited to development services, installation services, training, consulting, support, telephone support, and such other services.

“Site” shall mean Your computer facility located in one specific geographic location.

“Software” means the aggregate of the Standard Software and the Custom Software including all physical components that are provided by LinkTrust, including but not limited to, magnetic media, job aids, templates, and other similar devices.

“Source Code” means computer software in the form of source statements for the Software (excluding all Third-party Software) including, without limitation, all software in the form of electronic and printed human-readable, mnemonic or English-like program listings, including printed and on-line descriptions of the design of such software including, without limitation, data definition models, indices, structure tables, system flow charts, program flow charts, defined terms, file layouts, program narratives, global documentation (including global variables) and program listings.

“A Denial-of-Service” (DoS) attack is an attempt to make a computer resource unavailable to its intended users. Although the means to, motives for, and targets of a DoS attack may vary, it generally comprises the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Schedule 1

Data Processing Addendum

This Data Processing Addendum (“DPA” or “Addendum”) forms part of the Terms and Conditions between You and LinkTrust (“Processor”) pursuant to which Processor will provide the Services set forth in the Agreement to You. Processor agrees to comply with the following provisions with respect to any Personal Data Processed for You in connection with the provision of the Services. References to the Agreement will be construed as including this DPA. Any capitalized terms not defined herein shall have the respective meanings given to them in the Agreement. Except as modified below, the terms of the Agreement shall remain in full force and effect.

In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an addendum to the Agreement.

1. DEFINITIONS

In this DPA, the following terms shall have the meanings set out below. If any terms in this DPA conflict with any term in the Agreement, the meanings set out below DPA shall control as to this DPA:

“Affiliates” means any entity which is controlled by, controls or is in common control with Processor. “You” means the customer that has executed the Agreement.

“Your Personal Data” means Personal Data provided by You to Processor.

“Data Controller” means the entity which determines the purposes and means of the Processing of Personal Data.

“Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller.

“Data Protection Laws” means the laws and regulations of the European Union which are applicable to the Processing of Personal Data under the Agreement, including without limitation the GDPR.

“Data Subject” means the individual to whom Personal Data relates as defined by the GDPR. “GDPR” means the General Data Protection Regulation (GDPR), EU 2016/679.

“Personal Data” means any information relating to an identified or identifiable person.

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).

“Security Breach” has the meaning set forth in Section 7 of this DPA. “Sub-processor” means any Data Processor engaged by Processor.

2. PROCESSING OF YOUR PERSONAL DATA

2.1 The parties agree that with regard to the Processing of Your Personal Data, You are the Data Controller and Processor is the Data Processor.

2.2 You shall, in Your use or receipt of the Services, process Your Personal Data in accordance with the requirements of the Data Protection Laws and You will ensure that its instructions for the Processing of Your Personal Data comply with the Data Protection Laws. You shall have sole responsibility for the accuracy, quality, and legality of Your Personal Data and the means by which You obtained the Your Personal Data.

2.3 During the Term of the Agreement, Processor shall only Process Your Personal Data on behalf of and in accordance with the Agreement and Your instructions. You instruct Processor to Process Your Personal Data for the following purposes: (i) Processing in accordance with the Agreement and any applicable orders; and (ii) Processing to comply with other reasonable instructions provided by You where such instructions are consistent with the terms of the Agreement.

2.4 The objective of Processing of Your Personal Data by Processor is the performance of the Services pursuant to the Agreement. The types of Your Personal Data to be Processed by Processor include IP address, deviceID, userID, first name, last name, email address, mailing address, and banking information (including account number and routing information). The categories of Data Subjects Processed under this DPA are Your affiliates and advertisers.

3. RIGHTS OF DATA SUBJECTS

3.1 To the extent You, in Your use or receipt of the Services, do not have the ability to correct, amend, restrict, block or delete Your Personal Data, and/or as required by the Data Protection Laws, Processor will use commercially reasonable efforts to comply with reasonable requests by You to facilitate such actions to the extent Processor is legally permitted to do so.

3.2 Processor shall, to the extent legally permitted, promptly notify You if it receives a request from a Data Subject for access to, correction, amendment, deletion of or objection to the processing of that person’s Personal Data. Processor shall not respond to any such Data Subject request without Your prior written consent except to confirm that the request relates to You. Processor shall provide You with commercially reasonable cooperation and assistance in relation to the handling of a Data Subject’s request, to the extent legally permitted and to the extent You do not have access to such Your Personal Data through its use or receipt of the Services.

4. PROCESSOR PERSONNEL

4.1 Processor shall ensure that its personnel engaged in the Processing of Your Personal Data are subject to obligations of confidentiality.

4.2 Processor shall ensure that access to Your Personal Data is limited to those personnel who require such access to perform the Services.

5. SUB-PROCESSORS

5.1 You acknowledge and agree that (i) Processor Affiliates may be retained as Sub- processors; and (ii) Processor may engage third-party Sub-processors in connection with the provision of the Services. Any such Sub-processors will be permitted to obtain Your Personal Data only to deliver the Services Processor has retained them to provide, and are prohibited from using Your Personal Data for any other purpose. Processor agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as set out in this DPA.

5.2 Processor may continue to use those Sub-processors already engaged by Processor or any Processor affiliate as at the date of this DPA.

5.3 Processor shall give You prior written notice of the appointment of any new Sub-processor, including full details of the Processing to be undertaken by the Sub-processor. If, within 10 days of receipt of that notice, You notify Processor in writing of any objections (on reasonable grounds) to the proposed appointment, Processor shall not appoint that proposed Sub-processor until reasonable steps have been taken to address the objections raised by You and You have been provided with a reasonable written explanation of the steps taken.

6. SECURITY; AUDIT RIGHTS; DATA PROTECTION IMPACT ASSESSMENTS

6.1 Processor shall maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Your Personal Data.

6.2 No more than once per year, You may engage a mutually agreed upon third-party to audit Processor solely for the purposes of meeting its audit requirements pursuant to the Data Protection Laws. To request an audit, You must submit a detailed audit plan at least four (4) weeks in advance of the proposed audit date describing the proposed scope, duration, and start date of the audit. Audit requests must be sent to support@linktrust.com. The audit must be conducted during regular business hours, subject to Processor’s policies, and may not unreasonably interfere with Processor’s business activities. Any audits are at Your expense.

6.3 Any request for Processor to provide assistance with an audit is considered a separate service if such audit assistance requires the use of resources different from or in addition to those required by law. You shall reimburse Processor for any time spent for any such audit at the rates agreed to by the parties. All reimbursement rates shall be reasonable, taking into account the resources expended by Processor. You shall promptly notify Processor with information regarding any non-compliance discovered during the course of an audit.

6.4 Processor will reasonably cooperate with You, at Your expense, where You are conducting a data protection impact assessment.

7. SECURITY BREACH MANAGEMENT AND NOTIFICATION

7.1 If Processor becomes aware of any unlawful access to any Your Personal Data stored on Processor’s equipment or in Processor’s facilities, or unauthorized access to such equipment or facilities resulting in material loss, disclosure, or alteration of Your Personal Data (“Security Breach”), Processor will promptly: (i) notify You of the Security Breach; (ii) investigate the Security Breach and provide You with information about the Security Breach; and (iii) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Breach.

7.2 You agree that an unsuccessful Security Breach attempt will not be subject to this Section. An unsuccessful Security Breach attempt is one that results in no unauthorized access to Your Personal Data or to any of Processor’s equipment or facilities storing Your Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, or similar incidents.

7.3 Notification(s) of Security Breaches, if any, will be delivered to one or more of Your business, technical or administrative contacts by any means Processor selects, including via email. It is Your sole responsibility to ensure it maintains accurate contact information on Processor’s support systems at all times.

8. RETURN AND DELETION OF YOUR DATA

Processor shall return Your Personal Data to You, to the extent possible, and/or delete Your Personal Data in accordance with Processor’s data retention policies which adhere to requirements of the Data Protection Laws, and in a manner consistent with the terms of the Agreement. Data Retention Policy

9. STANDARD CONTRACTUAL CLAUSES

You (as "data exporter") and Processor (as "data importer") hereby enter into the Standard Contractual Clauses attached as Exhibit 1 in respect of any transfer of Your personal Data from You to Processor.

10. PARTIES TO THIS DPA

Nothing in this DPA shall confer any benefits or rights on any person or entity other than the parties to this DPA.

11. SEVERANCE

Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

Exhibit 1

Standard Contractual Clauses (processors)

Clause 1

Definitions

For the purposes of the Clauses:

“personal data”, “special categories of data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority” shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

“the data exporter” means the controller who transfers the personal data;

“the data importer” means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

“the subprocessor” means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

“the applicable data protection law” means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

“technical and organisational security measures” means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the Transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party Beneficiary Clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(2) to (9), Clause 5(1) to (5), and (7) to (10), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(1) to (5) and (7), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity . Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the Data Exporter

The data exporter agrees and warrants:

1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

2. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;

3. that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;

4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

5. that it will ensure compliance with the security measures;

6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

7. to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(2) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

8. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures , as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

9. that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

10. that it will ensure compliance with Clause 4(1) to (9).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

3. that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;

4. that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(ii) any accidental or unauthorized access, and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;

5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

6. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

8. that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

9. that the processing services by the sub-processor will be carried out in accordance with Clause 11;

10. to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and Jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(i) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(ii) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with Supervisory Authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (2).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the Contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Sub-Processing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.

2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (10), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation After the Termination of Personal Data Processing Services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer): You who is making use of LinkTrust’s software.

Data importer

The data importer is (please specify briefly activities relevant to the transfer): LinkTrust a provider of software.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify): Your affiliates and advertisers.

Categories of data

The personal data transferred concern the following categories of data (please specify):

IP address, deviceID, userID, first name, last name, email address, mailing address, and banking information (including account number and routing information).

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify): None.

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The provision of the services by LinkTrust to You under the Agreement.

APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(4) and 5(3) (or document/legislation attached):

Description of Technical and Organizational Security Measures

LinkTrust implements the technical and organizational security measures described below in respect of personal data that it processes:

Information security policy: LinkTrust maintains a written information security policy that specifies the security standards it applies to protect the personal data it processes in accordance with these Clauses. The information security policy mandates the use of appropriate technical and organizational security measures throughout LinkTrust's organization to protect personal data against unauthorized and unlawful processing and against accidental loss, damage or destruction.

Data Protection: LinkTrust has appointed an employee with responsibility for ensuring the security of personal data processed by LinkTrust throughout its organization and for reviewing, maintaining and updating LinkTrust's information security policy in accordance with best industry practice.

Physical security: Access to data processing facilities, including server rooms, offices, rooms and facilities is restricted to duly authorized employees and contractors who have been issued with security badges.

Firewall and anti-virus: LinkTrust has implemented appropriate firewall, anti-virus, anti- spyware and other anti-malware software and technologies on applicable networks and systems it uses to process personal data.

Encryption: LinkTrust has implemented appropriate cryptographic controls according to the risk associated with the information and systems being protected.

Asset management: LinkTrust has implemented processes for asset management, including how IT identifies, tracks, tags, and maintains IT assets, including recordkeeping procedures for user requests.

Access controls: LinkTrust has implemented technical access controls that restrict access to personal data it processes to duly authorized employees and contractors only.

Usernames / passwords: Access to personal data will be controlled through access privileges (described above), usernames and confidential passwords.

Back-up: LinkTrust will make regular back-ups of the personal data that it processes. Data back-ups will be stored securely at an offsite location and will be available for data restoration.