Privacy

Supplemental terms to Wunderkind Data Processing Addendum

The purpose of these Wunderkind Data Processing terms (“Terms”) is to ensure that the parties execute the Agreement in accordance with Data Protection Laws and specifically to ensure that any cross-border transfers of Personal Data are conducted in accordance with Data Protection Laws, including but not limited to the GDPR and with due respect for the rights and freedoms of individuals whose Personal Data are Processed.

These Terms are incorporated by reference into the data processing addendum or other similar data processing agreement (the “DPA”) that further modifies or is incorporated by reference into the platform or services agreement (“Agreement”) currently in place between Company (as defined in the applicable DPA) and Wunderkind Corporation (“Wunderkind” formerly known as Bounce Exchange, Inc. or BounceX).

The parties agree to comply with the following provisions with respect to any Personal Data of Data Subjects located in the European Economic Area, Switzerland, the United Kingdom, Argentina, Brazil or other jurisdiction which places rules and/or restrictions on cross-border transfers of data (each, a “Restricted Data Transfer Jurisdiction”) Processed in connection with the Agreement and/or which requires a specific legal mechanism (a “Transfer Mechanism”) in order to effectuate such cross-border transfer in accordance with Data Protection Laws. References to the Agreement will be construed as including the DPA and these Terms. All terms not otherwise defined herein shall have the meanings ascribed to them in the Agreement or DPA. Except as amended by these Terms, the Agreement will remain in full force and effect. Capitalized terms used but not defined in these Terms have the same meanings as set out in the DPA and the Agreement. To the extent that these Terms differ from those in the Agreement and/or DPA, the terms of these Terms shall govern.

1.1 Wunderkind may, subject to these Terms, store and process the relevant Personal Data in the European Economic Area, the United Kingdom and the United States.

1.2 If the Services involve the storage and/or Processing of Customer’s Personal Data which transfers such Personal Data out of the European Economic Area or Switzerland to a jurisdiction that does not have adequate Data Protection Laws, and the Data Protection Laws apply to the transfers of such data, the parties agree that the EU Commission Implementing Decision (EU) 2021/914 and available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj (as amended or updated from time to time) (“Standard Contractual Clauses”) will apply and such Standard Contractual Clauses shall be incorporated by reference and form an integral part of this DPA. Purely for the purposes of the descriptions in the Standard Contractual Clauses and only as between Customer and Wunderkind, the parties agree that: (a) Roles of the Parties: Customer is a Data Controller and “data exporter” and Wunderkind is the Data Processor and “data importer” under the Standard Contractual Clauses, (b) Governing Law and Supervisory Authority: The Standard Contractual Clauses shall be governed by the law of the EU Member State in which the data exporter is established and enforced by the Supervisory Authority of such EU Member State; (c) Sub-Processors: the parties select general written authorization for Sub-processors; (d) Redress: The parties elect to omit the optional text; and (e) Annex I, II and III are provided at the end of this DPA as Appendix A and to the extent that there’s a conflict as between the DPA and the Appendix A, the Appendix A shall govern.

1.3 If the Services involve the storage and/or Processing of UK Personal Data which transfers UK Personal Data out of the United Kingdom to a jurisdiction that does not have adequate data protection laws, and the Data Protection Laws apply to the transfers of such data, both parties agree that the Standard Contractual Clauses for transfers reflecting the roles of the parties as described in the DPA in the form approved by the UK Information Commissioner’s Office and currently available at https://ico.org.uk/media/for-organisations/documents/4019483/international-data-transfer-addendum.pdf (as amended or updated from time to time) (“UK Standard Contractual Clauses”) shall be incorporated by reference and form an integral part of this DPA. For the purposes of the UK Standard Contractual Clauses, Annex I, Annex II and Annex III of these Terms shall take the place of Annex 1a/Annex 1b, Annex II and Annex III respectively of the UK Standard Contractual Clauses.

1.4 If the Services involve the storage and/or Processing of Personal Data from data subjects located in Argentina which transfers such Personal Data out of Argentina to a jurisdiction that does not have adequate data protection laws, and the Data Protection Laws apply to the transfers of such data, both parties agree that the Argentina Standard Contractual Clauses for transfers reflecting the roles of the parties as described in this DPA in the form approved by the Agencia de Acceso a la Información Pública (“AAIP”) and currently available at http://servicios.infoleg.gob.ar/infolegInternet/anexos/265000-269999/267922/norma.htm (as amended or updated from time to time) (“Argentina Standard Contractual Clauses”) shall be incorporated by reference and form an integral part of this DPA. For the purposes of the Argentina Standard Contractual Clauses, Annex I and Annex II of these Terms shall take the place of Appendix 1 and Appendix 2 respectively.

1.5 If the Services involve the storage and/or Processing of Personal Data governed under a Restricted Data Transfer Jurisdiction not listed above (e.g., Brazil) which transfers Personal Data out of such Restricted Data Transfer Jurisdiction to a jurisdiction that does not have adequate data protection laws, and Data Protection Laws apply to the transfers of such data, both parties agree that the Standard Contractual Clauses for transfers reflecting the roles of the parties as described in the DPA in the form approved by the European Commission and currently available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en (as amended or updated from time to time) (“Old Standard Contractual Clauses”) shall be incorporated by reference and form an integral part of this DPA until such time as such Restricted Data Transfer Jurisdiction formally approves a data transfer mechanism at which point the parties shall execute and/or apply such data transfer mechanism. For the purposes of the Old Standard Contractual Clauses, Annex I and Annex II of these Terms shall take the place of Appendix 1 and Appendix 2 respectively.

1.6 If any of the Transfer Mechanisms described above are deemed invalid by a governmental entity with jurisdiction over such Restricted Data Transfer Jurisdiction (e.g., the EU Court of Justice with respect to the EEA) or if such governmental entity imposes additional rules and/or restrictions regarding such Personal Data, the parties agree to work in good faith to find an alternative Transfer Mechanism and/or modified approach with respect to such transferred Personal Data which is in compliance with Data Protection Laws.

1.7 To the extent Company is the recipient of Personal Data from one or more Restricted Data Transfer Jurisdictions from Wunderkind pursuant to these Terms, Company will provide at least the same level of protection for the information as is available under the applicable data Transfer Mechanism(s) outlined above in compliance with Applicable Laws.

1.8 These Terms will remain in effect until the termination or expiration of the Agreement between the parties.