Worksection Agreements

WORKSECTION

User Agreement

This User Agreement (hereinafter «Agreement») is concluded between you (hereinafter «User») and LLC «Worksection» (43951196) hereinafter referred to as Contractor, represented by Director, Oleksii Lushchyk, acting on basis of the Charter (hereinafter «Worksection») and regulates all use of the website https://worksection.com (the «Website») , which is owned and operated by Worksection and Services provided by Worksection, through the Website and all information that is available on the Website.

1. SUBJECT OF AGREEMENT

1.1. Only the person(User) who took all the terms of this Agreement, available at https://worksection.com/offer_agreement_en.html, «Privacy Agreement» posted at https://worksection.com/en/conf_agreement.html, and other rules provided on the Website has right to use the Website.

1.2. User must read carefully the Agreement before using the Website. By using any part of the Website, User agrees to be bound by the terms of this Agreement with Worksection. If you do not agree with the terms of the Agreement (in whole or in part), then you will not be granted the status and rights, and you have no right to use the Website, including but not limited to, any information posted on the Website and any services provided within the Website.

1.3. Terms of Agreement apply to all users of the Website — both to users who do not have an account on the Website (not registered user) or for users who have any account, any of the available types. An account means the totality of information about the user and authorization data (login, password).

1.4. User has no right to use the Services and can not accept the Agreement unless he has reached the legal age, when he has the right to accept such agreements with INRING.

1.5. If the law of the country residence’s or sojourning of User outlaw the use of the Site or Services for any reason, the User shall refrain from using the Site or Services, but if continue to use Software at their own risk.

2. RIGHTS AND RESPONSIBILITIES OF THE PARTIES

2.1. Access to the Website for using the provided with it`s help services is possible only for registered users (who created the account).

2.2. If the User believes that the Website may contain information that would violate his rights, the User must notify Worksection and provide information that confirms the violation of rights. If the user provides false information about the violation of his rights, he bears full responsibility for damages (including costs, fees and payment for legal services).

2.3. When using the Website User is prohibited from:

2.3.1. Create more than one free account on the Website;

2.3.2. To register an Account on behalf of or for another person. At the same time, allowed registration of User by Administrator according to appropriate Account, and also Account of individual or legal person in case of obtaining the necessary authority in the manner and form prescribed by the legislation of Ukraine;

2.3.3. Foment and promote the incitement to religious, racial or ethnic hatred;

2.3.4. Commit acts that violate the rights, freedom, honor and dignity of any person;

2.3.5. To publish information (including any materials) that violates the copyrights, the signs for goods and services, industrial property rights and / or rights to other intellectual property rights that belong to Worksection and / or third parties;

2.3.6. To publish information that violates the rights and legitimate interests of third parties (including the publishing of photos and videos, the main object of which is a person if that person did not consent to publish pictures or video of his participation on the Website);

2.3.7. To publish material of a pornographic nature and the materials prohibited by the publication of legislation on public morals;

2.3.8. Carry out an illegal gathering, storage or distribution of personal information of users of other accounts;

2.3.9. To try to gain access to account and / or login and password of another user in any manner, including but not limited to, using deception, abuse of trust, selection of a login and password;

2.3.10. To place a computer virus and / or programs that may interrupt or disrupt the normal functionality of the hardware and / or software, and telecommunication facilities of any person.

2.4. The Responsibility of the User:

2.4.1. User is responsible for any use of information available on the Website.

2.4.2. The user is solely responsible to third parties for his actions or omissions when using the Website.

2.4.3. Customer agrees to settle all claims of third parties that relate to acts or omissions of the User when using the Website all alone and at his own expense.

2.4.4. If the user does not prove the contrary, any action on the Website made using his account and / or his / her login and password, considered to be executed in this Account, and the User is solely responsible for such actions, their consequences and results as of if the use of User’s account by a third person was authorized by the User.

2.4.5. In the case of publishing the information by User on the Website infringing the Agreements between the Parties or applicable law Worksection has the right to block access to such information without notice, at its sole discretion, on the period of time needed to determine legality of publishing and using such information.

2.4.6. For violating the terms of this Agreement, Worksection has the right, without prior notification to block User from accessing the Website and / or remove User account.

2.4.7. The User that has the rights of new user registration within its Account on the Website, confirms that at the time of creating by him the Account for new User, new User has consented to the creation of such an Account, and that the new User has read and fully accept the conditions of this Agreement, the terms of «Privacy Agreement» and the conditions of other agreements referred to in the Website, which are binding for the use of the Website and Services. Otherwise, the User bears full and sole responsibility for the actions of new User using Websites and Services by him.

2.4.8. The User, providing for use his Account to another person confirms, that at the moment providing such using, new User has read and fully accept the conditions of this Agreement, the terms of «Privacy Agreement» and the conditions of other agreements referred to in the Website, which are binding for the use of the Website and Services. Otherwise, the User who provided access to his Account bears full and sole responsibility for the actions of new User using Websites and services by him.

2.4.9. The User, who registered the new User within his Account, has the right to delete the Account of this User solely at any moment. The new User accept such condition of Agreement.

2.5. The Responsibility of Worksection:

2.5.1. Worksection is not responsible for any use by third parties the content posted by Users on the Website (for example if the User has authorized access for a third party to User`s information, or if the third party gained an unauthorized access), including the copying, reproduction and distribution, as implemented in within the Website, and other possible ways.

2.5.2. Worksection is not reimbursing for damages, direct or indirect, caused to User or any third partes in the result of use or non-use, including inability to use the Website.

2.5.3. Worksection assumes no obligation to check, change and control the information that is published by someone on the Website, does not guarantee and is not responsible for the accuracy of the information, its legality, quality and compliance with the specific demands and needs of Users of the Website.

2.5.4. Worksection is not responsible for the content of websites that do not belong to him, references to which may be presented on the Website, and do not guarantee their availability, correct operation and compliance with the noted theme.

3. INTELLECTUAL PROPERTY

3.1. The user who published on the Website any information that contains intellectual property, including but not limited to, text, graphics, audio and video products, computer programs, databases, trade marks for goods and services, etc., ensures that upload to the Website, copying and use of this information and / or intellectual property rights contained in it, will not infringe rights of third parties.

3.2. This Agreement does not grant to the User any ownership rights to any intellectual property of Worksection or third parties, if it is not explicitly noted, and all ownership rights with respect to such facilities remain solely to Worksection and / or the relevant third party.

4. CONFIDENTIALITY

4.1. The User confirms that he has a look at and fully accept the conditions of the «Privacy Agreement» concluded between Worksection and User.

5. ADDITIONAL TERMS

5.1. Worksection has the right to amend to this Agreement. All amends to the Agreement will be available in a new version of the Agreement at https://worksection.com/user_agreement_en.html. In the case of significant amends to the Agreement, Worksection further inform User about these amends by e-mail. All amends to the Agreement shall enter into force after their publication. Using the services or Website the User agrees to new terms in the Agreement in force as from the date of using services or Website.

5.2. Worksection is not responsible for loss or damage suffered by Users or third parties resulting from erroneous understanding or misunderstanding of the terms of this Agreement, instructions or guidance on the use of Website or Services for order of providing data and other technical issues.

5.3. The user provides Worksection the right to send messages to the User, which contain information about the Website, services of Worksection and other information. The User agree that such messages do not determined as «Spam» (the messages including advertising which the User do not want to receive.

5.4. In the case of invalidation or unenforceable any part of this Agreement, other parts of the Agreement shall remain in force. Failure of either Party of any term or condition of this Agreement or any breach of them does not negate the effect of this provision or condition.

5.5. Worksection provide the Website «as is». Worksection do not guarantee compliance the Website to objectives and expectations of User. Worksection responsible for the uninterrupted operation and error-free performance of the Website, as well as the safety of the user account and information, which is posted by the User on the Website only in the framework of agreements and contracts concluded between the User and Worksection.

5.6. Worksection has the right to unilaterally change the value, types and duration of services provided within the Website.

5.7. Worksection may assign its rights under this Agreement to any third party at any time and without notice.

5.8. Until this Agreement and relations between Worksection and the User, apply the legislation of Ukraine. The Parties fully agrees that the competent courts of Ukraine shall have exclusive jurisdiction for any claims and disputes relating to the Agreement.

Data Processing Addendum (DPA)

The protection of individuals’ personal data is a fundamental right under EU law and currently regulated by the General Data Protection Regulation (Regulation (EU) ²⁰¹⁶⁄₆₇₉) (the “GDPR”). The GDPR specifies that the processing of personal data by a processor on behalf of a controller shall be governed by a written agreement regulating amongst others the circumstances and conditions under which such processing may take place.

This Data Processing Addendum (the “Addendum” or “DPA”) forms part of the Worksection Terms of Service available at worksection.com/en/agreement.html, (the “Terms of Service”, updated from time to time), or other agreement governing the use of Worksection’s services (“Agreement”) entered by and between you, the Customer (as defined in the Agreement — collectively, “you”, “your”, “Customer”), and Worksection LLC (“Worksection”, “us”, “we”, “our”) to reflect the parties’ agreement with regard to the Processing of Personal Data by Worksection solely on behalf of the Customer. Both parties shall be referred to as the “Parties” and each, a “Party”.

The Parties have agreed that Worksection shall provide Customer with a cloud-based project management tool (hereinafter referred to as the “Services”), under which Worksection will be processing certain personal data on behalf of the Customer in the capacity of processor. As such, the Parties acknowledge the need to enter into this separate Addendum to regulate the processing of personal data by Worksection on behalf of the Customer. By using the Services, Customer accepts this DPA and anyone who is entering into the Terms of Service on behalf of a company or other legal entity, represents to have the authority to bind such entity and its affiliates to these terms and conditions, in which case the terms “you” and “your” herein shall refer to such entity. If you cannot, or do not agree to, comply and be bound by this DPA, or do not have authority to bind the Customer or any other entity, please do not provide Personal Data to us.

In the event of any conflict between certain provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement solely with respect to the Processing of Personal Data.

1. DEFINITIONS

Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement.

(a) “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

(b) “Authorized Affiliate” means any of Customer’s Affiliate(s) which is explicitly permitted to use the Services pursuant to the Agreement between Customer and Worksection but has not signed its own agreement with Worksection and is not a “Customer” as defined under the Agreement.

(d) The terms, “Controller“, “Member State“, “Processor“, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR. The terms “Business”, “Business Purpose”, “Consumer” and “Service Provider” shall have the same meaning as in the CCPA.

For the purpose of clarity, within this DPA “Controller” shall also mean “Business”, and “Processor” shall also mean “Service Provider”, to the extent that the CCPA applies. In the same manner, Processor’s Sub-processor shall also refer to the concept of Service Provider.

(e) “Data Protection Laws” means all applicable and binding privacy and data protection laws and regulations, including such laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland, the United Kingdom, Canada, and the United States of America, as applicable to the Processing of Personal Data under the Agreement including (without limitation) the GDPR, the UK GDPR, and the CCPA, as applicable to the Processing of Personal Data hereunder and in effect at the time of Processor’s performance hereunder.

(f) “Data Subject” means the identified or identifiable person to whom the Personal Data relates.

(g) “GDPR” means the Regulation (EU) ²⁰¹⁶⁄₆₇₉ of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

(h) “Personal Data” or “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable natural person or Consumer, which is processed by Worksection solely on behalf of Customer, under this DPA and the Agreement between Customer and Worksection.

(i) “Services” means the cloud-based work operating system platform (“Platform”) and any other services provided to Customer by Worksection under the Agreement.

(j) “Security Documentation” means the security documentation specifically applicable to the Processing of Personal Data by Worksection under the Agreement and this DPA, as updated from time to time, and accessible via worksection.com/en/agreement.html, or as otherwise made reasonably available by Worksection.

(k) “Sensitive Data” means Personal Data that is protected under a special legislation and requires unique treatment, such as “special categories of data”, “sensitive data” or other materially similar terms under applicable Data Protection Laws, which may include any of the following: (a) social security number, tax file number, passport number, driver’s license number, or similar identifier (or any portion thereof); (b) credit or debit card number; © financial, credit, genetic, biometric or health information; (d) information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences; and/or (e) account passwords in unhashed form.

(l) “Sub-processor” means any third party that Processes Personal Data under the instruction or supervision of Worksection.

(m) “UK GDPR” means the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI ²⁰¹⁹⁄₄₁₉).

2. DATA PROCESSING

2.1. Scope and Roles. This Addendum applies when Customer Data is processed by Worksection on behalf of Customer as part of performing the Services.

2.2. Compliance with Laws. Each party will comply with all laws, rules and regulations applicable to it and binding on it in the performance of this Addendum, including all statutory requirements relating to data protection.

2.3. The Nature and Purpose of Data Processing. As long as Customer is using the Services, and as a consequence of Customer using the Services, Worksection will process Customer Data on behalf of Customer. Customer Data includes but is not limited to names, addresses and contact information of the Customer’s invited users, as well as other kind of personal data which Customer will upload to the Services in different project, collections and boards. Customer Data can relate to Customer’s employees, directors, officers, customers and subcontractors, but also to third parties which are somehow part of or related to a project managed by Customer when using the Services. Customer Data may also include technical data, usage data, quality statistics and similar information (including but not limited to device related and location-based metrics) related to Customer’s access to and use of the Services.

2.4. Instructions for Data Processing. Worksection will process Customer Data in accordance with Customer’s documented instructions, including with regard to transfers of personal data to a third country or an international organization, unless required to do otherwise by applicable law. Any additional costs, which arise as a result of such restrictions, shall be borne by Customer. The parties agree that this Addendum is Customer’s complete and final instructions to Worksection in relation to processing of Customer Data. Processing outside the scope of this Addendum (if any) will require prior written agreement between Worksection and Customer on additional instructions for processing, including agreement on any additional fees Customer will pay to Worksection for carrying out such instructions. Customer may terminate this Addendum if Worksection declines to follow instructions requested by Customer that are outside the scope of this Addendum.

2.5. Access or Use. Worksection will not access or use Customer Data, except as necessary to maintain, improve and provide the Services requested by Customer.

2.6. Details of the Processing. The duration of the processing, the nature and purpose of the processing, the types of Customer Data and categories of data subjects processed under this DPA are further specified in Annex 1 (Details of the Processing) to this DPA.

2.7. Assistance. Taking into account the nature of the processing, Worksection shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising the data subject’s rights.

2.8. Disclosure. Worksection will not disclose Customer Data to any government, except as necessary to comply with the law or a valid and binding order of a law enforcement agency (such as a subpoena or court order). If a law enforcement agency sends Worksection a demand for Customer Data, Worksection will attempt to redirect the law enforcement agency to request that data directly from Customer. As part of this effort, Worksection may provide Customer’s basic contact information to the law enforcement agency. If compelled to disclose Customer Data to a law enforcement agency, then Worksection will give Customer reasonable Notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Worksection is legally prohibited from doing so.

2.9. Worksection Personnel. Worksection restricts its personnel from processing Customer Data without authorization by Worksection. Worksection will impose appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security.

2.10. Customer Controls. Worksection makes available a number of security features and functionalities that Customer may elect to use. Customer is responsible for properly (a) configuring the Services, (b) using the controls available in connection with the Services (including the security controls), and © taking such steps as Customer considers adequate to maintain appropriate security, protection, deletion and backup of Customer Data, which may include use of encryption technology to protect Customer Data from unauthorized access and routine archiving of Customer Data.

3. CROSS-BORDER DATA TRANSFERS

3.1. Transfers from the EEA and Switzerland to countries that offer adequate level or data protection. Personal Data may be transferred from EU member states, Norway, Liechtenstein and Iceland (collectively “EEA”), and Switzerland, to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the European Union, the Member States or the European Commission, or Switzerland as relevant (“Adequacy Decisions”), as applicable, without any further safeguard being necessary.

3.2. Transfers to other countries. If the Processing of Personal Data by Worksection includes transfers (either directly or via onward transfer) from the EEA or Switzerland to other countries which have not been subject to a relevant Adequacy Decision, and such transfers are not performed through an alternative recognized compliance mechanism as may be adopted by Worksection for the lawful transfer of personal data (as defined in the GDPR) outside the EEA or Switzerland, as applicable, then the “2021 Standard Contractual Clauses” (as approved by the European Commission in decision Implementing Decision (EU) ²⁰²¹⁄₉₁₄) and related annexes and appendices shall apply.

4. SECURITY RESPONSIBILITIES

Worksection will implement such technical and organizational measures to protect Customer Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized processing, disclosure and access, which are required by applicable law. Worksection will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) help Customer secure Customer Data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to the Worksection, and © minimize security risks, including through risk assessment and regular testing. Worksection will designate one or more employees to coordinate and be accountable for the information security program. The information security program will include measures relating to both network and physical security, and will be reviewed periodically by Worksection to determine whether additional or different security measures are required to respond to new security risks or findings generated by the periodic reviews. If Customer wishes Worksection to take any further measures, Worksection will do so to a reasonable extent, but any additional costs shall be borne by Customer. Customer confirms that it deems the measures set forth in Annex 2 as being appropriate technical and organizational safeguards in relation to the processing of Personal Data.

5. CUSTOMER’S RESPONSIBILITY

Customer is solely responsible for reviewing the information made available by Worksection relating to data security and making an independent determination as to whether the Services meet Customer’s requirements, and for ensuring that Customer’s personnel and consultants follow the guidelines they are provided regarding data security.

6. AUDIT

Upon the request of Customer and during regular business hours, Worksection will submit its data processing facilities for audit of the processing activities covered by the Addendum which shall be carried out by Customer at Customer’s expense.

7. SECURITY

7.1. If Worksection becomes aware of either (a) any unlawful access to any Customer Data stored on Worksection’s equipment or in Worksection’s facilities; or (b) any unauthorized access to such equipment or facilities, where in either case such access results in loss, disclosure, or alteration of Customer Data (each a “Security Incident”), Worksection will promptly: (a) notify Customer of the Security Incident; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

7.2. Customer agrees that:

(i) an unsuccessful Security Incident will not be subject to this Section. An unsuccessful Security Incident is one that results in no unauthorized access to Customer Data or to any of Worksection’s equipment or facilities storing Customer Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or headers) or similar incidents; and

(ii) Worksection’s obligation to report or respond to a Security Incident under this Section is not and will not be construed as an acknowledgement by Worksection of any fault or liability of Worksection with respect to the Security Incident.

7.3. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s administrators by any means Worksection selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on the Worksection at all times.

8. SUB-PROCESSORS

8.1. Authorized Sub-processors. Customer agrees that Worksection may use sub-processors to fulfil its contractual obligations under this Addendum or to provide certain services on its behalf, such as providing support services. Worksection maintains a list of sub-processors on its website worksection.com/en/agreement.html. Worksection shall notify Customer of any intended changes concerning the addition or replacement of sub-processors, to which the Customer may object. Customer is notified when Worksection updating the list of sub-processors on its website. If Customer has made no such objection within thirty (30) days from the date of receipt of the notification/date of update on the website, Customer is assumed to have made no objection. In case of an objection from the Customer, Worksection has the right to cure the Customer’s objection at Worksection’s sole discretion. If (i) no corrective option is reasonably available; or (ii) the parties have not been able to find a mutually agreeable solution, and (iii) the objection has not been cured within thirty (30) days after Worksection receiving the objection, either Party may terminate the Terms of Service with immediate effect.

8.2. Sub-processor Obligations. Where Worksection authorizes any sub-processor as described in this Section:

(i) Worksection will restrict the sub-processor’s access to Customer Data only to what is necessary to maintain the Services or to provide the Services to Customer in accordance with the Terms of Service and Worksection will prohibit the sub-processor from accessing Customer Data for any other purpose.

(ii) Worksection will impose appropriate contractual obligations in writing upon the sub-processor that are no less protective than this Addendum, including relevant contractual obligations regarding confidentiality, data protection, data security and audit rights; and

(iii) Worksection will remain responsible for its compliance with the obligations of this Addendum and for any acts or omissions of the sub-processor that cause Worksection to breach any of Worksection’s obligations under this Addendum.

9. OBLIGATIONS TO INFORM

If Customer Data becomes subject to confiscation during bankruptcy or insolvency proceedings, or similar measures by third parties while being processed by Worksection, Worksection will inform Customer without undue delay. Worksection will, without undue delay, notify all relevant parties in such action (e.g. creditors, bankruptcy trustee) that any Customer Data subjected to those proceedings is Customer’s property and area of responsibility and that Customer Data is at Customer’s sole disposition.

10. RETURN AND DELETION OF PERSONAL DATA

Following termination of the Agreement and cessation of the Services, at the choice of Customer (indicated through the Platform or in written notification to Processor), Processor shall delete or return to Customer all the Personal Data it Processes solely on behalf of the Customer in the manner described in the Agreement, and Processor shall delete existing copies of such Personal Data unless Data Protection Laws require otherwise. To the extent authorized or required by applicable law, Processor may also retain one copy of the Personal Data solely for evidence purposes and/or for the establishment, exercise or defense of legal claims and/or for compliance with legal obligations.

ANNEX 1 — DETAILS OF THE PROCESSING

Categories of Data Subjects.

Customer may submit Personal Data to the Service which may include, but is not limited to, Personal Data relating to the following categories of Data Subjects:

● Customer’s invited users

● Employees of Customer

● Consultants of Customer

● Agents of Customer

● Advisors of Customer

● Business partners and vendors of Customer (who are natural persons)

Any other third party individual with whom Customer decides to communicate through the Service.

Categories of data.

Any personal data comprised in Customer Data, i.e. Personal Data that is uploaded by the Customer to the Services under Customer’s Worksection accounts or otherwise processed by Worksection on behalf of Customer, in connection with Customer’s use of the Services.

The Customer acknowledges and understands that the Services are used for collaboration and planning, and that they are not designed for the processing of special categories of personal data.

Duration of Processing.

Subject to any Section of the DPA and/or the Agreement dealing with the duration of the processing and the consequences of the expiration or termination thereof, Worksection will Process Personal Data pursuant to the DPA and Agreement for the duration of the Agreement, unless otherwise agreed upon in writing. Customer will itself delete Personal Data uploaded to the Services, in accordance with its own retention policies.

Processing operations and frequency.

The processing takes place continuously, as Customer avails itself of the Services.

The personal data may be subject to the following processing activities:

● storage and other processing necessary to provide, maintain and improve the Services provided to the Data Exporter;

● to provide customer and technical support to the Data Exporter;

● disclosures in accordance with the Agreement, as compelled by law.

Sub-processing operations.

Sub-processors are engaged by Worksection for web analytics, ERP, customer data analytics, customer support, servers and hosting, and email functionalities.

ANNEX 2 – TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

Measures of pseudonymization and encryption of personal data.

Worksection maintains customer data encrypted at rest using a cipher strength equivalent to 256 bit symmetric crypto or better. Data is encrypted in transit using TLS 1.2 or later.

Measures for ensuring ongoing confidentiality, integrity, and availability and resilience of processing systems and services.

The infrastructure for the Worksection services spans multiple data centres in different EU countries and in Ukraine.

Measures for ensuring the ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident.

Worksection backups up customer data in real time. Backups are retained redundantly across multiple data centres and are encrypted in transit and at rest with industry standard ciphers with cipher strength equivalent to 256 bit symmetric crypto.

Processes for regular testing to ensure the security of processing.

Worksection maintains a security program based on ISO 27001 standards. This includes administrative, organizational, technical and physical security safeguards designed to protect the confidentiality, integrity and availability of customer data. Worksection performs annual third party application and network penetration tests.

Measures for user identification and authorization.

Worksection personnel are required to use unique user credentials and secrets for authentication.

Measures for the protection of data during transmission.

Customer data is encrypted with TLS 1.2 or later encryption during transmission between the customer and Worksection as well as internally between Worksection systems.

Measures for the protection of data during storage.

Customer data is stored encrypted using industry standard 256 bit symmetric ciphers.

Measures for ensuring systems configuration, including default configuration.

Worksection applies Secure Software Development Lifecycle (Secure SDLC) standards to perform numerous security-related activities for the Services across different phases of the product creation lifecycle from requirements gathering and product design all the way through product deployment. These activities include, but are not limited to, the performance of (a) internal security reviews before new services are deployed; (b) annual penetration testing by independent third parties; and © threat models for new services to detect any potential security problems.

Last Updated: July 11, 2022

List of sub-processors

Worksection is engaging the following sub-processors for the processing of personal data.

Sub-Processor	Type of Service	Location for Processing
Google LLC	Cloud computing provider, error monitoring (through Firebase)	EU/EEA and US, Transfer Mechanism: SCC
Hetzner Online GmbH	Data center	EU/EEA (Nuremberg and Falkenstein, Germany)
Pipedrive OÜ	Service provider for CRM	EU/EEA (Tallinn, Estonia)
Freshworks	Service provider for customer support conversations	EU/EEA and US, Transfer Mechanism: SCC
Ecomz Holding Limited (Selzy)	Email notification services	EU/EEA
Fondy (Financial Company Elayens LLC)	Payment processor	Ukraine and UK, Transfer Mechanism: SCC

To subscribe to email notifications regarding changes to the above list, send an email to [email protected] with the word "subscribe" in the body.

Last Updated: July 11, 2022

Cookie Policy

. . . .

Privacy Policy

. . . .

Partnership Agreement

. . . .

Referral Agreement

. . . .

worksection

User Agreement

1. SUBJECT OF AGREEMENT

2. RIGHTS AND RESPONSIBILITIES OF THE PARTIES

2.3. When using the Website User is prohibited from:

2.4. The Responsibility of the User:

2.5. The Responsibility of Worksection:

3. INTELLECTUAL PROPERTY

4. CONFIDENTIALITY

5. ADDITIONAL TERMS

Data Processing Addendum (DPA)

1. DEF­I­N­I­TIONS

2. DATA PROCESSING

3. CROSS-BOR­DER DATA TRANSFERS

4. SECU­RI­TY RESPONSIBILITIES

5. CUSTOMER’S RESPONSIBILITY

6. AUDIT

7. SECU­RI­TY

8. SUB-PROCES­SORS

9. OBLIG­A­TIONS TO INFORM

10. RETURN AND DELE­TION OF PER­SON­AL DATA

ANNEX 1 — DETAILS OF THE PROCESSING

ANNEX 2 – TECH­NI­CAL AND ORGA­NI­ZA­TION­AL SECU­RI­TY MEASURES

List of sub-processors

Sub-Processor

Type of Service

Location for Processing

Cookie Policy

Privacy Policy

Partnership Agreement

Referral Agreement

1. DEFINITIONS

3. CROSS-BORDER DATA TRANSFERS

4. SECURITY RESPONSIBILITIES

7. SECURITY

8. SUB-PROCESSORS

9. OBLIGATIONS TO INFORM

10. RETURN AND DELETION OF PERSONAL DATA

ANNEX 2 – TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES