DATA PROCESSING AGREEMENT/ADDENDUM

This Data Processing Agreement (“DPA”) is made and entered into as of this ____ day of ____, 202_ forms part of the Rig Security Master Service Agreement (the “Agreement”).  You acknowledge that you, on behalf of [______] incorporated under __________ law, with its principal offices located at ____________________(“Organization”) (collectively, ”You”, ”Your”, “Customer”,  or “Data Controller”) have read andunderstood and agree to comply with this DPA, and are entering into a binding legal agreement with Rig Security as defined below (“Rig Security.”, ”Us”, ”We”, ”Our”,“Service Provider” or “Data Processor”) to reflect the parties’ agreement with regard to the Processing of Personal Data (as such terms are defined below). Both parties shall be referred to as the “Parties” and each, a “Party”.

WHEREAS, Rig Security shall provide the services set forth in the Agreement (collectively, the “Services”) for Customer, as described in the Agreement; and

WHEREAS,     In the course of providing the Services pursuant to the Agreement, we may process Personal Data on your behalf, in the capacity of a “Data Processor”; and the Parties wish to set forth the arrangements concerning the processing of Personal Data (defined below) within the context of the Services and agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the parties, intending to be legally bound, agree as follows:

1. INTERPRETATION AND DEFINITIONS

1.1       The headings contained in this DPA are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this DPA. References to clauses or sections are references to the clauses or sections of this DPA unless otherwise stated. Words used in the singular include the plural and vice versa, as the context may require. Capitalized terms not defined herein shall have the meanings assigned to such terms in the Agreement. Definitions:

(a)     “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity.“Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

(b)    “Authorized Affiliate” means any of Customer’s Affiliate(s) which(a) is subject to the Data Protection Laws And Regulations of the EuropeanUnion, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Services pursuant to the Agreement between Customer and Rig Security, but has not signed its own agreement with Rig Security and is not a “Customer” as defined under theAgreement.

(c)     “Controller” or “Data Controller” means the entity which determines the purposes and means of the Processing of Personal Data. For the purposes of this DPA only, and except where indicated otherwise, the term “DataController” shall include the Organization and/or the Organization’s AuthorizedAffiliates.

(d)    “CCPA” means the California Consumer Privacy Act of 2018 and its modifications and amendments.

(e)     “Data Protection Laws and Regulations”means all laws and regulations of the European Union, the European EconomicArea and their Member States, including the GDPR, the UK GDPR, and the IsraeliPrivacy Protection Law, 1981 and the regulations promulgated thereunder(including Privacy Protection Regulations (Transfer of Data to DatabasesAbroad), 5761-2001 and Privacy Protection Regulations (Data Security), 5777-2017), and any binding instructions, guidelines and requirements of theIsraeli Privacy Protection Authority, as applicable to the Processing of Personal Data under the Agreement.

(f)     “Data Subject” means the identified or identifiable person to whom the Personal Data relates.

(g)    “Member State” means a country that belongs to theEuropean Union and/or the European Economic Area. “Union” means theEuropean Union.

(h)    “GDPR” means the Regulation (EU) 2016/679 of the EuropeanParliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data ProtectionRegulation).

(i)      “Personal Data”or “Personal Information” means any information relating to anidentified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as defined under DataProtection Laws and Regulations and/or under the CCPA, as applicable. For the avoidance of doubt, Customer's business contact information is not by itself deemed to be Personal Data subject to this DPA.

(j)     “Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(k)    “Processor” or “Data Processor” means the entity which Processes Personal Data on behalf of the Controller.

(l)     “Rig Security Group” means Rig Security Inc. and its Affiliates, and their employees, personnel, contractors and consultants engaged in theProcessing of Personal Data.

(m)   “Security Documentation” means the Security Documentation applicable to the specific Services purchased by Customer, as updated from time to time. Customer shall send a request to privacy@rig.security to receive a copy of the Security Documentation.

(n)    “StandardContractual Clauses” or “SCCs” means(i) the standard contractual clauses for the transfer of Personal Data to Data processors established in third countries which do not ensure an adequate level of protection as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council from June 4, 2021, as available here as updated, amended, replaced or superseded from time to time by the European Commission; or (ii) where required from time to time by a supervisory authority for use with respect to any specific restricted transfer, any other set of contractual clauses or other similar mechanism approved by such Supervisory Authority or by Applicable Laws for use in respect of such Restricted Transfer, as updated, amended, replaced or superseded from time to time by such Regulatory Authority or Data Protection Laws and Regulations;

(o)    “Sub-processor” means any Processor engaged by Rig Security and/or Rig Security Affiliate to Process Personal Data on behalf of Customer.

(p)    “Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR.

(q)    “UKGDPR” means the Data Protection Act 2018, as updated, amended, replaced or superseded from time to time by the ICO.

(r)     “UKStandard Contractual Clauses” or “UK SCCs” means the standard contractual clauses for the transfer of Personal Data to Data processors established in third countries which do not ensure an adequate level of protection as set out by the ICO, as available here, as updated, amended, replaced or superseded from time to time by the ICO.

2. PROCESSING OF PERSONAL DATA

2.1       The Parties acknowledge and agree that with regard to the Processing of Personal Data under this DPA Rig Security is theData Processor and Rig Security or members of the Rig Security Group may engage Sub-processors pursuant to the requirements set forth in Section 5 “Sub-processors”below. For clarity, this DPA shall not apply with respect to Rig Security processing activity as a Data Controller with respect to Rig Security data as detailed in Rig Security’s privacy policy.  

2.2       Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data ProtectionLaws and Regulations and comply at all times with the obligations applicable to data controllers (including, without limitation, Article 24 of the GDPR).  For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with DataProtection Laws and Regulations. Customer shall have sole responsibility for the means by which Customer acquired Personal Data. Without limitation, Customer shall comply with any and all transparency-related obligations (including, without limitation, displaying any and all relevant and required privacy notices or policies) and shall at all times have any and all required on going legal bases in order to collect, Process and transfer to Rig Security thePersonal Data and to authorize the Processing by Rig Security of the Personal Data which is authorized in this DPA. Customer shall defend, hold harmless and indemnify Rig Security, its Affiliates and subsidiaries (including without limitation their directors, officers, agents, subcontractors and/or employees) from and against any liability of any kind related to any breach, violation or infringement by Customer and/or its authorized users of any Data ProtectionLaws and Regulations and/or this DPA and/or this Section.

2.3       Rig Security’s Processing of Personal Data.

2.3.1       Subject to the Agreement, Rig Security shall Process Personal Data that is subject to this DPA only in accordance with Customer’s documented instructions as necessary for the performance of the Services and for the performance of the Agreement and this DPA, unless required to otherwise by Union or Member State law or any other applicable law to which Rig Security and its Affiliates are subject, in which case, Rig Security shall inform the Customer of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest. The duration of the Processing, the nature and purposes of theProcessing, as well as the types of Personal Data Processed and categories of Data Subjects under this DPA are further specified in Schedule 1 (Details of the Processing) to this DPA.

2.3.2       To the extent that Rig Security or its Affiliates cannot comply with a request (including, without limitation, any instruction, direction, code of conduct, certification, or change of any kind) from Customer and/or its authorized users relating to Processing of Personal Data or where Rig Security considers such a request to be unlawful, Rig Security (i) shall inform Customer, providing relevant details of the problem (but not legal advice), (ii) Rig Security may, without any kind of liability towards Customer, temporarily cease all Processing of the affected Personal Data (other than securely storing those data), and (iii) if theParties do not agree on a resolution to the issue in question and the costs thereof, each Party may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Rig Security all the amounts owed to Rig Security or due before the date of termination. Customer will have no further claims against Rig Security (including, without limitation, requesting refunds for Services) due to the termination of the Agreement and/or the DPA in the situation described in this paragraph (excluding the obligations relating to the termination of this DPA set forth below).

‍If Rig Security receives a request from a Data Subject to exercise its rights as described under Data Protection Laws and Regulations (“Data Subject Request”), Rig Security shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer. Taking into account the nature of theProcessing, Rig Security shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a DataSubject Request under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Rig Security’s provision of such assistance.

2.3.3       Rig Security will not be liable in the event of any claim brought by a third party, including, without limitation, a Data Subject, arising from any act or omission of Rig Security to the extent that such is a result of Customer’s instructions.

3. RIGHTS OF DATA SUBJECTS.

If Rig Security receives a request from a DataSubject to exercise its rights as described under Data Protection Laws and Regulations (“Data Subject Request”), Rig Security shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Customer.Taking into account the nature of the Processing, Rig Security shall use commercially reasonable efforts to assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Rig Security’s provision of such assistance.

4. RIG SECURITY PERSONNEL

4.1       Rig Security shall grant access to the PersonalData to persons under its authority (including, without limitation, its personnel) only on a need-to-know basis and ensure that such persons engaged in the Processing of Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4.2       Rig Security may disclose and Process thePersonal Data (a) as permitted hereunder (b) to the extent required by a court of competent jurisdiction or other Supervisory Authority and/or otherwise as required by applicable laws or applicable Data Protection Laws and Regulations(in such a case, Rig Security shall inform the Customer of the legal requirement before the disclosure, unless that law prohibits such information on important grounds of public interest), or (c) on a “need-to-know” basis under an obligation of confidentiality to legal counsel(s), data protection advisor(s), accountant(s), investors or potential acquirers.

5.  AUTHORIZATION REGARDING SUB-PROCESSORS

5.1      Rig Security’s current list of Sub-processors is included in Schedule 2 (“Sub-processor List”) and is hereby approved by Data Controller. Customer hereby grants a general authorization to Rig Security to appoint new Sub-processors, and Rig Security shall comply with the conditions of Section 5.2, to 5.4. The Sub-processor List as of the date of execution of this DPA is hereby authorized by Customer.

5.2       Customer shall send an email to privacy@rig.security with the subject SUBSCRIPTION TO SUB-PROCESSORS NOTIFICATION, to subscribe to notifications of new Sub-processors, and if Customer subscribes, Rig Security shall provide notification of any new Sub-processor(s).

5.3       Customer may reasonably object to Rig Security’s use of a Sub-processor for reasons related to the GDPR by notifying RigSecurity promptly in writing within three (3) business days after receipt of RigSecurity’s notice in accordance with the mechanism set out in Section5.2 and such written objection shall include the reasons related to the GDPR for objecting to Rig Security’s use of such Sub-processor. Failureto object to such Sub-processor in writing within three (3) business days following Rig Security’s notice shall be deemed as acceptance of theSub-Processor. In the eventCustomer reasonably objects to a Sub-processor, as permitted in the preceding sentences, Rig Security will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s use of the Services to avoid Processing of Personal Data by the objected-to Sub-processor without unreasonably burdening the Customer.If Rig Security is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may, as a sole remedy, terminate the applicable Agreement and this DPA with respect only to those Services which cannot be provided by RigSecurity without the use of the objected-to Sub-processor by providing written notice to RigSecurity provided that all amounts due under the Agreement before the termination date with respect to the Processing at issue shall be duly paid to RigSecurity. Until a decision is made regarding the Sub-processor, Rig Security may temporarily suspend the Processing of the affected Personal Data. Customer will have no further claims against Rig Security due to the termination of the Agreement (including, without limitation, requesting refunds) and/or the DPA in the situation described in this paragraph.

5.4       ThisSection 5 shall not apply to subcontractors of Rig Security which provide ancillary services to support the performance of the DPA. This includes, for example, telecommunication services, maintenance and user service, cleaning staff, or auditors.

6. SECURITY

6.1       Taking into account the state of the art, the costs of implementation, the scope, the context, the purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Rig Security shall maintain all industry-standard technical and organizational measures required pursuant to Article 32 of the GDPR for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data),confidentiality and integrity of Personal Data, as set forth in the SecurityDocumentation which are hereby approved by Customer. Upon the Customer’s request, Rig Security will use commercially reasonable efforts to assist Customer, at Customer’s cost, in ensuring compliance with the obligations pursuant toArticles 32 to 36 of the GDPR taking into account the nature of the processing, the state of the art, and the information available to Rig Security.

6.2       Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in theAgreement and this DPA, Rig Security shall make available to Customer that isnot a competitor of Rig Security (or Customer’s independent, third-party auditor that is not a competitor of Rig Security) a copy or a summary of Rig Security’s then most recent third-party audits or certifications, if any and as applicable (provided, however, that such audits, certifications and the results therefrom, including the documents reflecting the outcome of the audit and/or the certifications, shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Rig Security’s prior written approval and, upon Rig Security’s first request, Customer shall return all records or documentation in Customer’s possession or control provided by Rig Security in the context of the audit and/or the certification). At Customer’s cost and expense, Rig Security shall allow for and contribute to audits, including inspections of Rig Security’s, conducted by the controller or another auditor mandated by the controller (whois not a direct or indirect competitor of Rig Security) provided that the parties shall agree on the scope, methodology, timing and conditions of such audits and inspections. Notwithstanding anything to the contrary, nothing in this DPA will require Rig Security either to disclose to Customer (and/or its authorized auditors), or provide access to: (i) any data of any other customer of RigSecurity; (ii) Rig Security’s internal accounting or financial information;(iii) any trade secret of Rig Security; or (iv) any information that, in RigSecurity’s sole reasonable discretion, could compromise the security of any of RigSecurity’s systems or premises or cause Rig Security to breach obligations under any applicable law or its obligations to any third party.

7. PERSONAL DATA INCIDENT MANAGEMENT AND NOTIFICATION.

Rig Security shall notify Customer without unduedelay after becoming aware of the accidental or unlawful destruction, loss,alteration, unauthorized disclosure of, or access to Personal Data, includingPersonal Data, transmitted, stored or otherwise Processed by Rig Security ofwhich Rig Security becomes aware (a “Personal Data Incident”). Rig Security shall make reasonable efforts to identify the cause of such PersonalData Incident and take those steps as Rig Security deems necessary, possibleand reasonable in order to remediate the cause of such a Personal Data Incidentto the extent the remediation is within Rig Security’s reasonable control. Inany event, Customer will be the party responsible for notifying supervisoryauthorities and/or concerned data subjects (where required by Data ProtectionLaws and Regulations).

8. RETURN AND DELETION OF PERSONAL DATA.

Subject to the Agreement, Rig Security shall, at the choice of Customer, delete or return the Personal Data to Customer after the end of the provision of the Services relating to Processing, and shall delete existing copies unless applicable law requires storage of the PersonalData. In any event, to the extent required or allowed by applicable law, Rig Security may retain one copy of the Personal Data for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations. If the Customer requests the PersonalData to be returned, the Personal Data shall be returned in the format generally available for Rig Security’s Customers.

9. AUTHORIZED AFFILIATES

9.1       The Parties acknowledge and agree that, by executing the DPA, the Customer enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate DPA between Rig Security. Each Authorized Affiliate agrees to be bound by the obligations under this DPA. All access to and use of the Services by Authorized Affiliates must comply with the terms and conditions of the Agreement and this DPA and any violation of the terms and conditions therein by an Authorized Affiliate shall be deemed a violation by Customer.

9.2       The Customer shall remain responsible for coordinating all communication with Rig Security under the Agreement and this DPA and shall be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliates.

10. TRANSFERS OF DATA

10.1     PersonalData may be transferred from the EU Member States, the three EEA membercountries (Norway, Liechtenstein and Iceland) (collectively, “EEA”), theUnited Kingdom to countries that offer adequate level of data protection underor pursuant to the adequacy decisions published by the relevant data protectionauthorities of the EEA, the Union, the Member States or the European Commission,the UK supervisory authority (“Adequacy Decisions”), without any furthersafeguard being necessary.

10.2    To the extent that there isProcessing of Personal Data which includes transfers from the EEA, the UK tocountries which do not offer adequate level of data protection or which havenot been subject to an Adequacy Decision (“Other Countries”), the belowterms shall apply:

a)     With respect to the EUtransfers of Personal Data, Customer as a Data Exporter (as defined in theSCCs) and Rig Security on behalf of itself and each Rig Security Affiliate (asapplicable) as a Data Importer (as defined in the SCCs) hereby enter into the SCCset out in Schedule 3. To the extent that there is any conflict or inconsistency between theterms of the SCC and the terms of this DPA, the terms of the SCC shall takeprecedence.

b)     With respect to the UKtransfers of Personal Data (from the UK to other countries which have not beensubject to a relevant Adequacy Decision), Customer as a Data Exporter (asdefined in the UK SCCs) and Rig Security on behalf of itself and each Rig Security Affiliate (as applicable) as a Data Importer (as defined in the UKSCCs), hereby enter into the UK SCC set out in Schedule 3. To the extent that there is any conflict orinconsistency between the terms of the UK SCC and the terms of this DPA, theterms of the UK SCC shall take precedence.

11. TERMINATION.

This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided. Sections 2.2, 2.3.3, 8 and 13  shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.

12. CCPA.

‍To the extent that the Personal Data is subject to the CCPA, Rig Security shall not sell or shareCustomer's Personal Data. Rig Security acknowledges that when processing Personal Data in the context of the provision of theServices, Customer is not selling or sharing Personal Data to Rig Security. Rig Security agrees not to retain, use or disclose Customer Personal Data: (i) for any purpose other than the BusinessPurpose (as defined below); (ii) for no other commercial or Business Purpose; or (iii) outside the direct business relationship between Rig Security and Customer.Notwithstanding the foregoing, Rig Security may use, disclose, or retain Customer Personal Data to: (i) transfer the Personal Data to other Rig Security’s entities (including, without limitation, affiliates and subsidiaries), service providers, third parties and vendors, in order to provide the Services to Customer; (ii) to comply with, or as allowed by, applicable laws; (iii) to defend legal claims or comply with a law enforcement investigation; (ii) for internal use by Rig Security to build or improve the quality of its services and/or for any other purpose permitted under the CCPA; (iii) to detect data security incidents, or protect against fraudulent or illegal activity; and (iv) collect and analyse anonymous information. Rig Security shall use commercially reasonable efforts to comply with its obligations under CCPA. If Rig Security becomes aware of any material applicable requirement (to Rig Security as a service provider) under CCPA that Rig Security cannot comply with, Rig Security shall use commercially reasonable efforts to notifyCustomer. Upon written Customer’s notice, Rig Security shall use commercial reasonable and appropriate steps to stop and remediate Rig Security’s alleged unauthorized use of Personal Data; provided that Customer must explain and demonstrate in the written notice which processing activity of Personal Data considers to be unauthorized and the applicable reasons. Rig Security shall use commercially reasonable efforts to enable Customer to comply with consumer requests made pursuant CCPA. Notwithstanding anything to the contrary, Customer shall be fully and solely responsible for complying with its own requirements under CCPA. “Businesspurpose” means the Processing activities that Rig Security will perform to provide Services (as described in the Agreement), this DPA and any other instruction from Customer, as otherwise permitted by applicable law, including, CCPA and the applicable regulations, or as otherwise necessary to provide the Services to Customer.

13. RELATIONSHIP WITH AGREEMENT.

‍In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions ofthis DPA shall prevail over the conflicting provisions of the Agreement.Notwithstanding anything to the contrary in the Agreement and/or in any agreement between the parties and to the maximum extent permitted by law: (A) Rig Security’s (including Rig Security’s Affiliates’) entire, total and aggregate liability, related to personal data or information, privacy, or for breach of, this DPA and/or Data Protection Laws and Regulations, including, without limitation, if any, any indemnification obligation or applicable law regarding data protection or privacy, shall be limited to the amounts paid to Rig Security under the Agreement within twelve (12) months preceding the event that gave rise to the claim. This limitation of liability is cumulative and not per incident; (B) In no event will Rig Security and/or Rig Security Affiliates and/or their third-party providers, be liable under, or otherwise in connection with this DPA for: (i) any indirect, exemplary, special, consequential, incidental or punitive damages; (ii) any loss of profits, business, or anticipated savings;  (iii) any loss of, or damage to data, reputation, revenue or goodwill; and/or (iv) the cost of procuring any substitute goods or services; and (C) The foregoing exclusions and limitations on liability set forth in this Section shall apply: (i) even ifRig Security, Rig Security Affiliates or third-party providers, have been advised, or should have been aware, of the possibility of losses or damages; (ii) even if any remedy in this DPA fails of its essential purpose; and (iii) regardless of the form, theory or basis of liability (such as, but not limited to, breach of contract or tort).

14. AMENDMENTS.

This DPA may be amended at any time by a written instrument duly signed by each of the Parties.

15. LEGAL EFFECT.

‍This DPA shall only become legally binding between Customer and Rig Security when the formalities steps set out in the Section “INSTRUCTIONS ON HOW TO EXECUTE THIS DPA” below have been fully completed. Rig Security may assign this DPA or its rights or obligations here under to any Affiliate thereof, or to a successor or any Affiliate thereof, in connection with a merger, consolidation or acquisition of all or substantially all of its shares, assets or business relating to this DPA or the Agreement. Any Rig Security obligation hereunder may be performed (in whole or in part),and any Rig Security right (including invoice and payment rights) or remedy maybe exercised (in whole or in part), by an Affiliate of Rig Security.

16. SIGNATURE.

‍The Parties represent and warrant that they each have the power to enter into, execute, perform andbe bound by this DPA. You, as the signing person on behalf of Customer, represent and warrant that you have, or you were granted, full authority to bind the Organization and, as applicable, its Authorized Affiliates to this DPA. If you cannot, or do not have authority to, bind the Organization and/orits Authorized Affiliates, you shall not supply or provide Personal Data to Rig Security. By signing this DPA, Customer enters into this DPA on behalf of itself and, to the extent required or permitted under applicable DataProtection Laws and Regulations, in the name and on behalf of its AuthorizedAffiliates, if and to the extent that Rig Security processes Personal Data for which such Authorized Affiliates qualify as the/a “data controller”.

This DPA has been pre-signed on behalf of Rig Security.

Instructions on how to execute this DPA.

1. To complete this DPA, you must complete the missing information; and

2. Send the completed and signed DPA tous by email, indicating the Customer’s name, to privacy@rig.security

List of Schedules

·      SCHEDULE 1 - DETAILS OF THE PROCESSING

·      SCHEDULE 2 - SUB-PROCESSOR LIST

·      SCHEDULE 3 – STANDARD CONTRACTUAL CLAUSES

The Parties’ authorized signatories have duly executed this DPA: