Data Security & Handling Agreement

Updated: 01-01-2021

And Acknowledgement of, and Agreement to, Muellners’s Privacy and Confidentiality Agreement

1. You (hereinafter referred to as “Entity” upon an electronically governed consent on one of the Muellners’ web pages or web applications or request forms, agrees that all information received by Entity from Muellners (“Muellners”) including its shareholders and foreign controlling company in Denmark or from any other source on behalf of Muellners is “Confidential Information” and shall be maintained in confidence and not disclosed, used or duplicated by Entity, except as described in this Data Security Agreement and Acknowledgement of, and Agreement to, Muellners’s Privacy Agreement (the “Data Security Agreement”). To the extent this Data Security Agreement is inconsistent with any other agreement Entity has with Muellners, this Data Security Agreement will control.

2. Confidential Information includes, without limitation, all lists of customers, former customers, applicants and prospective customers of the Muellners, and all information relating to and identified with such persons, including but not limited to any and all non-public personal information (“NPPI”) or any personally identifiable financial information regarding the Muellners’s customers and their customers, as such terms are defined under the relevant Laws of Denmark and India; financial information of investors of the Muellners; business volumes or usage; pricing information; information concerning business plans or business strategy; sales methods; marketing plans; finances; contracts; legal affairs; business affairs; any trade secrets or other information that is not generally available to the public; any information that a party is obligated to keep confidential (e.g., pursuant customer lists, sales methods, pricing methods, to a contractual or other obligation such as federal privacy obligations owing to a third-party or shareholders of the Muellners); and the terms and conditions of any agreement between Entity and the Muellners, including this Agreement and any Data Processing Service Agreement or any statements of work or supplemental agreements attached thereto.

3. Entity acknowledges and agrees that all Confidential Information obtained from the Muellners or on behalf of the Muellners, shall be deemed highly sensitive, confidential, private, and proprietary and at all times. The Entity shall with the utmost of care and confidentiality, handle, keep, maintain and secure from others any Confidential Information to which Entity is provided access to, by the Muellners.

4. Entity may use Confidential Information only in connection with the performance of Entity’s obligations and responsibilities under Entity’s various agreements with the Muellners, including the Data Processing and Service Agreement. The Entity shall not copy Confidential Information or disclose Confidential Information to any third person and organization(s) who do not need confidential information in order for the Entity to perform his duties and responsibilities under Entity’s other agreements with the Muellners. Confidential Information shall be returned to the Muellners or destroyed upon the earlier of 1) the request of the Muellners; 2) the termination of the agreements between Entity and the Muellners; or 3) the services contemplated by the agreement between Entity and the Muellners have been completed.

5. Entity shall not advertise, market, or otherwise make known to others any information relating to the subject matter of this Data Security Agreement or the agreements between the Muellners and Entity, including mentioning or implying the name of the Muellners. The Entity is not in the business of selling, distributing, or marketing Confidential Information to other third parties, advertisers, or marketers, and Entity agrees that it will not share Confidential Information with, or disclose, furnish or sell to any third party except as otherwise authorized by this Agreement. If Entity proposes to disclose Confidential Information to a third party in order to perform under its agreements with the Muellners, Entity must first obtain the consent of the Muellners to make such disclosure and Entity must enter into a confidentiality agreement with such third party under which that third party would be restricted from disclosing, using or duplicating such confidential information, except as consistent with this paragraph. To the extent, Entity is required by law to provide a third party with Confidential Information covered by this Data Security Agreement. The Entity shall provide the Muellners with at least 10 days prior written notice of such disclosure so the Muellners may seek a protective order.

6. Entity represents and warrants that his/their collection, access, use, storage, disposal, and disclosure of Confidential Information, including NPPI of Muellners’s customers and customers of Muellners’s customers, does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to laws of Denmark and India and all regulations promulgated thereunder.

7. Entity shall at all times abide and adhere to standards of Entity’s obligations under this Agreement and Muellners’ standard policies and procedures, a copy of which is available to the Entity on https://docs.muellners.info. Entity further agrees that it shall adhere to maintain a disciplinary process to address any unauthorized access, use or disclosure of Confidential Information and NPPI by any of the Entity's other officers, partners, principals, agents or employees.

8. Entity agrees to reasonably cooperate at its own expense with Muellners in any litigation or other formal action deemed necessary by Muellners to protect its rights relating to the use, disclosure, protection, and maintenance of Confidential Information and NPPI.

9. Upon Muellners’s written request, to confirm Entity’s compliance with this Agreement, as well as any applicable laws, regulations and industry standards, Entity grants Muellners or, upon Muellners’s election, a third party on Muellners’s behalf, permission to perform an assessment, audit, examination or review of all controls in Entity’s physical or technical environment in relation to all Confidential Information and NPPI being handled and/or services being provided to Muellners pursuant to this Agreement. Entity shall fully cooperate with such assessment by providing access to knowledgeable third party personnel, physical premises, documentation, infrastructure and application software that processes, stores or transports Confidential Information and NPPI for Muellners pursuant to this Agreement and as relevant to the security and confidentiality of Confidential Information and NPPI shared during the course of this Agreement.

10. Upon the Muellners’s written request, to confirm compliance with this Agreement, as well as any applicable laws and industry standards, Entity shall promptly and accurately complete a written information security questionnaire provided by Muellners or a third party on the Muellners’s behalf regarding information technology environment in relation to all Confidential Information and NPPI being handled and/or services being provided by Entity to Muellners pursuant to this Agreement.

Entity shall fully cooperate with such inquiries. Muellners shall treat the information provided by Entity in the security questionnaire as Entity’s Confidential Information.

11. All terms used in this Data Security Agreement have the meanings given them in the federal “Privacy of Consumer Financial Information” regulations, GDPR, EUROPE and those of regulations in India. The Muellners may disclose in the future, to Entity certain NPPI about consumers and customers of financial institutions, in the Muellners. Entity agrees to maintain the confidentiality of all such NPPI to the same extent that the Muellners and its affiliates are required to maintain it, under all federal and state accompanying regulations, including any regulations promulgated thereunder, and under any privacy policy of the Muellners or any written agreement between the Muellners and any third party, provided however, Entity’s obligation to comply with any privacy policy of the Muellners or any written agreement between the Muellners and third party shall only apply after the Muellners provides a copy of such privacy policy and/or written agreement to Entity or makes it available on Muellners’s website. Entity further agrees not to disclose or use any such information except to carry out the purpose for which the Muellners provided such information or any similar state regulation by which the Muellners is bound.

12. Notwithstanding any contrary provision of any agreement between the Muellners and Entity, Entity agrees to defend, indemnify and hold the Muellners and any affiliate, subsidiary, officer, director, Entity, agent and/or representative of the Muellners, harmless from any loss, cost, judgment, settlement, civil money penalty, claims, damages, or other expenditure, including full reasonable attorney fees at trial and on all appeals, incurred by the Muellners, required of the Muellners or voluntarily made by the Muellners in good faith, if it is caused, in whole or in part, directly or indirectly, by any violation of the obligations contained in this Data Security Agreement or that in any way arise from or are related to any of Entity’s acts, omissions or other conduct of Entity in violation of this Data Security Agreement.