Data Security Agreement:

TERMS and CONDITIONS for Data Security governing Fellowship Programme:

And Acknowledgement of, and Agreement to, Muellners’s Privacy Agreement for Fellowship programme titularly as Learn by Muellners Foundation

1. The candidate (hereinafter referred to as “Fellow” upon commencement of internship/training/fellowship/apprenticeship period) under the Learn.Muellners.Org fellowship program agrees that all information received by Fellow from Muellners (“Muellners”) including its shareholders and foreign controlling company in Denmark or from any other source on behalf of Muellners is “Confidential Information” and shall be maintained in confidence and not disclosed, used or duplicated by Fellow, except as described in this Data Security Agreement and Acknowledgement of, and Agreement to, Muellners’s Privacy Agreement (the “Data Security Agreement”). To the extent this Data Security Agreement is inconsistent with any other agreement Fellow has with Muellners, this Data Security Agreement will control.

2. Confidential Information includes, without limitation, all lists of customers, former customers, applicants and prospective customers of the Muellners, and all information relating to and identified with such persons, including but not limited to any and all non-public personal information (“NPPI”) or any personally identifiable financial information regarding the Muellners’s customers and their customers, as such terms are defined under the relevant Laws of Denmark and India; financial information of investors of the Muellners; business volumes or usage; pricing information; information concerning business plans or business strategy; sales methods; marketing plans; finances; contracts; legal affairs; business affairs; any trade secrets or other information that is not generally available to the public; any information that a party is obligated to keep confidential (e.g., pursuant customer lists, sales methods, pricing methods, to a contractual or other obligation such as federal privacy obligations owing to a third-party or shareholders of the Muellners); information about Fellows and/or Fellows; and the terms and conditions of any agreement between Fellow and the Muellners, including this Agreement and any Data Processing Service Agreement or any statements of work or supplemental agreements attached thereto.

3. Fellow acknowledges and agrees that all Confidential Information obtained from the Muellners or on behalf of the Muellners, shall be deemed highly sensitive, confidential, private and proprietary and at all times Fellow shall with the utmost of care and confidentiality, handle, keep, maintain and secure from others any Confidential Information to which Fellow is provided access to by the Muellners.

4. Fellow may use Confidential Information only in connection with performance of Fellow’s obligations and responsibilities under Fellow’s various agreements with the Muellners, including the Data Processing and Service Agreement. Fellow shall not copy Confidential Information or disclose Confidential Information to any third person and organisation(s) who do not need confidential information in order for the Fellow to perform his duties and responsibilities under Fellow’s agreements with the Muellners. Confidential Information shall be returned to the Muellners or destroyed upon the earlier of 1) the request of the Muellners; 2) the termination of the agreements between Fellow and the Muellners; or 3) the services contemplated by the agreement between Fellow and the Muellners have been completed.

5. Fellow shall not advertise, market or otherwise make known to others any information relating to the subject matter of this Data Security Agreement or the agreements between the Muellners and Fellow, including mentioning or implying the name of the Muellners. Fellow is not in the business of selling, distributing or marketing Confidential Information to other third parties, advertisers or marketers, and Fellow agrees that it will not share Confidential Information with, or disclose, furnish or sell to any third party except as otherwise authorized by this Agreement. If Fellow proposes to disclose Confidential Information to a third party in order to perform under its agreements with the Muellners, Fellow must first obtain the consent of the Muellners to make such disclosure and Fellow must enter into a confidentiality agreement with such third party under which that third party would be restricted from disclosing, using or duplicating such confidential information, except as consistent with this paragraph. To the extent Fellow is required by law to provide a third party with Confidential Information covered by this Data Security Agreement. Fellow shall provide the Muellners with at least 10 days prior written notice of such disclosure so the Muellners may seek a protective order.

6. Fellow represents and warrants that his collection, access, use, storage, disposal and disclosure of Confidential Information, including NPPI of Muellners’s customers and customers of Muellners’s customers, does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to laws of Denmark and India and all regulations promulgated thereunder. Without limiting Fellow’s obligations hereunder, Fellow shall implement administrative, physical and technical safeguards to protect Confidential Information and NPPI that are no less rigorous than accepted industry practices including, but not limited to, the International Organization for Standardization’s standards: ISO/IEC 27001:2005 – Information Security Management Systems – Requirements and ISO-IEC 27002:2005 – Code of Practice for International Security Management, the Information Technology Library (ITIL) standards, the Control Objectives for Information and related Technology (COBIT) standards, and shall ensure that all such safeguards, including the manner in which Confidential Information and NPPI is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement.

7. If, in the course of his/her fellowship and services under the Data Processing Services Agreement, Fellow has access to or will collect, access, use, store, process, dispose of or disclose credit, debit or other payment cardholder information, Fellow shall at all times remain in compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at Fellow’s sole cost and expense. The Muellners will also train and educate the Fellow from time to time regarding changes to regulations, at its own cost. However, the Fellow cannot plead ignorance to such changes as the Fellow is actively working in the financial services Industry and Nature of confidential information being accessible to Fellow while engaged by the Muellners.

8. At a minimum, Fellow’s safeguards for the protection of Confidential Information and NPPI shall include: (i) limiting access of Confidential Information and NPPI; (ii) Adherence to and helping to secure Muellners facilities, data centers, paper files, servers, back-up systems and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (iii) implementing network, device application, database and platform security; (iv) securing information transmission, storage and disposal; (v) implementing authentication and access controls within media, applications, operating systems and equipments; (vi) encrypting Confidential Information and NPPI stored on any mobile media; (vii) encrypting Confidential Information and NPPI transmitted over public or wireless networks; (viii) strictly segregating Confidential Information and NPPI (ix) Adherence to appropriate personnel security and integrity procedures and practices, including, but not limited to, Muellners’s background checks policy consistent with applicable law; and (x) Adherence in appropriate privacy and information security training.

9. During the period of Fellowship, Fellow shall at all times abide and adhere to standards of Fellow’s obligations under this Agreement and Muellners’s standard policies and procedures, a copy of which is available to the Fellow. Fellow further agrees that it shall adhere to maintain a disciplinary process to address any unauthorized access, use or disclosure of Confidential Information and NPPI by any of the Muellners's other officers, partners, principals, Fellows, agents or Fellows.

10. Fellow shall resolve to serve and shall be available to assist Muellners twenty-four (24) hours per day, seven (7) days per week in contact in resolving obligations associated with a Security Breach; (ii) notify Muellners of a Security Breach as soon as practicable, but no later than twenty-four (24) hours after Fellow becomes aware of it; and (iii) notify Muellners of any Security Breaches by telephone at the following numbers: +4581929792 and with a copy by e-mail to primary contact within Muellners.

11. Immediately following the Fellow's notification to the Muellners of a Security Breach, the parties shall coordinate with each other to investigate the Security Breach. Fellow agrees to fully cooperate with Muellners in management’s handling of the matter, including, without limitation: (i) assisting with any investigation; (ii) providing Muellners with physical access to the facilities and operations affected; (iii) facilitating interviews with others involved in the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards or as otherwise required by Muellners.

12. Fellow shall use best efforts to immediately remedy any Security Breach and prevent any further Security Breach in accordance with applicable privacy rights, laws, regulations and standards. Fellow shall reimburse Muellners for actual costs incurred by Muellners in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation pursuant to this Data Security Agreement.

13. Fellow agrees that it shall not inform any third party of any Security Breach without first obtaining Muellners’s prior written consent, other than to inform a complainant that the matter has been forwarded to Muellners’s legal counsel. Further, Fellow agrees that Muellners shall have the sole right to determine: (i) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Muellners’s discretion; and (ii) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation.

14. Fellow agrees to reasonably cooperate at its own expense with Muellners in any litigation or other formal action deemed necessary by Muellners to protect its rights relating to the use, disclosure, protection and maintenance of Confidential Information and NPPI.

15. Upon Muellners’s written request, to confirm Fellow’s compliance with this Agreement, as well as any applicable laws, regulations and industry standards, Fellow grants Muellners or, upon Muellners’s election, a third party on Muellners’s behalf, permission to perform an assessment, audit, examination or review of all controls in Fellow’s physical or technical environment in relation to all Confidential Information and NPPI being handled and/or services being provided to Muellners pursuant to this Agreement. Fellow shall fully cooperate with such assessment by providing access to knowledgeable third party personnel, physical premises, documentation, infrastructure and application software that processes, stores or transports Confidential Information and NPPI for Muellners pursuant to this Agreement and as relevant to the security and confidentiality of Confidential Information and NPPI shared during the course of this Agreement.

16. Upon the Muellners’s written request, to confirm compliance with this Agreement, as well as any applicable laws and industry standards, Fellow shall promptly and accurately complete a written information security questionnaire provided by Muellners or a third party on the Muellners’s behalf regarding information technology environment in relation to all Confidential Information and NPPI being handled and/or services being provided by Fellow to Muellners pursuant to this Agreement.

A Fellow shall fully cooperate with such inquiries. Muellners shall treat the information provided by Fellow in the security questionnaire as Fellow’s Confidential Information.

17. All terms used in this Data Security Agreement have the meanings given them in the federal “Privacy of Consumer Financial Information” regulations, GDPR, EUROPE and those of regulations in India. The Muellners may disclose in the future, to Fellow certain NPPI about consumers and customers of financial institutions, in the Muellners. Fellow agrees to maintain the confidentiality of all such NPPI to the same extent that the Muellners and its affiliates are required to maintain it, under all federal and state accompanying regulations, including any regulations promulgated thereunder, and under any privacy policy of the Muellners or any written agreement between the Muellners and any third party, provided however, Fellow’s obligation to comply with any privacy policy of the Muellners or any written agreement between the Muellners and third party shall only apply after the Muellners provides a copy of such privacy policy and/or written agreement to Fellow or makes it available on Muellners’s website. Fellow further agrees not to disclose or use any such information except to carry out the purpose for which the Muellners provided such information or any similar state regulation by which the Muellners is bound.

18. Notwithstanding any contrary provision of any agreement between the Muellners and Fellow, Fellow agrees to defend, indemnify and hold the Muellners and any affiliate, subsidiary, officer, director, Fellow, agent and/or representative of the Muellners, harmless from any loss, cost, judgment, settlement, civil money penalty, claims, damages, or other expenditure, including full reasonable attorney fees at trial and on all appeals, incurred by the Muellners, required of the Muellners or voluntarily made by the Muellners in good faith, if it is caused, in whole or in part, directly or indirectly, by any violation of the obligations contained in this Data Security Agreement or that in any way arise from or are related to any of Fellow’s acts, omissions or other conduct of Fellow in violation of this Data Security Agreement.