igor/GEOVizor_PHP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Старт

Browse Source
This commit is contained in:
igor
2023-11-07 19:51:49 +06:00
commit 86542a157f
5002 changed files with 199551 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

566
monitoring/privacy/politics_en.html Normal file
View File

@ -0,0 +1,566 @@
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="UTF-8"/>
<title>Data Protection Agreement</title>
<meta name="keywords" content="">
<meta name="description" content="">
</head>
<body>
<div class="container">
<h1 align="center">
<strong>
<span style="font-size: 18px;">Data Protection Agreement</span>
</strong>
</h1>
<p>This Data Protection Agreement (the &ldquo;DPA&rdquo;) becomes effective on May 25, 2018.&nbsp;</p>
<p align="justify" lang="ru-RU"><span lang="en-US">The Customer shall make available to GEOVizor and the Customer authorizes GEOVizor to process information including Personal Data for the provision of the Services under the Agreement. The parties have agreed to enter into this DPA to confirm the data protection provisions relating to their relationship and so as to meet the requirements of the applicable Data Protection Law.&nbsp;</span>
</p>
<h2><strong><span style="font-size: 14px;">1. Definitions</span></strong>
</h2>
<p style="margin-left: 20px;">1.1 For the purposes of this DPA:</p>
<p align="justify" lang="ru-RU" style="margin-left: 40px;">&ldquo;<span lang="en-US"><strong>Personal Data&rdquo;</strong></span><span lang="en-US">&nbsp;means any information relating to an identified or identifiable natural person (&lsquo;data subject&rsquo;); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;&nbsp;</span>
</p>
<p align="justify" lang="ru-RU" style="margin-left: 40px;">&ldquo;<span lang="en-US"><strong
>Data Protection Law</strong></span><span lang="en-US">&rdquo; mean all applicable laws, regulations, and other legal requirements relating to (a) privacy, data security, consumer protection, marketing, promotion, and text messaging, email, and other communications; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Data.;</span>
</p>
<p align="justify" lang="ru-RU" style="margin-left: 40px;">&ldquo;<span lang="en-US"><strong
>GEOVizor Affiliate</strong></span><span lang="en-US">&rdquo; means any entity that directly or indirectly controls, is controlled by, or is under common control with GEOVizor. &ldquo;</span><span
lang="en-US"><strong>Control</strong></span><span
lang="en-US">,&rdquo; for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;</span>
</p>
<p align="justify" lang="ru-RU" style="margin-left: 40px;">&ldquo;<span lang="en-US"><strong
>Services</strong></span><span lang="en-US">&rdquo; means any of the following services provided by GEOVizor: (a) GEOVizor-branded product offerings made available via the Internet on&nbsp;</span><u
><a href="http://GEOVizor.com/" target="_blank"><span
lang="en-US">http://GEOVizor.com</span></a></u><span lang="en-US">, (b) consulting or training services provided by GEOVizor either remotely via the Internet or in person, and (c) any support services provided by GEOVizor, including access to GEOVizor&rsquo;s help desk;</span>
</p>
<p align="justify" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">the terms &ldquo;</span><span
lang="en-US"><strong>data controller</strong></span><span
lang="en-US">&rdquo;</span><span
lang="en-US">, &ldquo;</span><span
lang="en-US"><strong>data processor</strong></span><span
lang="en-US">&rdquo;, &ldquo;</span><span lang="en-US"><strong
>data subject</strong></span><span
lang="en-US">&rdquo;, &ldquo;</span><span
lang="en-US"><strong>personal data</strong></span><span
lang="en-US">&rdquo;, &ldquo;</span><span lang="en-US"><strong
>processing</strong></span><span
lang="en-US">&rdquo; and &ldquo;</span><span
lang="en-US"><strong>appropriate technical and organisational measures</strong></span><span
lang="en-US">&rdquo; shall have the meanings given to them under applicable Data Protection Law.</span>
</p>
<h2 align="justify"><strong><span style="font-size: 14px;">2. Subject Matter, Nature and Purpose of GEOVizor&rsquo;s Processing of Personal Data</span></strong>
</h2>
<p align="justify" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">2.1 The subject matter, nature and purpose of the processing of Personal Data under this DPA is GEOVizor performance of the GEOVizor Platform Services (the &ldquo;Services) as further instructed in writing by the Customer in its use of the Services, unless required to do so otherwise by the Data Protection Law, in which case to the extent permitted by the Data Protection Law, GEOVizor shall inform the Customer of this legal requirement prior to carrying out the processing. GEOVizor shall only collect or process Personal Data for the period of rendering of the Services to the extent, and in such a manner, as is necessary for provision of the Services and in accordance with the DPA and the Data Protection Law applicable to GEOVizor.</span>
</p>
<h2><strong><span style="font-size: 14px;">3. Duration</span></strong>
</h2>
<p align="justify" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">3.1 The processing of Personal Data will be carried out by GEOVizor&nbsp;</span><span
lang="en-US">while GEOVizor Account of the Customer is in existence or as needed for the performance of the obligations and rights between GEOVizor and the Customer&nbsp;</span><span
lang="en-US">unless otherwise agreed upon in writing.</span></p>
<h2><strong><span style="font-size: 14px;">4. Type of Personal Data Processed</span></strong>
</h2>
<p align="justify">4.1 The Customer may submit Customer Personal Data to the Services, the
extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but
is not limited to the following categories of Personal Data:</p>
<ul style="margin-left: 40px;">
<li align="justify" lang="ru-RU"><span lang="en-US"><strong
>Account Information.</strong></span><span lang="en-US">&nbsp;When the Customer signs up for a&nbsp;</span><span
lang="en-US">GEOVizor&nbsp;</span><span lang="en-US">Account, it is required certain information such as the name and email.</span><span
lang="en-US">The Customer may update or correct its information and email preferences at any time by visiting the&nbsp;</span><span
lang="en-US">GEOVizor&nbsp;</span><span lang="en-US">Account. GEOVizor can provide the Customer with additional support to access, correct, delete, or modify the information the Customer provided to GEOVizor and associated with the Customer&rsquo;s&nbsp;</span><span
lang="en-US">GEOVizor&nbsp;</span><span lang="en-US">Account. To protect the security, GEOVizor takes reasonable steps (such as requesting any legal information) to verify the identity of the Customer before making corrections. The Customer is responsible for maintaining the secrecy of the password and information of the Customer&rsquo;s&nbsp;</span><span
lang="en-US">GEOVizor&nbsp;</span><span lang="en-US">Account at all times.&nbsp;</span>
</li>
<li align="justify" lang="ru-RU"><span lang="en-US"><strong
>Additional Profile Information.&nbsp;</strong></span><span
lang="en-US">The Customer may choose to provide additional information as part of its&nbsp;</span><span
lang="en-US">GEOVizor</span><span lang="en-US"> profile. Profile information helps the Customer to get more from the&nbsp;</span><span
lang="en-US">GEOVizor Platform</span><span lang="en-US">. It&rsquo;s the Customer&rsquo;s choice whether to include sensitive information on its&nbsp;</span><span
lang="en-US">GEOVizor</span><span lang="en-US"> profile.</span>
</li>
<li align="justify" lang="ru-RU"><span lang="en-US"><strong
>Other Information.</strong></span><span lang="en-US">&nbsp;The Customer may otherwise choose to provide GEOVizor information when the Customer fills in a form, conducts a search, updates or adds information to its GEOVizor Account, responds to surveys, posts to community forums, participates in promotions, or uses other features of the GEOVizor Platform.</span>
</li>
</ul>
<h2 align="justify"><strong><span style="font-size: 14px;">5. GEOVizor Obligations&nbsp;</span></strong>
</h2>
<p style="margin-left: 20px;"><span
lang="en-US">5.1 GEOVizor agrees and/or warrants:&nbsp;</span></p>
<p style="margin-left: 40px;">(a) to process the Personal Data only on behalf of the Customer and in compliance with
its instructions and the DPA; if it cannot provide such compliance for whatever reasons, it agrees to inform
promptly the Customer of its inability to comply, in which case the Customer is entitled to suspend the transfer
of data and/or terminate the Services;</p>
<p style="margin-left: 40px;">(b) that all Personal Data processed on behalf of the Customer remains the property of
the Customer and/or the relevant Data subjects;</p>
<p style="margin-left: 40px;">(c) that it has no reason to believe that the legislation applicable to it prevents it
from fulfilling the instructions received from the Customer and its obligations under the DPA and that in the
event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and
obligations provided by the DPA, it will promptly notify the change to the Customer as soon as it is aware, in
which case the Customer is entitled to suspend the transfer of data and/or terminate the Services;</p>
<p style="margin-left: 40px;"><span lang="en-US">(d) that it has implemented the technical and organizational security measures specified in Appendix 1&nbsp;</span><span
lang="en-US">before processing the Personal Data transferred;</span></p>
<p style="margin-left: 40px;">(e) that it will promptly notify the Customer about:</p>
<p style="margin-left: 60px;">i. any legally binding request for disclosure of the Personal Data by a law
enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the
confidentiality of a law enforcement investigation;</p>
<p style="margin-left: 60px;">ii. any accidental or unauthorized access; and</p>
<p style="margin-left: 60px;">iii. any request received directly from the data subjects without responding to that
request, unless it has been otherwise authorized to do so;</p>
<p align="JUSTIFY" style="margin-left: 40px;">(f) to deal promptly and properly with all inquiries from the Customer
relating to its processing of the Personal Data subject to the transfer and to abide by the advice of the
supervisory authority with regard to the processing of the data transferred;</p>
<p align="JUSTIFY" style="margin-left: 40px;">(g) at the request of the Customer to submit its data-processing
facilities for audit of the processing activities covered by the DPA;</p>
<p align="JUSTIFY" style="margin-left: 40px;">(h) that, in the event of sub-processing, it has previously informed
the Customer and obtained its prior written consent;</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(i) that the processing services by the sub-processor will be carried out in accordance with Section 8;</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(j) to appoint a data protection officer, who performs his/her duties in compliance with the Data Protection Law. The data protection officers contact details are available at GEOVizor web page.</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(k) to entrust only such employees with the data processing outlined in this DPA who have been bound to confidentiality and have previously been familiarized with the data protection provisions relevant to their work. GEOVizor and any person acting under its authority who has access to Personal Data, shall not process that data unless on instructions from the Customer, unless required to do so by the Data Protection Law;&nbsp;</span>
</p>
<p align="JUSTIFY" style="margin-left: 40px;">(l) to monitor periodically the internal processes to ensure that
processing within GEOVizor area of responsibility is in accordance with the requirements of the Data Protection
Law and the protection of the rights of the data subject.</p>
<h2 align="justify"><strong><span style="font-size: 14px;">6. Customer Obligations&nbsp;</span></strong>
</h2>
<p align="justify" style="margin-left: 20px;">6.1 The Customer agrees and/or warrants:&nbsp;</p>
<p align="JUSTIFY" style="margin-left: 40px;">(a) that the processing, including the transfer itself, of the
Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the
Data Protection Law and does not violate the relevant provisions;</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(b) that it has instructed and throughout the duration of the personal data-processing services will instruct GEOVizor to process the Personal Data transferred only on the Customer&rsquo;s behalf and in accordance with the Data Protection Law and the DPA;&nbsp;</span>
&nbsp;</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(c) that GEOVizor will provide sufficient guarantees in respect of the technical and organizational security measures specified in&nbsp;</span>
Appendix 1 t<span lang="en-US">o this DPA;&nbsp;</span></p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(d) that after assessment of the requirements of the Data Protection Law, the security measures are appropriate to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;&nbsp;</span>
&nbsp;</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(e) that it will ensure compliance with the security measures;</span>
&nbsp;</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(f) to</span>
<span lang="en-US">&nbsp;access and use the Services only for legal, authorized, and acceptab</span><span
lang="en-US">le&nbsp;</span><span lang="en-US">purposes. The Customer will not use (or assist others in using) the Services in ways that: (a) violate, misappropriate, or infringe the rights of GEOVizor, its users, or others, including privacy, publicity, intellectual property, or other proprietary rights; (b) are illegal, obscene, defamatory, threatening, intimidating, harassing, hateful, racially, or ethnically offensive, or instigate or encourage conduct that would be illegal, or otherwise inappropriate; (c) involve publishing falsehoods, misrepresentations, or misleading statements; (d) impersonate someone; (e) involve sending illegal or impermissible communications such as bulk messaging, auto-messaging, auto-dialing, and the like; or (f) involve any other use of the Services prescribed in this DPA</span><span
lang="en-US">&nbsp;</span><span lang="en-US">unless otherwise authorized by GEOVizor;</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span
lang="en-US">(g) do&nbsp;</span> <span
lang="en-US">not to (or assist others to) access, use, copy, adapt, modify, prepare derivative works based upon, distribute, license, sublicense, transfer, display, perform, or otherwise exploit the <span
lang="en-US">GEOVizor Platform</span> in impermissible or unauthorized manners, or in ways that burden, impair, or harm GEOVizor, the <span
lang="en-US">GEOVizor Platform</span>, systems, other users, or others, including that the Customer will not directly or through automated means: (a) reverse engineer, alter, modify, create derivative works from, decompile, or extract code from the <span
lang="en-US">GEOVizor Platform</span>; (b) send, store, or transmit viruses or other harmful computer code through or onto the <span
lang="en-US">GEOVizor Platform</span>; (c) gain or attempt to gain unauthorized access to the <span
lang="en-US">GEOVizor Platform</span> or systems; (d) interfere with or disrupt the integrity or performance of the <span
lang="en-US">GEOVizor Platform</span>; (e) create accounts for the <span
lang="en-US">GEOVizor Platform t</span>hrough unauthorized or automated means; (f) collect the information of or about other users in any impermissible or unauthorized manner; (g) sell, resell, rent, or charge for the <span
lang="en-US">GEOVizor Platform</span>; or (h) distribute or make the <span
lang="en-US">GEOVizor Platform&nbsp;</span>available over a network where it could be used by multiple devices at the same time;</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(h) that t</span>
<span lang="en-US">he Customer</span><span lang="en-US">&nbsp;is responsible for keeping the Customer&rsquo;s GEOVizor Account safe and secure, and the Customer will notify GEOVizor promptly of any unauthorized use or security breach of the Customer&rsquo;s Account or the <span
lang="en-US">GEOVizor Platform</span>;</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span
lang="en-US">(i) that GEOVizor</span>&nbsp; <span
lang="en-US">&nbsp;grants the Customer a limited, revocable, non-exclusive, non-sublicensable, and non-transferable license to use the <span
lang="en-US">GEOVizor Platform</span>. This license is for the sole purpose of enabling the Customer to use the <span
lang="en-US">GEOVizor Platform</span>, in the manner permitted by this DPA. No licenses or rights are granted to the Customer by implication or otherwise, except for the licenses and rights expressly granted to the Customer.&nbsp;</span>
</p>
<p align="JUSTIFY" lang="ru-RU"><strong><span style="font-size: 14px;">7. Technical and Organizational Measures</span></strong>
</p>
<p style="margin-left: 20px;"><span lang="en-US">7.1 GEOVizor shall take the appropriate technical and organizational measures to adequately protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, described under Appendix 1.</span><span
lang="en-US">&nbsp;Such measures include but not limited to physical and IT measures, and organizational measures to:</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(a) the prevention of unauthorized persons from gaining access to Personal Data processing systems (physical access control),</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(b) the prevention of Personal Data processing systems from being used without authorization (logical access control),</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(c) ensuring that persons entitled to use a Personal Data processing system gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (data access control),</span>
</p>
<p align="JUSTIFY" style="margin-left: 40px;">(d) ensuring that Personal Data cannot be read, copied, modified or
deleted without authorization during electronic transmission, transport or storage on storage media, and that
the target entities for any transfer of Personal Data by means of data transmission facilities can be
established and verified (data transfer control),</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">(e) ensuring the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data processing systems (entry control),</span>
</p>
<p align="JUSTIFY" style="margin-left: 40px;">(f) ensuring that Personal Data is protected against accidental
destruction or loss (availability control).</p>
<p style="margin-left: 20px;">7.2 The technical and organizational measures are subject to technical progress and
further development. In this respect GEOVizor may implement alternative adequate measure, however, the security
level of the defined measures must never be reduced. Major changes must be documented.</p>
<h2><strong><span
style="font-size: 14px;">8. Sub-Processors</span></strong></h2>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">8.1 The Customer agrees that GEOVizor may engage GEOVizor Affiliate or third parties to process Personal Data in order to assist GEOVizor to deliver the Services on behalf of the Customer (</span><span
lang="en-US"><strong
>&ldquo;Sub-processors&rdquo;</strong></span><span lang="en-US">). GEOVizor has or will enter into written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA to the extent applicable to the nature of the Services provided by such Sub-processor. If the Sub-processor processes the Services outside the EU/EEA, GEOVizor shall ensure that the transfer is made pursuant to European Commission approved standard contractual clauses for the transfer of Personal Data which the Customer authorizes GEOVizor to enter into on its behalf, or that other appropriate legal data transfer mechanisms are used.</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">8.2 The current Sub-processors for the Services are set out at&nbsp;</span><span
lang="en-US"><u><a href="https://GEOVizor.com/en/sub-processors/"
target="_blank">https://GEOVizor.com/en/sub-processors/</a></u></span><span
lang="en-US">&nbsp;(&ldquo;Sub-processor List&rdquo;) and the Customer agrees and approves that GEOVizor has engaged such Sub-processors to process Personal Data as set out in the list. GEOVizor shall provide notification of a new Sub-processor(s) before authorizing any new Sub-processor(s) to process Personal Data in connection with the provision of the applicable Service.</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">8.3 GEOVizor shall notify the Customer thirty (30) days&rsquo; in advance of any intended changes concerning the addition or replacement of any Sub-processor during which period the Customer may raise objections to the Sub-processor&rsquo;s appointment. Any objections must be raised promptly (and in any event no later than fourteen (14) days following GEOVizor&rsquo;s notification of the intended changes). Should GEOVizor choose to retain the objected to Sub-processor, GEOVizor will notify the customer at least fourteen (14) days before authorizing the Sub-processor to process Personal Data and then the Customer may immediately discontinue using the relevant portion of the Services and may terminate the relevant portion of the Services.</span>
</p>
<p align="JUSTIFY" style="margin-left: 20px;">8.4 For the avoidance of doubt, where any Sub-processor fails to
fulfill its obligations under any sub-processing agreement or under applicable law GEOVizor will remain fully
liable to the Customer for the fulfillment of its obligations under this DPA.</p>
<h2><strong><span style="font-size: 14px;">9. Audit</span></strong></h2>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">9.1 In order to confirm compliance with this DPA, the Customer shall be at liberty to conduct an audit by assigning an independent third party who shall be obliged to observe confidentiality in this regard. Any such audit must occur during GEOVizor&rsquo;s normal business hours and will be permitted only to the extent required for the Customer to assess GEOVizor&rsquo;s compliance with this DPA. In connection with any such audit, the Customer will ensure that the auditor will: (a) review any information on GEOVizor&rsquo;s premises; (b) observe reasonable on-site access and other restrictions reasonably imposed by GEOVizor; (c) comply with GEOVizor&rsquo;s policies and procedures, and (d) not unreasonably interfere with GEOVizor&rsquo;s business activities. GEOVizor reserves the right to restrict or suspend any audit in the event of any breach of the conditions specified in this Section 9</span><span
lang="en-US">.&nbsp;</span></p>
<p align="JUSTIFY" style="margin-left: 20px;">9.2 In the event that the Customer, a regulator or data protection
authority requires additional information or an audit related to the Services, then, GEOVizor agrees to submit
its data processing facilities, data files and documentation needed for processing Personal Data to audit by the
Customer (or any third party such as inspection agents or auditors, selected by Customer) to ascertain
compliance with this DPA, subject to being given notice and the auditor entering into a non-disclosure agreement
directly with GEOVizor. GEOVizor agrees to provide reasonable cooperation to Customer in the course of such
operations including providing all relevant information and access to all equipment, software, data, files,
information systems, etc. used for the performance of Services, including processing of Personal Data. Such
audits shall be carried out at the Customer&rsquo;s cost and expense.</p>
<p align="JUSTIFY" style="margin-left: 20px;">9.3 The audit may only be undertaken when there are specific grounds
for suspecting the misuse of Personal Data, and no earlier than two weeks after the Customer has provided
written notice to GEOVizor.</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">9.4 The findings in respect of the performed audit will be discussed and evaluated by the parties and, where applicable, implemented accordingly as the case may be by one of the parties or jointly by both parties. The costs of the audit will be borne by the Customer.</span>
</p>
<h2 align="JUSTIFY"><strong><span style="font-size: 14px;">10. Notification of A Data Breach</span></strong>
</h2>
<p align="JUSTIFY" style="margin-left: 20px;">10.1 In the event of GEOVizor aware of any breach of security that
results in the accidental, unauthorized or unlawful destruction or unauthorized disclosure of or access to
Personal Data GEOVizor shall to the best of its ability, notify the Customer thereof with undue delay, after
which the Customer shall determine whether or not to inform the Data subjects and/or the relevant regulatory
authority(ies). This duty to report applies irrespective of the impact of the leak. GEOVizor will endeavour that
the furnished information is complete, correct and accurate.</p>
<p align="JUSTIFY" style="margin-left: 20px;">10.2 If required by law and/or regulation, GEOVizor shall cooperate in
notifying the relevant authorities and/or Data subjects. The Customer remains the responsible party for any
statutory obligations in respect thereof.</p>
<p align="JUSTIFY" style="margin-left: 20px;">10.3 The duty to report includes in any event the duty to report the
fact that a leak has occurred, including details regarding:</p>
<ul style="margin-left: 40px;">
<li>the (suspected) cause of the leak;</li>
<li>the (currently known and/or anticipated) consequences thereof;</li>
<li>the (proposed) solution;</li>
<li>the measures that have already been taken.</li>
</ul>
<p><strong>11. Deletion and Return of Personal Data</strong></p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">11.1 The parties agree that on the termination of the provision of data-processing services, the GEOVizor and its subcontractors shall, at the choice of the Customer, return all the Personal Data transferred and the copies thereof to the Customer or shall destroy all the Personal Data and certify to the Customer that it has done so, unless legislation imposed upon GEOVizor prevents it from returning or destroying all or part of the Personal Data transferred. In that case, GEOVizor warrants that it will guarantee the confidentiality of the Personal Data transferred and will not actively process the Personal Data transferred anymore. GEOVizor and its subcontractors warrant that upon request of the Customer and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in Section 9</span>
<span lang="en-US">.&nbsp;</span></p>
<h2><strong><span style="font-size: 14px;">12. Governing Law/Forum</span></strong>
</h2>
<p align="JUSTIFY" style="margin-left: 20px;">12.1 This DPA shall be governed by and interpreted in accordance with
the laws of Lithuania.</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">12.2 Any and all claims, disputes or controversies arising under, out of, or in connection with this DPA, breach, termination or validity thereof, which have not been resolved by good faith negotiations between GEOVizor and the Customer within period of thirty (30) calendar days after receipt of a notice from one party to the other requesting negotiations shall be resolved by final and binding arbitration in the Vilnius Court of Commercial Arbitration in accordance with its Rules of Arbitration as in force and effect on the date of the DPA. Disputes shall be settled by a single arbitrator. Arbitration proceedings shall be held in Vilnius, Lithuania. The place of arbitration shall be Vilnius, Lithuania. The language of arbitration shall be English. Relevant documents in other languages shall be translated into English if the arbitrators so direct. All expenses and costs of the arbitrators and the arbitration in connection therewith will be shared equally, except that GEOVizor and the Customer will each bear the costs of its own prosecution and defense, including without limitation attorney&rsquo;s fees and the production of witnesses and other evidence. Any award rendered in such arbitration shall be final and may be enforced by either party.</span>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">12.3 The parties agree to keep all details of the arbitration proceedings and arbitral award strictly confidential and shall use all reasonable efforts to take such action as may be appropriate to prevent the unauthorized disclosure of the proceedings, any information disclosed in connection therewith and the award granted.</span>
</p>
<h2><span style="font-size: 18px;">Appendix No. 1</span></h2>
<p align="JUSTIFY"><strong>Description of the technical and organizational
measures implemented by GEOVizor:</strong></p>
<p align="JUSTIFY">GEOVizor shall implement the measures described in this appendix, provided
that the measures directly or indirectly contribute or can contribute to the protection of Personal Data during
the period of GEOVizor&rsquo;s Services rendering to the Customer. If GEOVizor believes that a measure is not
necessary for the respective Service or part thereof, GEOVizor will justify this and come to an agreement with
the Customer.</p>
<p align="JUSTIFY">The technical and organizational measures are subject to technical progress
and development. In this respect GEOVizor is permitted to implement alternative adequate measures. The level of
security must align with industry security best practice and not less than, the measures set forth herein. All
major changes are to be agreed with the Customer and documented.</p>
<h2><strong><span
style="font-size: 14px;">1. Risk management</span></strong></h2>
<p style="margin-left: 20px;"><strong>1.1 Security risk management</strong></p>
<p style="margin-left: 40px;">1.1.1 GEOVizor shall identify and evaluate security risks related to confidentiality,
integrity and availability and based on such evaluation implement appropriate technical and organizational
measures to ensure a level of security which is appropriate to the risk.</p>
<p style="margin-left: 40px;">1.1.2 GEOVizor shall have documented processes and routines for handling risks within
its operations.</p>
<p style="margin-left: 40px;">1.1.3 GEOVizor shall periodically assess the risks related to information systems and
processing, storing and transmitting information.</p>
<p style="margin-left: 20px;"><strong>1.2 Security risk management for personal data</strong>
</p>
<p align="JUSTIFY" style="margin-left: 40px;">1.2.1 GEOVizor shall identify and evaluate security risks related to
confidentiality, integrity and availability and based on such evaluation implement appropriate technical and
organizational measures to ensure a level of security which is appropriate to the risk of the specific Personal
Data types and purposes being processed by GEOVizor, including inter alia as appropriate:</p>
<ul style="margin-left: 60px;">
<li><span lang="en-US">The pseudonymisation and encryption of Personal Data;</span>
</li>
<li><span lang="en-US">The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;</span>
</li>
<li><span lang="en-US">The ability to restore the availability and access to the Customer&rsquo;s Data in a timely manner in the event of a physical or technical incident;</span>
</li>
<li><span lang="en-US">A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.</span>
</li>
</ul>
<p align="JUSTIFY" style="margin-left: 40px;">1.2.2 GEOVizor shall have documented processes and routines for
handling risks when processing Personal Data on behalf of the Customer.</p>
<p align="JUSTIFY" style="margin-left: 40px;">1.2.3 GEOVizor shall periodically assess the risks related to
information systems and processing, storing and transmitting Personal Data.</p>
<p style="margin-left: 20px;"><strong>1.3&nbsp;</strong><strong><strong
>Information security policies</strong>&nbsp;</strong>
</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 40px;"><span lang="en-US">1.3.1 GEOVizor shall have a defined and documented information security management system including an information security policy and procedures in place, which shall be approved by GEOVizor&rsquo;s management. They shall be published within GEOVizor&acute;s organization and communicated to relevant GEOVizor personnel.</span>
</p>
<p align="JUSTIFY" style="margin-left: 40px;">1.3.2 GEOVizor shall periodically review GEOVizor&rsquo;s security
policies and procedures and update them if required to ensure their compliance with this Appendix.</p>
<h2 align="JUSTIFY"><strong><span style="font-size: 14px;">2. Organization of information security</span></strong>
</h2>
<p align="JUSTIFY" style="margin-left: 20px;">2.1 GEOVizor shall have defined and documented security roles and
responsibilities within its organization.</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">2.2 GEOVizor shall appoint at least one data protection officer who has appropriate security competence and who has an overall responsibility for implementing the security measures under this Appendix and who will be the contact person for the Customer&rsquo;s security staff.</span>
</p>
<h2 lang="ru-RU"><strong><span style="font-size: 14px;">3. Human resource security</span></strong>
</h2>
<p align="JUSTIFY" style="margin-left: 20px;">3.1 GEOVizor shall ensure that GEOVizor personnel handles information
in accordance with the level of confidentiality required under the DPA.</p>
<p align="JUSTIFY" style="margin-left: 20px;">3.2 GEOVizor shall ensure that relevant GEOVizor personnel is aware of
the approved use (including use restrictions as the case may be) of information, facilities and systems under
the DPA.</p>
<p align="JUSTIFY" style="margin-left: 20px;">3.3 GEOVizor shall ensure that any GEOVizor personnel performing
assignments under the Agreement is trustworthy, meets established security criteria and has been, and during the
term of the assignment will continue to be, subject to appropriate screening and background verification.</p>
<p align="JUSTIFY" style="margin-left: 20px;">3.4 GEOVizor shall ensure that GEOVizor personnel with security
responsibilities is adequately trained to carry out security related duties.</p>
<p align="JUSTIFY" lang="ru-RU" style="margin-left: 20px;"><span lang="en-US">3.5 GEOVizor shall provide or ensure periodical security awareness training to relevant GEOVizor personnel.&nbsp;</span>Such
GEOVizor training shall include, without limitation:</p>
<p align="JUSTIFY" style="margin-left: 40px;">(a) How to handle customer information security (i.e. the protection
of the confidentiality, integrity and availability of information);</p>
<p align="JUSTIFY" style="margin-left: 40px;">(b) Why information security is needed to protect customers
information and systems;</p>
<p align="JUSTIFY" style="margin-left: 40px;">(c) The common types of security threats (such as identity theft,
malware, hacking, information leakage and insider threat);</p>
<p align="JUSTIFY" style="margin-left: 40px;">(d) The importance of complying with information security policies and
applying associated standards/procedures;</p>
<p align="JUSTIFY" style="margin-left: 40px;">(e) Personal responsibility for information security (such as
protecting customer&rsquo;s privacy-related information and reporting actual and suspected data breaches).</p>
<p lang="ru-RU"></p>
<h2 lang="ru-RU"><strong><span
style="font-size: 14px;">4. Access control</span></strong></h2>
<p align="JUSTIFY">GEOVizor shall have a defined and documented access control policy for
facilities, sites, network, system, application and information/data access (including physical, logical and
remote access controls), an authorization process for user access and privileges, procedures for revoking access
rights and an acceptable use of access privileges for GEOVizor personnel in place.</p>
<p align="JUSTIFY">GEOVizor shall have a formal and documented user registration and
de-registration process implemented to enable assignment of access rights.</p>
<p align="JUSTIFY">GEOVizor shall assign all access privileges based on the principle of
need-to-know and principle of least privilege.</p>
<p align="JUSTIFY">GEOVizor shall use strong authentication (multi-factor) for remote access
users and users connecting from an untrusted network.</p>
<p align="JUSTIFY" lang="ru-RU"><span lang="en-US">GEOVizor shall ensure that GEOVizor personnel has a personal and unique identifier (user ID), and use an appropriate authentication technique, which confirms and ensures the identity of users.</span>
</p>
<h2><strong><span style="font-size: 14px;">5. Physical and environmental security</span></strong>
</h2>
<p align="JUSTIFY">GEOVizor shall protect information processing facilities against external
and environmental threats and hazards, including power/cabling failures and other disruptions caused by failures
in supporting utilities. This includes physical perimeter and access protection.</p>
<p></p>
<h2><strong><span
style="font-size: 14px;">6. Operations security</span></strong></h2>
<p align="JUSTIFY">GEOVizor shall have an established change management system in place for
making changes to business processes, information processing facilities and systems. The change management
system shall include tests and reviews before changes are implemented, such as procedures to handle urgent
changes, roll back procedures to recover from failed changes, logs that show, what has been changed, when and by
whom.</p>
<p align="JUSTIFY">GEOVizor shall implement malware protection to ensure that any software used
for GEOVizor&rsquo;s provision of the Services to the Customer is protected from malware.</p>
<p align="JUSTIFY">GEOVizor shall make backup copies of critical information and test back-up
copies to ensure that the information can be restored as agreed with the Customer.</p>
<p align="JUSTIFY" lang="ru-RU"><span lang="en-US">GEOVizor shall log and monitor activities, such as create, reading, copying, amendment and deletion of processed data, as well as exceptions, faults and information security events and regularly review these. Furthermore, GEOVizor shall protect and store (for at least 6 months or such period/s set by Data Protection Law) log information, and on request, deliver monitoring data to the Customer. Anomalies / incidents / indicators of compromise shall be reported according to the data breach management requirements as set out in&nbsp;</span>clause
9<span lang="en-US">, below.</span></p>
<p align="JUSTIFY">GEOVizor shall manage vulnerabilities of all relevant technologies such as
operating systems, databases, applications proactively and in a timely manner.</p>
<p align="JUSTIFY">GEOVizor shall establish security baselines (hardening) for all relevant
technologies such as operating systems, databases, applications.</p>
<p align="JUSTIFY">GEOVizor shall ensure development is segregated from test and production
environment.</p>
<h2 lang="ru-RU"><strong><span style="font-size: 14px;">7. Communications security</span></strong>
</h2>
<p align="JUSTIFY">GEOVizor shall implement network security controls such as service level,
firewalling and segregation to protect information systems.</p>
<h2><strong><span style="font-size: 14px;">8. GEOVizor relationship with sub-suppliers</span></strong>
</h2>
<p align="JUSTIFY">GEOVizor shall reflect the content of this Appendix in its agreements with
Sub-processors that perform tasks assigned under the DPA.</p>
<p align="JUSTIFY">GEOVizor shall regularly monitor, review and audit Sub-processor&rsquo;s
compliance with this Appendix.</p>
<p align="JUSTIFY">GEOVizor shall, at the request of the Customer, provide the Customer with
evidence regarding Sub-processor&rsquo;s compliance with this Appendix.</p>
<h2><strong><span
style="font-size: 14px;">9. Data breach management</span></strong></h2>
<p>GEOVizor shall have established procedures for data breach management.</p>
<p align="JUSTIFY" lang="ru-RU"><span lang="en-US">GEOVizor shall inform the Customer about any data breach (including but not limited to incidents in relation to the processing of Personal Data) as soon as possible but no later than within 36 hours after the data breach has been identified.</span>
</p>
<p align="JUSTIFY">All reporting of security-related incidents shall be treated as confidential
information and be encrypted, using industry standard encryption methods.</p>
<p align="JUSTIFY">The data breach report shall contain at least the following information:</p>
<p align="JUSTIFY" style="margin-left: 20px;">(a) The nature of the data breach,</p>
<p align="JUSTIFY" style="margin-left: 20px;">(b) The nature of the Personal Data affected,</p>
<p align="JUSTIFY" style="margin-left: 20px;">(c) The categories and number of data subjects concerned,</p>
<p align="JUSTIFY" style="margin-left: 20px;">(d) The number of Personal Data records concerned,</p>
<p align="JUSTIFY" style="margin-left: 20px;">(e) Measures taken to address the data breach,</p>
<p align="JUSTIFY" style="margin-left: 20px;">(f) The possible consequences and adverse effect of the data breach,
and</p>
<p align="JUSTIFY" style="margin-left: 20px;">(g) Any other information the Customer is required to report to the
relevant regulator or data subject.</p>
<p align="JUSTIFY" lang="ru-RU"><span lang="en-US">To the extent legally possible, GEOVizor may claim compensation for support services under this clause 9&nbsp;</span><span
lang="en-US">which are not attributable to failures on the part of GEOVizor.</span></p>
<h2><strong><span style="font-size: 14px;">10. Business continuity management</span></strong>
</h2>
<p align="JUSTIFY">GEOVizor shall identify business continuity risks and take necessary actions
to control and mitigate such risks.</p>
<p align="JUSTIFY">GEOVizor shall have documented processes and routines for handling business
continuity.</p>
<p align="JUSTIFY">GEOVizor shall ensure that information security is embedded into the
business continuity plans</p>
<p align="JUSTIFY">GEOVizor shall periodically assess the efficiency of its business continuity
management, and compliance with availability requirements (if any).</p>
</div>
</body>
</html>