Contractual standards for Data Processing on Behalf, last revised December 8, 2014 PART 1: CONTRACT ENSURING DATA PROTECTION AND INFORMATION SECURITY 1 DESCRIPTION OF THE CONTRACT (1) The subject matter of the Contract is the collection, processing, and use of personal data by Processor on behalf of Controller and in accordance with Controller's instructions as part of the service described in the Main Agreement. This Contract also applies mutatis mutandis to (remote) testing and maintenance of automated procedures or data processing systems if it is not possible to rule out access to personal data when such work is carried out. Reference Main Agreement; describe the subject matter of the contract, if there is no Main Agreement or if the Main Agreement does not include regulations regarding data processing) (2) 7erm of this Contract Processor will collect, process or use Controller's data for the following term: (Please specify contract term. In case a Main Agreement exists, and contract terms are identical, reference to the Main Agreement is possible) (3) Type of personal data used Processor will have access to the following personal data: (Please list relevant data, e.g. name, address, user-ID etc.) (4) Scope, nature, and purpose involved in collecting, processing, and/or using personal data: Processor shall provide the following services for Controller in relation to the data specified in subclause 3: (Please describe in concrete terms which services the Processor shall provide in connection with the Data Processing on Behalf. If these services are already described in the Main Agreement, a reference to the Main Agreement may be used: e.g. “Processor provides the services as described under section … of the Main Agreement”) Page 3 of 20