Contractual standards for Data Processing on Behalf, last revised December 8, 2014 • Action taken to prevent uncontrolled information outflow: o USB interface deactivation............................................................................ ☐ ☐ o Restriction of rights for data transfer ............................................................. ☐ ☐ o Regular checks on permitted recipients ......................................................... ☐ ☐ o Forwarding restricted to permitted recipients by technical measures ............ ☐ ☐ c) Please use the following field (free text) for details of additional or other measures you have implemented or if you would like to provide more specific information on the above items: (Please use additional sheet if necessary.) d) If disclosure control is not relevant to the services subject to this Agreement, please briefly state the reasons below: (Please use additional sheet if necessary.) 5. Input control Definition: Input control refers to the action taken to ensure that retrospective checks can be carried out to establish whether personal data in data processing systems has been entered, modified, or removed and, if so, by whom. a) Who holds overall responsibility for implementing and ensuring compliance with input control? Controller Processor b) What action is taken to implement input control and who carries out this action? (Please select appropriate answers and mark with a cross, as applicable) Co Pr • Inputs/Changes logged .............................................................................................. ☐ ☐ Page 13 of 20

Cooperation Agreement |  Startup adVANce Challenge - Page 40 Cooperation Agreement |  Startup adVANce Challenge Page 39 Page 41