Pockyt Data Processing Agreement

Last revision: 31 May 2021

This Data Processing Agreement, including its exhibits, (the “Agreement”) governs the Processing of Personal Data by Yuansfer, Inc, having an address at 28 Liberty St 6th Floor, New York, NY 10005, the United States (the “Processor”). The Processor owns and operates the payment solution service entitled ‘Pockyt’, the website https://www.pockyt.io, the related domain names, and software applications (collectively, “Pockyt”). This Agreement governs the Processing of Personal Data submitted by an individual user or an entity accessing and using Pockyt (the “Client”). The Processor and the Client are hereby collectively referred to as the “Parties” and each individually a “Party”.

The Agreement sets out rights and obligations of the Parties regarding the Processing of Personal Data, where the Processor acts in the capacity of the Data Processor and the Client acts in the capacity of the Data Controller. The Agreement is drafted in accordance with EU Standard Contractual Clauses attached as Exhibit I of the Agreement.

By concluding the Agreement (i.e., accepting Pockyt Terms of Service), the Client enters into this Agreement on behalf of itself and, to the extent required under applicable Data Protection Law, in the name and on behalf of its authorised affiliates, if and to the extent the Processor processes the Personal Data for which such authorised affiliates qualify as the Data Controller.

1. Definitions

2. Subject matter of Processing

3. Scope, nature, and purpose of Processing

4. Categories of Personal Data

5. Categories of Data Subjects

6. Duration of Processing

7. Security of Processing

8. Correction and deletion of Personal Data

9. Processor’s obligations

10. Sub-processors

11. Personal Data breaches

12. Notifications

13. Instructions

14. Transfer mechanisms

15. Miscellaneous

Attached Exhibit I:Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Commission Decision C(2010)593

Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

Name of the data exporting Organization: the name of the Client using Pockyt

Address: the address of the Client using Pockyt

Tel.: the phone number of the Client using Pockyt

E-mail: the email address of the Client using Pockyt(the data exporter)

And

Name of the data importing Organization: Mason Lin

Address: 28 Liberty St 6th Floor, New York, NY 10005, the United States

Tel.: 

E-mail: support@pockyt.io

Other information needed to identify the Organization: https://www.pockyt.io(the data importer)each a “party”; together “the parties”,HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.Clause 1Definitions

For the purposes of the Clauses:

Clause 2Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.Clause 3Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.Clause 4Obligations of the data exporter

The data exporter agrees and warrants:

Clause 5Obligations of the data importer

The data importer agrees and warrants:

Clause 6Liability

Clause 7Mediation and jurisdiction

Clause 8Cooperation with supervisory authorities

Clause 9Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.Clause 10Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.Clause 11Subprocessing

Clause 12Obligation after the termination of personal data processing services

APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer): an individual or a business entity using the payment solution provided by the data importer.

Data importer

The data importer is (please specify briefly activities relevant to the transfer): the provider of the payment solution service entitled ‘Pockyt’, the website https://www.pockyt.io, the related domain names, and software applications.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify): the affected data subjects include natural persons whose personal data is submitted by the data exporter to the data importer within the scope of the payment solution services provided by the data importer to the data exporter.

Categories of data

The personal data transferred concern the following categories of data (please specify): None

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify): none.

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify): collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data within the scope of the services commissioned by the data exporter from the data importer.APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

INDEMNIFICATION CLAUSE

Liability

The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses or loss it has incurred.

Indemnification is contingent upon: