WALLET PARTNER ADDENDUM

This addendum (the “Addendum”), in addition to the Terms and Conditions found in https://pdax.ph/terms-and-conditions, and all rules and policies incorporated therein by reference, shall govern your relationship with PDAX when creating, accessing, and using your PDAX Account. This is deemed incorporated into the Terms and Conditions. In case of conflict between the Terms and Conditions and this Addendum, this Addendum shall govern.

I. WALLET PARTNER AGREEMENT

1. DEFINITIONS

In addition to the definitions in the Terms and Conditions, the following definitions apply:

1. ATC means Anti-Terrorism Council.
   1. HMT means Her Majesty’s Treasury.
   2. FATF means Financial Action Task Force.
   3. OFAC means Office of Foreign Assets Control of the US Department of Treasury.
   4. Sanctions means the economic sanctions, laws, regulations, embargoes or restrictive measures administered, enacted or enforced by the Sanctions Authorities.
   5. Sanctions Authorities means the: (i) Philippines; (ii) United States government; (iii) United Nations; (iv) European Union; (v) United Kingdom; or, (vi) respective governmental institutions and agencies of any of the foregoing, including, without limitation, the OFAC, UNSC, HMT, FATF, and Anti-Terrorism Council.
   6. UNSC means United Nations Security Council.
   7. User’s Clients refers to specific senders and corresponding receivers for whose benefit, the User avails of Services under the Terms and Condition and this Addendum.

2. GENERAL POLICY

The User has agreed to open a PDAX Account, solely for the purpose of Digital Asset custodial services and wallet services.

3. LIMITATIONS ON PDAX PLATFORM USAGE

1. You shall use the PDAX Platform, solely for Digital Asset wallet and custodial services.
2. You are not permitted to Trade, Buy, or Sell Digital Assets using your PDAX Account.
3. You are not permitted to cash-in or cash-out using your PDAX Account.

All provisions of the Terms and Conditions pertaining to trading, buying, or selling of Digital Assets, and cashing-in or cashing-out of Fiat Currency, do not apply to you. The Exchange Rules and Broker-Dealer Rules do not apply to you.

4. KYC PROTOCOLS

For some Users covered by this Addendum, Digital Assets transferred to, or withdrawn from, the PDAX Account, constitute an aggregated sum composed of various sums pertaining to the User’s Clients. Accordingly, the User hereby undertakes and certifies that:

1. the User has conducted, is conducting, and will continue to conduct, the prescribed identification procedures for the User’s Clients in accordance with the relevant laws, rules and regulations of the BSP such as Part Nine of Q-Regulations of the Manual of Regulations for Non-Bank Financial Institutions, as may be amended from time to time, BSP Circular No. 706, as amended by BSP Circulars No. 950 and No. 1022 and as may be further amended from time to time, and its own MLPP, including the face-to-face contact requirement, to establish the existence of the ultimate User’s Clients and has in its custody all the minimum information and/or documents required to be obtained from the User’s Clients;
2. PDAX shall have the ability to obtain identification documents of all of the User’s Clients, including senders and receivers, from the User, upon request without delay, with the User’s warranty that it has secured the consent of the User’s Clients to share such information;
3. the laws of all countries where the User is operating has User’s Clients’ identification process requirements which are equal to, or more stringent than, those of the Republic of the Philippines, and the User has not been cited in violation thereof;
4. if the standards of the country where the User is operating has User’s Clients’ identification process requirements which are less stringent than those of the Republic of the Philippines, the User shall follow the standards of the Republic of the Philippines;
5. the User shall actively inform PDAX of: (i) the level of country risk, for all jurisdictions where it operates; (ii) the nature of its business and reputation; (iii) entities responsible for, and the quality of, its supervision, regulation, and monitoring; and (iv) any money-laundering or terrorist financing investigation or regulatory action which it may have been involved in;
6. the User has conducted, and continues to conduct the required screening of its Users against established sanctions lists, i.e. the “Specially Designated Nationals and Blocked Persons” list maintained by the Sanctions Authorities, or any similar list maintained by, or public announcement of Sanctions designation made by them;
7. the User has not, does not, and will not endorse or allow access to PDAX’s Services any of the User’s Clients who is a positive match in any of the aforementioned sanctions lists;
8. the User has not been reprimanded or cited for unsatisfactory, insufficient, inadequate Anti-money Laundering/Counter-Terrorist Financing policies, procedures or practices at any time such as but not limited to regulatory examination;
9. the User has not been subject to money laundering, terrorist financing, or proliferation financing investigation or regulatory action;
10. the User has measures in place for the conduct of due diligence and record-keeping requirements in relation to the User’s Clients, compliant with all requirements of all jurisdictions where it operates; and
11. the User permits PDAX to conduct periodic KYC reliance & MLPP (or equivalent MLPP procedures) account reviews as PDAX sees fit, and undertakes to provide additional documentation, without delay, as may be necessary to fully accomplish the review.

You will be required by PDAX to execute a written certification of the foregoing undertakings.

5. FEES

You may be charged fees different from those charged to regular PDAX Accounts, which will be made known to you before you are charged.

II. DATA OUTSOURCING AGREEMENT

This Data Outsourcing Agreement (the “Sub-Agreement”) is made and executed by and between the User and PDAX.

RECITALS:

1. The Parties have agreed to enter into an agreement wherein the User shall open a PDAX Account, solely for custodial and wallet services;

2. During the course of the User’s usage of the Services, it is understood that Digital Assets transferred to, or withdrawn from, the PDAX Account, constitute an aggregated sum composed of various sums pertaining to a specific list of the User’s Clients;

3. PDAX could potentially process the Personal Data of the User’s Clients; and

4. The Parties agree that the User is the Personal Information Controller and PDAX is the Personal Information Processor, as defined in the DPA.

NOW, THEREFORE, for and in consideration of the foregoing premises and mutual covenants stated hereunder, PDAX and User hereto agree as follows:

1. Term – This Sub-Agreement shall have the duration indicated in the DOD.

2. Adherence to the Data Privacy Act of 2012 – The Parties hereby adhere to the DPA, recognizing the importance of appropriate privacy protections for data subjects.

3. Definitions

   1. DOD means Data Outsourcing Details, to be executed separately by the Parties, which contains the subject matter of processing, duration of processing, purposes of processing, Data Subjects and Personal Data types, geographic location of processing, and details of sub-contracting to third-parties.

   2. Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

   3. Sensitive Personal Information refers to personal information:

      • About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
      • About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
      • Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
      • Specifically established by an executive order or an act of Congress to be kept classified.

   4. Personal Data refers to both personal information, sensitive personal information, and privileged information.

   5. Processing refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.

   6. Data Outsourcing is the disclosure or transfer of Personal Data by a Personal Information Controller to a Personal Information Processor.

   7. DPA means Republic Act 10173, also known as, Data Privacy Act of 2012, its Implementing Rules and Regulations, and the issuances of the National Privacy Commission.

   8. Data Protection Officer is any individual/s designated by the Personal Information Controller or Personal Information Processor who is accountable for compliance with the DPA.

   9. Data Subject refers to an individual whose personal, sensitive personal, or privileged information is processed.

   10. Security Incident is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place.

   11. Personal Data Breach’ refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. A personal data breach may be in the nature of:

       • An availability breach resulting from loss, accidental or unlawful destruction of personal data;
       • Integrity breach resulting from alteration of personal data; and/or
       • A confidentiality breach resulting from the unauthorized disclosure of or access to Personal Data.

   12. Personal Information Controller refers to a natural or juridical person, or any other body who controls the processing of Personal Data, or instructs another to process Personal Data on its behalf. The term excludes:

       • A natural or juridical person, or any other body, who performs such functions as instructed by another person or organization; or
       • A natural person who processes personal data in connection with his or her personal, family, or household affairs

       There is control if the natural or juridical person or any other body decides on what information is collected, or the purpose or extent of its processing.

   13. Personal Information Processor refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of Personal Data pertaining to a Data Subject.

   14. Receiving Party refers to the party to whom the Personal Data was disclosed to.

   15. Sharing Party refers to the party disclosing the Personal Data.

   16. Technical, Physical, and Organizational Security Measures, or TPOSM means those measures aimed at protecting Personal Information transmitted, stored, or otherwise processed against improper, unauthorized, accidental or unlawful processing, destruction or loss, disposal, alteration, disclosure, or access, and against all other unauthorized and unlawful forms of processing.

4. Roles of the Parties – User is the Personal Information Controller of the Personal Data disclosed to PDAX. PDAX is a Personal Information Processor, i.e., it processes such Personal Data upon the instruction of the User.

   In the event that either party takes on the role of a Personal Information Controller or Personal Information Processor, as defined under the DPA, such party herein undertakes to implement the necessary measures, and execute its role as Personal Information Controller or Personal Information Processor, as the case may be, in relation to any Personal Data which comes into its possession by virtue of the Terms and Conditions and this Addendum, in accordance with the DPA.

5. Personal Data to be Collected and Processed – PDAX shall process only the Personal Data listed in the DOD, in accordance with the terms of this Sub-Agreement.

   The terms of this Sub-Agreement shall apply to Personal Data in all its forms. It may be on paper, stored electronically, held on film, microfiche, or other media. It includes text, pictures, audio, and video. It covers information transmitted by post, by electronic means, and by oral communication, including telephone and voicemail. It applies throughout the lifecycle of the data from creation, collection, storage, utilization, to disposal. The terms of this Sub-Agreement apply to all officers, employees, and clients of both Parties where they are performing their duties in relation to this Sub-Agreement.

6. Purposes of Processing – PDAX shall process the Personal Data only for the purposes listed in the DOD.

   The User may, at any time and upon written instructions to PDAX, require PDAX to process the Personal Data pursuant to and consistent with the following purposes:

   • Comply with statutory and regulatory requirements, including directives, issuances by, or obligations of User to any competent authority, regulator, supervisory body, enforcement agency, exchange, court, quasi-judicial body, or tribunal;
   • Enable User to exercise sound corporate governance over its businesses, ensure that risks arising therefrom are duly identified, measured, managed and mitigated, and enhance risk assessment and prevent fraud;
   • Enable User to conduct User audits or investigate a complaint or security threat;
   • Other legitimate business purposes of the User and PDAX;
   • Establish, exercise, or defend PDAX’s legal claims;
   • Fulfill any other purposes directly related to the above-stated purposes.

7. Geographic Location of the Processing – The Personal Data shall be processed by PDAX at the geographic location specified in DOD.

   PDAX shall, at least thirty (30) days prior to effecting any change in the geographic location, notify the User in writing of such intended change and provide reasonable proof that such change shall not adversely affect the TPOSM currently in place or impact the privacy rights of the Data Subjects.

8. Obligations of User – Pursuant to the requirements of the DPA, the User hereby undertakes to:

   • Secure the written consent of each Data Subject;
   • Process personal data to the extent allowed by the Data Subject;
   • Specify the persons and/or entities authorized to receive, access, process, and/or transmit the information obtained and processed by PDAX, giving PDAX the right to refuse to give information to persons or entities not designated by User.

9. Obligations of PDAX – Pursuant to the requirements of the DPA, PDAX hereby undertakes to:

   • Process Personal Data only upon the documented instructions of User, including transfers of personal data to another country or an international organization, to the extent contemplated under the DOD, unless such transfer is authorized by law;
   • Ensure that an obligation of confidentiality is imposed on persons authorized to process the Personal Data;
   • Implement appropriate security measures and comply with the DPA;
   • Not engage another processor without prior instruction from User: provided, that any such arrangement shall ensure that the same obligations for data protection under the contract or legal act are implemented, taking into account the nature of the processing;
   • Assist the Personal Information Controller, by appropriate TPOSM and to the extent possible, fulfill the obligation to respond to requests by Data Subjects relative to the exercise of their rights;
   • Make available to the User all information necessary to demonstrate compliance with the obligations laid down in the DPA, and allow for and contribute to audits, including inspections;
   • Immediately inform the User if, in its opinion, an instruction infringes the DPA;
   • Assist User in ensuring compliance with the DPA, taking into account the nature of processing and the information available to PDAX;
   • At the choice of the User, delete or return all Personal Data to the User upon termination of, and subject to, the Agreement; and
   • Report all available information to the User within twelve (12) hours from knowledge of, or reasonable belief that, a personal data breach or a security incident has occurred, and extend full cooperation to the User to enable the User to comply with its obligations under the DPA.

10. Security Obligations – Pursuant to its obligation to maintain the appropriate TPOSM, PDAX warrants that, at minimum, it shall have the following security measures:

    Organizational Security Measures

    1. That it has a designated individual who functions as Data Protection Officer.
    2. That it has implemented appropriate data protection policies that provide for TPOSM, taking into account the nature, scope, context, and purposes of the processing, as well as the risks posed to the rights and freedoms of Data Subjects.
       • The policies shall implement data protection principles both at the time of the determination of the means for processing and at the time of the processing itself.
       • The policies shall implement appropriate security measures that, by default, ensure only Personal Data which is necessary for the specified purpose of the processing are processed. They shall determine the amount of Personal Data collected, including the extent of processing involved, the period of their storage, and their accessibility.
       • The policies shall provide for documentation, regular review, evaluation, and updating of the privacy and security policies and practices.
    3. That it shall maintain records that sufficiently describe its data processing system and identify the duties and responsibilities of those individuals who will have access to Personal Data. Records shall include:
       • Information about the purpose of the processing of Personal Data, including any intended future processing or data sharing;
       • A description of all categories of Data Subjects, Personal Data, and recipients of such Personal Data that will be involved in the processing;
       • General information about the data flow within the organization, from the time of collection, processing, and retention, including the time limits for disposal or erasure of Personal Data;
       • A general description of the TPOSM in place; and
       • The name and contact details of each Party, its representatives, the sub-Users (if applicable), and the compliance officer or Data Protection Officer, or any other individual or individuals accountable for ensuring compliance with the applicable laws and regulations for the protection of data privacy and security.
    4. That its employees shall operate and hold Personal Data under strict confidentiality. This obligation shall continue even upon termination of the employee’s employment.

Physical Security Measures

1. That it has implemented policies and procedures to monitor and limit access to and activities in the room, workstation or facility, including guidelines that specify the proper use of and access to electronic media;
2. That the design of its office space and work stations, including the physical arrangement of furniture and equipment, shall provide privacy to anyone processing personal data, taking into consideration the environment and accessibility to the public;
3. That the duties, responsibilities and schedule of individuals involved in the processing of personal data are clearly defined to ensure that only the individuals actually performing official duties shall be in the room or work station, at any given time;
4. That it has implemented policies and procedures regarding the transfer, removal, disposal, and re-use of electronic media, to ensure appropriate protection of Personal Data; and
5. That it has implemented policies and procedures that prevent the mechanical destruction of files and equipment. The room and workstation used in the processing of Personal Data shall, as far as practicable, be secured against natural disasters, power disturbances, external access, and other similar threats.

Technical Security Measures

1. That it has implemented safeguards to protect their computer network against accidental, unlawful or unauthorized usage, any interference which will affect data integrity or hinder the functioning or availability of the system, and unauthorized access through an electronic network;
2. That it has the ability to ensure and maintain the confidentiality, integrity, availability, and resilience of their processing systems and services;
3. That it performs regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a Personal Data Breach;
4. That it has the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
5. That it has a process for regularly testing, assessing, and evaluating the effectiveness of security measures; and
6. That it encrypts Personal Data during storage and while in transit, authentication process, and it has implemented other technical security measures that control and limit access.

10.1 Indemnification – User agrees to irrevocably, unconditionally, and fully indemnify and hold PDAX, its directors, officers, employees, sub-contractors, and agents, free and harmless from and against any and all claims, suits, actions or demands or losses, damages, costs and expenses including, without limiting the generality of the foregoing, attorney’s fees and costs of suit that User may face, suffer or incur by reason or in respect of:

• User’s or the User’s Client’s breach of any of the warranties and obligations set forth in this Agreement, regardless of the cause of such breach; or

• Any act, omission or negligence of the User or the User’s Clients that causes or results in the breach of obligations under the DPA.

11. Data Subject Rights – Each Party shall respect the following rights accorded to Data Subjects by the DPA:

1. Right to be informed. Data Subjects have the right to be informed whether Personal Data pertaining to them shall be, are being, or have been processed, including the existence of automated decision-making and profiling. This Sub-Agreement may be accessed by the Data Subject upon written request submitted to any of the Parties.
2. Right to object. Data Subjects have the right to object to the processing of their Personal Data, including processing for direct marketing, automated processing or profiling. They may withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the Data Subject.
3. Right to access. Data Subjects have the right to request access to any of their Personal Data, subject to certain restrictions.
4. Right to rectification. Data Subjects have the right to dispute the inaccuracy or error in the Personal Data and have the PIC correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.
5. Right to erasure or blocking. Data Subjects have the right to suspend, withdraw or order the blocking, removal or destruction of his or her Personal Data from the PIC’s filing system.
6. Right to damages. Data Subjects have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of the rights and freedoms of the Data Subject.
7. Right to lodge a complaint with the National Privacy Commission.

12. Communications Regarding Data Privacy Concerns – For questions, requests, and notifications, communication may be directed to each Party’s designated Data Protection Officer or his/her replacement or substitute.

13. Notarized Data Outsourcing Agreement - You may be required to execute a notarized Data Outsourcing Agreement.

III. CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT

This Confidentiality and Non-Disclosure Agreement (the “Sub-Agreement”) is made and executed by and between the User and PDAX.

RECITALS:

1. The Parties have agreed to enter into an agreement wherein the User shall open a PDAX Account, solely for custodial and wallet services;
2. During the course of the User’s usage of the Services, it is understood that Digital Assets transferred to, or withdrawn from, the PDAX Account, constitute an aggregated sum composed of various sums pertaining to a specific list of the User’s Clients;
3. During the course of the performance of the Services, a Disclosing Party may disclose Confidential Information to the Receiving Party.

NOW, THEREFORE, for and in consideration of the foregoing premises and mutual covenants stated hereunder, PDAX and User hereto agree as follows:

1. Definition of Terms

Aside from terms defined through brackets, other terms are defined as follows:

“Affiliate” means, in respect of each Party, such Party’s subsidiaries and/or affiliated companies, holding company and its respective subsidiaries and/or affiliated companies, as applicable, existing or coming to exist during the term of this Agreement.

“Confidential Information” means all non-public, confidential or proprietary communications or data, in any form, whether tangible or intangible, which are disclosed or furnished by a Disclosing Party, its Affiliates, and their respective Representatives, to the Receiving Party, its Affiliates, and their respective Representatives, and which are to be protected hereunder against unrestricted disclosure or competitive use by the Receiving Party. The following are also Confidential Information:

[a] Technical information, which refers to methods, processes, formulae, compositions, inventions, machines, computer programs, and research projects.

[b] Business information, which refers to User lists; pricing data sources of supply; marketing, production, or merchandising systems or plans; and all information or material that has or could have commercial value or other utility in the business of the Disclosing Party.

All information which is disclosed by the Disclosing Party to the Receiving Party and which is to be protected hereunder by the Receiving Party shall be considered as Confidential Information.

Confidential Information excludes:

[a] information that becomes generally available to the public other than as a result of the disclosure by the Receiving Party in violation of this Agreement;

[b] information available to a Receiving Party on a non-confidential basis prior to disclosure by the Disclosing Party;

[c] information made available to the Receiving Party on a non-confidential basis by the Disclosing Party;

[d] information that is required to be disclosed by any court, tribunal, or regulatory authority or by any requirement of law, legal process, regulation, or governmental order, decree, or rule, or necessary or desirable for a Party to disclose in connection with any proceeding in any court, tribunal or before any regulatory authority in order to preserve its rights;

[e] information that the Disclosing Party expressly agrees in writing to be disclosed by the Receiving Party to Third Parties;

[f] information lawfully received from an independent Third Party without any restriction and without any obligation of confidentiality;

[g] information disclosed without restriction by the Disclosing Party to any Third Party; and

[h] information which is independently developed by the Receiving Party without access to or use of the Disclosing Party's Confidential Information.

Disclosing Party means the party disclosing Confidential Information.

Receiving Party means the party receiving Confidential Information.

Representatives means any director, officer, employee, agent, or consultant of any department or business area of a Party.

Third Party means any party other than PDAX and the User.

3. Disclosure of Confidential Information – The Disclosing Party hereby represents and warrants to the Receiving Party that it has lawful rights to provide the Confidential Information. Confidential Information will be disclosed either:

   1. in writing;
   2. by delivery of items;
   3. by initiation of access to Confidential Information, such as may be in a database; or
   4. by oral or visual presentation.

4. Restrictions on Use of Confidential Information – Usage of Confidential Information shall be restricted, as follows:

   [a] The Receiving Party agrees, for itself, its Affiliates, and their respective Representatives, to (a) hold all Confidential Information (regardless of whether it is specifically marked confidential or not) in strict confidence; (b) transmit the Confidential Information only to its Representatives, its Affiliates, and its Affiliates’ Representatives, on a ‘need-to-know’ basis and after each one of them has agreed to be bound by the terms and conditions of this Agreement and not to disclose the same except as provided herein; (c) not to directly or indirectly use, copy, digest, or summarize any Confidential Information except as provided in this Agreement, and (d) not to disclose any Confidential Information to any third party without the prior written consent of the Disclosing Party. In the event that Receiving Party becomes aware that Confidential Information has been disclosed to or accessed by any unauthorized party, the Receiving Party shall immediately notify the Disclosing Party thereof and shall take all appropriate countermeasures.

   [b] The Receiving Party shall strictly comply with any and all applicable laws and rules, including but not limited to the DPA, as well as any policy, measures, rules, and regulations of the Disclosing Party implementing such applicable laws and rules. The Receiving Party understands and agrees that the Disclosing Party shall have no liability for any of the Receiving Party’s acts or omissions which may be in violation of such applicable laws and rules as well as the Disclosing Party’s rules.

   [c] Likewise, should the Receiving Party need to contract third parties to aid in the fulfillment of the Purpose, the Receiving Party should fully disclose all these third parties and secure written consent from the Disclosing Party prior to any disclosure of Confidential Information.

   [d] The Disclosing Party may grant its consent for the disclosure of the Confidential Information in its sole discretion and on a case-to-case basis. The Receiving Party expressly agrees not to use the Confidential Information to gain or attempt to gain a competitive advantage over the Disclosing Party.

   [e] If requested by the Disclosing Party, the Receiving Party shall acknowledge receipt of any Confidential Information by signing receipts, initialing documents, or any other means that the Disclosing Party may reasonably request.

   [f] The Receiving Party will not permit copies of the Confidential Information to be made without the express written consent of the Disclosing Party. Copies shall be deemed confidential and, in all respects, subject to the terms of this Agreement.

   [g] If the Receiving Party is requested by a governmental entity to disclose any Confidential Information, it will promptly notify the Disclosing Party to allow the Receiving Party to do so. The Receiving Party will also cooperate in the Disclosing Party's efforts to obtain a protective order or other reasonable assurance that confidential treatment will be afforded the Confidential Information. If in the absence of a protective order and the Receiving Party is compelled as a matter of law to disclose the Confidential Information, based upon the written opinion of the Receiving Party addressed to the Disclosing Party, the Receiving Party may disclose to the Party compelling the disclosure only the part of the Confidential Information as required by law to be disclosed. The Receiving Party will advise and consult with the Disclosing Party as to such disclosure and the nature and wording of such disclosure and the Receiving Party will use its best efforts to obtain confidential treatment therefore.

5. No Publicity – Either Party shall not, in any way or in any form, disclose, publicize, or advertise in any manner the Agreement and Sub-Agreement, including the discussions or negotiations they cover and their execution, except through a notarial act, or through the prior written consent of the other Party.

6. Property Rights and Ownership – All Confidential Information, unless otherwise specified in writing, shall remain the sole and exclusive property of the Disclosing Party and shall be used by the Receiving Party only in furtherance of the Service, except as may be required by applicable law or legal process.

   Each Party retains ownership, including intellectual property rights, over all preexisting materials, documents and work originally created by them and independently developed and contributed towards the implementation of the Service. The ownership over any materials, documents and work resulting from undertaking the Service and created in collaboration with and through the joint efforts of the Parties shall be subject to the terms of definitive agreements to be negotiated by the Parties.

   No other rights, and particularly no license and no assignment of intellectual property rights including copyright, patent rights, design rights, trademarks, and mask work protection rights are implied or granted under this Agreement. The Parties shall not make use of the existence of any bilateral business relationship between them for the purpose of their own advertisement.

7. Safekeeping – The Receiving Party shall use the same care to avoid disclosure or unauthorized use of the Confidential Information as it uses to protect its own Confidential Information, but in no event less than reasonable care. It is agreed that:

   [a] All Confidential Information shall be retained by the Receiving Party in a secure place with access limited only to the Receiving Party’s Representatives who need to know such information for purposes of this Agreement; and

   [b] Confidential Information will be disclosed only to each Party’s Representatives who are involved in the performance of the Service. It may be disclosed to third party consultants or advisers for the purpose of discussing the Service, only with the prior consent of the Disclosing Party. In the event of such disclosure to any third party, the Receiving Party shall remain liable for any unauthorized disclosure by such person or entity.

   [c] The Receiving Party shall ensure that all of its Representatives, Affiliates, and Representatives of Affiliates, and third-party consultants having access to Confidential Information adhere to the terms and conditions of this Agreement as if they were Parties hereto.

8. Return of Confidential Information - All Confidential Information, including but not limited to copies, summaries, excerpts, extracts, drawings, blueprints, reports, manuals, correspondence, User lists, computer programs, and all other materials and all hard, soft, manual, paper, and electronic copies of such Confidential Information or any and all documents or materials relating in any way to the Disclosing Party's business or to a Data Subject, or any documents or materials in any way disclosed, obtained, or accessed during the course of this Agreement, or other reproduction thereof, shall be returned to the Disclosing Party upon the termination of this Agreement.

   In addition, the Receiving Party shall return to the Disclosing Party all copies of written, taped, or audio-visual recorded Confidential Information, which consists of analysis, compilation, forecasts, studies, or other documents, in its possession and promises not to retain any such copies.

9. Provisional Remedy for Potential Breach - The Parties recognize that money damages may not be a sufficient remedy for any breach of the foregoing covenants and agreements, and that any such breach may cause grave and irreparable injury to the other party. The Disclosing Party shall be entitled to specific performance, and injunctive and other equitable relief against the other party in respect of the threatened breach of this Sub-Agreement or the continuation of any such breach, in addition to all monetary or other remedies available at law or in equity.

10. Term – This Sub-Agreement shall be co-terminous with, and shall be terminated in accordance with, the Terms and Conditions and this Addendum, save the obligation of maintaining confidentiality.