9.1 The parties understand that Gсore may process customer data, which is considered personal data under data protection laws, in order to include such customer data in databases controlled by Gсore and its affiliates for the purposes of administration, billing and reconciliation, verification of the identity and creditworthiness of customers, maintenance, support and product development, fraud detection and prevention. Analysis and reporting of sales, revenue and customers, marketing and analysis of customer usage. In this regard, Gсore acts primarily as a data controller and ensures compliance with its obligations under data protection laws. 9.2 In this context, the Customer is invited to communicate the following information to the natural persons to whom the Customer Data relates (the “Data Subject(s)”) and/or to become aware of this information, insofar as he is such a data subject. 9.3 The personal data collected and processed by Gсore includes: name, position, title, contact details (telephone, e-mail, physical or postal address, etc.), login data, location data, IP addresses, browser data, account data and employer information (the “personal data”). 9.4 In addition to transfers to affiliates, Gсore transfers personal data to several service providers acting as data processors (“Data Processors”) for customer relationship management (HubSpot Ireland Limited), marketing (Popcorn Metrics Limited, United Kingdom; Google Ireland Limited, Ireland), storage and transmission of information (Microsoft Ireland Operations Limited, Ireland), corporate governance, financial reporting and accounting (SAP Deutschland SE & Co. KG), internal communication and task monitoring (Atlassian Pty Ltd, Australia; Slack Technologies Limited, Ireland), Support (Intercom R&D Unlimited, Ireland; Zendesk Inc, USA). This list is subject to change, details can be obtained by sending a request to privacy@gcore.lu The data subject acknowledges that the data processor(s) acts on instructions from Gсore and may have access to his or her personal data. The data subject further understands that his or her personal data may be disclosed to administrations and authorities, social security services, insurance companies, banking institutions, professional consultants and auditors of the Company (the “Recipients”). 9.5 Data subjects are informed that the processor(s) and recipients may be located inside or outside the EU/EEA in countries which, in the opinion of the European Commission, do not offer an adequate level of protection, i.e.: which amounts to protection under European data protection standards. Gсore has therefore introduced standard contractual clauses. The data subject may obtain a copy of these safeguards by submitting a request to privacy@gcore.lu 9.6 The personal data of data subjects will be retained for the duration of this MSA and beyond the business relationship between the parties and for a period of ten (10) years after their termination. 9.7 The data subject has the right to request access to his or her personal data.

He may request that his personal data be corrected in the event of an error. 9.8 The data subject may also request that his or her personal data be erased or that the processing of the data be restricted if the personal data can no longer be stored or processed lawfully. The data subject also has a right to object and a right to data portability under the conditions provided for by data protection laws. 9.9 The data subject may exercise his or her rights by writing to Gсore at the address indicated on the first page of this MSA. 9.10 The data subject has the right to lodge a complaint with a data protection supervisory authority (for Luxembourg: National Commission for Data Protection). 9.11 The parties understand that Gсore may process Customer Data and End User Data which, in connection with the provision of Services to the Customer, will be considered Personal Data under data protection laws. The parties agree that, in this context, the customer acts as a data controller and Gсore acts as a data processor acting on the instructions and on behalf of the customer. Insofar as the customer, as data controller, is legally obliged to conclude a data processing agreement with its subcontractors, the parties have concluded such a data processing agreement, which is attached as Annex 1 and defines the conditions for the processing of personal data by Gсore as data processor. 9.12 For the avoidance of doubt, such a data processing agreement is an integral and essential part of this AMM. “Acceptable Use Policy” (AUP) means the policy currently available on gcore.com/legal/, as it may be updated by Gсore from time to time.

“Accepted” or “Acceptance” means the authorized performance and acceptance of a Document by a Party. “Affiliate” means an entity that is directly or indirectly controlled, controlled by, or under common control with any party, now or in the future. `change of control` means one or more transactions in which (a) control of a party is transferred, directly or indirectly, ipso jure or otherwise; (b) all or substantially all of the assets or equity interests of that Party are acquired by a person, enterprise or entity; or (c) that part is amalgamated or consolidated with or in another entity; provided that, in any event, immediately before the transaction(s), the owners of the capital of that party registered immediately before the transaction(s) hold less than 50 % of the voting rights of the subsequent acquiring or surviving undertaking or enterprises. “Control”: An entity “controls” another entity if it holds more than 50% of the shares or other voting rights or otherwise exercises control over the management and operation. “Customer Content” means any content, software, data, video or information of the Client and/or End Users, including third-party content, software, data and devices provided or made available to Gāore for storage, delivery or otherwise in connection with the Services. “Customer Data” includes any data that identifies Customer or its respective End Users. Customer Data may include Customer name, employee contact information, end user data, data required for account setup, billing data, or content transmission data if such data identifies the customer. “Days” means calendar days, unless otherwise specified. “Downtime” means the total unavailability of the Services as defined in the applicable SLA. “Effective Date” means a date on which this Agreement becomes effective.

“End User” means a subscriber, member, end user, customer or other visitor to a website or online service owned and/or operated by Customer. **”End User Data” includes the name, address, contact information, usage, billing or other data that personally identifies authorized end users of the Services. “Fees” means the fees and charges associated with the Services to be provided. “Free Service Period” means the period defined in subsection 2.11. “Initial Subscription Term” means the term defined in subsection 15.1. “Intellectual Property Rights” means all patents, copyrights, trade secrets, trademarks and trade names, goodwill and related marketing rights, works of authorship, inventions, discoveries, improvements, extensions, methods, processes, formulas, designs, techniques, derivative works, know-how, any other intellectual property or proprietary right (registered or not) and equivalent or similar forms of protection that exist in the World; and all applications and registrations relating to these rights. “Master Services Agreement” (MSA) means this agreement between Gсore and Customer. “MRC” means all recurring monthly charges. “Privacy Policy” means a policy attached to Exhibit 4 or otherwise agreed to by the parties **”Renewal Term”** means the term defined in subsection 15.1. “Offer” means a non-binding offer communicated to the Customer specifying the services to be provided and the associated fees and charges (collectively, the “Fees”). After approval of an offer by the customer, Gсore will send the customer a service order for acceptance.

“Scheduled Maintenance” means that Gсore or any of its subcontractors may from time to time perform routine maintenance or improvements to the network, software, facilities, servers, network equipment or other technical equipment necessary for the provision of the Services.