DATA PROTECTION AGREEMENT

This Data Protection Agreement ("Agreement") is entered into between

[Company Name: ] with its principal business at

[Address: ], ("Data Controller" or “Company”)

and Cycle App SAS, with its principal office at 9 rue Ambroise Thomas, 75009 Paris, France ("Data Processor").

WHEREAS

(A) The Company acts as a Data Controller.

(B) The Company wishes to subcontract certain Services, which imply the

processing of personal data, to the Data Processor.

(C) The Parties seek to implement a data processing agreement that complies

with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

(D) The Parties wish to lay down their rights and obligations.

Definitions and Interpretation

Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:

1. "Agreement" means this Data Processing Agreement and all Schedules;
2. "Company Personal Data" means any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement;
3. "Contracted Processor" means a Subprocessor;