Common use of Types of Personal Information Clause in Contracts

Types of Personal Information. Includes the following: • Randomly generated identifiers and cryptographic keys. • When using certain Futurae API features such as the user/device display name, and username attributes: basic personal data (such as name), contact details (such as email, phone number etc), or anything that can be used as a username or display name as specified by the Customer and/or its end users. • When using Futurae’s transaction or login approval authentication technologies: Details about the action or login that has to be approved by the end user, such as payment details, or login information such as originating IP address and location, or anything else specified by the Customer. • When using Futurae’s audio-based zero-touch authentication technologies: short audio recordings, which are nevertheless immediately discarded after the end of the authentication operation and never stored in persistent storage. • When using Futurae’s signal-based zero-touch authentication technologies: anonymized sensor data, such as Wi-Fi and Bluetooth scan results. • When using Futurae’s SMS authentication technology: phone number. • Traffic data, as well as information about device hardware and software. This information includes: IP address, browser/OS/mobile device information, domain names, access times and referring website addresses. • Data related to the use of the Customers’ services, such as transaction information, history or communication events. • Data related to content of communication, as shared by Customer to Futurae, such as e-mails, voice mails, SMS, browsing data etc. For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. Name of the data exporting organization: …………………………………………………………………… Address: …………………………………………………………………………………………………………. Tel.: ………………………………; fax: ………………………………; e-mail: ……………………………… Other information needed to identify the organization (if applicable) ……………………………………………………………………………………………………………………. (the data exporter) And Name of the data importing organization: Futurae Technologies AG Address: ▇▇▇▇▇▇▇▇▇▇▇ ▇▇, ▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇▇▇▇▇▇ Tel.: +▇▇ (▇) ▇▇ ▇▇▇ ▇▇ ▇▇; e-mail: ▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇ Other information needed to identify the organization: N/A (the data importer) each a “party”; together “the parties”, HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1. For the purposes of the Clauses:

Types of Personal Information. Includes the following: • Randomly generated identifiers and cryptographic keys. • When using certain Futurae API features such as the user/device display name, and username attributes: basic Basic personal data (such as name), ) and contact details (such as email, phone number etc), or anything that can be used as a username or display name as specified by the Customer and/or its end users. • When using Futurae’s transaction or login approval authentication technologies: Details about the action or login that has to be approved by the end userUsernames, such as payment details, or login information such as originating IP address randomly generated identifiers and location, or anything else specified by the Customercryptographic keys. • When using Futurae’s audio-based zero-touch authentication technologies: short audio recordings, which are nevertheless immediately discarded after the end of the authentication operation and never stored in persistent storage. • When using Futurae’s signal-based zero-touch authentication technologies: anonymized sensor data, such as Wi-Fi and Bluetooth scan results. • When using Futurae’s SMS authentication technology: phone number. • Traffic data, as well as information about device hardware and software. This information includes: IP address, browser/OS/mobile device information, domain names, access times and referring website addresses. • Data related to the use of the Customers’ services, such as transaction information, history or communication events. • Data related to content of communication, as shared by Customer to Futurae, such as e-mails, voice mails, SMS, browsing data etc. For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. Name of the data exporting organization: …………………………………………………………………… Address: …………………………………………………………………………………………………………. Tel.: ………………………………; fax: ………………………………; e-mail: ……………………………… Other information needed to identify the organization (if applicable) ……………………………………………………………………………………………………………………. (the data exporter) And Name of the data importing organization: Futurae Technologies AG Address: ▇▇▇▇▇▇▇▇▇▇▇ ▇▇, ▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇▇▇▇▇▇ Tel.: +▇▇ (▇) ▇▇ ▇▇▇ ▇▇ ▇▇; e-mail: ▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇ Other information needed to identify the organization: N/A (the data importer) each a “party”; together “the parties”, HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1. For the purposes of the Clauses: