1.1. Customers covered by the Standard Contractual Clauses.

The Standard Contractual Clauses and the additional terms specified in this Exhibit A apply when seats.io exports Personal Data to Sub-Processors outside the European Economic Area, Switzerland and the United Kingdom to a country where the level of protection of privacy is deemed insufficient for GDPR and there is no Privacy Shield self-certification to the entity to which seats.io exports the Personal Data. Customer specifically authorises seats.io to export data under the Standard Contractual Clauses.

1.2. Instructions.

This DPA and the Agreement are Customer’s complete and final instructions at the time of execution of the DPA for the Processing of Personal Data. Any additional or alternate instructions must be agreed upon separately. For the purposes of Clause 5(a) of the Standard Contractual Clauses, the following is deemed an instruction by the Customer to process Personal Data: (a) Processing in accordance with the Agreement and applicable Order Form(s); (b) Processing initiated by Authorized Users in their use of the Services; and (c) Processing to comply with other reasonable instructions provided by Customer (e.g., via email or support tickets) where such instructions are consistent with the terms of the Agreement.

1.3. Appointment of new Sub-processors and List of current Sub-processors.

Pursuant to Clause 5(h) of the Standard Contractual Clauses, Customer acknowledges and expressly agrees that Seats.io may engage third-party Sub-processors in connection with the provision of the Services. Seats.io shall make available to Customer the current list of Sub-processors in accordance with Section 4.2 of this DPA.

1.4. Notification of New Sub-processors and Objection Right for new Sub-processors.

Pursuant to Clause 5(h) of the Standard Contractual Clauses, Customer acknowledges and expressly agrees that seats.io may engage new Sub-processors as described in Sections 4.2 and 4.3 of the DPA. 1.5. Copies of Sub-processor Agreements. The parties agree that the copies of the Sub-processor agreements that must be provided by seats.io to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have all commercial information, or clauses unrelated to the Standard Contractual Clauses or their equivalent, removed by seats.io beforehand; and, that such copies will be provided by seats.io, in a manner to be determined in its discretion, only upon request by Customer.

1.6. Audits and Certifications.

The parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with the following specifications: Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, seats.io shall make available to Customer (or Customer’s independent, third-party auditor) information regarding seats.io’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Datasheet. Customer may contact seats.io in accordance with the “Notices” Section of the Agreement to request an on-site audit of seats.io’s procedures relevant to the protection of Personal Data, but only to the extent required under applicable Data Protection Law. Customer shall reimburse seats.io for any time expended for any such on-site audit at seats.io’s then-current rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and seats.io shall mutually agree upon the scope, timing, and duration of the audit, in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by seats.io. Customer shall promptly notify seats.io with information regarding any non-compliance discovered during the course of an audit, and seats.io shall use commercially reasonable efforts to address any confirmed non-compliance.

1.7. Certification of Deletion.

The parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by seats.io to Customer only upon Customer’s request.

1.8. Conflict.

In the event of any conflict or inconsistency between the body of this DPA and any of its Schedules (not including the Standard Contractual Clauses) and the Standard Contractual Clauses in Exhibit C, the Standard Contractual Clauses shall prevail.