1. Categories of Customer Data:

There are two categories of Customer Data that may include Personal Data.

The first category of Customer Data that may include Personal Data, the extent of which is determined and controlled by Customer, are “seats.io account data”:

This first category concerns Personal Data of employees, consultants or other persons working with, for or on behalf of Customer, and who decide to submit those Personal Data when signing up to or using the Services. For the avoidance of doubt, it is not necessary to submit Personal Data to Seats.io in order to sign up to or use the Services. It is possible to take a user account with a generic email user name, e.g. “seatsio@company.com”, which is sufficient to use all the functions of the Services for a trial or paid subscription. Where Personal Data are effectively used (e.g. in the form of an email address like john.doe@company.com), that is the choice of Customer only.

The second category of Customer Data that may include Personal Data, the extent of which is determined and controlled by Customer, are “stored data”, these are any data stored by Customer on the seats.io servers through use of the Services, which may include Personal Data of Users.

This category concerns Personal Data that Customer itself decides to collect from Users (e.g. ticket buyers who select a seat from a seating chart made available by Customer to its End-Users through use of the seats.io Services). For the avoidance of doubt, it is not necessary for Customer to provide seats.io with any User Personal Data in order to be able to use the seats.io Services. However, the seats.io Services allow Customer to store any data on the seats.io servers (within the functionality of the Services), and Customer has the technical possibility to include Personal Data of Users (or indeed any other person) as data that are stored in this way on the seats.io servers. It is only Customer who decides to store those data, and who determines what happens with them. Seats.io only keeps the data available to Customer for those processing activities Customer decide upon. In addition, seats.io keeps back-ups to avoid accidental loss of data.

Finally, there are a lot of other data that seats.io collects. Most of these are anonymous - they relate to behaviour of Users that can be observed without any relation to the personal identity of such Users. They are “other data” for the purpose of this Exhibit.

2. Processing operations

The personal data transferred will be processed in accordance with the Agreement and may be subject to the following processing activities:

For seats.io account data:

For stored data:

For other data.

Finally, seats.io may use other data for any purpose whatsoever. Examples are e.g. to analyse the behaviour of anonymous Users as and when they use the seats.io Services, such as data analysis to understand e.g. which seats of a seating plan are sold first, or last, or according to any other measurable parameter, or e.g. comparing the selection of seats of a floor plan with the stage on top of the picture vs the stage at the bottom of the picture - and any other kind of analysis on how seats are selected or any other interaction with the seats.io floor plans with Users that does not require them to be identified.