2.6 Wolters Kluwer Accessibility has backup and restore processes for all critical data, including personal data. These processes are regularly tested and maintained. 2. The parties agree that the choice of the data subject shall not affect his or her substantive or procedural rights of redress, in accordance with other provisions of national or international law. At the written request of the controller, the processor and any related company of the processor shall provide the controller, at the expense of the controller, with appropriate assistance in the event of a data protection impact assessment or prior consultations with supervisory or other competent data protection authorities, as is necessary under applicable data protection legislation. Such assistance shall be granted exclusively with regard to the processing of the controller`s personal data by the processor. 3.1.1 Data controllers, in their capacity as personal data controllers, are responsible for the processing of personal data within the framework of this sub-processing agreement, in accordance with current data protection legislation. The customer is responsible for the fact that Wolters Kluwer does not process categories of personal data other than those mentioned in Annex 1 (Specification of the processing of personal data) and to the extent indicated therein. Where a controller uses a processor to process personal data on his or her behalf, there must be a written contract between the parties.

(a) to settle the dispute through mediation by an independent person or, where appropriate, by the supervisory authority;(b) to refer the dispute to the courts of the Member State in which the data exporter is established. (f) in the case of special categories of data, the data subject has been or is being informed, before or as soon as possible after the transmission, that his or her data could be transmitted to a third country which does not offer adequate protection within the meaning of Directive 95/46/EC; 3.4 Processors and transfers to third countries (A) HubSpot are not transferred of European data to countries or recipients that are not recognised as countries or recipients that do not offer an adequate level of protection of personal data (within the meaning of current European data protection legislation), unless HubSpot first takes all necessary steps to ensure that the transfer complies with applicable European data protection legislation. Such measures may include (without restriction) the transmission of such data to a recipient who falls under an appropriate framework or other legally appropriate transmission mechanism, recognised by the competent authorities or courts as an adequate level of protection of personal data, to a recipient who has obtained a mandatory authorisation under European data protection law. or to a recipient who, in any event, has adopted or approved appropriate standard contractual clauses in accordance with current European data protection legislation. 4. The parties shall not object to a data subject being represented by an association or other entity if the data subject expressly so wishes and if national law so permits. d. If necessary, the parties will cooperate appropriately during the healing period in order to agree on additional safeguards or other measures reasonably necessary, if any, to ensure the data importer`s compliance with the applicable data protection clauses and legislation. 11.1 The processor may not transfer or authorise the transfer of data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the company. . . .