TERMS AND CONDITIONS

ACCEPTANCE OF TERMS

1. Meaning of words and interpretation
Unless a contrary intention is expressed, in these Terms:1.1. Applicable Laws means all laws and regulations applicable to the provision of the Services.

1.2. Background IP means a party’s Intellectual Property Rights which existed prior to the
Commencement Date or which can be demonstrated to have been developed separately from and unrelated to the Services, and which that party makes available or otherwise uses to perform the Services.
1.3. Brand means Incent and its associate/business partner brand and logo.
1.4. Business Day means Monday to Friday in New South Wales, except a day which is a
proclaimed public holiday in New South Wales.
1.5. Claim means any cost, expense, loss, damage, claim, action, proceeding or other liability
(whether in contract, tort or otherwise), however arising (whether or not presently ascertained, immediate, future or contingent) and includes legal costs on a full indemnity basis.
1.6. Confidential Information means information belonging to a party which: (i) has commercial value; (ii) is designated as such by the disclosing party; or (iii) a party knows or reasonably ought to know is confidential and includes any Personal Information, and any documents produced as part of the Services; or (iv) which relates to Incent’s assets, business, financial affairs, business transactions, business methods, customers, records, forms, charges, trade secrets including without limitation its dealings with third parties but does not include information that:1.6.1. is in the public domain at the time of disclosure;1.6.2. comes into the public domain after the date of these Terms other than through anybreach of these Terms; or1.6.3. is obtained from a third party without breach of confidentiality.

1.7. Content means reward code, URL or any content that is required to facilitate the allocation of
reward. It also includes other information that facilitate the development of the Incent brand
1.8. Commencement Date is the date specified in Schedule 1.
1.9. Consequential Loss means damage, loss, cost and expense classified as falling within the
second limb of Hadley v Baxendale (1854) 9 Exch 341, including economic loss, loss of business opportunity, loss of anticipated profits, loss of damages resulting from wasted management time and loss of profit.
1.10. Data Breach means any event in which Personal Information is lost or subjected to
unauthorised access, modification, use or disclosure or other misuse.
1.11. EU Personal Information means personal data, as that term is defined in Article 4(1) of the
GDPR, of an individual located in the European Union.
1.12. Fees means the fees payable by Incent to the Streamer as described in Schedule 1.
1.13. GDPR means the European Union General Data Protection Regulation.
1
1.14. GST means good and services tax or similar value added tax levied or imposed in Australia
under the A New Tax System (Goods and Services Tax) Act 1999 (Cth) or otherwise on a supply.
1.15. Incent Services means the services to be provided by Incent as described in Schedule 1.
1.16. Insolvent means where a party has become or is deemed insolvent, bankrupt or unable to pay
its debts as and when they fall due or is dissolved, wound up, placed in liquidation, enters into a scheme of arrangement or compromise with creditors (except for the purpose of a solvent reconstruction or amalgamation) or suffers the appointment of a receiver, receiver and manager, administrator, provisional liquidator or similar officer.
1.17. Intellectual Property Rights means all current and future rights conferred by law in or in relation
to copyright, designs, trademarks, trade secrets, knowhow, Confidential Information, patents, inventions, discoveries and all rights in the nature of these rights, whether or not registrable, registered or patentable and includes all rights in applications to register these rights and all renewals and extensions of these rights.
1.18. Personal Information means:
1.18.1. personal information, as that term is defined in the Privacy Act 1988 (Cth); and
1.18.2. EU Personal Information,
disclosed to the Streamer, or obtained by the Streamer, under or in connection with these Terms.
1.19. Privacy Laws means:
1.19.1. the Australian Privacy Act 1988 (Cth) as amended from time to time, as if the party
were subject to those laws; and
1.19.2. any other data protection and privacy laws applicable to the respective party in carrying out its obligations under these Terms, including, where applicable, the GDPR.
1.20. Streamer Services means the services to be provided by the Streamer as described in
Schedule 1.
1.21. All words importing the singular shall include the plural and vice versa and any one gender shall
include each of the other genders, if applicable.
1.22. Reference to schedules is to schedules annexed to these Terms.
1.23. Reference to a person includes a body corporate, firm or partnership.
1.24. Reference to a party includes the party’s executors, administrators, successors and permitted
assigns.
1.25. Reference to dollars or $ is to Australian Dollars.
1.26. “Including” and similar expressions are not words of limitation.

2. Services

2.1. Incent will provide the Incent Services to the Streamer.
2.2. The Streamer will provide the Streamer Services to Incent.
2
2.3. The Streamer will ensure that it complies with all Applicable Laws in soliciting click throughs
from the Streamer’s Content and that it will not do anything which may adversely affect Incent’s business or reputation as reasonably determined by Incent.

3. Inconsistency

The parties agree that these Terms will govern the supply of the Services despite any provisions in any other
document which purport to bind Incent to terms and conditions of the Streamer.

4. Term

The Streamer will supply the Services to Incent from the Commencement Date until terminated pursuant to clause 13.

5. Personnel

5.1. The Streamer and the Streamer’s personnel are employees or contractors of the Streamer and
are not employees or contractors of Incent. The Streamer is fully responsible for and it and its personnel have no claim upon Incent in respect of:
5.1.1. remuneration including superannuation, leave, other entitlements, taxes or duties;
5.1.2. claims under workers’ compensation; and
5.1.3. claims under any other law affecting or relating to the relationship between an
employer and employee.
5.2. The Streamer remains liable to Incent for all acts and omissions of the Streamer’s personnel as
if they were the acts and omissions of the Streamer.

6. Payment

Streamer may pay Incent the Fee in accordance with the payment terms set out in Schedule 1.

7. GST

7.1. Unless otherwise indicated all amounts stated in these Terms are exclusive of GST.
7.2. If GST is payable on a taxable supply made by a party under these Terms (the Streamer) to
another party (the Recipient), the Streamer may recover from the Recipient of the supply the amount of that GST in addition to any consideration otherwise provided for.
7.3. The Recipient must make the payment of the GST amount at the same time and in the same
manner as it provides the consideration for the relevant supply subject to the Recipient receiving a valid tax invoice before the due date for payment.
7.4. The Streamer must issue an adjustment note to the Recipient as soon as it becomes aware of
an adjustment event relating to the supply and must refund to the Recipient any overpayment of GST.

8. Intellectual Property

8.1. The Streamer will continue to own its Background IP notwithstanding that it may be used by the
Streamer in the course of providing the Services.
8.2. Incent grants the Streamer a non-exclusive, revocable and free licence to use the Brand in
order to display it on the Streamer’s Content in a manner reasonably directed by Incent. The Streamer will immediately remove the Brand and all references to Incent from all of the Streamer’s Content if Incent requests the Streamer to do so.
8.3. The Streamer grants Incent a non-exclusive, revocable and free licence to use its Background
IP for display on the Landing Page or for otherwise receiving or using the Services.
8.4. Ownership of copyright and any other Intellectual Property Rights in the Landing Page and any
other material or content developed by Incent (other than the Streamer’s Background IP) will vest in Incent immediately upon its creation (Project IP) and the Streamer absolutely assigns and transfers to Incent all rights and interests, including the copyright and any other Intellectual Property Rights, in such Project IP, throughout the world and for the term of that copyright or other Intellectual Property Right (as applicable), including all extensions and renewals, so that all of the Streamer’s right, title and interest, including Intellectual Property Rights, in the Project IP vest in Incent immediately on creation.
8.5. The Streamer:
8.5.1. warrants that it is legally entitled to undertake and complete the actions required to
give full effect to clauses 8.3 and 8.4;
8.5.2. must execute all documents and do all things reasonably required by Incent to effect,
perfect and complete the transactions contemplated by clauses 8.3 and 8.4 (including assisting with the registration, protection and enforcement of the rights arising in connection with those transactions); and
8.5.3. must procure, for the benefit of Incent, unconditional and irrevocable consents from any of its employees or subcontractors who created any copyright works comprised in the Project IP, in order to grant the rights set out in clause 8.3 and 8.4.
8.6. The Streamer warrants that the Background IP and Project IP do not infringe any Intellectual
Property Rights of any third party and that the Streamer is not aware of any challenge, dispute or claim which has been made or threatened by any person with respect to any of the Intellectual Property Rights used in connection with the Services, Background IP and Project IP.

9. Confidentiality, privacy and data security

9.1. The parties acknowledge that in the course of supplying and receiving Services the parties may
disclose and receive Confidential Information belonging to the other in accordance with these Terms.
9.2. The parties agree that they will:
9.2.1. keep each other’s Confidential Information secret confidential;
9.2.2. implement and maintain comprehensive written information security policies,
procedures and processes that include technical, physical, operational and organisational measures and safeguards designed to ensure the security and confidentiality of Confidential Information and protect against any actual, anticipated or suspected unauthorised access to or disclosure of Confidential Information;
9.2.3. treat each other’s Confidential Information with at least the same degree of care that
they treated their own Confidential Information, but in any event, not less than a reasonable standard of care;
9.2.4. only use each other’s Confidential Information for the purposes of performing their
obligations under these Terms;
9.2.5. not disclose each other’s Confidential Information to any person unless permitted by
these Terms; and
9.2.6. immediately notify the other party if they become aware of any unauthorised access
to, use or disclosure of the other party’s Confidential Information.
9.3. Each party may only disclose the other party’s Confidential Information:
9.3.1. to its employees and officers who need to know the information and undertake to
keep the information confidential in accordance with this clause 9;
9.3.2. on a confidential basis to its professional advisers to enable them to advise in
connection with these Terms;
9.3.3. with the prior written consent of the other party; or
9.3.4. if compelled by law or by a regulator, court, tribunal or stock exchange, provided the
party must, as far as practical and to the extent permitted by law, consult with the other party beforehand as to the content and timing of disclosure.
9.4. On expiration or termination of these Terms or at the written request of a party at any time, the
other party:
9.4.1. must cease using the Confidential Information in its possession; and
9.4.2. must, destroy all copies, extracts, documents and other materials containing the
other party’s Confidential Information that are in its possession, and at the party’s request, provide the party with certification that it has complied with this clause.
9.5. The Streamer must comply with the requirements of the Privacy Laws in relation to any Personal
Information.
9.6. The Streamer must:
9.6.1. immediately notify Incent in writing in the event that any of the Personal Information held by the Streamer is subject to, or suspected to be subject to, a Data Breach or attempted Data Breach and take immediate steps to contain, investigate, mitigate and remediate the Data Breach; and
9.6.2. co-operate in good faith and provide all reasonable assistance to Incent to enable Incent to comply with its obligations under the Privacy Laws in relation to the Data Breach.

10. EU data processing and protection

10.1. The parties agree to comply with the obligations set out in Schedule 2 in relation to the
processing of any EU Personal Information by the Streamer, and for this purpose, the parties agree that the Streamer is the “data processor” and Incent is the “data controller”.
10.2. In the event that the Streamer’s place of business is located outside of Australia or the European
Union, the parties agree to comply with the obligations set out in Schedule 3 in relation to the processing of any EU Personal Information by the Streamer, and for this purpose, the parties agree that the Streamer is the “data importer” and Incent is the “data exporter”.
10.3. The parties acknowledge and agree that Schedule 2 and Schedule 3 of these Terms will remain
in effect until, and will automatically expire upon, deletion of all EU Personal Information by the Streamer in accordance with clause 9.4.

11. Dispute resolution

11.1. If a dispute arises between the parties in relation to the operation or interpretation of these
Terms, the parties will use their best endeavours to settle the dispute in good faith in accordance with the provisions of this clause 11.
11.2. If a dispute arises between the parties, a party may give written notice to the other party that the
dispute exists (Dispute Notice) setting out:
11.2.1. the nature of the dispute;
11.2.2. how the dispute arose;
11.2.3. the solution sought; and
11.2.4. the name and contact details of the representative with the appropriate authority to
negotiate the dispute on behalf of the party giving the Dispute Notice.
11.3. Within 5 Business Days of receipt of the Dispute Notice, the recipient must designate a
representative with similar authority. The representatives must promptly discuss the dispute, following whatever investigation each considers appropriate. If the dispute is not resolved within 5 Business Days as a result of the discussions, either party may request that the dispute be referred to mediation to be conducted by a mediator who is independent of the parties and appointed by agreement of the parties or, failing agreement within 7 days of receiving any party’s notice of dispute, by a person appointed by the Chair of Resolution Institute, (ACN 008 651 232, Level 2, 13-15 Bridge Street, Sydney NSW 2000; telephone: 02 9251 3366, email: infoaus@resolution.institute) or the Chair’s designated representative. The Resolution Institute Mediation Rules will apply to the mediation.
11.4. It is a condition precedent to the right of either party to commence arbitration or litigation other
than for interlocutory relief that it has first offered to submit the dispute to mediation.
11.5. The parties agree to bear their own costs concerning any mediation and the costs of the
mediator will be borne equally between the parties.
11.6. During the period the dispute is ongoing each party must continue to perform its obligations
under these Terms.

12. Liability and indemnity

12.1. The Streamer agrees to hold harmless and indemnify Incent and each of its employees, officers,
contractors and agents (Incent Parties) against any Claim it suffers or incurs (including but not limited to property damage or personal injury) howsoever arising out of or in connection with the Services (including but not limited to Claims made by employees, sub-Streamers or agents of the Streamer or the Streamer’s workers compensation insurer). This indemnity will not apply to the extent that a Claim has been directly caused by Incent’s negligence or breach of these Terms.
12.2. Without limiting clause 12.1, the Streamer agrees to hold harmless and indemnify the Incent
Parties against any Claim suffered or incurred from a third party which alleges that the Streamer’s Background IP infringes or misappropriate its Intellectual Property Rights.
12.3. To the extent permitted by law, and other than in respect of the indemnities set out in clause 12, neither party will be liable to the other under these Terms for any Consequential Loss.

12.4. To the maximum extent permitted by Law, Incent’s maximum aggregate liability to the Streamer
(whether under contract, tort, statute or in equity) arising out of or in connection with these Terms is limited to the total amount of the Fees paid under these Terms.

13. Termination

13.1. Incent may terminate these Terms without cause by providing not less than 7 days’ notice written
to the Streamer.
13.2. Incent may immediately terminate these Terms in any of the following circumstances:
13.2.1. the Streamer fails to perform the Services within the time, or in accordance with the
requirements, specified in the Service Levels or any applicable Order;
13.2.2. the Streamer breaches any term of these Terms, and where the breach is capable of
remedy, fails to remedy the breach within 14 days after receiving notice from Incent; or
13.2.3. the Streamer becomes Insolvent.
13.3. The Streamer may immediately terminate these Terms in any of the following circumstances:
13.3.1. Incent breaches any material term of these Terms and fails to remedy the breach
within 14 days after receiving notice from the Streamer; or
13.3.2. Incent becomes Insolvent.
13.4. If these terms are terminated in accordance with clauses 13.1 or 13.2, Incent will have no liability
to the Streamer and the Streamer’s only entitlement and right against Incent arising from such termination will be the right to receive payment for all Services performed up to the date of termination.

14. Sub-contracting

14.1. The Streamer may not assign these Terms or sub-contract the Services (or any part of them)
without Incent’s prior written approval. A change of control of the Streamer, will be deemed to be an assignment by the Streamer.
14.2. Where Incent approves the sub-contract of any of the Services:
14.2.1. The Streamer must impose contractual obligations on the sub-contractor which
require the sub-contractor to comply with the obligations imposed on the Streamer under these Terms; and
14.2.2. the Streamer remains liable for the due performance of the Services in accordance
with these Terms and will indemnify Incent for any Claim resulting from or in connection with any act or omission of the relevant sub-contractor.

15. Notices

Any notice to be given by one party to any other must be signed by the party giving the notice or by one of its officers and must be hand delivered or sent by prepaid post or electronic mail to the address or electronic mail address (as the case may be) shown in the Schedule and will be deemed sufficiently given:
15.1. in the case of hand delivery, on the date of delivery;
15.2. in the case of prepaid post, 4 Business Days after being sent by prepaid post;
15.3. in the case of electronic mail, on the day of transmission provided that the sender can give evidence of transmission and the intended recipient does not give evidence of non-receipt,
however if an electronic mail is sent after 5.00pm, it will be taken to be received on the next Business Day.

16. Miscellaneous

16.1. (Status of parties) The parties acknowledge that the Streamer’s relationship with Incent is that of
independent contractor. Nothing in these Terms constitutes any partnership or other fiduciary type of relationship between the parties, and neither party may bind the other party. The Streamer agrees to indemnify Incent against any Claim for employee related entitlements by any individual involved in the provision of the Services.
16.2. (Variations) These Terms cannot be varied except in writing signed by both parties.
16.3. (Waiver) The failure by one party to insist upon strict performance by the other party of these
Terms will not be deemed a waiver of these Terms or a breach by the other party of these Terms. A wavier of these Terms by a party must be in writing and executed by that party.
16.4. (Further assurances) The parties will promptly do all things and execute all documents that are
reasonably necessary to give full effect to these Terms.
16.5. (Costs) The parties will be liable for their own costs in connection with the negotiation,
preparation and execution of these Terms.
16.6. (Entire agreement) These Terms represents the entire agreement of the parties in connection
with the Services. These Terms will prevail over the terms and conditions contained in any documentation (including invoices) provided by the Streamer to Incent.
16.7. (Survival) Any term by its nature intended to survive termination of these Terms survives
termination of these Terms.
16.8. (Severability) Any provision of these Terms which is wholly or partially void or unenforceable is
severed to the extent that it is void and unenforceable. The validity or enforceability of the remainder of these Terms is not affected.
16.9. (Counterparts) These Terms may be executed in any number of counterparts and all
counterparts taken together will constitute one and the same document.
16.10. (Governing Law) These Terms are subject to the laws of New South Wales and each party
unconditionally submits to the jurisdiction of the Courts of New South Wales.

Executed by the parties as an Agreement.

SCHEDULE 1
SERVICES DETAILS

Services Incent Services

Incent will create a landing page for individuals to click through from the Streamer’s Content (Landing Page). Incent will provide the Streamer with the code for the Landing Page to embed into the Streamer’s content.
Incent will distribute the reward token INCNT to the audience who enters a valid redemption code.

Streamer Services

The Streamer will embed code provided by Incent to enable individuals to click through from the Streamer’s Content to the Landing Page.
The Streamer will ensure that the Brand is clearly displayed on the Streamer’s Content in the manner reasonably requested by Incent.
Fees Incent may pay the Streamer incentive reward token INCNT upon account
creation at our absolute discretion. Incent may offer other incentive to the Streamer as and when we see fit.
Streamer may be required to pay the relevant marketing cost and fee that we announce from time to time corresponding to the unique product feature. All fee will be communicated to the Streamer before the commencement of the campaign.

EU Personal Information processed for the purposes of Schedule 2 and Schedule 3
In the course of providing the Services, the Streamer may process EU Personal Information:
● of Incent’s customers (or potential customers), employees, contact persons or agents; and
● which includes, but is not limited to, name, address, date of birth, contact details, credit card details, account details, payment information, location data, IP addresses, IT usage data, cookies data, and such other information as agreed between the parties from time to time.

The Streamer will not process any EU Personal Information that relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Notices – Incent Address: Level 14, 309 Kent Street, Sydney, NSW, 2000
Attention: Legal Officer
Email: legal@incent.com

SCHEDULE 2
DATA PROCESSING OBLIGATIONS

This Schedule 2 forms part of, and is subject to, the Terms.

1. Processing of EU Personal Information
1.1. During the Term, the Streamer may process EU Personal Information, subject to the Terms, for
the purposes of providing the Services to Incent and in accordance with Incent’s lawful instructions or as otherwise agreed by the parties in writing.
1.2. In the course of providing the Services, the Streamer may process the EU Personal Information
set out in Schedule 1.
1.3. The Streamer will ensure that any employees, personnel, agents or subcontractors authorised by
the Streamer to process EU Personal Information will be subject to an appropriate contractual obligation of confidentiality in relation to that EU Personal Information.
2. Engagement of sub-processors
2.1. The parties agree that the Streamer may engage third parties to process EU Personal Information
on the Streamer’s behalf from time to time (Sub-Processors).
2.2. The Streamer must provide to Incent:
2.2.1. on request by Incent, a list of names of all Sub-Processors currently engaged by the
Streamer; and
2.2.2. 14 days written notice prior to the Streamer engaging any new Sub-Processor.
2.3. Incent may at any time object to the engagement by the Streamer of any new or existing Sub-Processor on reasonable grounds relating to data protection. In such case, the parties will enter into consultation in good faith to reach a resolution. If the parties can’t reach a resolution, Incent may terminate these Terms immediately.
2.4. The Streamer must enter into a written contract with each Sub-Processor which contains
provisions in relation to the processing of EU Personal Information substantially similar to the provisions contained in this Schedule 2 and the Terms.
3. Assistance to be provided by Streamer
3.1. In the event that the Streamer receives a request from:
3.1.1. an individual located within the European Union to exercise any of the individual’s
statutory rights under the GDPR, including the right to access their EU Personal Information; or
3.1.2. data protection authority located in the European Union in relation to any EU Personal
Information,
the Streamer must forward the request to Incent within a reasonable time period and provide Incent with
its cooperation to the extent possible and insofar as reasonable if so required by Incent to enable Incent to comply with the request.
3.2. The Streamer must provide reasonable assistance to Incent to enable Incent to comply with its
obligations under the GDPR, including by providing information reasonably requested by Incent to undertake any data protection impact assessment required under the GDPR.
4. Audit
4.1. The Streamer must make available to Incent on request all information necessary to demonstrate
compliance with these Terms, and agrees to permit Incent, on reasonable notice, during business hours, to inspect any location where EU Personal Information is accessed, used or processed by the Streamer to review the Streamer’s compliance with the Terms.

SCHEDULE 3
STANDARD CONTRACTUAL CLAUSES (PROCESSORS – TRANSFERS)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
THE PARTIES HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1. 1. Definitions
For the purposes of the Clauses:
a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data
subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
b) ‘the data exporter’ means the controller who transfers the personal data;
c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal
data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
d) ‘the subprocessor’ means any processor engaged by the data importer or by any other
subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2. Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
3. Third-party beneficiary clause
1) The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a)
to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third- party beneficiary.
2) The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g),
Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has
12
factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3) The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g),
Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third- party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4) The parties do not object to a data subject being represented by an association or other body if
the data subject so expressly wishes and if permitted by national law.
4. Obligations of the data exporter
The data exporter agrees and warrants:
a) that the processing, including the transfer itself, of the personal data has been and will continue to
be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
c) that the data importer will provide sufficient guarantees in respect of the technical and
organisational security measures specified in Appendix 2 to this contract;
d) that after assessment of the requirements of the applicable data protection law, the security
measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
e) that it will ensure compliance with the security measures;
f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses,
13
unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
i) that, in the event of subprocessing, the processing activity is carried out in accordance with
Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
j) that it will ensure compliance with Clause 4(a) to (i).
5. Obligations of the data importer
The data importer agrees and warrants:
a) to process the personal data only on behalf of the data exporter and in compliance with its
instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the
instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
c) that it has implemented the technical and organisational security measures specified in Appendix
2 before processing the personal data transferred;
d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request,
unless it has been otherwise authorised to do so;
e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of
the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
f) at the request of the data exporter to submit its data processing facilities for audit of the
processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
g) to make available to the data subject upon request a copy of the Clauses, or any existing contract
for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
1
h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its
prior written consent;
i) that the processing services by the subprocessor will be carried out in accordance with Clause
11;
j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the
data exporter.
6. Liability
1) The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2) If a data subject is not able to bring a claim for compensation in accordance with paragraph 1
against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become Insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3) If a data subject is not able to bring a claim against the data exporter or the data importer referred
to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become Insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
7. Mediation and jurisdiction
1) The data importer agrees that if the data subject invokes against it third-party beneficiary rights
and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the
supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is
established.
2) The parties agree that the choice made by the data subject will not prejudice its substantive or
procedural rights to seek remedies in accordance with other provisions of national or international law.
8. Cooperation with supervisory authorities
15
1) The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so
requests or if such deposit is required under the applicable data protection law.
2) The parties agree that the supervisory authority has the right to conduct an audit of the data
importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3) The data importer shall promptly inform the data exporter about the existence of legislation
applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
9. Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
10. Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
11. Subprocessing
1) The data importer shall not subcontract any of its processing operations performed on behalf of
the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
2) The prior written contract between the data importer and the subprocessor shall also provide for a
thirdparty beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become Insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3) The provisions relating to data protection aspects for subprocessing of the contract referred to in
paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4) The data exporter shall keep a list of subprocessing agreements concluded under the Clauses
and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
12. Obligation after the termination of personal data processing services
1) The parties agree that on the termination of the provision of data processing services, the data
importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that
16
case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2) The data importer and the subprocessor warrant that upon request of the data exporter and/or of
the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed by the parties.
Data exporter: The data exporter is the entity identified as “Incent” in the Terms and to which these Clauses are included as Schedule 3.
Data importer: The data importer is the entity identified as the “Streamer” in the Terms and to which these Clauses are included as Schedule 3. The Streamer provides the Services (as that term is defined in the Terms), during the course of which EU Personal Information (as that term is defined in the Terms) may be processed upon the instruction of Incent in accordance with the Terms.
Data subjects: The personal data transferred concern the categories of data subject as detailed in Schedule 1 of the Terms.
Categories of data: The personal data transferred concern the categories of data as detailed in Schedule 1 of the Terms.
Special categories of data (if appropriate): The personal data transferred concern the special categories of data as detailed in Schedule 1 of the Terms.
Processing operations: The personal data transferred concern will be subject to the basic processing activities as detailed in Schedule 2 of the Terms.

Appendix 2 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached): The Streamer must implement the technical and organisational security measures as detailed in clause 10 of the Terms.
Appendix 3 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed by the parties.
This Appendix sets out the parties’ interpretation of their respective obligations under specific Clauses identified below. Where a party complies with the interpretations set out in this Appendix, that party shall be deemed by the other party to have complied with its commitments under the Clauses.
Clause 11: Sub-processing
17
The parties acknowledge that the data exporter has provided a general consent to the data importer, in accordance with clause 2 of Schedule 2, to engage sub-processors. Such consent is conditional on the data importer complying with the requirements set out in the Terms.