Data Processing Agreement

This Channel Partner Data Protection Addendum (Addendum) sets out the data protection obligations between an approved channel partner (Partner) and Life on Life LLC in connection with the 115.1 platform.

Partner: [Insert Organisation Name]

Life on Life: Life on Life LLC, a Delaware limited liability company with its place of business at 614 N. DuPont Hwy., Suite 210, Dover, DE 19901

Effective Date: [Insert Date]

1. Background

1.1. Life on Life owns and operates an invite-only, disciple-making communication platform called 115.1 (Platform) on which users can interact with each other and opt in to channels established by approved organisations. The Partner wishes to establish a channel on the Platform (Channel), in connection with which the Partner may invite individuals associated with it to join and use the Platform and to participate in the Channel.

1.2. The parties have determined that, in respect of certain processing operations described in this Addendum, they jointly determine the purposes and means of the processing of personal data. This Addendum sets out the respective obligations, responsibilities and liability of the parties in relation to such joint processing and data protection.

1.3. The parties acknowledge that this Addendum does not extend to processing operations outside of the Joint Processing (as defined below) and/or in respect of which either party is an independent controller.

2. Definitions and interpretation

2.1. In this Addendum, unless the context otherwise requires:

Adequate Territory means any country or territory deemed to provide an adequate level of protection of personal data under the Data Protection Laws.
Confidential Information means all non-public information disclosed by one party to the other, including business plans, technical data, security measures, pricing, and personal data, but excluding information that: (a) is or becomes publicly available through no breach of this Addendum; (b) was rightfully known prior to disclosure; or (c) is independently developed without use of the other party's information.
Data Protection Laws means any applicable law or regulation relating to the processing, privacy and use of personal data, as applicable to either party or the Platform, including without limitation (to the extent applicable): (i) the EU General Data Protection Regulation (2016/679) and/or EU Privacy and Electronic Communications Directive (2002/58/EC) and any laws or regulations which implement or supplement any such laws in an applicable jurisdiction; (ii) the UK Data Protection Act 2018, the UK GDPR (as defined in s. 3 of the UK Data Protection Act 2018) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended); and (iii) federal privacy laws of, or state specific privacy laws in, the United States of America.
EU Standard Contractual Clauses means the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679, Module 1, approved by Commission Implementing Decision (EU) 2021/914, of 4 June 2021, and any new, revised or updated versions of such standard contractual clauses or similar such contracts issued under the Data Protection Laws from time to time.
Joint Processing has the meaning given to it in clause 3.2.
Standard Contractual Clauses means (as applicable) the EU Standard Contractual Clauses, the UK IDTA, any new, revised or updated versions of such standard contractual clauses, and/or similar such standard contractual contracts in an applicable jurisdiction issued under the Data Protection Laws from time to time for transfers of personal data outside a particular jurisdiction.
UK IDTA means the EU Standard Contractual Clauses as amended and supplemented by the UK ICO's International Data Transfer Addendum to the EU Commission Standard Contractual Clauses which entered into force on 21 March 2022, any new, revised or updated versions of such standard contractual clauses or addendum or similar such contracts issued by the UK ICO or other UK supervisory authority.
The terms “controller,” “processor,” “data subject,” “personal data,” “personal data breach,” “processing” (including its correlative forms such as “process”), “special categories of personal data”, and/or “supervisory authority” shall have the respective meanings given to them or their cognates under the Data Protection Laws, unless otherwise expressly defined in this Addendum or the context otherwise requires.
References to this Addendum include its schedules and any appendices or annexes to those schedules.

3. Scope of this Addendum

3.1. This Addendum sets out the respective obligations, responsibilities and liability of the parties in respect of data protection, including without limitation the Joint Processing.

3.2. The “Joint Processing” activities to which this Addendum applies are set out in Schedule 1.

3.3. This Addendum does not apply to processing activities outside of the Joint Processing and/or in respect of which either party acts as an independent controller. Each party shall be solely responsible for its compliance with Data Protection Laws in respect of such independent processing. Without limiting the generality of this clause 3.3:

3.3.1. Life on Life is the sole and independent controller in respect of:

(i) platform-wide analytics and aggregate reporting carried out for Life on Life's own product improvement and ministry and ‘good news’ promotion and publicity purposes;

(ii) any anonymisation or aggregation of user data across different channels or across the Platform generally;

(iii) the processing of personal data relating to Platform functionality, security, fraud prevention, and the enforcement of the Platform's terms of use;

(iv) the maintenance and administration of user accounts on the Platform; and

(v) any other processing activity by Life on Life which does not relate specifically to the Channel or which the Partner has no part in determining; and

3.3.2. the Partner is the sole and independent controller in respect of:

(i) the collection, storage and use of personal data by the Partner outside the Platform, including any use the Partner makes of information obtained from or through the Channel for its own purposes;

(ii) the Partner's own records relating to Channel users maintained independently of the Platform; and

(iii) any other processing activity in respect of personal data by the Partner that is not carried out through or in connection with the Platform.

4. Allocation of responsibilities for joint processing activities

Transparency and notice

4.1. Life on Life shall be primarily responsible for providing data subjects with any transparency information required under the Data Protection Laws in respect of the Joint Processing through the Platform's privacy notice.

4.2. The Partner shall be responsible for providing adequate transparency information to individuals whom it invites to join the Platform, at or before the point of invitation. Such information shall include, at a minimum: (i) the identity of the Partner as a joint controller with Life on Life; (ii) the purposes for which the Partner is inviting the individual to join the Platform and the Channel; (iii) a link or reference to the Platform's privacy notice; and (iv) the individual's right to decline the invitation without adverse consequence.

4.3. The Partner shall not make any representations to data subjects regarding the processing of their personal data on the Platform that are inconsistent with the Platform's privacy notice, terms of use/service or this Addendum.

Lawful basis

4.4. Each party shall be responsible for ensuring that it has a valid legal basis under the Data Protection Laws for the Joint Processing.

4.5. Where the Joint Processing relies on the consent of the data subject, Life on Life shall be responsible for the mechanism by which consent is obtained through the Platform, and the Partner shall be responsible for ensuring that any consent obtained outside the Platform (including at the point of invitation) meets the requirements of Data Protection Law.

Data subject rights

4.6. Life on Life shall act as the primary contact point for data subjects wishing to exercise their rights under Data Protection Law in respect of the Joint Processing. Life on Life's contact details shall be made available to data subjects through the Platform's privacy notice.

4.7. If a party receives a data subject request that relates (in whole or in part) to processing for which the other party is responsible or is a joint controller, the receiving party shall:

(i) promptly, and in any event within 3 business days of receipt, notify the other party of the data subject request and provide such details as are reasonably necessary to enable the other party to respond;

(ii) provide such reasonable assistance as the other party may require in order to comply with the data subject request within the applicable time limits under the Data Protection Laws; and

(iii) not respond to the data subject request in a manner that is inconsistent with this Addendum or the other party's obligations under Data Protection Law without first consulting the other party.

Security

4.8. Each party shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with the Data Protection Laws, in respect of the personal data it processes under or in connection with this Addendum.

4.9. Life on Life shall be primarily responsible for the security of personal data processed through the Platform infrastructure. The Partner shall be responsible for the security of any access credentials issued to it or its personnel in connection with the Channel, and for ensuring that access to the Channel is limited to authorized individuals within its organization.

Records of processing activities

4.10. Each party shall maintain its own separate record of processing activities in respect of the Joint Processing in accordance with the Data Protection Laws. Each party shall, upon reasonable request of the other party, share their respective records of processing activities in respect of the Joint Processing with the other party.

5. Life on Life obligations

5.1. Life on Life undertakes that:

5.1.1 it shall maintain technical and organizational security standards in respect of the Platform and the Joint Processing no less secure than those set out in Schedule 2;

5.1.2 it shall not use personal data obtained by way of the Channel or Joint Processing for any purpose other than the purposes set out in this Addendum, Schedule 1, and/or the Platform's privacy notice or terms of use/service; and

5.1.3 it shall provide the Partner, upon reasonable request having received reasonable prior written notice, with such information in the possession or under the control of Life on Life as is reasonably necessary for the Partner to demonstrate compliance with its obligations under Data Protection Law in respect of the Joint Processing.

5.2. Life on Life may use user-generated content in relation to the Channel for newsletters, promotional materials, case studies, and other purposes, provided such content has been fully anonymized such that it can no longer identify any data subject, either directly or indirectly, in accordance with Data Protection Laws. Life on Life may generate, use, and publicly disclose aggregated statistical information and metrics about the Platform (including number of users, usage patterns, growth metrics, and activity levels), provided such information is presented in aggregate form and cannot be used to identify any individual user.

6. Partner obligations

The Partner warrants and undertakes that:

6.1. it has a lawful basis under the Data Protection Laws for inviting individuals to join the Platform and the Channel and for any personal data it provides to Life on Life in connection with such invitations;

6.2. it shall not invite individuals to join the Platform or the Channel for any purpose that is incompatible with the purposes set out in Schedule 1 or the Platform's privacy notice or terms of use/service;

6.3. it shall comply with all applicable provisions of the Data Protection Laws in respect of the Joint Processing (including in respect of its role as a joint controller);

6.4. it shall promptly notify Life on Life of any circumstances that may affect the lawfulness or appropriateness of the Joint Processing;

6.5. it shall not use the Channel or any Channel data for any purpose that is unlawful, discriminatory, or otherwise in breach of the Data Protection Laws or the Platform's terms of use and privacy notice; and

6.6. it shall provide Life on Life, upon reasonable request having received reasonable prior written notice, with such information in the possession or under the control of the Partner as is reasonably necessary for Life on Life to demonstrate compliance with its obligations under Data Protection Law in respect of the Joint Processing.

7. Data breach notification; cooperation with supervisory authorities; other

7.1. Each party shall notify the other without undue delay, and in any event within 72 hours, upon becoming aware of a personal data breach that affects or may affect personal data processed under the Joint Processing.

7.2. Life on Life shall be primarily responsible for: (i) the notification of a personal data breach to the relevant supervisory authority to the extent the breach relates to processing carried out through the Platform infrastructure; and (ii) the communication of a personal data breach to affected data subjects where the breach relates to Platform-hosted data.

7.3. The Partner shall be responsible for any notifications required under Data Protection Law in respect of a personal data breach to the extent caused by the Partner's acts or omissions, or to the extent the breach relates to personal data held by the Partner outside the Platform.

7.4. Each party shall provide the other with such reasonable cooperation and assistance as is reasonably necessary to comply with data breach notification requirements under the Data Protection Laws.

7.5. Each party shall cooperate with the relevant supervisory authority under the Data Protection Laws in the performance of its tasks. Each party shall promptly notify the other if it receives an inquiry, complaint, or investigation notice from a supervisory authority that relates (in whole or in part) to the Joint Processing.

7.6. Neither party will “sell,” make available or otherwise disclose any personal data in respect of Joint Processing to any third party for valuable consideration, or “share” any personal data in respect of Joint Processing, as the terms “sell” and “share” are defined by applicable U.S. state Data Protection Laws.

8. International transfers

8.1. Neither party shall transfer personal data processed under the Joint Processing to a country or territory other than an Adequate Territory unless such transfer is made in compliance with the Data Protection Laws, including by ensuring that appropriate safeguards are in place.

8.2. Any transfer of (including remote access granted to) personal data processed under the Joint Processing Activities from the Partner within the UK, the European Economic Area or Switzerland to Life on Life in a country or territory outside the UK, the European Economic Area or Switzerland (which is not an Adequate Territory) shall be pursuant to the Standard Contractual Clauses as applicable pursuant to Schedule 3. In the event of any conflict between this Addendum and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

8.3. Where the Data Protection Laws of any other applicable jurisdiction apply in respect of the transfer of personal data between the parties in connection with the Joint Processing, the parties shall cooperate and use all reasonable endeavors to implement such appropriate data transfer mechanism, including any standard contractual clauses, as may be reasonably required under such laws (whether in addition to or substitution of the Standard Contractual Clauses which apply pursuant to Schedule 3).

9. Liability and remedies

9.1. Life on Life's total aggregate liability in contract, tort (including negligence and breach of statutory duty), misrepresentation (whether innocent or negligent), restitution or otherwise howsoever arising, arising out of or related to this Addendum shall not exceed: (a) one United States Dollar ($1) if any services relating to establishing a Channel are provided without charge; or (b) the lesser of fifty thousand United States Dollars ($50,000) or the amount of the service fees actually received by Life on Life in the 12 months immediately preceding the breach, if any fees are charged for the services relating to establishing a Channel.

9.2. Neither party shall be liable in contract, tort (including negligence and breach of statutory duty), misrepresentation (whether innocent or negligent), restitution or otherwise howsoever arising, for: (i) any loss (whether direct or indirect) of profits, business, business opportunities, revenue, turnover, reputation or goodwill; (ii) any loss or corruption (whether direct or indirect) of data; (iii) loss (whether direct or indirect) of anticipated savings or wasted expenditure (including management time); (iv) any loss or liability (whether direct or indirect) under or in relation to any other contract; or (v) any indirect, incidental, special, consequential or punitive damages.

9.3. Life on Life shall not be liable for any losses (whether direct or indirect) arising from or attributable to: (a) acts of God, natural disasters, war, terrorism, pandemics, cyber-attacks, DDoS attacks, ransomware attacks, or other events beyond Life on Life's reasonable control; (b) the Partner's negligence, willful misconduct, or failure to comply with its obligations under Data Protection Laws, applicable law or this Addendum; (c) failures or security breaches of processors or subprocessors where Life on Life has taken reasonable steps to ensure appropriate safeguards; or (d) scheduled maintenance or service disruptions that do not exceed 24 cumulative hours per calendar year.

9.4. EXCEPT AS EXPRESSLY SET FORTH IN THIS ADDENDUM, LIFE ON LIFE MAKES NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, INCLUDING OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT WHETHER RELATING TO THE PLATFORM, ANY SERVICES IN CONNECTION THEREWITH OR OTHERWISE HOWSOEVER ARISING. WITHOUT PREJUDICE TO THE GENERALITY OF THE FOREGOING LIFE ON LIFE DOES NOT WARRANT OR REPRESENT THAT THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.

9.5. THE LIMITATIONS AND EXCLUSIONS IN THIS CLAUSE 9 CONSTITUTE THE PARTIES SOLE AND EXCLUSIVE REMEDIES FOR ANY BREACH OF THIS ADDENDUM.

9.6. Notwithstanding any other provision of this clause 9, neither party excludes or limits liability to the other party for: (i) fraud; (ii) death or personal injury caused by negligence; or (iii) any other matter for which it would be unlawful for the parties to exclude liability.

9.7. A party shall have no liability for a claim arising out of this Addendum (other than a claim for any unpaid service fees) unless the claimant notifies the other party of its intention to make a claim within the notice period. The notice period shall start on the day on which the claimant became, or ought reasonably to have become, aware of its having grounds to make a claim and shall expire 12 months from that date. The notice must be in writing and must provide such information as is available to the claimant to reasonably identify the nature and scope of the claim.

9.8. The Partner shall indemnify and hold harmless Life on Life from and against any liabilities, damages, losses, fines, expenses and costs (including all interest, penalties, reasonable legal costs and reasonable professional costs and expenses) it incurs or suffers arising out of or in connection with any breach by the Partner of its obligations under this Addendum or, in relation to the Joint Processing, the Data Protection Laws (including any claim by a data subject arising from the Partner's acts or omissions in connection with the Joint Processing).

10. Term and termination

10.1. This Addendum shall come into effect on the Effective Date and shall remain in force for as long as the Partner operates a Channel on the Platform or as long as the personal data relating to the Joint Processing is processed, whichever is longer.

10.2. Either party may terminate this Addendum by giving not less than 30 days' prior written notice to the other party.

10.3. Either party may terminate this Addendum with immediate effect upon written notice to the other party if (i) the other party commits a material breach of this Addendum which is not capable of remedy, or which (if capable of remedy) is not remedied within 30 days of receiving written notice requiring its remedy; (ii) a supervisory authority issues an order or decision that prevents or materially restricts the continuation of the Joint Processing; or (iii) the other party undergoes a change of control, enters into insolvency proceedings, or ceases to carry on business or operations.

10.4. Life on Life may suspend the Partner's Channel and/or access to the Platform immediately if: (a) the Partner fails to pay services fees (if any) within the time given for payment; or (b) Life on Life reasonably believes the Partner is using the Channel and/or the Platform for unlawful purposes and/or in breach of Life on Life's privacy notice or terms of use/service from time to time.

10.5. Upon termination of this Addendum for any reason: (i) the Partner's Channel shall be deactivated and the Partner's access to the Channel and any Channel Data through the Platform shall cease; and (ii) clauses 9, 10, 11, 13, 14, 15, and 16 shall survive termination. For the avoidance of doubt, termination of this Addendum shall not affect Life on Life's independent controllership of personal data relating to users who remain registered on the Platform following deactivation of the Channel.

11. Intellectual property; modifications to platform

11.1. The Partner acknowledges and agrees that Life on Life retains and is the sole and exclusive owner of all right, title and interest in and to the Platform, including any and all intellectual property rights therein. The Partner shall have no rights in or to the Platform or Channel other than pursuant to Life on Life's or the Platform's terms of use or other end user licence agreement or terms of service which may apply from time to time. Nothing in this Addendum shall be construed as transferring any right, title or interest, including any intellectual property rights, between the parties.

11.2. Life on Life reserves the right in its sole discretion to modify, update, or otherwise alter the Platform from time to time.

12. Force majeure

12.1. Neither party shall be liable for any failure or delay in the performance of its obligations under this Addendum for so long as and to the extent that such delay or failure results from events, circumstances or causes beyond its reasonable control, including without limitation acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, pandemics, epidemics, cyber-attacks, DDoS attacks, ransomware attacks, other malicious cyber activity, strikes, or shortages of transportation, facilities, fuel, energy, labour or materials. If the period of delay or non-performance continues for 60 days, the party not affected may terminate this Addendum by giving not less than 10 days' prior written notice to the affected party.

13. Governing law and jurisdiction

13.1. This Addendum shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of laws provisions.

13.2. Each party irrevocably submits to the exclusive jurisdiction of the state and federal courts located in the State of Delaware for any disputes arising out of or in connection with this Addendum, and waives any objection based on inconvenient forum or lack of personal jurisdiction.

14. Confidentiality

14.1. Each party shall: (a) keep the other party's Confidential Information secret and confidential and shall apply the same degree of care it uses to protect its own confidential information to the Confidential Information, but in no event less than reasonable care; (b) not disclose Confidential Information to third parties except as permitted by this Addendum; and (c) use Confidential Information only for purposes of performing its obligations under this Addendum.

14.2. Either party may disclose Confidential Information: (a) to its officers, employees, contractors, subcontractors and/or professional advisors who need to know such Confidential Information for that party to perform its obligations under or in connection with this Addendum and are bound by confidentiality obligations; and (b) as required by law or court order, provided the disclosing party gives reasonable notice to allow the other party to seek protective measures.

14.3. These confidentiality obligations shall survive termination of this Addendum.

15. General provisions

15.1. This Addendum constitutes the entire agreement between the parties and supersedes and extinguishes all previous and contemporaneous agreements, promises, assurances and understandings between them, whether written or oral, relating to its subject matter. Each party acknowledges that in entering into this Addendum it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Addendum.

15.2. This Addendum may only be amended by written agreement signed by both parties. Notwithstanding the foregoing, each party may by written notice to the other party propose any variations to this Addendum which that party reasonably considers to be necessary to address the requirements of the Data Protection Laws. The parties shall discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in the notice as soon as reasonably practicable.

15.3. If any provision or part-provision of this Addendum is or becomes invalid, illegal or unenforceable, it shall be deleted, but that shall not affect the validity and enforceability of the rest of this Addendum.

15.4. A waiver of any right or remedy is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy. A delay or failure to exercise, or the single or partial exercise of, any right or remedy does not waive that or any other right or remedy, nor does it prevent or restrict the further exercise of that or any other right or remedy.

15.5. Neither party may assign this Addendum without the other party's prior written consent, except that Life on Life may assign this Addendum to a successor entity in connection with a merger, acquisition, or sale of all or substantially all of its assets.

15.6. All notices under this Addendum shall be in writing and delivered to the addresses set out in clause 16, or to such other address as either party may designate by notice to the other party from time to time.

15.7. Unless expressly provided otherwise, each party shall perform its obligations under this Addendum at its own cost.

15.8. This Addendum may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one instrument.

15.9. Each party may provide this Addendum to a supervisory authority or regulator if required by applicable law.

16. Contact information

Each party's contact details for questions about this Addendum or data protection matters is as follows:

Life on Life LLC

Email: support@115.one

Address: 614 N. DuPont Hwy., Suite 210, Dover, DE 19901, United States

Schedule 1 – Description of joint processing

1. Collection and processing of new user data

1.1 Data subjects
Individuals who are invited by the Partner to join the Platform and who register as new users.

1.2 Categories of personal data
Contact information (name, email address, phone number); profile information (display name, profile photo, location at country or region level); account credentials (hashed passwords, authentication tokens); device information (device type, operating system, IP address); special category data: religious beliefs and faith affiliation.

1.3 Purposes of processing
Creating the user's Platform account; associating the user with the Partner's Channel; enabling the user to access and interact with the Platform and the Channel; verifying the user's identity and eligibility.

1.4 Retention
For the duration of the user's Platform account, subject to the Platform's retention policy as set out in the privacy notice.

2. In-Channel processing

3.1 Data subjects
Channel users/subscribers.

3.2 Categories of personal data
User-generated content posted within the Channel; interaction data (reactions, comments, group memberships); Channel-specific profile information; metadata (timestamps, read receipts where applicable); special category data: religious beliefs and faith practice as disclosed through participation in Channel content.

3.3 Purposes of processing
Enabling Channel users/subscribers to communicate and interact within the Channel; hosting and displaying user-generated content; managing Channel membership and access permissions; providing Channel administration tools to the Partner.

3.4 Retention
For the duration of the user's participation in the Channel, or the Channel's existence, whichever ends first, subject to the Platform's retention policy and applicable law.

3. Channel reporting and analytics

3.1 Data subjects
Channel users.

3.2 Categories of personal data
Aggregated and (where applicable) pseudonymised usage data, including [•], and other analytics data as made available through the Platform's reporting tools.

3.3 Purposes of processing
Providing the Partner with insight into the activity and engagement within its Channel.

3.4 Retention
Analytics data shall be retained in accordance with the Platform's retention policy. Upon termination of this Addendum, historical reports already provided to the Partner may be retained by it subject to Partner's compliance with Data Protection Law.

Schedule 2 – Technical and organisational security measures

1. Technical measures

Encryption: TLS encryption for data in transit; encryption at rest for stored data.
Access controls: VPN-gated access via WireGuard; SSH key-based authentication only; bastion host architecture.
Network security: Defence-in-depth approach; cloud security groups; OS-level firewalls; private network segmentation.
Secrets management: SOPS encryption for secrets in version control; Docker secrets for secure application access.
Backups: Encrypted backups with versioning enabled; disaster recovery replication.
Immutable infrastructure: Fedora CoreOS with monthly security updates; redeployment rather than in-place updates.

2. Organisational measures

Access management: Strict separation between development and production; production access limited to authorised personnel only.
Audit logging: Comprehensive logging of user actions and infrastructure access; log retention per data retention policies.
Incident response and monitoring: External cybersecurity specialist oversight; AI-driven Security Information and Event Management (Elastic SIEM) for 24/7 monitoring; Laravel Nightwatch for application monitoring; Sentry for error logging and monitoring; threat detection and response procedures.
Staff training: Confidentiality obligations for all personnel with data access; security awareness training.
Change management: Git flow process; controlled deployments; CI/CD pipeline with security checks.

3. Data minimisation and retention

Only essential personal data is collected and processed.
Account deletion processes in place (60-day deletion schedule).
Data retention aligned with service requirements and legal obligations.

Schedule 3 – Standard contractual clauses

Part 1 – Data transfers outside the EU/EEA

1. Where Partner transfers or otherwise makes available personal data in connection with the Joint Processing to Life on Life in a country or territory outside of the EEA which is not an Adequate Territory, Module I of the EU Standard Contractual Clauses shall apply and is hereby deemed to be incorporated into this Schedule and the Addendum, and the parties' signatures in and to this Addendum shall be construed as the parties' signatures to the EU Standard Contractual Clauses and this Schedule. In the event of an inconsistency between the Addendum, this Schedule and the EU Standard Contractual Clauses, the EU Standard Contractual Clauses will prevail.

2. The optional provisions of Module I of the EU Standard Contractual Clauses shall be construed as follows:

Clause 7 (Docking Clause): shall not apply.
Clause 11: The optional wording/clause shall not apply.
Clause 13a (Supervision): [to be completed with the relevant EU supervisory authority based on the location of the Partner at the point of signing].
Clause 17 (Governing Law): the law of [to be completed with the relevant EU member state law based on the location of the Partner at the point of signing].
Clause 18b (Choice of Forum and Jurisdiction): the courts of [to be completed with the relevant EU member state jurisdiction based on the location of the Partner at the point of signing].

Note: Clauses 13a, 17 and 18b are completed in the individually executed version of this Addendum based on the location of the relevant EU-based Partner.

The categories of data subjects and personal data transferred, and the technical and organisational measures, are as set out in Schedules 1 and 2 respectively.

Annex I to Part 1 of Schedule 3

A. List of parties

Data exporter(s): Partner established in the EEA.

Activities relevant to the data transferred under these Clauses: See Schedule 1 of the Addendum.

Signature and date / Role: Please refer to the signature block and date in the Addendum.

Role: Controller

Data importer(s): Life on Life not established in the EEA (or an Adequate Territory).

Activities relevant to the data transferred under these Clauses: See Schedule 1 of the Addendum.

Signature and date / Role: Please refer to the signature block and date in the Addendum.

Role: Controller

B. Description of transfer

Categories of data subjects whose personal data is transferred