Privacy Policy

We respect your privacy and protect customer data.

Privacy Policy Last Updated: Dec, 2024 We at UnifiedBridge Limited (“UnifiedBridge,” “us,” “our,” or “we“) respect your privacy. This Privacy Policy (“Privacy Policy“) governs the processing and transfer of Personal Data collected in connection with our products and services, available at: UnifiedBridge.com (the “Website“) and all other services provided by UnifiedBridge, whether via our Website or otherwise, including extensions, adaptations, improvements, and applications hereto, whether existing now or hereafter devised (referred collectively as the “Services“), to each person (“User” or “You“) accessing or using our Website or the Services. This Privacy Policy does not, however, apply to the handling of your information as UnifiedBridge’s employee, consultant, or applicant and does not cover information collected, used, or processed by third parties.

This Privacy Policy incorporates by reference the most current version of our Terms of Service (“Terms of Service”) This Privacy Policy describes how we collect and use your information and the rights and options available to you concerning such information. By accessing and using our Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

Please be aware that you are not obligated to provide us with any information or data. However, if you choose to use, interact with our Website, register for UnifiedBridge’s Services, or otherwise provide us with the information described below, whether directly or indirectly, you expressly agree to the use of such information by this Privacy Policy. You may not use the Services, Website, or submit any data through them if you do not agree to any of the terms of this Privacy Policy.

1. What Information Is Collected About Me?

UnifiedBridge collects Personal and Non-Personal Data from the User in several different ways and at several different points throughout our Services. “Personal Data” means any information that identifies or can be used to identify a natural person, including, but not limited to, first and last name, phone number, email address, IP address, billing information, etc. 1.1. Non-Personal Data We may collect Non-Personal Data regarding Users concerning their use of the Website and Services, including, but not limited to, the scope, frequency, latency, pages accessed, access time and dates, amount of time spent on particular pages, activity and movements, browser type, browser version, and other technical information. This information is anonymous and does not personally identify you or any particular User. 1.2. Personal Data When you interact with our Website or use our Services, we may collect additional information, such as session durations, page impressions, and Internet Protocol (IP) address. When you choose to register for an account as part of our Services, you may be asked to provide certain Personal Data, such as your full name, country of residence, phone number, email address, etc. We may also collect information about how you use our Website and Services. If you are making a payment, you may be asked to provide certain Personal Data about you and your transaction. This may include your billing address, date of birth, payment method, credit or debit card number, bank account information, and any additional necessary information required to process your transaction. When required by law (including anti-money laundering and anti-terrorism financing laws and regulations), you may be asked to verify your information either directly or using identity verification providers. Please be aware that you have no legal obligation to provide us with any Personal Data, and the submission of such information is entirely subject to your discretion and consent. However, if you do not provide us with the required information, we may not be able to provide you with some or all of the Services requested by you. UnifiedBridge’s use of this Personal Data is governed by the terms and conditions of this Privacy Policy. You hereby acknowledge and agree that by interacting with our Website or joining our Services, you expressly consent to provide UnifiedBridge with such Personal Data.

If you wish to rescind the foregoing consent, you may do so by contacting us at: [email protected]. Please be aware that in the case you revoke or rescind your consent, we may not be able to provide you with some or all of our Services.

2. How Do We Collect the Information?

UnifiedBridge collects Personal and Non-Personal Data from the Users in several different methods and at several different points through our Services, including but not limited to: 2.1. Direct Interaction with Users When registering an account, making a payment, requesting support, submitting questions and queries, accessing or utilizing our Website and Services, corresponding with us via email, phone, or otherwise, you may provide us with Personal and Non-Personal Data. Please be aware that you have no legal obligation to provide us with any Personal Data, and the submission of such information is entirely subject to your discretion and consent. However, if you do not provide us with the required information, we may not be able to provide you with some or all of the Services requested by you. 2.2. Cookies We may also use “Cookies” to automatically collect information through our Website or Services. Cookies are essentially small pieces of data written to your computer, tablet, mobile phone, or other devices (referred to collectively as a “device “) by our webserver to allow us to record certain pieces of information whenever you visit or interact with our Website or Services and to recognize you across devices, customize our Services and mitigate risk and prevent fraud. Many internet browsers are automatically programmed to accept cookies. You may change your browser settings to either reject cookies or notify you when a cookie is about to be placed on your computer. However, rejecting cookies while using the Website or Services may result in certain parts of the Website operating incorrectly or not as efficiently as if they were allowed.

3. How Does UnifiedBridge Use Your Information?

Non-Personal Data is used mainly for analysis and to constantly improve and maintain our Website and Services, including among others, for ensuring the technical functioning of our Website and Services, gathering demographic information about our Users, measuring and understanding the level of engagement to our Services, generate reports related to access and use of our Services, to help prevent fraudulent use of our Services, and to provide a more personalized experience. To make our website and certain Services available to you or to meet a legal obligation, UnifiedBridge may need to use the Personal Data you knowingly provide us. Personal Data may be processed and used for one or more of the following purposes: • Create and Manage User accounts. • Operate, maintain, and provide Users with Services. • Allow Users to interact with our systems and Services. • Communicate information to Users, including concerning Services or new features, or products. • Respond to inquiries and offer support. • Send administrative, marketing, and promotional communications to Users. • Process and execute your transactions, billing you for our Services and other related activities, including mandate payments, fees. • Enhance, upgrade, or modify the Website or Services, and create new features, products, and services, including customization of our Services based on your preferences. • Enforce UnifiedBridge’s Terms of Service and policies. • Protect UnifiedBridge or third parties’ legitimate rights, interests, property, or safety, including, among others, protecting our Services from potential harmful, unlawful, illegal, or abusive activities, fraud and spam, or any other use of the Services that is not permitted hereunder or under our Terms of Service. • To comply with legal or regulatory obligations, to respond to authorized authorities’ inquiries or other requests as required by applicable laws and regulations and when we believe in good faith that disclosure is necessary to protect our rights, investigate and fight against fraud and unlawful or abusive activity or comply with applicable laws and regulations.

4. With Whom Do We Share Your Information?

UnifiedBridge does not sell, rent, or lease its Users’ Data to third parties. We may share your Data with trusted third parties for the purposes described in this Privacy Policy, including providing you with the Services you have requested as described hereafter: 4.1. Non-personal data, aggregate, and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. 4.2. Personal Data may be shared as follows: 4.2.1. We may share your Data with third parties based on your express consent or instructions to do so. 4.2.2. We may share your Personal Data with third-party service providers whom we employ to perform tasks on our behalf, in connection with the provision of the Website or Services, as well as concerning conducting our business and expanding our business. 4.2.3. We may share your Personal Data with third-party vendors as required to provide you with our Services, trace, track, and prevent unlawful, harmful, or illegal acts with respect to our Services. 4.2.4. We may share your Data as we believe necessary or appropriate to enforce our Terms of Service, Privacy Policy, and other agreements, and to protect our rights, privacy, safety, property or for legal compliance with applicable laws and regulations, to conform to the edicts of the law or comply with legal process served on UnifiedBridge, including taking necessary precautions against legal liability, protecting our material interests or the material interests of Users or third parties. 4.2.5. We may share your Data in case of a sale of all or subnational parts of our assets, including, among others, as part of a reorganization, purchase, merger, or any other similar event, in which the Personal Data held by UnifiedBridge about you is among the assets transferred. Notwithstanding other provisions of this Privacy Policy, and in addition to the foregoing, you hereby authorize us, and we expressly reserve the right to disclose or otherwise share your Data to law enforcement agencies, regulatory or governmental bodies, or third parties for legal compliance with applicable laws and regulations, to conform to edicts of the law or under authorize authorities queries or other requests, such as a subpoena, search warrant, court order, or similar legal process, and when we believe in good faith that disclosure is necessary to protect and defend our rights or property, investigate fraud or wrongdoing in connection with our Website or Services, protect the personal safety of the Users of our Services or the public. Such disclosure of information may occur with or without notice to you.

5. Lawful Basis for the Processing of Your Information

To provide you with our Website or Services, it might be necessary to process your Data. The legal basis for processing the Personal Data described above may vary based on the data concerned and the context in which it is collected, which includes, but is not limited to: (a) Your consent to collect and process Personal Data; (b) performance of a contract with you. (c) our legitimate interests or the legitimate interests of a third party. (d) payment processing purposes (e) necessary for compliance with legal obligations to which UnifiedBridge is subject. You may revoke or rescind your consent, at any time, by contacting us at: [email protected]. Please be aware that the processing of the data you provide is essential for the provision of our Services and for compliance with regulatory requirements applicable to the telecommunications sector. In the case you revoke or rescind your consent to such processing of Personal Data, we may not be able to provide you with some or all of our Services.

6. For How Long Do We Store Your Personal Information?

UnifiedBridge will retain your Personal Data for the period necessary to comply with our legal or regulatory obligations, resolve disputes, fulfil our business purposes, and enforce our Terms of Service and policies. We may retain your Personal Data for a longer period than required by law if it is in our legitimate business interests and not prohibited by law.

7. Will UnifiedBridge Transfer My Personal Data Internationally?

Your information, including Personal Data, is processed at UnifiedBridge’s offices and in any other location where our trusted partners and third-party services are involved in the processing. Thus, Personal Data collected from Users within the European Economic Area (“EEA”) may be transferred to countries outside of the EEA for the purposes described in this Privacy Policy. If you are a resident of the European Economic Area (“EEA”), we will take appropriate measures to ensure that your information receives an adequate level of data protection upon its transfer outside of the EEA. If you are a resident of a jurisdiction where the transfer of your Personal Data requires your consent, then your consent to this Privacy Policy includes your express consent for such transfer of your data. 8. Your Rights concerning Personal Data If you are a resident of the EEA, you have certain data protection rights. UnifiedBridge aims to protect those rights and take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. • Right of Access – If we are processing your Personal Data, you have the right to ask for a copy of that Personal Data (along with certain other details). • Right of Rectification – If your Personal Data is inaccurate or incomplete, you have the right to request to have it rectified or completed. • Right to Erase – In accordance with applicable law, you might have the right to request that we delete or remove your Personal Data, under certain circumstances. In those cases, UnifiedBridge will delete that Personal Data unless it is required by law to retain it or needed to protect its legitimate interests. • Right to Restrict Processing – By applicable law, you might have the right to seek restriction on the processing of your Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to UnifiedBridge processing it. If you ask to do so, we may store your Personal Data, but we will not process it further. • Right to Object – By applicable law, you might have the right to object to UnifiedBridge’s processing of your Personal Data. However, if we are relying on a legitimate interest to process your Data and we demonstrate compelling legitimate grounds for the processing of that data, we may continue to do so. • Data Portability – By applicable law, in some cases and when relevant to you and to the Services, you might have the right to ask that your Personal Data be transferred to a third party. • Right about Automated Decision-Making and Profiling – You have the right to be free from decisions based solely on automated processing of your Personal Data. • Right to Withdraw Consent – You have the right to withdraw your consent to the processing of your Personal Data. Your withdrawal will not affect or apply to data that was processed before our receipt of your withdrawal of consent. How Can I Exercise My Data Subject Rights? To exercise these rights, please contact us at [email protected] Please note that we may ask you to verify your identity before responding, and your request must include sufficient information to allow us to reasonably verify that you are the person about whom we collected the Personal Data and that you have the authority to make your request. Additionally, you have the right to complain to your Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local Data Protection Authority in the EEA. Please be aware that the processing of the data you provide us is essential for the provision of our Services and for compliance with regulatory requirements applicable to the telecommunications sector. By choosing to delete some types of personal information, restricting or objecting to UnifiedBridge processing your information, you may prevent us from supplying certain Services to you as a customer.

9. California Privacy Rights

In addition to the rights listed above, California Residents who provide UnifiedBridge with Personal Information have specific rights regarding their personal information (as defined in the California Consumer Privacy Act (CCPA), including: • To know what personal information is being collected by UnifiedBridge about them, how it is used, if this personal information is being disclosed to a third party; • To opt-out of the sale of any personal information being collected about them by UnifiedBridge; • To request that any personal information that has been collected be deleted, unless UnifiedBridge has legitimate reason to deny such a request, including to comply with legal obligations, exercise legal rights, or claim or defend against legal claims.

To exercise these rights, please submit a request via our Data Subject Request Form or contact us at [email protected]. Please note that only you or someone authorized to act on your behalf may make such a request, no more than twice in any 12 months. Your request must include sufficient information to allow us to reasonably verify your identity and whether you are the person about whom we collected the personal information or a higher authorized representative. In addition to the above, California Civil Code Section 1798.83 permits Users who are California residents to request and obtain from us information about the personal identifiable information we disclosed to third parties (if any) for marketing purposes in the preceding calendar year. If applicable, this information would include a list of categories of personal information that were shared, and the name and address.

10. Do Not Track Policy as Required by California Online Privacy Protection Act.

Our Website and Services do not respond to the ‘Do Not Track’ settings in your browser. Some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your browser preferences to inform these websites that you do not want to be traced. These preferences can be enabled or disabled by visiting the preferences or settings page of your web browser.

11. Payments

Our Services require payment from you. In order to process your payment, we use a number of unaffiliated third-party services. In that case, the payment will be processed by a third party, to whom you may be asked to provide Personal Data for the purpose of payment processing. Please note that, although UnifiedBridge selects our Payment Processors very carefully after consideration of their privacy practices, we cannot control the way they operate. These Payment Processors may or may not store your information. Please see the respective Privacy Policies or Terms and Conditions of these companies for further details.

• PayPal

Their privacy policy can be viewed at: https://www.paypal.com/us/webapps/mpp/ua/privacy-full

To the extent that you choose to pay for our Services using wire transfer or direct cryptocurrency payments, we may ask you to provide us with certain information to comply with applicable laws and regulations, fight against fraud and unlawful or abusive activity or protect our legitimate interests. Alternatively, we may require you to go through a verification process using an identity verification service.

12. Links to Other Websites

Please note that our website or Services may contain links to other websites or services of third parties that provide useful information/services (referred collectively as “Linked Pages “). Such links do not constitute or imply an endorsement, sponsorship, or recommendation by UnifiedBridge of the third party, and it shall not be held responsible or liable for your use thereof.

Any information a User provides on the Linked Pages is provided directly to this third party and is subject to that third party’s Privacy Policy. Such use shall be subject to the Terms of Use and Privacy Policies applicable to those sites. UnifiedBridge shall have no responsibility or liability for the data collection and privacy practices of websites to which it links. You should learn about the privacy practices of each Website before providing them with Personal Data.

13. Data Security

Protecting your information and privacy is extremely important to us. UnifiedBridge takes reasonable precautions and uses security techniques to safeguard your information, as is customary in the industry with similar services, both during transmission and once UnifiedBridge receives it. Additionally, we limit access to your Personal Data to those employees and third parties who have a business or otherwise legitimate need to know. We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator in the event of a suspected breach where we are legally required to do so. Despite these efforts, we still cannot provide a 100% security guarantee, and we cannot be held responsible for unauthorized or unintended access to such information by third parties. It is your responsibility to safeguard your account login and password information.

14. Persons Under 18

Our Website and Services are not directed to persons under 18 years old. We do not knowingly collect or solicit Personal Data from persons under 18 years old. If you are under 18, please do not attempt to register for our Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a person under the age of 18, we will delete that information as quickly as possible. If a parent or guardian becomes aware that his/her/their child has provided us with Personal Data he/she/they should contact us immediately by sending us an email to: [email protected].

15. Changes to This Policy

The further ongoing development of technology, changes in our Services, or the legal situation, as well as other reasons, can require adjustments to our data protection notice. UnifiedBridge, therefore, reserves the right to make changes to this Policy at our sole discretion at any time. Such changes may be made in response to future developments of the Website, changes in industry or legal requirements, or any other reason. Modifications to this Privacy Policy will be posted on the Website and shall be effective as of the date on which they are posted. By continuing to use the Website following any change in this Policy, you will be deemed to have agreed to such change. If you do not agree to our Policy’s terms, as modified from time to time, please discontinue use of this Website and/or our Services.

Cookie Policy

Last Updated: Dec 2024

UnifiedBridge Limited (“UnifiedBridge,” “us,” “our,” or “we”) uses technologies such as cookies, beacons, pixels, E-tags, and scripts (collectively, “Cookies”). These technologies are used to provide, maintain, and improve our website and platform (collectively the “Website”), to optimize our Services, and to provide our visitors, customers, and users (“you,” or “your”) with a better experience, for example, to track users’ preferences, to better secure our Services, to identify technical issues, and to monitor and improve the overall performance of our Services.

1. What Are Cookies?

Cookies are essentially small pieces of data written to your computer, tablet, mobile phone, or other devices (referred to collectively as a “device”) by our webserver to allow us to record certain pieces of information whenever you visit or interact with our Website or Services and to recognize you across devices, customize our Services and mitigate risk and prevent fraud.

2. How Does UnifiedBridge Use Cookies?

UnifiedBridge uses both “first-party Cookies” and “third-party Cookies” to automatically collect information through our Website or Services. “First-party Cookies” are cookies set by us. In addition, we may use external services, which also set their Cookies (“third-party Cookies).

3. How Can You Manage Cookies?

Many Internet browsers are automatically programmed to accept Cookies. You may change your browser settings to either reject Cookies or notify you when a Cookie is about to be placed on your computer. However, rejecting Cookies while using the Website or Services may result in certain parts of the Website operating incorrectly or as not as efficiently as if they were allowed. In addition, you can delete all Cookies that are already on your device by clearing the browsing history of your browser. Please note that this may cause you to lose some saved information (e.g., saved login details, site preferences). You can find further information on how to change your browser settings for Cookies in popular browsers using the following links:

Microsoft Internet Explorer –

https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d. Mozilla Firefox –

https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US.

Google Chrome – https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en.

4. ‘Do Not Track’ Signals Our Website does not respond to ‘Do Not Track’ settings in your browser. Some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your browser preferences to inform these websites that you do not want to be traced. These preferences can be enabled or disabled by visiting the preferences or settings page of your web browser.

5. Changes to Our Cookie Policy We may change the way we use cookies from time to time. If the changes materially alter how UnifiedBridge uses cookies, we will post a notice on our Website and request your consent. Notwithstanding the above, users are encouraged to frequently check back and see whether there have been any changes or updates to our Cookie Policy. If you require further information about our Cookie Policy or UnifiedBridge's use of Cookies on our Services, please contact us at: [email protected] Payment Policy Last Updated:

Dec, 2024

This payment policy (“Payment Policy”) forms part of and is subject to UnifiedBridge’s Terms of Use (“TOU”) or other written or electronic terms of service or agreement between UnifiedBridge Limited (“UnifiedBridge“) and the customer (“Customer” or “User”).

For the avoidance of doubt, this Payment Policy is a legally binding agreement between the Customer and UnifiedBridge. By using and/or accessing UnifiedBridge’s website, user portal, and/or any of UnifiedBridge’s Services, Customer is deemed to have read, understood, accepted, and agreed to be bound by these payment procedures and policies (“Payment Policy”) upon the earlier of (a) Customer’s signing of Master Service Agreement; (b) Customer electronically accepting of UnifiedBridge’s TOU during registration; (c) Customer’s use of UnifiedBridge’s Website and/or our Services. IF YOU DO NOT AGREE TO THESE TERMS OR ANY PART THEREOF, YOU SHOULD CEASE ALL USE OF OUR SERVICES.

1. Introduction

1.1. Definitions

All capitalized terms not defined in this Payment Policy shall have the meanings outlined in the TOU or other Service Agreements. “Agreements” means any electronic or other agreement(s) entered by and between the Customer and UnifiedBridge, including, but not limited to, TOU, Service Agreements, Master Service Agreement, Service Order, and Service Schedule. “UnifiedBridge” means a company incorporated under the laws of Hong Kong, registration number 76229836, having its principal place of business at 2/F TOWER 1 TERN CTR 237 QUEEN’S RD CENTRAL SHEUNG WAN HK, HONG KONG. “Customer” is a paying User. “MRC” means monthly recurring costs and charges. “NRC” means non-recurring costs and charges. “Services” means the generally available services offered by UnifiedBridge as described in the Order Documents and procured by Customer, and any other services provided by UnifiedBridge to the Customer, including but not limited to support and technical services, including those services existing today and to be developed later. “User” means any individual or entity that, directly or indirectly, through another user, accesses or uses UnifiedBridge’s Website and/or Services. “Website” means the website resources and domain credentials owned and managed by UnifiedBridge, which include web pages and multimedia content accessible via an IP network such as the internet or LAN.

2. Charges and Payment 2.1. The charges for the provision of a Service rendered by UnifiedBridge shall be set out on the Customer’s user portal, the Service Order, and/or any other Service Documents. 2.2. Unless otherwise agreed in writing between the Parties, the Customer shall pre-pay to UnifiedBridge for the provision of a Service(s) by the terms and conditions set out in this Payment Policy by way of prepayment(s). 2.3. Acceptable forms of payment include Wire transfer (SWIFT), PayPal and Credit Card (Visa/MasterCard) (collectively “Payment Methods”). Payment by paper check or cash is not acceptable. 2.3.1. Payment Methods availability varies by geographic region. Hence, depending on your location, you might not be able to use one or more of the Payment Methods offered by UnifiedBridge. 2.3.2. The Customer may choose whether to use any of the Payment Methods offered by UnifiedBridge. However, their Payment Methods are sourced from third-party providers. Each provider controls the terms and conditions that apply to its Payment Methods. The Customer hereby acknowledges and agrees that once it selects a Payment Method, the Customer accepts and agrees to the terms and conditions applicable to that. These terms and conditions may change from time to time, and the Customer must review these terms and conditions periodically. Moreover, the Customer hereby declares that it is aware of and complies with the requirements of its chosen Payment Method. 2.4. The Customer may be asked to provide certain Personal Data when making a payment. This Personal Data may include billing address, date of birth, payment method, credit or debit card number, bank account information, and any additional information required to process the transaction and verify the Customer’s identity. Personal Data will be collected, processed, and stored in accordance with UnifiedBridge’s Privacy Policy and Data Processing Agreement, incorporated herein by reference. 2.5. UnifiedBridge shall use the prepayments to furnish Services to the Customer. 2.5.1. The customer’s obligation to pay for Services and associated MRC and NRC fees shall begin at the start of the Service Date. 2.5.2. NRC will be automatically deducted from the Customer’s balance on a real-time basis. 2.5.3. For the MRC fee that begins after the first day of the month, such payments will be prorated for the initial billing period. 2.6. UnifiedBridge shall provide the Customer with official invoices by the Customer’s preferred billing frequency as stated in the Customer’s account. The invoice will be sent to the Customer via email notice by email, as set by the Customer in its UnifiedBridge Customer account, as well as made available to the Customer through UnifiedBridge’s web portal. 2.7. UnifiedBridge reserves the right to issue billing adjustments to Services, including but not limited to error corrections and/or re-rate of traffic details, for a period of one hundred eighty (180) calendar days after the date a Service is rendered or any other timeframe allowed by contract, law, or government rule or regulation, whichever is later. Billing adjustments shall be accompanied by supporting call logs, CDRs, or other reasonable information reflecting the error or absence in the initial charges. 2.8. The Customer is responsible for regularly accessing their account to track its balance. 2.8.1. In the event the prepayment amount reaches $/€0 (as applicable), UnifiedBridge may immediately suspend all Services 2.8.2. A prepayment replenishment (“Top-Up”) shall be deemed accepted only upon the receipt of funds by UnifiedBridge. 2.9. UnifiedBridge reserves the right to change any of its fees at any time by posting a new pricing structure to UnifiedBridge’s Website and/or by sending a written notice by email, as set by the Customer in its UnifiedBridge Customer account. 2.10. All charges are exclusive of any applicable taxes, levies, duties, or other similar exactions imposed by a legal, governmental, or regulatory authority in any applicable jurisdiction, including, without limitation, sales, use, value-added, consumption, communications, or withholding taxes (collectively, “Taxes”). 2.11. All fees are exclusive of any applicable communications service or telecommunication provider (e.g., carrier) fees or surcharges (collectively, “Communications Surcharges”). The Customer shall be liable for all or any Communication Surcharges payable to any third party arising out of or in connection with the Customer's or End-User's use of the Services. 2.12. For the avoidance of doubt, it is hereby agreed that the Customer shall be responsible for its operating expenses and other costs, including all applicable taxes and fees. 3. Fraudulent Activities, Fines, and Chargebacks 3.1. If the Customer’s use of UnifiedBridge’s Services causes UnifiedBridge to incur additional costs, fines, or penalties, UnifiedBridge may automatically charge the Customer for any other such additional costs; this includes but is not limited to fines or penalties issued by upstream providers, governmental or regulatory bodies, telecommunication regulators or authorities, applicable taxes, and communications surcharges (e.g., pass-through carrier fees). 3.2. If UnifiedBridge incurs costs or expenses as a result of or in connection with: (i) a police request for information or evidence concerning the Customer’s use of the Services; (ii) a Court or other competent authority’s request and/or direction for the provision of information or evidence concerning the Customer’s use of the Services; or (iii) a demand from an upstream provider for information or evidence concerning the Customer’s use of the Services, UnifiedBridge may automatically charge the Customer for any additional costs, or expenses incurred in connection with UnifiedBridge’s efforts taken to timely and accurately respond to such requests. 3.3. UnifiedBridge may hold funds from the Customer’s account to cover any chargebacks for the latter of the following periods: (i) 180 days following the effective date of termination of the Agreement; or (ii) 180 days from the date of the Customer’s last chargeback, whichever is later.

4. Payment Disputes 4.1. If Customer, in good faith, disputes the amount of any charge, Customer must notify UnifiedBridge in writing of the disputed charge within seven (7) days and provide documentation reasonably required to resolve the dispute. 4.2. After the expiry of the above period, the Customer is deemed to have accepted the correctness of the charge, and the Customer shall have waived its right to dispute those charges. 4.3. For the avoidance of doubt, the Customer’s payment obligations are non-cancellable, and ALL FEES AND CHARGES, ONCE PAID, ARE NON-REFUNDABLE.

5. Refunds 5.1. UnifiedBridge may refund the Customer for a prorated portion of any prepaid amounts for the Service(s) in the event the Customer terminates its account and cancels all Services after the Initial Term, with cause and by the terms of UnifiedBridge’s TOU, Service Agreement, and/or other Service Documents (including, but not limited to Service Order and Service Schedule). Refund request should be sent, up to twenty-four (24) months from the date of last activity, via email to [email protected]. The request must contain specific information to allow UnifiedBridge to identify the Customer. 5.2. In some instances, UnifiedBridge may determine, at its sole discretion, that a full or partial refund should be issued to the Customer for specific phone calls which were interrupted, not completed, or experienced audio quality issues (“Call Quality Refund”). Call Quality Refunds will be issued in the form of a credit toward the next user-initiated “Top-Up”. 5.3. As stated in our TOU and Master Service Agreement, UnifiedBridge reserves the right to modify, terminate, or otherwise amend its Services at any time. In the event UnifiedBridge terminates a Service, UnifiedBridge may, at its sole discretion, either: (a) refund the Customer for a prorated portion of the prepaid amounts; refund the Customer for a prorated portion of the prepaid amounts for the Service modified, terminated or otherwise amended; (b) make available a prorated portion of the prepaid amount for the Customer to use it as credit toward one of the other Services the provided by UnifiedBridge. 5.4. Refunds may take up to 90 days to appear on the Customer’s account. 5.5. All costs incurred by the refund process shall be deducted from the refunded sum. 5.6. In the event the Customer terminates its account without cause and before the end of the Initial Term as set out in the YOU and/or Master Service Agreement, the Customer shall not be entitled to a refund or credit. 5.7. For the avoidance of doubt, the Customer will not be entitled to a refund (full or otherwise) if: 5.7.1. UnifiedBridge incurs costs or expenses as a result of or in connection with (i) a police request for information or evidence concerning the Customer’s use of the Services; (ii) a Court or other competent authority’s request and/or direction for the provision of information or evidence concerning the Customer’s use of the Services; or (iii) a demand from an upstream provider for information or evidence concerning the Customer’s use of the Services (iv) fines or penalties imposed on UnifiedBridge as a result or in connection with the User’s account and/or use of UnifiedBridge’s Services. 5.7.2. The Customer fails to provide UnifiedBridge with any of the information or details needed for the refund to be processed; this includes but is not limited to information about the Customer’s payment method. 5.7.3. Any aspect of the Customer payment arrangement appears fraudulent, false, or misleading.

6. Inactivity Fees 6.1. If your account is inactive for a period of 12 consecutive months, and you did not convey to UnifiedBridge that you wish to terminate your account and receive a refund, there will be a rolling inactivity monthly charge of $50 to reflect our efforts to continuously safeguard and accurately maintain your data. 6.2. We will notify you via email before the first fee is deducted, and a deduction is made every month.

7. Promotions 7.1. From time to time, UnifiedBridge may offer promotional bonuses for a specific period without payment or at a reduced rate (“Promotions”). UnifiedBridge may determine your eligibility for Promotions and withdraw or modify Promotions at any time without prior notice and with no liability to the extent permitted under applicable law. 7.2. Promotions awarded are non-refundable and will expire up to 6 months from the issue date unless otherwise specified.

8. Security Deposit 8.1. If at any time during the term of the TOU and/or Master Service Agreement, there is a material and adverse change in the Customer’s financial position, business prospects, or payment history, UnifiedBridge, in its sole and reasonable discretion, may demand that Customer provide UnifiedBridge with a security deposit or increase the amount of a security deposit, as the case may be, as a condition of supplying or continuing to provide the Services. 8.2. If the Customer does not respond to UnifiedBridge’s request for a security deposit within twenty-four (24) hours, UnifiedBridge may suspend Services without further notice until such requirement is met. 8.3. UnifiedBridge may draw upon the security deposit at any time to recover any amounts due and unpaid, in which case, the Customer shall immediately replenish such security deposit to its initial value. 8.4. If UnifiedBridge draws upon the security deposit, it may, with written notice, suspend the provision of Services until the Customer replenishes the security deposit to its original value. 8.5. UnifiedBridge shall not waive any of its rights or remedies by drawing upon the security deposit to recover overdue or unpaid charges. 8.6. For the avoidance of doubt, the Parties hereby acknowledge and agree that a deposit or other financial guarantee provided to UnifiedBridge will not generate any interest capitalization, whatever the duration of the concerned financial guarantee. Further, the costs related to issuing any financial guarantee will be solely borne by the Customer and will not be recharged or reimbursed by UnifiedBridge.

9. Termination and Suspension 9.1. UnifiedBridge may temporarily suspend Customer and/or End-User accounts by the terms of UnifiedBridge’s TOU, Master Service Agreement, and applicable Service Schedule and Service Order. 9.1.1. The Customer and/or End-User remain responsible for all fees incurred through the date of suspension. 9.1.2. Throughout the duration of the suspension, the Customer remains responsible for any applicable fees for Services to which it continues to have access and/or can use, as well as applicable data storage fees. 9.1.3. If UnifiedBridge invokes its right to suspend the Customer’s right to access or use any or all of UnifiedBridge’s Services and the Customer subsequently resolves the issue, UnifiedBridge may charge the Customer reconnection fees. 9.2. UnifiedBridge may terminate Customer accounts with or without cause by the terms of UnifiedBridge’s TOU, Master Service Agreement, and applicable Service Schedule and Service Order. 9.2.1. In the event that UnifiedBridge terminates the Customer’s account without cause, UnifiedBridge shall refund the Customer a prorated portion of any prepaid amounts for the Service. 9.2.2. In the event UnifiedBridge terminates the Customer’s account for any cause, including violation of UnifiedBridge’s TOU, Master Service Agreement, Service Schedule, Service Order, or any other agreements made and entered into by and between UnifiedBridge and the Customer, Customer shall not be entitled to reimbursement or refund. 9.3. UnifiedBridge may terminate any Customer account that has been inactive for twenty-four (24) or more months. In the event UnifiedBridge terminates an inactive Customer’s account, the Customer will not be entitled to a refund for any prepaid amounts.

10. Modifications 10.1. UnifiedBridge reserves the right, in its sole discretion, to revise or modify this Payment Policy at any time, and the Customer agrees to be bound by such revisions or modifications. 10.2. UnifiedBridge shall notify the Customer of any substantive and/or material changes to the Payment Policy. 10.3. The Customer is, however, responsible for viewing our Payment Policy periodically. 10.4. The customer’s continued use of UnifiedBridge’s Services after an amendment or modification of these Terms has been made will constitute acceptance of the revised Payment Policy.

11. Severability 11.1. This Agreement is the entire agreement between you and UnifiedBridge regarding the subject matter of this Agreement. This Agreement supersedes all prior or contemporaneous representations, understandings, agreements, or communications between you and us, whether written or verbal, regarding the subject matter of this Agreement. 11.2. UnifiedBridge reserves the right to make changes to its Website, Policies, and TOU at any time. If any of these conditions shall be deemed invalid, illegal, or unenforceable in any jurisdiction, such provision will be deemed amended to conform to applicable law to be valid, legal, and enforceable in such jurisdiction without altering the purpose and intent of the parties materially hereto; if such provision cannot be so amended, it will be stricken, and the remainder of this Agreement will remain in full force and effect unless the striking of such provision materially undermines the purpose and intent of the parties hereto, in which case this Agreement shall be null and void.

12. Disputes and Applicable Law 12.1. The Customer hereby irrevocably agrees that Payment Policy and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed by the law of England and Wales without regards to its conflicts of laws provisions. 12.2. The English courts will have exclusive jurisdiction over any dispute or claim arising from or related to your use of our Website and/or Services, and you consent to the exclusive jurisdiction and venue in these courts.

13. Miscellaneous 13.1. unless otherwise stated, a reference herein by numerical or alphabetical designation to an Article, Section, Subsection, Paragraph, Subparagraph, Annex, or Appendix shall refer to the Article, Section, Subsection, Paragraph, Subparagraph, Annex, or Appendix bearing that designation in or to the Payment Policy. 13.2. words importing the singular shall include the plural and vice versa, and words importing a particular gender shall include all genders; 13.3. the necessary grammatical changes required to make the provisions of the Payment Policy apply shall, in all instances, be assumed as though, in each case, fully expressed. 13.4. The division of the Agreement into Articles, Sections, Subsections, Paragraphs, and Subparagraphs and the insertion of headings are for convenience of reference only and shall not affect the construction or interpretation of the Agreement.

Data Processing Addendum Last Updated: Dec, 2024

This Data Processing Addendum (“DPA“) supplements UnifiedBridge’s Terms of Service, the Master Service Agreement or other written or electronic agreements (including any exhibits, appendices annexes, terms, orders or policies referenced herein) (“Agreement”), entered by and between UnifiedBridge Limited (“we”, “us”, “our”, “UnifiedBridge”) and the customer (collectively “you”, “your”, “Customer“) into which it is incorporated by reference. By using and/or accessing UnifiedBridge’s Website, user portal, and/or any of our services, including all associated features and functionalities (collectively “UnifiedBridge’s Services” or “Services”), you are deemed to have read, understood, accepted, and agreed to be bound by this DPA.

This Agreement is a legally binding agreement, if you cannot, or do not agree to, comply with and be bound by this DPA, or do not have authority to bind the Customer or any other entity, please do not provide UnifiedBridge with any Personal Data.

1. Introduction 1.1. General 1.1.1. UnifiedBridge and Customer are hereinafter collectively referred to as the “Parties” and individually as the “Party”. 1.1.2. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement, which is incorporated herein by reference. 1.1.3. The Customer entity signing this DPA must be the same as the Customer entity party to the Agreement. If the Customer entity signing this DPA is not a party to the Agreement directly with UnifiedBridge but is instead a customer indirectly via an authorized reseller of UnifiedBridge services, this DPA is not valid and is not legally binding. Such an entity should contact the authorized reseller to discuss whether any amendment to its agreement with that reseller may be required 1.1.4. UnifiedBridge may revise this DPA as necessary to address changes to Applicable Data Protection Law or UnifiedBridge policies, and such changes shall be binding and effective upon the earlier of (i) the date that is thirty (30) days after the posting of the revised DPA or (ii) the date that UnifiedBridge provides notice to you of the revised DPA.

1.2 Definitions

“Adequate Country” means (a) for data processed which is subject to the EU GDPR: the EEA, or a country or territory that is the subject of an adequacy decision by the Commission under Article 45(1) of the GDPR; (b) for data processed subject to the UK GDPR: the UK or a country or territory that is the subject of the adequacy regulations under Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018; and/or (c) for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that (i) is included in the list of the states whose legislation ensures an adequate level of protection as published by the Swiss Federal Data Protection and Information Commissioner, or (ii) is the subject of an adequacy decision by the Swiss Federal Council under the Swiss FDPA.

“Applicable Data Protection Law” means all applicable and binding privacy and data protection laws and regulations, including such laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland, the United Kingdom, Canada, Israel, and the United States of America, as applicable to UnifiedBridge in its role of Processing Personal Data under the Agreement including (without limitation) the GDPR, the UK GDPR, and the CCPA; in each case, as amended, repealed, consolidated or replaced from time to time. “Controller” means the natural person or legal entity, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. “Customer Account Data” means personal data that relates to Customer’s relationship with UnifiedBridge, including the names or contact information of individuals authorized by Customer to access Customer’s account or Services and billing information of individuals that Customer has associated with its account or Services. Customer Account Data also includes any data UnifiedBridge may need to collect for identity verification, or as part of its legal obligation to retain End-User Records (as defined below).

“Customer Content” means any personal data, files, information, or materials accessed, transmitted, uploaded, published, or exchanged as a result of Customer’s use of UnifiedBridge’s Services and/or data stored on Customer’s behalf, including but not limited to communication logs. “Customer Data” means Customer Account Data, Customer Content, Customer Usage Data, and Sensitive Data, all as defined herein. “Customer Usage Data” means data processed by UnifiedBridge to transmit or exchange Customer Content, including data used to identify the source and destination of a communication, including but not limited to End-User’s telephone numbers, data on the location of the device generated in the context of providing UnifiedBridge’s Services, and the date, time, duration and the type of communication, as well as activity logs, used to identify the source of Service requests, optimize and maintain the performance of the Services, and investigate and prevent fraud and system abuse. “Data Subject” means the identified or identifiable person to whom Personal Data relates. “GDPR” means the EU General Data Protection Regulation 2016/679. “Personal Data” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable natural person or Consumer (“data subject”), and is protected under Data Protection Laws, this includes similarly defined terms in Data Protection Laws, including, but not limited to, the definition of “personal information” in the CCPA. “Privacy Policy” means UnifiedBridge’s current privacy policy. “processing” means any operation or set of operations which are performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction dissemination. “Process”, “Processes,” and “Processed” will be interpreted accordingly.

“Processor” means a natural person or an entity that Processes Personal Data on behalf of the Controller. “Security Incident” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data. “Sensitive Data” means Personal Data that reveals such special categories of data as are listed in Article 9(1) of the GDPR or any other applicable law or regulation relating to privacy and data protection. “Services” means the generally available UnifiedBridge’s services as described in the Service Schedule and Service Order and procured by Customer, and any other services provided by UnifiedBridge to the Customer under the Master Service Agreement, or contracts that the Customer may use at its option and/or as it determines, including but not limited to support and technical services. “Standard Contractual Clauses” means the Standard Contractual Clauses, as approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including all Annexes thereto. “Sub-Processor” means any other Data Processors engaged by UnifiedBridge to (1) Process Customer Personal Data on behalf of Customer where Customer itself acts in its role as a processor and/or (2) process Customer Content to provide the Services to Customer. For the avoidance of doubt, telecommunication providers are not sub-processors. “Supervisory Authority” shall have the meaning set in the GDPR. “Third Party Request” means any request, correspondence, inquiry, or complaint from a data subject, law enforcement agencies, regulatory authorities, or third party. ” End-User Records” means Customer Account Data containing proof of identification and/or proof of physical address necessary for UnifiedBridge to attain to provide Customer or Customer’s customers (end-users) with certain Services. End-Users' records may be shared with local telecommunications providers or local government authorities when UnifiedBridge is required to do so to comply with law or regulation. The terms “Controller “, “Member State “, “Processor “, “Processing”, and “Supervisory Authority” shall have the same meaning as in the GDPR.

2. Scope and Applicability of this DPA 2.1. This DPA applies where and only to the extent that UnifiedBridge processes Personal Data on behalf of the Customer while providing the Services.

3. Role of the Parties

3.1. UnifiedBridge as a Processor 3.1.1. In the course of providing Services to Customer, UnifiedBridge may act as a Processor of Personal Data and the Customer may act as either the Controller or if the Customer is acting on behalf of a third-party Data Controller, then a Processor. 3.1.2. To the extent applicable, the Customer appoints and authorizes UnifiedBridge to act as Processor on the Customer’s behalf. 3.1.3. Where UnifiedBridge acts as a processor on the Customer’s behalf, UnifiedBridge will process Personal Data in accordance with the Customer’s instructions as outlined in Section 4. 3.2. UnifiedBridge as a Controller 3.2.1. In exceptional circumstances, UnifiedBridge may act as a Controller. Where and to the extent that UnifiedBridge processes Customer Account Data and/or Customer Usage Data as a controller, the Customer is a Data Controller and UnifiedBridge is an independent Data Controller, not a joint data controller. 3.2.2. UnifiedBridge will process such Personal Data as a Data Controller: 3.2.2.1. In order to manage the relationship with the Customer, 3.2.2.2. In order to carry out UnifiedBridge’s business activities (e.g., accounting, billing, audit, and tax filing); provide, optimize, and maintain UnifiedBridge’s Services and data security; 3.2.2.3. identity verification; detect, prevent, or investigate security incidents, fraud, and other abuse or misuse, wrongful or unlawful use of UnifiedBridge’s Services; to comply with UnifiedBridge’s legal or regulatory obligation to retain End-User Data; 3.2.2.4. as required by applicable law or regulations or as otherwise permitted under Applicable Data Protection Law and in accordance with this DPA, UnifiedBridge’s Master Service Agreement, and Privacy Policy.

4. Customer Instructions 4.1. Customer hereby appoints UnifiedBridge as a processor (and authorizes UnifiedBridge to instruct each Sub Processor) to process Customer’s Personal Data on behalf of, and in accordance with the instructions of the Customer: 4.1.1. as set forth in the Agreement and this DPA; 4.1.2. as necessary to provide the Services to Customer, this may include preventing fraudulent activities, spam, network abuse, and investigating security incidents; 4.1.3. as necessary to comply with applicable law or regulation, including Applicable Data Protection Law; and 4.1.4. as otherwise agreed in writing between the parties (“Permitted Purposes”). 4.2. Customer warrants and represents that its instructions shall at all times comply with Applicable Data Protection Laws. 4.3. Customer shall be solely responsible for the legality of the Personal Data and for ensuring it has an appropriate lawful basis s to enable the collection and processing of Personal Data according to the terms of the Agreement and this DPA 4.4. Customer hereby acknowledges and agrees that UnifiedBridge is neither responsible for determining which laws or regulations are applicable to the Customer’s business nor whether UnifiedBridge’s provision of the Services meets or will meet the requirements of such laws or regulations. 4.5. The Customer shall take all necessary measures to ensure that UnifiedBridge’s processing of Customer Personal Data, when done in accordance with Customer’s instructions, will not cause Customer to violate any applicable law or regulations. 4.6. UnifiedBridge will inform the Customer if it becomes aware, or reasonably believes, that Customer’s instructions violate any applicable law or regulation, or is otherwise unable to comply with an instruction. 4.7. The parties agree that the Master Service Agreement (including this DPA and other Service Documents) sets out the Customer’s complete and final instructions to UnifiedBridge for the Processing of Customer Personal Data. Any Processing outside the scope of these instructions will require a prior written agreement between Customer and UnifiedBridge. 4.8. UnifiedBridge’s obligations set forth in this DPA shall also extend to End-Users, subject to the following conditions: 4.8.1. Customer must communicate any additional Processing instructions from its customers (End-Users) directly to UnifiedBridge. 4.8.2. Customer shall be responsible for End-Users’ compliance with this DPA and all acts and/or omissions by an End-user with respect to Customer’s obligations in this DPA shall be considered the acts and/or omissions of Customer; 4.8.3. End-Users shall not bring a claim directly against UnifiedBridge. If an End-User seeks to assert a legal demand, action, suit, claim, proceeding, or otherwise against UnifiedBridge (“End-User Claim”): 4.8.3.1. Customer must bring such End-User Claim directly against UnifiedBridge on behalf of such End-User unless Data Protection Laws require the End-User be a party to such claim; and 4.8.3.2 all End-User Claims shall be considered claims made by Customer and shall be subject to any liability restrictions set forth in the Master Service Agreement, including any aggregate limit of liability.

5. Customer Processing of Personal Data 5.1. Customer agrees that it: 5.1.1. will comply with its obligations under Data Protection Laws with respect to its Processing of Customer or End-User’s Personal Data; 5.1.2. has obtained all consents, permissions, and rights necessary under Data Protection Laws for UnifiedBridge to lawfully Process Customer’s and End-User’s Personal Data for the Permitted Purposes, including, without limitation, Customer’s sharing and/or receiving of Customer Personal Data with third-parties via the Services. 5.2. Each party shall appoint a Data Privacy Officer within its organization authorized to respond from time to time to inquiries regarding Personal Data, the parties shall make the Data Privacy Officer known to the other party, and the Data Privacy Officer shall deal with such inquiries promptly.

6. Limitation of Purpose 6.1. UnifiedBridge will process personal data in order to provide its Services in accordance with the terms of the Master Service Agreement, Service Schedule, Service Order, and the Service Documents. SCHEDULE 1 provides further details and specifies the nature and purpose of processing, UnifiedBridge’s processing activities, the duration of the processing, and the type of personal data and data subjects. 6.2. The Customer is responsible for ensuring the following: 6.2.1. That it has complied and will continue to comply with all Applicable Data Protection Laws throughout the use of UnifiedBridge’s Services. 6.2.2. That it has and will continue to have the right to transfer and/or provide access to UnifiedBridge to Personal Data to process the data by the terms of this DPA and the Agreement. 6.2.3. In no event shall the Customer configure the Services to collect or cause UnifiedBridge to Process Personal Data that is beyond the scope outlined in SCHEDULE 1.

7. Sub-Processing 7.1. The Customer generally authorizes the engagement of Sub-processors by this Section 5 and any restrictions in the Agreement and specifically consents to those listed at UnifiedBridge’s Sub-processors list. 7.2. Upon written request, UnifiedBridge shall provide Customer all relevant information it reasonably can in connection with its applicable Sub-processor agreements when required to satisfy Customer’s obligations under Applicable Data Protection Law. 7.3. UnifiedBridge may update this Sub-Processor List periodically, by adding and/or removing Sub-Processors. Customers may subscribe to notifications of new Sub-processors used to process Personal Data by sending an email to [email protected]. 7.4. When the Customer subscribes, UnifiedBridge shall provide the Customer with notification of any new Sub-processor(s) before authorizing such new Sub-processor(s) to Process Personal Data in connection with the provision of the Services. 7.5. UnifiedBridge shall provide such notification at least fourteen (14) days in advance of allowing the new Sub-processor to Process Customer Personal Data (the “Objection Period”). 7.6. During the Objection Period, the Customer may object to UnifiedBridge’s appointment or replacement of a sub-processor by providing a written objection to [email protected], provided such objection is based on reasonable grounds relating to data protection. 7.7. In such an event, the parties agree to discuss the Customer’s concerns in good faith to achieve a resolution. 7.8. If the parties cannot reach a resolution within ninety (90) days from the date of UnifiedBridge’s receipt of Customer’s written objection, Customer, as its sole and exclusive remedy, may discontinue the use of the affected Services by providing written notice to UnifiedBridge. Subsequently, UnifiedBridge will refund the Customer any prepaid unused fees of such Order Form(s) following the effective date of termination concerning such terminated Services. 7.9. If no objection has been raised during the Objection Period, UnifiedBridge will deem the Customer to have authorized the new sub-processor. 7.10. For the avoidance of doubt, Section 7 constitutes the Customer’s general consent and authorization for UnifiedBridge’s engagement of onward sub-processors under the Standard Contractual Clauses. 7.11. UnifiedBridge shall restrict the Sub-processors' access to Customers’ data to what is strictly necessary for the provision of Services shall enter into a written agreement with each Sub-processor imposing data protection obligations not less protection of Customer’s data than UnifiedBridge’s obligations under this DPA to the extent applicable to the nature of Services provided by such Sub-processors and required by Applicable Data Protection Law.

8. Disclosure to Third-Party 8.1. If UnifiedBridge receives a request, direction, query, or other demand to retain, disclose, or otherwise, Process Customer Content for any third party, including, but not limited to law enforcement, regulatory or supervisory authority (collectively “Third-Party Request”), which relates in any way to the Personal Data Processed by UnifiedBridge under this DPA then UnifiedBridge shall attempt to redirect the Third-Party Demand to Customer. 8.2. Notwithstanding Section 8.1 above, the Customer hereby agrees that UnifiedBridge can provide information to such third parties as reasonably necessary to redirect the Third-Party Request. 8.3. If UnifiedBridge cannot redirect the Third-Party Request to Customer, then UnifiedBridge shall notify the Customer, to the extent legally permitted to do so, via email sent to the email address associated with the Customer’s account of the Third-Party Request as promptly and as feasible under the circumstances to allow Customer to deal with the Third-Party Request.

9. Confidentiality of Processing 9.1. UnifiedBridge shall ensure that any person who is authorized by UnifiedBridge to process Personal Data (including its staff, agents, and subcontractors) shall be under appropriate obligations of confidentiality (whether contractual or statutory duty) concerning such Personal Data.

10. Security 10.1. UnifiedBridge has implemented and will maintain the appropriate technical and organizational security measures as outlined in UnifiedBridge’s Master Service Agreement and SCHEDULE 2 to this DPA (“Security Measures”). 10.2. Notwithstanding any provision to the contrary, UnifiedBridge may review and update its Security Schedule from time to time, provided that any such updates shall not materially diminish the overall protection offered by the Security Measures. 10.3. The Customer acknowledges that the Services include certain features and functionalities that Customer may elect to use, which impact the security of Customer Data processed by Customer’s use of the Services, such as, but not limited to, encryption of voice recordings, availability of authentication on Customer’s account, etc. 10.4. UnifiedBridge shall have no obligation to assess the contents of Customer Personal Data to identify information subject to any specific legal requirements. 10.5. The customer is responsible for reviewing the information made available by UnifiedBridge relating to data security and making an independent determination as to whether the Services meet the Customer’s requirements and legal obligations under Applicable Data Protection Laws. 10.6. Notwithstanding the above, Customer is responsible for its use of the Services and its storage of any copies of Customer Data outside UnifiedBridge or UnifiedBridge’s subprocessors’ systems. The customer is further responsible for properly configuring the Services and using features and functionalities made available by UnifiedBridge to maintain appropriate security considering the nature of Customer Data processed because of the Customer’s use of the Services. 10.7. If UnifiedBridge becomes aware of a Security Incident, UnifiedBridge shall: (a) notify Customer of a Security Incident without undue delay after becoming aware of the Security Incident impacting or involving Customer Data, and b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Further, at the Customer’s request, UnifiedBridge shall promptly provide the Customer with such reasonable assistance as necessary to enable the Customer to notify relevant Security Incident to competent authorities and/or affected Data Subjects, if the Customer is required to do so under Data Protection Laws.

11. Customer Audit Rights 11.1. UnifiedBridge shall, by General Data Protection Regulation (EU) 2016/679 and other applicable Data Protection Laws, make available to the Customer such information in UnifiedBridge’s possession or control as the Customer may reasonably request to demonstrate UnifiedBridge’s compliance with the obligations of data processors under General Data Protection Regulation (EU) 2016/679, other Applicable Data Protection Laws and this DPA, insofar as UnifiedBridge is acting as a processor on behalf of Customer. 11.2. Upon written request at reasonable intervals, subject to reasonable confidentiality controls, UnifiedBridge shall provide Customer, or its appropriately qualified third-party representative (collectively, the “Auditor”), access to reasonably requested documentation evidencing UnifiedBridge’s compliance with its obligations under this DPA. 11.3. The Customer may also send, no more than once annually, a written request for an audit (including inspection) of UnifiedBridge’s facilities. Following receipt by UnifiedBridge of such a request, UnifiedBridge and Customer shall mutually agree in advance on the details of the audit, including a reasonable start date, scope, and duration of, and security and confidentiality control applicable to, any such audit. UnifiedBridge may charge the Customer a fee (rates shall be reasonable, taking into account the resources expended by UnifiedBridge) for any such audit. The Reports, audit, and any information arising therefrom shall be UnifiedBridge’s Confidential Information. 11.4. Where the Auditor is a third party, the Auditor may be required to execute a separate confidentiality agreement with UnifiedBridge before any review of Reports or an audit of UnifiedBridge, and UnifiedBridge may object in writing to such Auditor if, in UnifiedBridge’s reasonable opinion, the Auditor is not suitably qualified or is a direct competitor of UnifiedBridge. Any such objection by UnifiedBridge will require the Customer to either appoint another Auditor or conduct the audit itself. 11.5. Expenses incurred by the Auditor in connection with any review of Reports or an audit shall be borne exclusively by the Auditor. 11.6. For the avoidance of doubt, the exercise of audit rights under the Standard Contractual Clauses shall be as described in Section 11 (Customer Audit Rights).

12. Return and Deletion 12.1. Following termination of the Agreement and cessation of the Services, UnifiedBridge shall delete or return to Customer all the Personal Data it Processes solely on behalf of the Customer in the manner described in the Agreement, in addition, UnifiedBridge shall delete existing copies of such Personal Data unless Data Protection Laws or other applicable regulation require otherwise. 12.2. To the extent authorized or required by applicable laws and/or regulations, UnifiedBridge may also retain a copy of the Personal Data solely for evidence purposes and/or for the establishment, exercise, or defense of legal claims and/or for compliance with legal obligations.

13. Data Transfers 13.1. The Customer hereby acknowledges and agrees that UnifiedBridge and its Sub-processors may access, transfer, and Process Customer Data across international borders. 13.2. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the European Union, the Member States or the European Commission, Switzerland, and/or the UK as relevant (“Adequacy Decisions”), the Customer hereby acknowledges and agrees for such transfer to take place, without any further safeguard being necessary. 13.3. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred to a country that has not been subject to a relevant Adequacy Decision and does not ensure an adequate level of data protection under Applicable Data Protection Laws, the parties agree that the transfer shall be governed by the Standard Contractual Clauses approved by the EU authorities under General Data Protection Regulation (EU) 2016/ 13.4.6.1. Data Exporter: Customer. 13.4.6.1.1. Address: The address stated in the Agreement or such other address as may be specified by the Customer by notice to UnifiedBridge from time to time. 13.4.6.1.2. Contact Details: The email address(es) designated by Customer in Customer’s account. 13.4.6.1.3. Data Exporter Role: The Data Exporter’s role is outlined in Section 3 of this DPA. 13.4.6.1.4. Signature and Date: By entering into the Agreement, Data Exporter is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the Agreement. 13.4.6.2. Data Importer: UnifiedBridge Limited. 13.4.6.2.1. Address: 2/F TOWER 1 TERN CTR 237 QUEEN’S RD CENTRAL SHEUNG WAN HK, HONG KONG 13.4.6.2.2. Contact Details: UnifiedBridge’s Privacy team [email protected] 13.4.6.2.3. Data Importer Role: The Data Importer’s role is outlined in Section 3 of this DPA. 13.4.6.2.4. Signature and Date: By entering into the Agreement, Data Importer is deemed to have signed these Standard Contractual Clauses, incorporated herein, including their Annexes, as of the Effective Date of the Agreement. 13.4.7. in Annex I, Part B of the 2021 Standard Contractual Clauses (Description of Transfer): 13.4.7.1. The categories of data subjects whose personal data are transferred are described in Section 3 of this DPA. 13.4.7.2. The categories of personal data transferred are described in Section 4 of this DPA. 13.4.7.3. The frequency of the transfer is continuous for the duration of the Agreement. 13.4.7.4. The nature of processing and purpose of the data transfer and further processing are described in Section 1 of this DPA. 13.4.7.5. The period for which the personal data will be retained as described in Section 5, SCHEDULE 1 of this DPA. 13.4.7.6. Transfers to sub-processors. including subject matter, nature, and durations are set forth at Section 5 of this DPA. 13.4.8. In Annex I, Part C of the 2021 Standard Contractual Clauses (Competent Supervisory Authority): The Irish Data Protection Commission will be the competent supervisory authority. 13.4.9. SCHEDULE 2 (Technical and Organizational Security Measures) of this DPA serves as Annex II of the Standard Contractual Clauses (Technical and Organisational Measures Including Technical and Organisational Measures to Ensure the Security of the Data). 13.4.10. Sub-Processors List available as Annex III of the Standard Contractual Clauses (List of Sub-Processors). 13.5. To the extent, there is any conflict between the Standard Contractual Clauses and any other terms in this DPA, the Agreement, or the Privacy Policy, the provisions of the Standard Contractual Clauses will prevail.

14. Data Subject Rights and Cooperation If either party receives (a) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, and data portability, as applicable) or (b) any Third-Party Request relating to the processing of Personal Data conducted by the other party, such party will promptly inform such other party in writing. The parties agree to cooperate, in good faith, as necessary to respond to any Third-Party Request and fulfill their respective obligations under Applicable Data Protection Law.

15. Disclaimer UNIFIEDBRIDGE MAKES NO REPRESENTATION OR WARRANTY THAT THIS ADDENDUM IS LEGALLY SUFFICIENT TO MEET CUSTOMERS’ NEEDS UNDER APPLICABLE LAW, INCLUDING THE GDPR, UK GDPR, AND CCPA. UNIFIEDBRIDGE EXPRESSLY DISCLAIMS ALL REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, THAT THIS ADDENDUM WILL COMPLY WITH OR SATISFY ANY OF THE CUSTOMER’S OBLIGATIONS UNDER APPLICABLE LAW, INCLUDING THE GDPR, UK GDPR, AND THE CCPA. THE CUSTOMER FULLY UNDERSTANDS THAT IT IS SOLELY RESPONSIBLE FOR COMPLYING WITH ALL OF ITS OBLIGATIONS IMPOSED BY APPLICABLE LAW. THE PARTIES AGREE THAT THERE WILL BE NO PRESUMPTION THAT ANY AMBIGUITIES IN THIS ADDENDUM WILL BE CONSTRUED OR INTERPRETED AGAINST THE DRAFTER.

16. Relationship with the Agreement 16.1. The parties agree that this DPA shall replace and supersede any existing data processing DPA, attachment, or exhibit (including the Standard Contractual Clauses (as applicable)) that UnifiedBridge and Customer may have previously entered into in connection with the Services. 16.2. Except as provided by this DPA, the Master Service Agreement remains unchanged and in full force and effect. In the event of any conflict between certain provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement solely concerning the Processing of Personal Data. 16.3. This DPA does not confer any third-party beneficiary rights; it is intended for the benefit of the parties hereto and their respective permitted successors and assigns only, and is not for the benefit of, nor may any provision hereof be enforced by, any other person. 16.4. Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the Standard Contractual Clauses, and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting either of the parties obligations under the Agreement, each party agrees that any regulatory penalties incurred by the one party (the “Incurring Party”) about the Customer Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were a liability to the other party under the Agreement. 16.5. In no event shall this DPA or any party restrict or limit the rights of any Data Subject or any competent supervisory authority.

17. Relationship with the Agreement 17.1. No failure or delay by any Party to exercise any right, power, or remedy will operate as a waiver of it, nor will any partial exercise preclude any further exercise of the same or of some other right to remedy.

18. Updates 18.1. UnifiedBridge may update the terms of this DPA from time to time; provided, however, that it will provide at least thirty (30) days prior written notice to the Customer when an update is required as a result of changes in Applicable Data Protection Law; a merger, acquisition, or other similar transaction; or the release of new products or services or material changes to any of the existing Services.

SCHEDULE 1

SUBJECT MATTER AND DETAILS OF PROCESSING

This SCHEDULE 1 includes certain details of the Processing of Personal Data as required by the GDPR.

1. Subject Matter of Processing 1.1. The context for the Processing of Personal Data is UnifiedBridge’s provision of Services under the Agreement and this DPA. 2. The nature and purpose of the Processing 2.1. Providing the Services to the Customer. 2.2. Performing the Master Service Agreement, the Agreement, this DPA, relevant Schedule Order, and/or other contracts executed by the Parties. 2.3. Acting upon Customer’s instructions, as outlined in Section 3, where such instructions are consistent with the terms of the Master Service Agreement and this DPA. 2.4. Sharing Personal Data with third parties by Customer’s instructions and/or under Customer’s use of the Services (e.g., integrations between the Services and any services provided by third parties, as configured by or on behalf of Customer to facilitate the sharing of Personal Data between the Services and such third-party services). 2.5. Complying with applicable laws and regulations. 2.6. All tasks related to any of the above. 3. Categories of Data Subjects to whom the Personal Data of Special Categories of Personal Data relates: Customers may submit Personal Data to the Services, which may include but are not limited to, Personal Data relating to the following categories of Data Subjects: 3.1. Employees, agents, advisors, freelancers of Customer (who are natural persons) 3.2. Prospects, customers, business partners, and vendors of Customers (who are natural persons) 3.3. Employees or contact persons of Customer’s prospects, customers, business partners, and vendors 3.4. Any other third-party individual authorized by Customer to access Customer’s UnifiedBridge account or make use of the Services received from UnifiedBridge, and/or individual with whom Customer decides to communicate through the Services. 4. Type of Personal Data 4.1. The Personal Data may concern the following categories of data: identification data including name, address, telephone or mobile number and email address; billing information; details of services which customer have purchased or enquired about; IP address; UnifiedBridge ID; names and/or contact information of individuals authorized to access Customer’s account; data stored on Customer’s behalf such as communication logs within the Services; Customer other data, including contract details (pricing plan, date, and duration of subscription, Service Schedule, Service Order) and other information collected and provided by Customer in connection with the use of the Services. 5. Duration of Processing 5.1. The duration of the processing is for the duration of the Agreement, except where otherwise required by applicable law or legal obligation, or for UnifiedBridge to protect its rights or those of a third party. 5.2. Contact information (company, email, phone, physical business address)

SCHEDULE 2

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

As of the Effective Date, UnifiedBridge will implement and maintain the Security Measures described in this SCHEDULE 2.

1. Security Measures 1.1. Data importer/sub-processor has implemented and shall maintain a security program by industry standards. More specifically, the data importer/sub-processor’s security program shall include: 2. Access Control of Processing Areas 2.1. Data importer/sub-processor implements suitable measures to prevent unauthorized persons from gaining access to the data processing equipment (namely, telephones, database, and application servers, and related hardware) where the personal data is processed or used, including: 2.1.1. establishing security areas. 2.1.2. protection and restriction of access paths. 2.1.3. establishing access authorizations for employees and third parties, including the respective documentation. 2.1.4. All access to the data center where personal data is hosted is logged, monitored, and tracked; and 2.1.5. The data center where personal data is hosted is secured by a security alarm system and other appropriate security measures. 3. Access Control to Data Processing Systems 3.1. Data importer/sub-processor implements suitable measures to prevent their data processing systems from being used by unauthorized persons, including: 3.1.1. Use of adequate encryption technologies. 3.1.2. Identification of the terminal and/or the terminal user to the data importer/sub-processor and processing systems. 3.1.3. automatic temporary lock-out of user terminal if left idle, identification and password required to reopen. 3.1.4. automatic temporary lock-out of the user ID when several erroneous passwords are entered, log file of events, monitoring of break-in attempts (alerts); and 3.1.5. All access to data content is logged, monitored, and tracked. 4. Access Control to Use Specific Areas of Data Processing Systems 4.1. Data importer/sub-processor commits that the persons entitled to use their data processing system are only able to access the data within the scope and to the extent covered by their respective access permission (authorization) and that personal data cannot be read, copied, modified, or removed without authorization. This shall be accomplished by various measures, including: 4.1.1. employee policies and training in respect of each employee’s access rights to the personal data; 4.1.2. allocation of individual terminals and /or terminal users, and identification characteristics exclusive to specific functions; 4.1.3. monitoring capability in respect of individuals who delete, add, or modify the personal data; 4.1.4. release of data only to authorized persons, including allocation of differentiated access rights and roles; 4.1.5. use of adequate encryption technologies; and 4.1.6. Control of files, controlled and documented the destruction of data. 5. Availability Control 5.1. Data importer/sub-processor implements suitable measures to ensure that personal data are protected from accidental destruction or loss, including: 5.1.1. infrastructure redundancy; and 5.1.2. Backup is stored at an alternative site and available for restoration in case of failure of the primary system. 6. Transmission Control 6.1. Data importer/sub-processor implements suitable measures to prevent the personal data from being read, copied, altered, or deleted by unauthorized parties during the transmission thereof or the transport of the data media. This is accomplished by various measures, including: 6.1.1. Use of adequate firewall, VPN, and encryption technologies to protect the gateways and pipelines through which the data travels; 6.1.2. certain highly confidential employee data (e.g., personally identifiable information such as National ID numbers, credit or debit card numbers) is also encrypted within the system; and 6.1.3. providing a user alert upon incomplete transfer of data (end-to-end check); and 6.1.4. As far as possible, all data transmissions are logged, monitored, and tracked. 7. Input Control 7.1. Data importer/sub-processor implements suitable input control measures, including: 7.1.1. An authorization policy for the input, reading, alteration, and deletion of data. 7.1.2. authentication of the authorized personnel. 7.1.3. protective measures for the data input into memory, as well as for the reading, alteration, and deletion of stored data; 7.1.4. utilization of unique authentication credentials or codes (passwords); 7.1.5. providing that entries to data processing facilities (the rooms housing the computer hardware and related equipment) are kept locked. 7.1.6. automatic log-off of user IDs that have not been used for a substantial period; and 7.1.7. proof established within the data importer/sub-processor’s organization of the input authorization; and 7.1.8. electronic recording of entries. 7.2. Separation of Processing for Different Purposes 7.2.1. Data importer/sub-processor implements suitable measures to ensure that data collected for different purposes can be processed separately, including: 7.2.1.1. Access to data is separated through application security for the appropriate users; 7.2.1.2. Modules within the data importer/sub-processor’s database separate which data is used for which purpose, i.e. by functionality and function; 7.2.1.3. At the database level, data is stored in different normalized tables, separated per module, per Data Controller Customer, or function they support; and 7.2.1.4. Interfaces, batch processes, and reports are designed for only specific purposes and functions, so data collected for specific purposes is processed separately. 8. Documentation 8.1. Data importer/sub-processor will keep documentation of technical and organizational measures in case of audits and for the conservation of evidence. Data importer/sub-processor shall take reasonable steps to ensure that persons employed by it and other persons at the place of work concerned are aware of and comply with the technical and organizational measures outlined in this SCHEDULE 2. 9. Monitoring 9.1. Data importer/sub-processor shall implement suitable measures to monitor access restrictions to data importer/sub-processor’s system administrators and to ensure that they act by instructions received. This is accomplished by various measures, including: 9.1.1. Individual appointment of system administrators. 9.1.2. Adoption of suitable measures to register system administrators’ access logs to the infrastructure and keep them secure, accurate, and unmodified for at least six months. 9.1.3. yearly audits of system administrators’ activity to assess compliance with assigned tasks, the instructions received by the data importer/sub-processor, and applicable laws. 9.1.4. keeping an updated list with system administrators’ identification details (e.g., name, surname, function, or organizational area) and tasks assigned, and providing it promptly to the data exporter upon request.

Sub-Processors List Last Updated: Dec 2024

UnifiedBridge may use the third parties listed to host our customers’ data and assist in providing Services.

Anti-Money Laundering (AML): Compliance and Supervisory Policy Last Updated: Dec 2024

It is the policy of UnifiedBridge to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable rules and regulations. Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. UnifiedBridge’s Anti-Money Laundering (AML) policies, procedures and internal controls, as may be amended from time to time, applies to any person or organization accessing or using UnifiedBridge’s Services, whether they pay in fiat currency or cryptocurrency, and are designed to ensure compliance with applicable regulations and rules and to prevent money laundering, terrorist financing, and other illicit activities, as well as comply with all applicable laws and regulations, including anti-money laundering, anti-terrorist funding, sanctions programs administered by OFAC, and/or any other sanctions programs that may apply to you depending on the jurisdiction(s) where your business is located and/or where you serve your customers.