1. Purpose

1. 1.1 EasyLife 365 AG ("EasyLife") provides customers ("Customers" or "Customer", together with EasyLife: "the Parties") with software Easy Tipster("Product"). The Product is provided based on and in accordance with the EasyTipster general terms & conditions ("Main Contract"), which the Customer has accepted when ordering the Product.
2. 1.2 The provision of the Product involves processing personal data by EasyLife on behalf of the Customer. The object and purpose of this DataProcessingAgreement ("DPA" or "Agreement") are to define the rights and obligations of the Parties under data protection law in connection with the use and provision of the Product governed by the Main Contract.
3. 1.3 This Agreement forms an integral part of the Main Contract and assists the Parties in complying with the regulations on the processing of personal data applicable in Switzerland and the European Union, in particular the Swiss Federal Data Protection Act ("CH-DSG", SR 235.1) and the EU General Data Protection Regulation ((EU) 2016/679, "GDPR").

2. Scope

1. 2.1 The provisions of this DPA, together with its annexes, which form an integral part of the DPA, shall apply to all activities related to the Main Contract in which EasyLife processes personal data on behalf of the Customer.
2. 2.2 The categories of personal data to be processed, the type and purposes of the processing, and the categories of data subjects are listed in Annex 1 to this DPA.

3. Definitions

1. 3.1 Unless otherwise defined in this Agreement, all terms shall have the same meaning as in the applicable data protection laws of Switzerland and the EU. If the terms or their equivalents (e.g., "sensitive personal data" and "special categories of personal data") are understood differently in the provisions applicable in the specific case, the term shall be understood for this DPA to include a broader understanding and thus ultimately cover all meanings. If a contradiction between the provisions applicable in the specific case cannot be resolved by this means, the understanding under GDPR shall prevail.
2. 3.2 For this Agreement:
   • A: "Subcontractor" means any service provider engaged by EasyLife (or any other Subcontractor of EasyLife) to process personal data in connection with the Main Contract or this Agreement. Subcontractors within the meaning of this Agreement are only those who provide services that are directly related to the provision of the Product by EasyLife. In particular, service providers who merely provide ancillary services, such as the testing or maintenance of data processing procedures or systems by other bodies, telecommunications services, postal and transport services, or the disposal of data carriers as well as other measures to ensure the confidentiality, availability, integrity, and resilience of the hardware and software of data processing systems shall not be considered Subcontractors.
   • B: "in writing" or "written" shall also mean in an electronic form that enables proof by text, including communication by e-mail.

4. Legal responsibility of the Customer

1. 4.1 Within the scope of this DPA, the Customer remains the controller in terms of data protection law. The Customer warrants that the transfer of personal data and the processing of such data by EasyLife and the Subcontractors as outlined in this Agreement are permissible under the applicable data protection laws and are not prohibited by any other statutory or contractual provision applicable to the Customer. The Customer shall remain solely responsible for compliance with its obligations under the applicable data protection provisions, particularly the fulfilment of data subjects’ requests.
2. 4.2 The Customer has verified that the technical and organizational measures implemented by EasyLife as described in Annex 2 are sufficient to ensure adequate data protection for the personal data to be processed by EasyLife.
3. 4.3 The Customer shall inform EasyLife immediately if it discovers any violations or irregularities concerning data protection provisions or its instructions during the term of the Agreement.
4. 4.4 On request, the Customer shall provide EasyLife with all the information necessary to maintain a record of all processing activities carried out on the Customer's behalf, insofar as it is not available to EasyLife itself in easily accessible and useful form.
5. 4.5 If EasyLife is required to provide information to a governmental body or person on the processing of personal data within the scope of this DPA or to cooperate with these bodies or persons in any other way, the Customer is obliged at the first request to assist EasyLife in providing such information and in fulfilling other cooperation obligations.

5. Data processing and obligation to follow instructions

1. 5.1 EasyLife shall process all personal data within the scope of this DPA on behalf of the Customer and by the documented instructions of the Customer and by this Agreement, unless EasyLife is legally required to do otherwise. In the latter case, EasyLife shall inform the Customer of that legal requirement before processing unless that law prohibits such information on important public interest grounds.
2. 5.2 The Customer’s instructions are, in principle, exhaustively stipulated and documented in the provisions of this DPA. Individual instructions derogating from this DPA's stipulations or imposing additional requirements shall require EasyLife's written consent. In this case, the instructions shall be documented in an appropriate form, and the additional costs incurred by EasyLife, as a result, shall be borne by the Customer, whereby EasyLife reserves the right to implement the individual instruction under any other procedure provided for in the Main Contract.
3. 5.3 The Customer shall ensure that instructions are as clear and comprehensible as possible, comply with the applicable laws, in particular data protection law, and are compatible with the other requirements in this DPA. If EasyLife is of the opinion that an instruction infringes this Agreement or applicable data protection law, it is after informing the Customer entitled to suspend the execution of the instruction until the Customer confirms the instruction.
4. 5.4 EasyLife reserves the right to anonymize or aggregate the personal data processed on behalf of the Customer in such a way that it is no longer possible to identify individual data subjects and to use them in this form for designing, developing, and optimizing the Product and other services to meet the needs of customers as well as for the purposes agreed upon in the Main Contract. The Parties agree that anonymized and, according to the above requirement, aggregated personal data are not considered personal data for this Agreement. Clarifying: The use of such Data is only to increase the Security and Quality of the Products of EasyLife; compliant with the regulatory requirements.
5. 5.5 In principle, EasyLife shall process the personal data on behalf of the Customer inside the European Economic Area (EEA) or Switzerland. EasyLife is nevertheless permitted to process the personal data by the provisions of this Agreement outside the EEA or Switzerland if the Customer is informed in advance about the place of data processing and if the requirements of the applicable data protection provisions about cross-border transfers are fulfilled.

6. Technical and organizational measures

1. 6.1 EasyLife shall implement appropriate technical and organizational measures within the meaning of the CH-DSG and the GDPR and as set out in Annex 2 to this Agreement. EasyLife is entitled to change the organizational and technical measures. However, it has to be ensured that the contractually agreed level of protection is not reduced.
2. 6.2 EasyLife shall ensure that all persons engaged in processing personal data on behalf of the Customer are subject to a contractual or statutory duty of confidentiality concerning this data processing.

7. Information, cooperation, and support obligations of EasyLife

1. 7.1 EasyLife shall support the Customer as far as possible and reasonable in fulfilling the requests and claims of data subjects laid down in Chapter III GDPR, in complying with the provisions on the security of the processing of personal data, and in complying with the requirements for reporting data breaches and for carrying out data protection impact assessments (including prior consultation). The Customer shall reimburse EasyLife for any documented expenses and costs incurred as a result. This shall not apply in the cases where the support became necessary due to (i) a breach of law applicable to the data processing under this DPA and/or (ii) a breach of this DPA, by EasyLife.
2. 7.2 As far as a data subject submits a request for the exercise of his rights directly to EasyLife, EasyLife will forward this request to the Customer in a timely manner.
3. 7.3 EasyLife will provide the Customer with all information necessary and available to prove compliance with the obligations outlined in this Agreement, to the extent that the Customer does not already have such information.
4. 7.4 The Customer shall have the right to audit EasyLife's compliance with this Agreement (including inspections) or to have such audit conducted by a qualified third party subject to a duty of confidentiality. EasyLife shall allow for and, as far as reasonable, contribute to such audits. The Customer shall reimburse EasyLife for any documented expenses and costs incurred as a result, unless the reason for the inspection was caused by (i) a breach of law applicable to the data processing under this DPA and/or (ii) a breach of contract, by EasyLife. The costs incurred on the part of the Customer shall be borne by the Customer.
5. 7.5 In order to carry out inspections in accordance with Section 7.4, the Customer is, as far as reasonable and necessary to comply with the data protection requirements, entitled to access the business premises of EasyLife in which personal data is processed on behalf of the Customer within the usual business hours (Mondays to Fridays from 10 a.m. to 6 p.m.) after timely advance notification at his own expense, without disruption of the course of business and under strict confidentiality of EasyLife's business and trade secrets. EasyLife is entitled, at its own discretion and taking into account the customer's legal obligations, not to disclose information sensitive about EasyLife's business or if EasyLife would be in breach of statutory or other contractual provisions as a result of its disclosure.
6. 7.5 At the discretion of EasyLife, proof of compliance with the obligations under this Agreement may be provided, instead of an inspection, by submitting an appropriate, current report from an independent and qualified company or authority (e.g. certified auditor) or a suitable certification, if the opinion, report or certification enables the Customer to appropriately verify the compliance with obligations under this Agreement.
7. 7.6 Clarifying 7.5 and 7.6: If and as far as Customer has reasonable grounds to believe, that the provided documents or procedures in 7.5 or 7.6 are insufficient or do not enable Customer to comply with his obligations under GDPR, Customer may conduct an inspection according to sec. 7.4. In cases of urgency or outstanding importance such inspections are not bound to business hours or prior notification.

8. Subcontractors

1. 8.1 The Customer grants EasyLife the general authorization to engage Subcontractors with regard to the processing of personal data on behalf of the Customer. Annex 3 contains a list of the Subcontractors engaged by EasyLife at the time of conclusion of the Agreement.
2. 8.2 EasyLife shall inform the Customer in writing in advance of any intended subcontracting or replacement of existing Subcontractors. The Customer may only raise an objection for important reasons relating to data protection (e.g. if the subcontractor does not fulfill the requirements of Art. 28 para 1 GDPR), which the Customer must prove to EasyLife. If the Customer does not object within 14 days after receipt of the notification, its right to object concerning this subcontractor shall expire. If the Customer objects in compliance with the aforementioned conditions, EasyLife is entitled to terminate the Main Contract and this Agreement extraordinarily in the sense and according to the conditions of the Main Contract.
3. 8.3 EasyLife shall conclude a written contract with the Subcontractors engaged. The contract must impose the same obligations on the Subcontractors as are imposed on EasyLife under this Agreement. The Parties agree that this requirement is met if the contract has a level of protection equivalent to this Agreement.
4. 8.4 Subject to compliance with the requirements of Section 5.5 of this Agreement, the provisions of this Section 8 shall also apply if a Subcontractor outside of Switzerland or the EEA is involved. The Customer hereby authorizes EasyLife to conclude a contract with another Subcontractor on behalf of the Customer based on the modernized standard contractual clauses in accordance with Implementing Decision (EU) 2021/914 of the EU Commission ("modernized standard contractual clauses"). The Customer shall support EasyLife in entering into such a contract and complying with all the requirements for the cross-border transfer of personal data on behalf of the Customer within the scope of this Agreement. EasyLife may, at its sole discretion, require the Customer to enter into such a contract directly with the respective Subcontractor. Any refusal by the Customer to support or enter into the contract shall entitle EasyLife to terminate the Main Contract and this Agreement extraordinarily in the sense and according to the terms of the Main Contract.

9. Duration and termination of the Agreement

1. 9.1 This Agreement shall apply between the Parties as of the effective date of the Main Contract and is concluded for an indefinite period. The termination of this Agreement shall follow the termination of the Main Contract.
2. 9.2 Upon termination of this Agreement, EasyLife shall, according to Customer’s instructions
   • A: return all personal data within the scope of this Agreement and all copies thereof, including personal data supplied by and collected on behalf of the Customer, or
   • B: destroy such personal data and copies thereof.
   The return and/or destruction shall be confirmed in writing to the Customer.
3. 9.3 Section 9.2 does not apply to personal data that EasyLife is legally obligated to store or data required to document proper and correct data processing on behalf of the Customer or to enforce or defend claims arising from this Agreement or the Main Agreement.

10. Indemnification and bearing of costs

1. 10.1 EasyLife's liability under this Agreement shall be governed by the disclaimers and limitations of liability provided in the Main Contract. As far as third parties assert claims against EasyLife which are caused by the Customer's breach of this Agreement, of an agreement with other service providers (e.g., Microsoft), or one of his obligations under the applicable data protection law, the Customer shall upon the first request indemnify and hold EasyLife harmless from these claims.
2. 10.2 The Customer undertakes to indemnify EasyLife upon the first request against all possible fines imposed on EasyLife corresponding to the Customer's part of the responsibility for the infringement sanctioned by the fine.

11. Various

1. 11.1 Each party shall provide courts or supervisory authorities, and the Customer shall provide all data subjects a copy of the contents of this Agreement upon their request or if required by law.
2. 11.2 In principle, this Agreement can be amended only with the written consent of both Parties. The Customer may clarify Annex 1, provided this does not lead to any significant change in the processing. EasyLife must be notified immediately of any such amendments. Within the scope of technological progress and developments, EasyLife is also permitted to amend details of individual technical and organizational measures, insofar as these are adequate measures and at the same time do not reduce the level of security of the previous steps. EasyLife shall inform the Customer of any such amendments.
3. 11.3 The Customer shall not assign or transfer this Agreement or any rights or obligations arising from this Agreement to third parties without the prior written consent of EasyLife.
4. 11.4 The substantive laws of Switzerland shall govern this Agreement. All disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the ordinary courts at the registered office of EasyLife. Mandatory provisions and places of jurisdiction remain reserved.