Data Processing Schedule

This data processing schedule (“Schedule”) is between the customer entity (“Licensee”) and the TomTom entity and its Affiliates (“TomTom”) which are a parties to the agreement for use of TomTom’s maps, software, live services, traffic stats and online services (“Agreement”) under which TomTom performs certain services. The parties agree that the Schedule supplements the Agreement and applies to the products supplied and services performed by TomTom (together for the purposes of this Schedule the (“Services”), as defined in the Agreement to the extent that the same involve the processing by TomTom of Personal Data on behalf of Licensee.

Terms defined in the Agreement between Licensee and TomTom shall have the same meaning when used in this Schedule. In addition, the definitions below apply in this Schedule:

• Effective Date: means the date further specified in the Agreement as of which such Agreement has become effective.

• GDPR: means the EU General Data Protection Regulation; the EU Regulation 2016/679/EC applicable as of 25 May 2018.

• Personal Data: means personal data as defined in the GDPR that TomTom processes in its capacity as data processor on behalf of Licensee in its capacity as data controller in connection with the Agreement.

Unless otherwise specified, all references to the GDPR shall be understood to be references to the applicable local equivalent which implements said reference into local law.

The purpose of this Schedule is to describe the work to be carried out by TomTom in relation with the Agreement. This Schedule forms an integral part of the Agreement. This Schedule shall be deemed to take effect from the Effective Date of the Agreement and shall continue in full force and effect until the termination of the Agreement.

The purpose for the collection, processing and use of the Personal Data on behalf of Licensee is to provide the products and services as described in the Agreement, which forms an integral part hereof. Licensee warrants that it has all necessary rights to provide the Personal Data to TomTom for the processing to be performed in relation to the products and services, and that one or more lawful bases set forth in the GDPR support the lawfulness of the processing. To the extent required by GDPR or any other applicable privacy regulations, Licensee is responsible for ensuring that all necessary privacy notices are provided to data subjects, and unless another legal basis set forth in the GDPR supports the lawfulness of the processing, that any necessary data subject consents to the processing are obtained, and for ensuring that a record of such consents is maintained.

The processing of the Personal Data by TomTom shall take place within the framework of i) the Agreement and ii) this Schedule and only to the extent that Licensee has instructed TomTom in writing to do so in relation with the Agreement. Such instructions shall be deemed to be provided by Licensee’s use of the Services as is further described under the particular Services documentation (the “Documentation”) (such as, for example, by making an API call to the TomTom servers running the Services). In the event TomTom modifies the Documentation, continued use by Licensee of the Services shall be deemed to constitute acceptance by Licensee of the change in the manner under which TomTom processes the Personal Data and a revised instruction from Licensee accordingly.

TomTom processes the Personal Data on behalf of Licensee. If applicable law requires TomTom to process Personal Data other than in accordance with Licensee’s instructions, TomTom shall notify Licensee of such processing unless prohibited from doing so by applicable law. TomTom shall not use the Personal Data for any other purpose as required under the Agreement or this Schedule. However, and in addition to usage already agreed in the Agreement, Licensee is aware of and explicitly authorizes TomTom to use aggregated, de-identified and/or anonymized Personal Data (“Aggregated Data”), from time to time, for analytics, improvement of products and services and internal purposes, provided that the Aggregated Data shall not be used to directly or indirectly identify any of the Licensee’s customers, except for the Licensee’s explicit instructions to perform such identification.

Licensee has defined that the following data categories will be processed by TomTom under this Schedule.

Active Community Input: any feedback reported by the End User via the Permitted Application, including but not limited to hazard events and safety cameras, which may be location-referenced.

App Usage Data: user behavior interactions, system events, system logs and application properties (e.g., app version, language) relating to the use of the Licensed Products in the Permitted Application by the End User.

Search Usage Data: search queries, results and interaction events of search queries, results and interaction events relating to the use of the Licensed Products in the Permitted Application by the End User.

Probe Data: any positional or location information data, signal or ping collected from or transmitted by a Device, Permitted Application, software program or other system or technology such as a backend server.

Sensor Data: data that is generated and collected from a Device sensor or camera, and transmitted by a Device, application, software program, program or other system or technology (such as a backend server), including but not limited to Sensor Readings and Sensor Derived Observations.

Sensor Derived Observations (SDO): location-referenced observations made by the connected vehicle’s onboard vision systems such as optical camera, LIDAR, RADAR and other subsystems, including but not limited to static objects (e.g., traffic signs and lane information), dynamic objects (e.g., variable speed limit signs), moving objects (e.g., people or debris on the road.)

Sensor Readings: location-referenced sensor data that describe the state of the Device and the Device's or user's response to external factors such as weather (e.g., windscreen wiper sensor and rain sensor) or the vehicle itself (e.g., fuel level and battery charging status) or a fusion of the foregoing (e.g., slippery road).

Device Properties Data: consistent Device properties, including but not limited to the Device brand and model, Device type, engine type and battery capacity. This specifically excludes any personal identifiable information (PII) such as a vehicle identification number (VIN) or registration number.

All data shall be delivered and processed in accordance with the instructions and technical standards set out in the Agreement for the benefit of Licensee, to generate real-time information and improve products and services provided by Licensee to its end-users, notwithstanding the fact that TomTom has been authorized by Licensee to use such data in connection with its current and future products and services.

Maps (HD / SD / ADAS maps delivered in NDS format or through Autostream)

NDS Maps
unique online & device identifiers (for example: IP address, random session ID or access token), device configuration information, time-stamped service requests including geolocation data, time-stamped service responses, transaction log data

AutoStream Service
unique online & device identifiers (for example: IP address, random session ID or access token), device configuration information, time-stamped service requests including geolocation data, time-stamped service responses, transaction log data

Navigation Software Components

NavCloud
unique online & device identifiers (for example: IP address, head-unit ID, mobile phone UDID, random session ID or access token), device configuration information, time-stamped service requests, time-stamped service responses, navigation related data including location data, current destination, favorites, points of interest, itineraries, tracks, transaction log data

NavAssist
unique online & device identifiers (for example: IP address, head-unit ID, mobile phone UDID, random session ID or access token), device configuration information, time-stamped service requests, time-stamped service responses, navigation related data including location data, current destination, favorites, points of interest, itineraries, tracks, transaction log data, user ID, calendar events, UI interaction data (for example: accepting or dismissing a prediction), telemetry data (for example: car seat occupancy sensor, fuel sensor)

Live (TPEG2) End-User Services (e.g., Traffic, Fuel, EV, Parking, Speed Cameras, Weather)
unique online & device identifiers (for example: IP address, head-unit ID, mobile phone UDID, random session ID or access token), device configuration information, time-stamped service requests including geolocation data, time-stamped service responses

Maps APIs and SDKs (e.g., Map Display, Traffic, Routing, Search, NAV SDK)
unique online & device identifiers (for example: IP address, head-unit ID, mobile phone UDID, random session ID or access token), device configuration information, time-stamped service requests including geolocation data, time-stamped service responses, transaction log data

Access Management
unique online, mobile phone & device identifiers (for example: IP address, subject ID, random session ID or access token), entitlement & access rights (service ID), device configuration information, time-stamped access and services requests, time-stamped access responses, transaction log data

TomTom shall implement and maintain appropriate security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Such measures ensure a level of security appropriate to the risks presented by the processing and the nature of the Personal Data to be protected taking into account the state of the art and the cost of their implementation.

TomTom ensures in particular that it has implemented the appropriate measures to:

a. Prevent unauthorized persons from gaining access to data processing systems with which personal data are processes or used;
b. Prevent data processing systems from being used without authorization;
c. Ensure that persons entitled to use a data processing system have access only to the Personal Data to which they have a right of access, and that personal data cannot be read, copied, modified or removed without authorization during processing or use and after storage;
d. Ensure that personal data cannot be read, copied, modified or removed without authorization during electronic transmission or transport, and that it is impossible to check and establish to which bodies the transfer of personal data by means of data transmission facilities is envisaged;
e. Ensure that it is possible to check and establish whether and by whom personal data has been input into data processing systems, modified or removed;
f. Ensure that, for commissioned processing of personal data, the Personal Data is processed strictly in accordance with the instructions of the Licensee (job control).

TomTom shall further ensure that the processing of the Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law and does not violate the relevant provisions.

Under this Schedule, TomTom has the obligation to

a. Process the Personal Data only on behalf of Licensee and in compliance with its instructions;
b. Ensure that only appropriately trained personnel shall have access to the Personal Data;
c. Provide Licensee with such cooperation (including access to its facilities) as Licensee may reasonably request, subject to Licensee’s Rights and Obligations provision;
d. Implement such technical and organizational measures to protect the Personal Data as required by the GDPR;
e. Notify Licensee as soon as reasonably possible of monitoring activities and measures in relation to the relevant processing, undertaken by the relevant authority that supervises the applicable data protection legislation;
f. Support Licensee regarding Licensee‘s obligations to provide information about the collection, processing or usage of Personal Data to a data subject;
g. Ensure that the Personal Data is not in any way used, manipulated, distributed, copied or processed for any other purpose than for the fulfilment of the contractual obligations as explicitly agreed upon

Sub-processing

Licensee authorizes TomTom to appoint sub-processors to process Personal Data in accordance with this Clause. TomTom shall conclude written agreements with sub-processors to protect Personal Data subject to conditions that are materially similar to the standards set forth in this Schedule. Where the sub-processor fails to fulfil its data protection obligations under such written agreement, TomTom shall remain fully liable to Licensee for the performance of the sub-processor's obligations under such agreement

When sub-processors located outside the European Economic Area are involved, parties hereby mutually agree that TomTom shall act as the data exporter and shall consequently in accordance with the applicable laws engage in Standard Contractual Clauses (EU Commission Decision 2021/94/EU adopted on 4 June 2021) with the relevant sub-processors, unless a sub-processor is able to benefit from an adequacy decision pursuant to Article 45 GDPR that covers the transfer to the respective country of such sub-processor.

To the extent that Parties are relying in a specific statutory mechanism to normalize international data transfers and that mechanism is subsequently modified, revoked, or held in a court of competent jurisdiction to be invalid, the Parties agree to cooperate in good faith to promptly suspend the transfer or to pursue a suitable alternate mechanism that can lawfully support the transfer.

TomTom may continue to use those sub-processors already engaged as of the Effective Date of the Agreement, including Amazon Web Services, Microsoft Azure, and Scalyr (EU data center locations). It is acknowledged and agreed that as of the Effective Date of the Agreement TomTom may provide necessary data access to operations staff employed by TomTom’s global affiliates or service partners contracted by TomTom.

TomTom shall inform Licensee of the appointment of any new sub-processor and Licensee shall have the right to reasonably oppose the appointment of a new sub-processor if Licensee shall have substantive and legitimate reasons for opposing the specific sub-processor. Licensee shall notify TomTom of such objections in writing within thirty (30) days after receipt of TomTom’s notice relating to such sub-processor. If Licensee provides written notice of objection, Parties shall discuss the objection in good faith to resolve it. The addition or removal of a sub-processor should not negatively affect the level of security within the agreement to less than that which existed.

Licensee’s Rights And Obligations

Rights to monitor: on an annual basis, Licensee is entitled to appoint a third party independent auditor in the possession of the required professional qualifications and bound by a duty of confidentiality, which auditor must be reasonably acceptable to TomTom, to access data records as reasonably required to audit TomTom’s compliance with this Schedule and the applicable data protection legislation to determine the truthfulness and completeness of the statements submitted by TomTom under this Schedule. Licensee’s right to audit shall be subject to giving TomTom at least thirty (30) days prior written notice and Licensee shall bear all costs related to such audit. The audit shall not disrupt the business operations of TomTom

TomTom shall deal properly with all inquiries from Licensee and shall grant reasonably access to its data records relating to the processing of the Personal Data subject to this Schedule. TomTom shall not be required to provide access to records or systems related to the delivery of products and services of customers other than Licensee. Rectification, deletion and blocking of data: upon instruction by Licensee, TomTom shall correct, rectify or block the Personal Data. Any request from a data subject directly received by TomTom shall be directed to Licensee.

Information Obligations

If TomTom does not comply or foresees that it shall not comply with its obligations as set out in this Schedule, for whatever reasons, it agrees to as soon as reasonably possible inform Licensee of its inability to comply, in which case Licensee is entitled to suspend the transfer of the Personal Data.

TomTom will as soon as reasonably possible notify Licensee about:

1. Any legally binding request for disclosure of the Personal Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
2. Any request received directly from the data subject without responding to that request, unless it has been otherwise authorized to do so; and
3. Any unauthorized acquisition, access, use, disclosure or destruction of the Personal Data constituting a personal data breach as defined in the GDPR. Such notification shall take place without undue delay, and no later than seventy-two (72) hours after TomTom has become aware with a reasonable degree of certainty of such personal data breach. TomTom shall use reasonable efforts to report the following information:

a. a description of the personal data breach, including the date and time the breach was discovered;
b. an overview of the Personal Data that was (potentially) lost or unlawfully processed as a result of the personal data breach;
c. information on the likely consequences of the personal data breach; and
d. a description of the measures taken by TomTom to limit the consequences of the personal data breach.

Neither Party shall without the prior written consent of the other Party assign or transfer this Schedule or the benefit or burden of or the rights under this Schedule save that TomTom shall be entitled to assign or transfer this Schedule (whether in whole or in part) without the prior consent of Licensee, but with prior written notice to Licensee: (i) to an affiliate of TomTom; or (ii) to an acquirer of all or substantially all of its assets, business or equity securities.

This Schedule shall continue in full force and effect until the Agreement expires or terminates or so long as TomTom possesses or is processing Personal Data, including backups, on behalf of Licensee beyond that date, whichever is later.

The Parties agree that after the termination of the provision of the products and services, TomTom and the sub-processor shall, at the choice of Licensee, return all the Personal Data transferred including any data storage media supplied to TomTom, and the copies thereof to Licensee or shall destroy all the Personal Data and certify to Licensee that it has done so, unless a contractual obligation or legislation imposed upon TomTom prevent it from returning or destroying all or part of the Personal Data transferred. In that case, TomTom warrants the confidentiality of the personal data transferred.