9.2.2 Google`s data topics ask for help. Google (taking into account the nature of the processing of personal data) will assist the client in fulfilling its obligations under Chapter III of the RGPD to respond to requests for the exercise of the rights of the person concerned by: transfer/access to the personal data manager`s data (data category and persons concerned) The customer who accepts these conditions (“customer”), and Google LLC, Google Ireland Limited, Google Asia Pacific Pte. Ltd. or any other body that directly or indirectly controls, is controlled by Google LLC or is under joint control (if applicable” Google), has entered into an agreement under which Google has agreed to provide Google Cloud Platform (as described cloud.google.com/terms/services) and corresponding technical assistance to the customer (as modified from time to time). 4.2.6 Personal data retention/deletion restriction: Personal data processed by Unify Cloud Services is generally retained until a) either deleted by users of Unify Cloud customers or services, or (b) a customer-ordered retention period or (c) the customer`s cloud service agreement via Unify Cloud Services is terminated. Our DATA AGENCY provides a number of guarantees to companies that entrust us with personal data. For example, ProtonMail`s data processing agreement promises the use of technical security measures, such as encryption, in accordance with Article 32 of the RGPD. In addition, it provides appropriate support to those responsible for processing in the implementation of a data protection impact assessment. 4.2.10 Personal data backup: Unify creates backup copies of personal data, as long as they are necessary to ensure the correct processing of personal data, and may copy and retain personal data necessary to comply with the customer`s legal retention obligations or Unify. With regard to international data transfers, Privacy Shield is an authorized solution as personal data from the EEA arrives in the United States, but if data is transferred across many borders, other solutions, such as standard contractual clauses approved by the European Commission or binding business rules, may be more appropriate. Data access control measures should aim to ensure that only data for which there is a right of access can be accessed and that personal data cannot be read, copied, modified or deleted unjustifiably during the processing, use and retention of that data.

Processors should have carried out a number of due diligence activities involving the transformers they use, which can be grouped together as data protection verification, documentation of data processing activities and obvious verification. To avoid doubts, the 84codes do not physically host any of the servers provided for the service. Instead, data centers are used by external cloud platforms that the data manager selects to use the service itself. These cloud platforms are listed as subprocessors in Schedule 3. All data can be encrypted during transmission and in standby mode for extra security. In addition, 84codes is not aware of the type of data processed by the data manager while using the service. 84Codes employees do not look at the data manager`s data or copy the data on any server other than the one chosen by the data manager. All data stored in the service is stored until the data manager deletes the data either manually or by guidelines. Backups (if any) are deleted after 30 days. 11.2 Information on subprocessings.

Information about subprocessors, including their functions and locations, can be found at cloud.google.com/terms/subprocessors (how to be updated by Google from time to time based on these conditions). 4.2.9 Effects of deleting personal data: customer confirms and rec