Data Sharing Agreement

This “Data Sharing Agreement” (the “Agreement”) is made between:
1.- The ApliCAD UpdateBIM client identified on the contract defined at the beginning of this document for the "Services" of use of ApliCAD UpdateBIM
&
2.- APLICACIONES DE CAD CAM Y GIS, S.L., a Spanish company with its fiscal domicile in Castellón, Calle Maria Teresa Gonzalez Justo, 26 – 12005 – Spain, with fiscal identification number ESB12441861
Individually a "Party" and collectively the "Parties".

Background:
1. Customer and ApliCAD have entered a contract and/or any other order document previously executed by Customer ("Customer Agreement") for the provision of certain Services (defined below) by ApliCAD, including access to certain functions in ApliCAD UpdateBIM.
2. APLICATIONS OF CAD CAM AND GIS, S.L. is the owner of the portal and plugin called ApliCAD UpdateBIM.
3. The access and use of the Services by the Client and the provision of the Services by ApliCAD result in the exchange and processing of certain personal data by the Parties.
4. This Agreement governs the rights and responsibilities of the Parties in relation to their respective data processing activities under the Customer Agreement.
5. This Agreement is incorporated into the Customer Agreement by reference.


Definitions
In this Agreement, except to the extent expressly stated otherwise:
"Applicable Data Protection Law" means all global data protection and privacy laws and regulations applicable to the Personal Data in question, including, where applicable, EU Data Protection Law.
"ApliCAD" means APLICACIONES DE CAD CAM Y GIS, S.L.;
“ApliCAD UpdateBIM” means the main product composed of a Plugin for Autodesk Revit and an administration platform in the portal https://updatebim.aplicad.com;
" Effective Date" means the date of execution of the Customer Agreement;
"EU Data Protection Law" means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation General Data Protection Act); (ii) the EU Electronic Privacy Directive (Directive 2002/58/EC); and (iii) any and all applicable national data protection laws made pursuant to (i ) or (ii); in each case, as may be amended or replaced from time to time;
"Model Clauses" means the Standard Contractual Clauses (Controller to Controller Transfers - Set II) in the Annex to the European Commission Decision of December 27, 2004, as may be amended or superseded from time to time by the European Commission;
"Annex" means any exhibit attached to this Agreement;
"Security Incident" means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
"Services" means the services provided to Customer under the Customer Agreement, which may include Customer's use of the ApliCAD UpdateBIM Platform and any content development, creation, modeling and/or hosting services provided by ApliCAD to Customer through the ApliCAD UpdateBIM Platform;
"User" means any individual who has registered an account with ApliCAD UpdateBIM; and
"User Personal Data" means the personal data of Users and is more specifically described in Annex 2 of this Agreement. User Personal Data is included in the general term "personal data".

In this Agreement:
1. The expressions "controller", "processor", "data subject", "personal data", "processing", "personal data breach", "special categories of personal data" and "supervisory authority" have the meanings given in the EU Data Protection Law; Y
2. any other term used but not defined in this Agreement shall have the meaning given to it in the Customer Agreement.

Duration and Termination
This Agreement will commence on the Effective Date and will terminate automatically upon expiration or termination of the Customer Agreement.
The termination of this Agreement will not affect the responsibility of each Party to process the personal data that it has already accessed or in accordance with the Applicable Data Protection Law.

Roles of the parties and compliance with data protection law
In the course of providing or receiving the Services, each Party may process User Personal Data for the purposes described in Exhibit 2
("Permitted Purposes").
The Parties acknowledge that they will be independent controllers of the User's Personal Data that they each process. In no case will the Parties treat the User's Personal Data as co-responsible for the treatment.
1. 1. Each Party shall be individually and separately responsible for complying with its obligations as a controller under the Applicable Data Protection Law when processing User Personal Data. In particular (and without limitation):
2. 2. ApliCAD will be responsible for complying with the requirements of the Applicable Data Protection Law (including transparency and legality requirements) with respect to individual data subjects who register and use the "ApliCAD UpdateBIM Cloud Platform, including by display a publicly accessible privacy notice at https://updatebim.aplicad.com or through the Services (and such privacy notice will notify data subjects that their User Personal Data may be disclosed to ApliCAD customers whose "Objects BIM" access or download);
3. 3. The Client shall be separately and independently responsible for complying with the Applicable Data Protection Law with respect to any processing of User Personal Data that it obtains through the ApliCAD UpdateBIM platform (and without limitation) if and when it processes Personal data of the user to contact the interested parties. for direct marketing purposes;
4. 4. Data subjects may exercise their data protection rights under Applicable Data Protection Law against Customer with respect to Customer's processing of User Personal Data, and against ApliCAD with respect to Data processing. personal data of the user by ApliCAD.
Neither Party will process User Personal Data for any purpose other than the Permitted Purposes, except where and to the extent permitted by Applicable Data Protection Law.


International transfers
Neither Party will process User Personal Data originating in the EEA (or allow it to be processed) in a territory outside the European Economic Area ("EEA") unless such Party has taken steps necessary to ensure the transfer complies with the Applicable Data Protection Law.
Where applicable, if User Personal Data originating in the EEA is processed by a client located outside the EEA in a territory that has not been designated by the European Commission as ensuring an adequate level of protection in accordance with the EU Privacy Law, the Model Clauses will be incorporated into this Agreement by this reference and will apply to the Processing as follows:
1. ApliCAD (as data exporter) will be deemed to have entered into the Model Clauses in its own name and on behalf of User Personal Data that it discloses to Client; and
2. Customer (as data importer) will be deemed to have entered into the Model Clauses in its own name and on behalf of User Personal Data disclosed to it; and
3. where and to the extent that the Model Clauses apply in accordance with this Clause 4, if there is any conflict between this Agreement and the Model Clauses, the Model Clauses shall prevail.

Cooperation
If the Client receives a communication from a User, a supervisory authority or other third party in relation to the processing of the User's Personal Data in accordance with this Agreement, it must immediately send, to the extent permitted by applicable law, a copy of communication to ApliCAD.
Each Party will provide reasonable cooperation and assistance in good faith in connection with such communication in accordance with Applicable Data Protection Law when requested by the other Party.

Security
Each Party shall implement and maintain appropriate technical and organizational security measures to protect the User Personal Data it processes against a Security Incident.

Data Processing by Third Parties
If either Party appoints third party processors to process User Personal Data for its Permitted Purpose, it will ensure that such third-party processors:
1. You agree in writing to process the User's Personal Data in accordance with that Party's documented instructions;
2. implement appropriate technical and organizational security measures to protect the User's Personal Data against a Security Incident; Y
3. otherwise provide sufficient guarantees that they will process the User's Personal Data in a manner that will meet the requirements of Applicable Data Protection Law.

Changes in the Applicable Data Protection Law
The Parties will use their best efforts to agree to such variations of this Agreement as may be necessary to reflect changes in Applicable Data Protection Laws.

General
No breach of any provision of this Agreement will be waived except with the express written consent of the non-breaching Party.
If any court or other competent authority determines that any provision of this Agreement is illegal and/or unenforceable, the other provisions of this Agreement will continue in force. If any illegal and/or unenforceable provision would be legal or enforceable if part of it were deleted, that part will be deemed deleted and the rest of the provision will continue in force (unless it contradicts the clear intention of the Parties), in which case it will be the entire corresponding provision will be considered deleted).
This Agreement may not be modified except by a written document signed by or on behalf of each of the Parties.
Neither Party may, without the prior written consent of the other Parties, assign, transfer, encumber, license or deal in or otherwise dispose of any contractual rights or obligations under this Agreement.
Nothing in this Agreement shall invalidate the terms of the Customer Agreement which shall remain in full force and effect; however, in terms of the specific subject matter of this Agreement (data protection considerations with respect to User Personal Data), this Agreement will control in the event of a conflict with the customer agreement.
This Agreement will be governed and interpreted in accordance with Spanish law. The Spanish courts will have exclusive jurisdiction to adjudicate any dispute arising in connection with this Agreement.