CONFIDENTIALITY AND PROTECTION OF PERSONAL DATA CONFIDENTIAL INFORMATION

Confidential information shall be deemed as any information or data, whether or not it has been drawn up in hard or soft copy or in any other form that is already in use or that could be invented in the future, which PAXIMUM notifies or provides to the CLIENT or that the latter may have access to with or without the knowledge and/or express consent of PAXIMUM. Therefore, confidential information shall be deemed as the following and will include, but not be limited to: any data bases and prototypes created from the documents provided, proprietary management software, computer system passwords, information on users, telephone numbers, fax numbers, email addresses, addresses of offices, agencies, departments and headquarters, computer programs, copies, routines, sources, functional and organisational analysis, know-how, formulae, processes, ideas, inventions (whether patentable or not), financial data and development plans, strategies, the contents of any bids that may be made and any other supporting documents, data or material belonging to PAXIMUM or available in its website that the CLIENT may have access to. Under no circumstances may the following be considered as confidential information: • Any information that is contained in public bibliography or that may become public knowledge, unless it becomes public knowledge due to a breach of the agreement by one of the parties. • Any information or know-how provided by third parties. • When disclosure is required by law. • Disclosure of any information at the request of Courts or Tribunals • Information referring to economic data or any other kind that must be submitted to the State, local or autonomous authorities due to tax or labour requirements and administrative contracts.

NON-DISCLOSURE: Total or partial disclosure of any of the confidential information to which the CLIENT may have access by means of contracting and performance of its services to third party individuals or companies shall be expressly prohibited. The CLIENT guarantees that its employees, customers, suppliers, sub-contractors and any other parties related to the agreements between PAXIMUM and the CLIENT fulfil the confidentiality commitments contained in this document. The requisite measures must be adopted for said fulfilment of the confidentiality commitment and the CLIENT shall be responsible for any claims or damages caused by the non-fulfilment of this obligation. The CLIENT undertakes to fulfil these confidentiality commitments from the date that this agreement is signed and to continue to do so whether the relationship between the parties is in force or not. Should the CLIENT or any of its employees, agents, suppliers or representatives conceive any invention, innovation, discovery, computer program, process, technique or the like, as a result of observing or having access to the Confidential Information, the CLIENT agrees to assign or to have assigned, said invention, innovation, discovery, computer program, technique or the like, to PAXIMUM.

BREACH OF CONFIDENTIALITY CLAUSES: Apart from that stated in the personal data protection clause, and the obligation to compensate any specific losses or damages caused, as a result of the infringement by the CLIENT of the confidentiality obligations stated, the latter shall also pay PAXIMUM an amount of that will be councelled subsequently.

ACCESS TO PERSONAL DATA: If PAXIMUM needs access to personal data which is strictly necessary to provide the services requested by the final consumer, PAXIMUM and the CLIENT shall ensure this is legally possible pursuant to the European Directives 95/46, 2002/58, and/or any legislation that develops, adds to and, when appropriate, replaces them (hereinafter referred to by its initials PDPR –personal data protection regulation-). The CLIENT hereby warrants that it has all the necessary consents and authorisation from the data subject for the transfer of such personal data to PAXIMUM and authorises PAXIMUM to proceed with all the subsequent transfers of data in order to complete the request and booking of the travel services. The personal information that PAXIMUM may collect from the service supplier, as well as any personal data which, in the use of this system, the CLIENT may disclose to PAXIMUM shall be understood as obtained, treated and transmitted with strict observation of and in total compliance with the requirements set forth by PDPR. The CLIENT hereby commits to provide accurate data and updated it if necessary in such a way as to give a true picture of the current situation of the final consumer. In fulfilment of that stated in the PDPR, the CLIENT and PAXIMUM undertake to observe professional secrecy regarding such data, even when their relationship has terminated and to ensure that the staff performing the services abide by the aforementioned obligation. PAXIMUM and the CLIENT state and guarantee that they have installed the technical and operational security measures that guarantee the security of personal data and prevent its alteration, loss, mishandling and/or unauthorised access thereto, bearing in mind the status of technology, the nature of stored data and the risks to which it is exposed. The Person in charge of these files is: PAXIMUM Corporation with company address at Fener Mahallesi Fener Cad No: 21, 07230 Antalya, Turkey.

If the CLIENT should wish to exercise rights of access, rectification, cancellation or opposition granted by the PDPR, the CLIENT may address lopd@PAXIMUM.com or send a signed letter to PAXIMUM indicating the performance requested regarding personal data and a copy of the relevant Identification Card or passport of the CLIENT’s user who is requesting this performance.

PAXIMUM and the CLIENT specifically undertake the following in the event that they have access to any personal data: • To ensure that the data is stored by means of the legally required technical and organisational security measures that guarantee the security thereof, avoiding its unauthorised alteration, loss, processing or access, pursuant to the state of technology from time to time, the nature of the data and the possible risks that it is exposed to. • To only use or apply the data to perform the agreed services and to achieve the agreed purposes. • Not to pass on such data to other parties, not even for the purpose of safekeeping, nor any similar texts, assessments or processes mentioned above, nor to copy or reproduce part or all of the information, results or lists thereof. • To ensure that the data is handled only by employees who need it to perform the services and any third parties that information is revealed to must be bound to abide by the confidentiality obligation. • Once the services have been provided, they undertake to destroy such data or return it thereto, along with any supports or documents containing such information and they must not retain any copy whatsoever thereof.

The CLIENT hereby authorizes PAXIMUM to disclose final consumer's information to third parties for the sole purposes of completing the final consumer's reservation and of associated administration. Any data thus collected on this website may be transmitted, according to PDPR, to those entities that must be involved in order to contract the requested services. Where the final consumer's stay or travel services are provided/rendered outside the European Economic Area (EEA) or out of the scope of the U.S.-European Union Safe Harbor Framework, controls on data protection may not be as strong as the legal requirements in PDPR. Therefore, the CLIENT also explicitly authorizes PAXIMUM to pass that information to any service supplier located in countries which do not provide a level of protection comparable to that provided by this PDPR, for the purpose of processing the booking request. Nevertheless, PAXIMUM will not pass any information on to any person not directly responsible for travel arrangements. In the event of a breach of these commitments or any obligation derived from PDPR by the CLIENT, including by its employees or, as the case may be, by any contracted third parties, the CLIENT shall be considered responsible for the processing thereof and specifically fully accepts all responsibility and liability for any claims against PAXIMUM due to any kind of administrative sanctions being imposed by the relevant authorities, as well as any damages or losses in judicial or non-judicial proceedings brought against PAXIMUM including, in any case, the costs of the fees payable to Legal Counsel, Court Liaisons or any other professionals, and such breach of contract by the CLIENT of that stated in this clause shall also be specifically considered just cause for early termination of the rendered services.