Introduction

GATHERNEXT SINGLE MEMBER P.C., hereinafter called GATHERNEXT as the distinctive title, is incorporated and operating under Greek Law, with registered office in Aigeira Achaias, Aigeira 0, Postal Code 25010, VAT Number: EL 801697044/ Tax Office Aigio Achaias, operating as a provider of IT services. You can contact GATHERNEXT at info@gathernext.com.

Acceptance

The following terms and conditions (the “Terms”) govern all use of our websites (www.gathernext.com , www.gathernext.gr , www.gathernext.eu ) (the “Site”) and their subdomains. The Site, the services available through the Site (hereinafter referred to as “Service”), and our software platforms and applications (collectively our “Applications” or “Software”) are owned and operated by GATHERNEXT. By using any part of the Service, you agree to all the Terms and Conditions and the Privacy Policy contained herein. To use the Services the user must be of age according to the Greek legislation.

If you do not agree with any of these Terms and the Privacy Policy contained herein, in their entirety, you are obliged to avoid further use.

Modifications

GATHERNEXT can modify the Terms without prior notice and you are responsible to check these Terms for any changes. If you continue to use the Service, this constitutes that you accept these changes. The Terms are published at https://www.gathernext.com.

Service Use – Service Termination

You may not use the Service for any illegal or unauthorized purpose. You should provide true and current information about yourself when you are registering at the Site or to GATHERNEXT’s Services. GATHERNEXT has the right to suspend your account or terminate the service at any time without notice when you use the service inappropriately.

Content

You warrant that you have all the rights to use the content you submit to the Service and that you do not violate the rights of any third party. Your content should comply with all applicable laws and regulations. GATHERNEXT reserves the right to remove any of your content from the Site or Services.

Who is who?

When we use the terms “Customer”, “Consumer”, “Visitor” and “User” we mean the following:

Customers

Customers are individuals that are employees or/and associates of GATHERNEXT’s direct customers (for example event planners, event organizers, conference organizers, travel buyers, meeting space providers, corporate buyers, professional associations, non-profit organizations, public and private bodies, etc.), including customer personnel that are assigned a Login ID and are authorized to access and use our Applications pursuant to an active GATHERNEXT agreement, or under a temporary evaluation license, if available. Additionally, Customers include individuals who self-register to access our Applications. Customers can use the Service to provide information for the event they organize and collect registration fees by users who want to attend the event. Online payments are transacted through third-party online payment service providers.

Consumers

Consumers are individuals that interact with our Customers through our Applications. These include our Customers’ current and prospective clients, members, attendees, sponsors, exhibitors, marketing partners, hotel guests, or other business contacts. For example, Consumers include individuals that register for an event organized by a Customer or complete an online survey.

Visitors

Individuals that interact with our Sites (for instance, to read about GATHERNEXT products and services or sign up for an online demo), as well as those who attend GATHERNEXT marketing events and whom we meet at a tradeshow or learn about through a referral from third parties or other external sources.

Users:

Users: Customers, Consumers, Visitors.

Security, Data Protection & Privacy Policy

Our Privacy Policy to, among other things, reflects compliance with our obligations under the European Union (EU) General Data Protection Regulation (GDPR) and the Greek Laws for the protection of personal data.

GATHERNEXT (“GATHERNEXT” or “We”, “us”, “our”), respects your privacy and we are committed to protecting your privacy through our compliance with this policy. We consider as a priority the safety and protection of your personal data, irrespectively of the capacity with which you communicate or cooperate with us, for example, as potential or current Customers, Consumers, Visitors, or cooperating third parties.

Your personal data includes any information that may lead, directly or combined with other information, to your identification or tracing as a natural person in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), the applicable Greek laws and the decisions of the Hellenic Data Protection Authority (HDPA).

Please read this Security, Data Protection & Privacy Policy of GATHERNEXT. By using our Site and by signing a relevant consent form, whenever this is required, you unreservedly accept the practices described in this policy, whose terms will govern our contractual relationship and form part of the terms of use regarding each and every one of our services.

If you do not agree with our policies and practices, you may choose not to use our Applications and Services.

Object

This policy describes our practices in connection with information that we collect through our software platforms and applications as well as GATHERNEXT’s privacy practices in relation to the use of GATHERNEXT’s Sites (www.gathernext.com and other GATHERNEXT Sites that link to this policy) and external marketing activities.

This policy also describes your data protection rights, including a right to object to some of GATHERNEXT’s processing. The Policy does not apply to information collected by any third party, including through, any third-party application or content (including advertising) that links to or is accessible by our Applications or Sites.

GATHERNEXT as a data controller and a data processor

EU data protection law makes a distinction between organizations that process Personal Data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.

GATHERNEXT may act as either a data controller or a data processor in respect of your Personal Data, depending on the circumstances.

For example, if you create an account with us to organize your events as a Customer, GATHERNEXT will be a data controller in respect of the Personal Data that you provide as part of your account.

However, if you register for an event as a Consumer (Attendee), we will process your Personal Data to help you administer that event on behalf of the Customer (for example, sending confirmation, promotional and feedback e-mails, etc.) and to help the Customer target, and understand the success of their event and event planning (for example, providing event reports, using analytics to gain insights into the effectiveness of various sales channels, etc.). Under these circumstances, GATHERNEXT merely provides the “tools” for Customers; GATHERNEXT does not decide which personal Data to request on registration forms, nor are we responsible for the continued accuracy any Personal Data provided. Any questions that you may have relating to your Personal Data and your rights under data protection law should therefore be directed to the Customer as the data controller, not to GATHERNEXT.

Access to the Site for the execution of a contract and receipt of the services or/and the products displayed will require that users provide GATHERNEXT with those details (e.g. name, e-mail

address, postal address, mobile phone number, etc.) that are necessary for the successful and secure delivery and receipt of the requested products/services. By entering the required data for the execution of each transaction, users provide their explicit consent (opt-in) for the collection, use and process of their personal data regarding the above purpose, in accordance with article 6, par. 1 of the General Data Protection Regulation (GDPR 2016/679), L. 2472/1997 and the applicable Greek legislation, as in force from time to time.

What types of personal data do our Customers collect?

Our Applications are flexible and allow our Customers to collect a variety of personal data from and about their Consumers, including name, organization, title, postal address, e-mail address, telephone number, fax number, social media account ID and other information including but not limited to dietary preferences, interests, opinions, activities, age, gender, education and occupation.

How do our Customers collect personal data?

• When Consumers voluntarily and explicitly enter personal data into our Applications.
• When our Customers enter Consumers into our Applications, when permitted, including by having a legitimate business interest or obtaining explicit consent from a Consumer.
• Automatically, as Consumers interact with our Applications, using commonly used information gathering technologies such as cookies.

How do our Customers use personal data?

If a Consumer chooses to use our Applications to conduct business with a Customer (for example: register for or check into an event, respond to an online survey, or send or respond to a Request for Proposal (“RFP”)), any information provided in connection with that interaction will be transferred to, and under the control of, the Customer.

Customers will also have access to information (including personal data and Application usage data) related to how Consumers interacts with the Applications they use. In this instance, the Customers act as data controllers towards the Consumer, under the European Economic Area (“EEA”) data protection laws. Therefore, GATHERNEXT cannot and does not take responsibility for the privacy practices of Customers.

The information practices of our Customers are governed by their privacy policies. We encourage Consumers to review the Customers’ privacy policies to understand their practices and procedures.

Hyperlinks to Sites of third parties

GATHERNEXT’s Sites may contain hyperlinks that lead to other Sites of third, independent parties, as indicatively events producers, Customers, payment providers etc. which are being operated and maintained exclusively by them, and which we do not control, as previously stated.

We carry no liability for the content, the actions or the policies of such Sites. Please read carefully the corresponding personal data protection policies in the Sites you visit, as they may have important differences from ours.

Information We Collect

GATHERNEXT’s use of personal information collected through our Applications shall be limited to the purpose of providing the service for which our Customers have engaged GATHERNEXT.

GATHERNEXT collects your personal data in the following cases:

• When you fill out an application-form in our Site to get a product/service and to check your age to identify whether you may lawfully contract with us or the consent/signature of your parents/guardians is required.
• Upon your willful subscription to hard-copied or electronic lists so that you receive informative material or other marketing material in the form of prospectuses, electronically or by SMS or so that you renew your preferences or upon your participation in competitions, questionnaires and surveys.
• Upon your communication with our offices and each communication with our call center, concerning your comments and preferences for purchases, the products/services you have searched for, or your comments.
• Upon your visit and browsing in our Sites, where we collect using the appropriate means of data collection (e.g. cookies) information from your terminal device, such as IP address, operation system that you use, the type and version of your browser etc.
• Upon the submission to us of documents, judicial documents, orders, reports, confiscation documents, judicial orders, papers etc. by third parties such as supervisory, prosecution, judicial, tax authorities, banking organizations, payment institutions, credit card institutions, companies that provide information on your creditworthiness for your protection against fraud or money laundering or combat against financial and electronic crime.

Gathering of non-Personally-Identifying Information (Non Personal Data)

Like most Site operators, GATHERNEXT may collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. GATHERNEXT’s purpose in collecting non-personally identifying information is to better understand how GATHERNEXT’s users use its Services.

Cookies. A cookie is a string of information that a Site stores on a visitor’s computer, and that the visitor’s browser provides to the Site each time the visitor returns. The usage of cookies allows GATHERNEXT to identify and track Visitors and the Site access preferences. GATHERNEXT visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using GATHERNEXT’s Sites, with the drawback that certain features of GATHERNEXT’s Sites may not function properly without the aid of cookies.

Gathering of Personally-Identifying Information (Personal Data)

We ask Customers, who sign up for the Service, to provide their personal data, including name, surname, and an e-mail address (username). Depending on the type of events they organize (free

or paid events) and their use of the Service, we might also ask them to provide more information including as necessary their phone number, address, contact e-mail address, Tax Identification Number, billing address, occupation, bank account number, PayPal account, Stripe account.

Those who register for an event are asked to provide their name, surname, e-mail address. They might be also asked to provide additional personally identifying information including, without limitation, their address, phone number, occupation. If a Consumer (e.g. Attendee) voluntarily provides that information, it will be available to us. In addition, such information will be delivered to the Customer of the applicable event.

We do not ask for credit or debit card information and we do not process or store such information. Payment codes, order codes, passwords etc. are strictly personal and the User is exclusively responsible to protect them from being disclosed, copied, challenged and communicated to third parties. For paid events that Customer has enabled payment via credit card, debit cards, PayPal or Stripe, Consumers are redirected for the payment to a secure page of a Bank, PayPal or Stripe. In each case, GATHERNEXT may collect such information only insofar as is necessary or appropriate to fulfill the purpose of the User’s interaction with the Services. GATHERNEXT does not disclose personally-identifying information other than as described. And Users can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain Service-related activities.

Does GATHERNEXT use personal data collected by our Customers?

We don’t use personal data of Consumers for any purpose other than to provide services that our Customers have contracted us to provide through our Applications, as noted below, or as required by law.

GATHERNEXT will use your information for the following lawful processing purposes, namely:

• For the completion of your requests, purchases and orders.
• To answer on your applications and questions, indicatively for the provision of information on reservations, purchases, tickets, as well as information and answers to your suggestions regarding product and services improvements.
• To announce you the results of surveys, lots and competitions into which you may have participated.
• For Site traffic analysis and the improvement of your experience and to provide you with information related to products, services, special offers and promotional activities.
• For internal operations and analysis, such as internal management, prevention of fraud, use by information technology management, invoicing, accounting, billing and auditing systems.
• To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all GATHERNEXT’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by GATHERNEXT about our Customers and Consumers is among the assets transferred.

• As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions.

If GATHERNEXT is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

Briefly we may use the Personal Data as follows:

• Services delivery. To be able to provide the Services.
• Support. To manage your account and provide you with customer service.
• Marketing. To contact you in the future, with your consent, about events, products or services that may be of interest to you. Products and services can be either ours, of our affiliated companies or other third parties.
• Customer e-mails. Customers can also contact Consumers by e-mail.
• Analysis. To perform research and analyze your use of, or interest in, events, products, services or content, after your consent.
• Personalization. To help us develop and display content tailored to your interests.
• Internal business purposes. To manage our business, to enforce our terms and conditions.
• Other functions. To perform other functions, which we will describe to you at the time we collect the information.

GATHERNEXT processes information on servers in Frankfurt, Europe. We may process your personal information on a server located outside the country where you live.

Information we share

We do not share personal data information with companies, organizations and individuals outside of GATHERNEXT unless one of the following circumstances apply:

• With your consent. We will share personal information with companies, organizations or individuals outside of GATHERNEXT when we have your consent to do so and only to the extent it is necessary for the completion of your order and to fulfil requests associated with our services. We require opt-in consent for the sharing of any personal information.
• With Customer (e.g. event Organizer) when a Consumer (e.g. Attendee) registers to an event, information we collect is shared with the applicable Customer as we operate as intermediaries between Customer and Consumer. Customer can determine whether certain participant data are displayed on a publicly accessible Attendee list. As a Consumer, you are able to remove your details from Attendee list by contacting the corresponding Customer or GATHERNEXT with regard to this matter. We advise you to carefully read the personal data protection practices of any third-party Providers/ Customers, whose products/services you buy/obtain via our Sites. In addition, such third parties/Customers may contact you, if necessary, to receive additional information about a potential service, payment or reservation you obtained.

• For external processing. We may provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures applicable data protection laws. We may need to transfer your data in other countries, including countries that are basically inside and only exceptionally outside the European Economic Area (EEA) based on adequacy decisions by the EU, binding corporate rules, standardized contracts and approved codes of conduct.
• For legal reasons. We will share personal information with other parties for legal reasons if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms of Service, including investigation of potential violations.
  • detect, prevent, or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of GATHERNEXT, our users or the public as required or permitted by law.

We may transfer or reveal your personal data to official, national or foreign, state and supervisory bodies (e.g. police, Bank of Greece, international tax authorities etc.) when we are asked to comply with the law and to prevent any unlawful actions (e.g. fraud, money laundering etc.) to our or our customers’ detriment.

We may share aggregated, non-personally identifiable information publicly and with our partners. For example, we may share information publicly to show trends about the general use of our services.

How long does GATHERNEXT store personal data collected by our Customers?

We retain Customers Personal Data for as long as necessary to provide them with our Services or for other important purposes, such as complying with legal obligations (financial, banking, tax etc.), resolving disputes, and enforcing our agreements.

We retain Consumers Personal Data for as long as necessary to provide them with our Services and typically we keep them for up to three months after the termination of the provided service, unless there is a contract with the customer on different terms.

How do you access, correct or delete your information?

Customers and Consumers have the right in respect of Personal Data that we hold about them, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete their Personal Data, object to profiling and unsubscribe from marketing communications. For the most part, they can exercise these rights by logging in their Account page or changing the “cookie settings” in their browser. If they can’t find what they’re looking for they can contact us and we will process any request within 30 days. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.

GATHERNEXT processes Consumers data under the direction of our Customers and has no direct control or ownership of the personal data we process. Customers are responsible for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to GATHERNEXT for processing purposes. Any Consumer that seeks to access, correct or delete data, should direct their query to the Customer. A Customer is able to change, modify, delete Consumers’ participation directly, but if not, then the Customer may requests by GATHERNEXT to remove the personal data of a Consumer to comply with data protection regulations, GATHERNEXT will process this request within 30 days. If they so wish, users may request at any time information about their personal data kept by GATHERNEXT, their recipients, the purpose of keeping and processing them, and their modification, correction or deletion, by sending a relevant e-mail to dpo@gathernext.com from the e-mail address declared upon registration, attaching a copy of their ID card. The user may withdraw the provided consent by sending an e-mail to dpo@gathernext.com ; such e-mail must be sent by the same e-mail address declared by the user upon registration, stating “I Do Not Wish to Receive Information”. Alternatively, the user may select the option “Delete from Recipient List” on the e-mail received.

We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. In this instance, we will inform the Customer about the legal obligations that prevent us from fulfilling the request.

If you have a complaint about how we handle your Personal Data, please get in touch with us. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.

Note: If the type of participation changes for a Consumer then some of his data (personal, files, etc.) that he may have uploaded to his profile may not be displayed. This depends on whether the new participation type contains the corresponding fields as the previous one. This data is stored and will reappear if the Consumer returns to the previous participation type. In case the Consumer wishes to delete this data and he cannot by himself, then he must contact the Customer-Organizer or GATHERNEXT as mentioned above.

Sub-processors

To provide the services, we may need to transfer some of your Personal Data to third parties (sub- processors). Whenever we transfer Personal Data, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data.

Sub-processors we use:

• Amazon Web Services. Inc. (AWS), (Frankfurt) Data Storage service

Data Privacy: https://aws.amazon.com/compliance/data-privacy/

EU – U.S. Privacy Shield Certification https://aws.amazon.com/compliance/eu-us-privacy- shield-faq/

Amazon Web Services EMEA SARL Greek Branch

GEMI No. : 156059001001, Tax registration No. 996763380, Athens Tax Office for Commercial Companies, VAT Registration Number: EL996763380

• Google (for reCAPTCHA)

Privacy & Terms: https://policies.google.com/privacy Velasco, Clanwilliam Place, Dublin 2, Ireland

Sub-processors that we or our customers may use:

• Stripe if Customer use Payment Provider Stripe activating by their own Stripe account (only for paid events).

Stripe Services Agreement — Greece: https://stripe.com/en-gr/legal Dublin, Ireland

• Twilio only if Customers uses Twillo Sendgrid as an email provider.

Twilio Privacy Statement: https://www.twilio.com/legal/privacy#twilio-privacy- statement

Twilio Terms of Service: https://www.twilio.com/legal/tos 375 Beale Street, 3rd Floor Remit To:

San Francisco, CA 94105

Third Party Analytics Providers

We use third party analytics providers (Google) to collect information about the usage of our Applications and enable us to improve how these Applications work. The information allows us to see the overall patterns of usage on the Applications, helps us record any difficulties you have with the Applications, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimize ad performance. Google Analytics use cookies and other similar technologies to collect information about the usage of our Applications and to report Site trends to us, without storing any personal data on external third-party analytics provider platforms. See below for more information, or to opt out of these practices:

• You may opt-out of Google Analytics by clicking here.

Targeted advertising

We may use personal data of yours together with other information we have collected with the assistance of our commercial department’s personnel, to show advertisements related to your obvious preferences in our Site or in third parties’ Site.

However, we never automatically associate data of customers of different companies of the GATHERNEXT regarding your consumer profile and your preferences with other personal information (such as your e-mail address) in order to show advertisements or to send you personalized offers based on profiling. In addition, we do not share your personal details with third parties so that they can be enabled to send you relevant advertisements.

If you wish us to stop sending you updates or offers, you may use the hyperlink for deregistration which is placed within the relevant e-mail you received from us.

Promotional Activities

GATHERNEXT will regularly carry out promotional activities in the form of prizes to Users (discount coupons, free access to specific services, etc.). The prizes are offered in line with the special characteristics and/or restrictions each time described in our Sites and or in any other promotional material (e.g. leaflets). Prizes will not be redeemable or exchangeable for cash. GATHERNEXT may change at its discretion the special characteristics and the conditions under which prizes are offered, with no prior notice.

Does GATHERNEXT process information of children under the age of 16?

Our Applications are not intended for children under 16 years of age. We do not directly solicit or collect personal data from children under 16. If you are under 16, do not (i) use or provide any information on these Applications or on or through any of its features, (ii) register to use any of our Applications, (iii) make any purchases through our Applications, (iv) use any of the interactive or public comment features of our Applications or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you will use.

How does GATHERNEXT secure the data it processes?

We use a variety of organizational, technical and administrative measures to protect personal data within our enterprise. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Information” section below.

How do you contact GATHERNEXT or GATHERNEXT’s Data Protection Officer?

For details about the DPO’s role or any privacy questions related to GATHERNEXT’s Security, Data Protection & Privacy Policy or if you consider that we have not abided by the principles set herein, please contact the DPO at dpo@gathernext.com.

Privacy Policy Changes

As we may change our Privacy Policy from time to time, we encourage you to frequently check this page for any changes. If we make any material changes, we will notify you by means of a notice on this Site thirty (30) days prior to the changes becoming effective, or by e-mail (sent to the e-mail address specified in your account) seven (7) days prior to the changes becoming effective.

Validity of Personal Data Protection Policy

This Policy was published by GATHERNEXT on 25/11/2021 and is subject to periodic improvement and review. Any amendments to this Policy will apply on the collected information since the date on which the amended version will be published and on the existing information we keep. By using of the Site after the publication of the amendments, you (Visitors, Customers and Consumers) automatically accept such amendments.