AEG Technology Solutions Corporation

Effective Date: March 25, 2026

This Data Processing Agreement (“Agreement” or “DPA”) is entered into by and between AEG Technology Solutions Corporation (“Processor”, “AEG”, “we”, “our”, or “us”) and the Client / Customer (“Controller”, “you”, or “your”).

This Agreement governs the processing of personal data by AEG on behalf of the Client in connection with services provided by AEG.

This Agreement governs the processing of personal data by AEG on behalf of the Client in connection with the services provided.

AEG shall process personal data strictly in accordance with:

• The Data Privacy Act of 2012 (RA 10173)
• Its Implementing Rules and Regulations (IRR)
• National Privacy Commission (NPC) guidelines
• This Agreement and lawful written or documented instructions of the Client

For purposes of this Agreement:

• Personal Data – Any information from which an individual can be identified.
• Processing – Any operation performed on personal data including collection, recording, storage, use, disclosure, and deletion.
• Controller – The entity that determines the purpose and means of processing personal data.
• Processor – AEG, acting on behalf of the Controller.
• Data Subject – The individual whose personal data is being processed.

AEG may process personal data in connection with the following services:

• POS Systems and Cloud-Based Systems
• Inventory and Business Management Systems
• Website Hosting and Website Development
• CCTV and Security Systems
• IT Infrastructure and Network Services
• Custom Software Solutions
• Other related technology services lawfully requested by the Client

The personal data processed may include, where applicable:

• Full Name
• Contact Information such as email address and phone number
• Address and location details relevant to service delivery
• Transaction records and service records
• System logs and usage data
• Employee, customer, or user information uploaded by the Client

AEG agrees to:

• Process personal data only based on lawful instructions from the Client.
• Ensure confidentiality of all processed data.
• Implement appropriate technical and organizational security measures.
• Restrict data access to authorized personnel only.
• Maintain data integrity and take reasonable steps to prevent unauthorized disclosure.
• Assist the Client in complying with applicable legal and regulatory obligations, where reasonably necessary.

The Client agrees to:

• Ensure lawful collection and lawful basis for processing personal data.
• Obtain consent from data subjects where required by law.
• Provide accurate, lawful, and sufficiently specific instructions to AEG.
• Ensure its own compliance with RA 10173 and other applicable laws.
• Refrain from instructing AEG to perform unlawful processing.

AEG implements reasonable and appropriate safeguards including:

• Secure servers and infrastructure
• Access control and authentication systems
• Encryption where applicable and reasonable
• Firewall, monitoring, and logging systems
• Operational controls designed to reduce unauthorized access

However, no system is completely secure, and the Client acknowledges the inherent risks associated with online data transmission and electronic systems.

AEG may engage third-party service providers or sub-processors, such as:

• Cloud hosting providers
• Payment gateways
• IT support and infrastructure providers

AEG shall use reasonable efforts to ensure that such sub-processors are bound by appropriate confidentiality and data protection obligations consistent with applicable law.

In the event of a personal data breach affecting processed data:

• AEG will notify the Client without undue delay, subject to verification of the incident.
• AEG will take reasonable steps to contain, assess, and mitigate the breach.
• Required notifications to the National Privacy Commission (NPC) or affected data subjects shall be handled in accordance with applicable law and assigned responsibilities.

Personal data shall be retained only for as long as necessary for service delivery, contractual performance, legal compliance, or other lawful purposes.

Upon termination of the service relationship and subject to applicable law:

• AEG may delete, anonymize, or return data upon lawful request of the Client.
• Retention may continue where required for compliance, dispute resolution, audit, security, or legitimate recordkeeping purposes.

Where reasonably applicable, AEG shall assist the Client in responding to requests relating to:

• Access
• Correction
• Deletion or blocking
• Objection
• Data portability

Such assistance shall be subject to technical feasibility, applicable law, and the Client’s lawful instructions.

All AEG personnel authorized to process personal data are subject to confidentiality obligations and are expected to handle data only as necessary for legitimate service-related purposes.

AEG shall not be liable for losses, claims, or damages arising from:

• Improper or unlawful data collection by the Client
• Incomplete, inaccurate, or unlawful instructions from the Client
• Misuse of data by unauthorized third parties outside AEG’s reasonable control
• Events beyond reasonable control including force majeure, third-party outages, or external attacks despite reasonable safeguards

This Agreement shall remain in effect for the duration of the service engagement between AEG and the Client, and may continue insofar as personal data remains in AEG’s possession for lawful retention purposes.

Termination of the principal service relationship shall not automatically extinguish obligations relating to confidentiality, lawful retention, audit, dispute resolution, and legal compliance.

This Agreement shall be governed by and construed in accordance with the laws of the Republic of the Philippines.

Any dispute arising from or relating to this Agreement shall be subject to the proper courts of Makati City, Philippines, unless otherwise required by applicable law or agreed in writing.

For data protection and privacy-related concerns, you may contact:

By using AEG services, signing a service agreement, or otherwise engaging AEG as a service provider, the Client acknowledges and agrees to this Data Processing Agreement, subject to any separate written agreement executed between the parties.

© 2026 AEG Technology Solutions Corporation. All Rights Reserved.