This page describes the security and assistance measures that Myonex will provide to Customers when processing Personal Data on their behalf when providing the Services. It should be read in conjunction with the Myonex Data Processing Terms appearing at: myonex.com/legal/data-processing-terms. These measures may change periodically. This page was last updated on November 14, 2025.

1)   Specific Security requirements.

1. Myonex and Subprocessors that Process Personal Data deploy the following measures and documents with respect to Personal Data:
   1. The data security program and associated physical, technical, organizational and security measures is documented in writing and is intended to comply in all material respects with the Information Security Management System (ISMS) family of standards as published by the Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), also known as the ISO/IEC 27000 series or with National Institute of Standards and Technology (NIST) frameworks and guidelines, as each may be modified or replaced from time to time.
   2. Secondary authentication (two-factor authentication (2FA)), as well as a password.
2. Isolation of Personal Data. The principle of least privilege is implemented and enforced (i.e., authorized Myonex Personnel are only be granted the minimal data-access privileges required to complete their job functions or responsibilities). Myonex permit only authorized Myonex Personnel, Customer employees or third parties access to data locations.
3. Viruses. Myonex uses reasonable, good faith and diligent efforts to identify, screen, prevent and otherwise ensure that no viruses are coded or introduced into Myonex’s Systems, or any Myonex technology used to provide the Services to Customer;
4. Backdoors. Myonex certifies that (a) it has not purposefully created any backdoors that could be used to access the Personal Data or Systems, (b) it has not purposefully created or changed its business processes in a manner that facilitates access to Personal Data or Systems, and (c) that national law or government policy does not require Myonex or Subprocessor to create or maintain backdoors or to facilitate access to Personal Data or Systems.
5. Restoring Data. The restoration of any destroyed, lost or altered Personal Data is performed by the party that has operational responsibility for maintaining the System on which such Personal Data resides and for creating and maintaining backup copies of such Personal Data
6. Encryption. Myonex encrypts all Personal Data at rest, and in transit, and in storage; and encrypts all Personal Data on portable devices, using a FIPS-140-2 compliance encryption algorithm.
7. Penetration Test. Myonex annually tests, assess, and evaluates the effectiveness of its security measures by conducting a penetration test based on industry accepted penetration testing approaches on its systems used to store or Process Personal Data.
8. Contingency Planning. Upon the occurrence of a Force Majeure Event that constitutes a disaster under the applicable disaster recovery/business continuity plan, Myonex promptly implements, as appropriate, such disaster recovery/business continuity plan and provide disaster recovery and business continuity services as described in such plan.
9. Backup of Data. As part of Myonex’s implementation of the disaster recovery/business continuity plan described above, Myonex generates and maintains backup copies of all Personal Data residing on its Systems.  Such backup copies are considered “Customer Personal Data” as used in the DPA.

 

2)   Assistance with responding to data subject requests

Myonex implements reasonable technical and organizational measures required to enable Customer to update, erase, isolate, obtain and disclose Personal Data relating to a specific data subject.