Partner Agreement Version: 1 Page 1 of 21 24-06-04 Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. PARTNER AGREEMENT — This partner agreement (the “Partner Agreement”) is entered between: Polestar Automotive Sweden AB, company number 559225-6258, a limited liability company incorporated under the laws of Sweden with its registered address at Assar Gabrielssons väg 9, 405 31 Gothenburg, Sweden (“Polestar”); and Volvo Car Retail AB, company number 556627-6175, a limited liability company incorporated under the laws of Sweden with its registered address at Box 466 191 24 Sollentuna, (“Partner”). Each a “Party” and collectively, the “Parties”. 1. BACKGROUND 1.1. Polestar’s ambition is to build a strong brand, offer a premium customer experience, and ensure a viable partner network. It is Polestar’s belief that Partner share these goals and ambitions and that Partner will use its best effort to realise these ambitions together with Polestar. 1.2. Based on the above, Partner is hereby appointed to perform the Operations (as defined below). The Operations and the Agreement will commence on the date of the last signature on this Partner Agreement (“Commencement Date”), unless otherwise agreed by the Parties. 1.3. By entering this Partner Agreement, Partner acknowledges that Customers will associate Partner with Polestar and the Polestar brand which requires a need for uniformity in the way Customers are approached and treated during the customer journey. 2. DEFINITIONS 2.1. For the purposes of this Agreement, the following definitions shall apply: Affiliate With respect to a company, any other company from time to time directly or indirectly controlling, controlled by, or under common control with that company. For this definition, “control” means possession, directly or indirectly, of the power to direct or cause Partner Agreement Version: 1 Page 2 of 21 24-06-04 direction of the management and policies of a company, whether through ownership of voting securities, by contract or otherwise. Applicable Data Protection Legislation Applicable data protection laws, regulations, decisions, judgments and recommendations applicable - from time to time - to the processing of personal data under this Agreement, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR). Approved Locations The approved locations referred to in Section 4.1 AOI A non-exclusive geographical area of influence. Control means in relationship to a legal entity, the possession, directly or indirectly, by a legal and/or natural person of the power to direct or cause the direction of the management or policies of a legal entity, whether; a) by means of the holding of shares or other securities, or the exercise of voting power, in or relating to that legal entity or any direct or indirect holding company of that legal entity; or b) by virtue of any powers conferred by the articles of incorporation, the articles of association, any contract and/or any other corporate documents relating to the legal entity or any direct or indirect holding company of that legal entity; and a “Change of Control”, means any transaction or undertaking, whether voluntary or compulsory, of which the object or effect is (or may be) to (a) change, transfer or assign, in any manner whatsoever, directly or indirectly, in whole or in part, either immediately or in time, the Control over and/or ownership of (shares or other securities in) the legal entity and/or a direct or indirect holding company of the legal entity; (b) transfer, assign or grant any other right in rem in respect of (part of) the shares or other securities in the legal entity or in (parts of) the business or the assets of the legal entity, whether or not as security, whether such transaction is effected for consideration or free of charge, by way of succession or otherwise; and/or (c) transfer or assign, directly or indirectly, in whole or in part, either immediately or in time, the effective management of the legal entity to a third party. Customer An end customer (be it an individual or a legal entity) resident/established in the EEA, Switzerland or the United Kingdom including, for avoidance of doubt, leasing/financial companies, purchasing a Polestar Customer Offer. Commercial Policy Commercial terms and conditions attached to this Partner Agreement related to activities covered by one or more Specific Agreement(s). Courtesy Car A Polestar Vehicle [***] used for the purpose of keeping a Customer mobile while the Customer awaits its Polestar Vehicle. Partner Agreement Version: 1 Page 3 of 21 24-06-04 Demonstration Vehicle A Polestar Vehicle [***] prepared and registered for use on the road for demonstration to prospective Customers. Display Vehicle A New Polestar vehicle used for display purposes in an Approved Location or outside an Approved Location subject to Polestar’s prior approval. EEA European Economic Area, being at the date hereof the member states of the European Union, Norway, Iceland, and Liechtenstein. Genuine Polestar Parts All (i) components, (ii) replacement and exchange parts and (iii) new, replacement or exchange engines, batteries or other assembled components used for the repair, service or maintenance of Polestar Vehicles, [***] Genuine Polestar Parts also include software which controls or otherwise is related to the operation of various elements of a Polestar Vehicle's functionality (whether or not indispensable for the usage of the car). IPR’s Any patent, copyright, trade mark, service mark or trade name, utility model, right in software, right in design, right in databases, image right, moral right, right in an invention, right relating to passing off, domain name, right in confidential information (including trade secrets) or right of privacy, and all similar or equivalent rights in each case whether registered or not and including all applications (or rights to apply) for, or renewal or extension of, such rights which exist now or which will exist in the future in Sweden and all other countries in the world. New Polestar Vehicle A new Polestar branded car distributed by Polestar in the EEA, Switzerland and the United Kingdom. New Polestar Product A New Polestar Vehicle, or a new Polestar Accessory. Polestar Accessory An accessory distributed by Polestar. Polestar Affiliate An Affiliate of Polestar Performance AB. Polestar Group Polestar Performance AB and all its Affiliates. Polestar Customer Offer Any Customer offer related to a New Polestar Product offered by Polestar or another Polestar Affiliate, [***]. Polestar Product A Polestar Vehicle, a Genuine Polestar Part, or a Polestar Accessory. Polestar Vehicle A Polestar branded vehicle (either a New Polestar Vehicle or a Polestar Pre-Owned Vehicle). Polestar Pre-Owned Vehicle A Polestar Vehicle previously registered to a Customer. Principal Owner A person who directly or indirectly owns at least 25% of Partner’s shareholding. Standards Polestar’s requirements related to all areas of the Operations, and published on Polestar’s digital platforms made available to Partner and which may be amended by Polestar from time to time in accordance with Section 5.1.1. Partner Agreement Version: 1 Page 4 of 21 24-06-04 3. CONTRACTUAL FRAMEWORK 3.1. Partner and Polestar have agreed to enter this Partner Agreement to function as a framework agreement for the various specific agreements listed as Schedules 1-5 below (the “Specific Agreements”). By signing this Partner Agreement, the Parties will be considered to have agreed to the Specific Agreements as well. The Partner Agreement and the Specific Agreements are jointly referred to as the “Agreement”. 3.2. The Specific Agreements covered by the framework of this Partner Agreement are the following: Schedule 1, The Agency Agreement Schedule 2, The Service Agreement Schedule 3, The Polestar Pre-Owned Agreement Schedule 4, The Authorised Repairer Agreement Schedule 5, The Trademark Sublicense Agreement 3.3. In the event of inconsistencies or contradictions between this Partner Agreement and any of the Specific Agreements, the relevant Specific Agreement will prevail unless the context or circumstances clearly suggest otherwise. In the event of inconsistencies or contradictions between the Trademark Sublicense Agreement and any other Specific Agreement, the Trademark Sublicense Agreement will prevail. 4. PARTNER OPERATIONS 4.1. Approved Locations 4.1.1. [***]. 4.1.2. The Approved Locations must meet Polestar’s Standards. Any material changes to the internal or external appearance of the Approved Locations shall not be made without giving Polestar at least 90 days prior notice and getting Polestar’s prior written consent, which shall not be unreasonably withheld. 4.1.3. [***]
Partner Agreement Version: 1 Page 5 of 21 24-06-04 4.2. Commercial Activities in Approved Locations 4.2.1. During the term of this Agreement, the Approved Locations shall be exclusively used for (i) the promotion, display and delivery of New Polestar Vehicles or (ii) the promotion, display, sale and delivery of Polestar Pre-Owned Vehicles. The Approved Locations shall not be used for other activities than the Operations unless instructed by Polestar, agreed by the Parties and included in the local business plans, i.e. events, activations, collaborations etc. 4.2.2. [***]. 4.3. Staff 4.3.1. The Operations shall be led by a dedicated location manager who will manage the day-to- day Operations full time. Each departing location manager shall be replaced as soon as possible. Partner will appoint an identified individual and notify Polestar in writing of proposed candidates. Partner will provide Polestar with such information about the proposed candidates as Polestar reasonably requires and take into consideration any reasonable observations made by Polestar when taking a final decision. Partner’s location manager must be authorised to make decisions within the ordinary course of business of Partner’s Operations when dealing with Polestar. 4.3.2. Partner is solely responsible for all the staff it engages for the Operations, in particular with respect to cost of wages, required social security and liability insurances and all other costs and legal requirements associated with employment, as well as with respect to damages or other third-party claims caused by or relating to the acts and omissions of Partner’s staff. 4.3.3. Partner shall appoint appropriate and sufficient personnel to be able to perform the Operations and in compliance with the Standards. 4.3.4. Polestar and/or a third party designated by Polestar will offer training programmes for Partner’s staff employed and/or engaged by Partner to handle the Operations. Such training may be available in different formats in Polestar's sole discretion, at the expense of the Partner. It is Partner’s responsibility to ensure that all personnel are appropriately trained and have obtained the necessary certificates and/or licenses required to perform all parts of the Operations. These requirements are further detailed in the Standards. 4.3.5. The Partner shall strive to be an attractive employer and shall develop and maintain a business culture that promotes quality, environmental concern, high ethics and employee motivation and engagement. 4.3.6. The Partner shall indemnify and hold Polestar or any other Polestar Affiliate (as the case may be), and Polestar’s or their officers, directors, and employees harmless against any claims, losses, damages, liabilities, and expenses (including reasonable attorney’s fees) arising out of, or in connection with, any claim by any member or former member of Partner’s staff, any employee or former employee of Partner or employee or former employee of any sub-contractor for payment of salaries, or in respect of taxes, contributions or other charges, or any other related claim brought by any member or former member of Partner’s staff or any employee or former member of Partner or employee or former employee of any sub-contractor, including any claim for personal injury, unfair dismissal, redundancy, discrimination or breach of contract of employment. Partner Agreement Version: 1 Page 6 of 21 24-06-04 4.4. Capital/Credit Lines and Business Information 4.4.1. Partner will maintain a level of net working capital and/or adequate lines of credit to comply with its obligations under this Agreement and meet the business objectives. 4.4.2. Partner shall submit to Polestar on a timely basis, and in a manner and format specified by Polestar from time to time such reasonable business management information as Polestar considers necessary for the effective implementation of the Agreement and any Specific Agreement, including financial/accounting data. 4.5. Insurance 4.5.1. Partner is required to at all times maintain appropriate insurance covering the Operations (including the Approved Locations and tools as well as third party liability and liability for work related accidents). 4.5.2. Polestar will maintain appropriate insurance covering any Polestar Products and any other assets that Polestar may have put at Partner’s disposal while in Partner’s care, custody and control whilst Polestar holds title to the Polestar Products. 4.5.3. Polestar shall at all times retain full title to any Polestar Products and any other assets that Polestar may have put at Partner’s Approved Locations and which Partner has not purchased and fully paid for. Partner shall, in accordance with the Standards, store the Polestar Products at the Approved Locations in a proper manner in conditions which adequately protect and preserve the Polestar Products. Partner shall also ensure that the Polestar Products are stored separately from any other goods (whether or not supplied by Polestar) and are clearly identifiable as belonging to Polestar and Polestar shall be entitled to examine any such Polestar Products at any time during normal business hours upon giving Partner reasonable notice. 4.6. IT Systems and Tools Partner shall use, at its own cost, any IT systems and tools reasonably required by Polestar as part of the Operations. Further details of the use of the IT systems and tools are provided in the Standards. Such IT systems and tools are provided on an as-is basis. In case of non-functionality Polestar will take all reasonable measures to resolve the issues as soon as possible, irrespective hereof we do not guarantee a flawless functionality of them. 4.7. Polestar’s Responsibilities 4.7.1. Polestar will: i. Make its best efforts to develop and maintain a strong brand position on the relevant market. ii. Provide information regarding Polestar Products and their anticipated availability as reasonably required by Partner for Partner to fulfil its obligations under the Agreement. iii. As reasonably requested by Partner, provide training and information enabling Partner to perform its obligations/activities under the Agreement. Partner Agreement Version: 1 Page 7 of 21 24-06-04 iv. Provide appropriate guidelines with respect to the development and implementation of local marketing campaigns. v. Support with information on questions from Customers. vi. Polestar shall submit to Partner on a regular basis reasonable information for the effective implementation of the Agreement, [***]. 4.7.2. Polestar will operate a customer engagement centre to assist Customers in the relevant country. The ways of collaboration between this customer engagement centre and Partner is set out in the Standards. Polestar will in its own discretion perform national and or digital marketing of Polestar Products and/or Polestar Customer Offers. 4.8. Personal Data and Cybersecurity Obligations 4.8.1. The Parties will comply with the Applicable Data Protection Legislation when performing its obligations under the Agreement. A data processing agreement and/or a data sharing agreement (whichever is applicable) is attached to each relevant Specific Agreement detailing the roles and responsibilities of the Parties relating to Customer data and other personal data. 4.8.2. Polestar has adopted Minimum Cybersecurity Requirements for key business partners as laid out in the respective Data Processor Agreements of the Specific Agreement(s). As further described in our Partner Digital Guidelines, Partner will comply with these requirements or corresponding requirements resulting in at least the same level of cybersecurity. 4.9. Audit Rights 4.9.1. Partner will keep complete and accurate records, including financial records, of the Operations and will maintain those records for as long as required by law, during the term of this Agreement and for not less than [***] after the termination of this Agreement. 4.9.2. Partner shall allow Polestar, or a third party appointed by Polestar, to access the Partner’s Approved Locations to audit the Partner’s compliance with the Agreement (including, without limitation, the Standards). Partner shall ensure that such right also applies in relation to any of Partner’s sub-contractors. 4.9.3. Partner shall provide reasonable assistance as required by Polestar as well as grant Polestar access to personnel and resources during normal business hours to reasonably verify Partner’s compliance with its obligations under this Agreement, including all applicable Standards. 4.9.4. In the event such audit reveals any breaches of the Agreement by the Partner, Polestar may charge the Partner a reasonable cost-based fee for that audit. Partner Agreement Version: 1 Page 8 of 21 24-06-04 4.10. No entitlement to a separate remuneration [***] 5. PARTNER’S PERFORMANCE 5.1. Standards and Operational Performance Targets 5.1.1. Partner shall at all times be compliant with the Standards applicable to its Operations. 5.1.2. Polestar may from time to time make reasonable updates of its Standards, normally on a yearly basis for valid reasons [***]. Polestar will notify Partner of any such planned updates and give Partner reasonable amount of time to comply with them. 5.1.3. [***]. 5.1.4. In addition, Polestar will measure the Partner on its operational performance against reasonable targets to be set after having consulted with Partner, [***] to be shared with Partner in advance. Polestar may from time to time make reasonable updates to the measurements and targets and provide Partner adequate time to meet these updates. 5.2. Improvement Plan 5.2.1. Polestar will continually monitor Partner against the operational performance targets and fulfilment of Standards as set in accordance with Section 5.1. If Partner repeatedly fails to meet such operational performance targets or fulfill the Standards, Polestar will notify Partner hereof and Partner will meet with Polestar within [***] weeks following such notification to discuss its performance and ways to improve it. During such meeting, Polestar and Partner will agree on an improvement plan (the ”Improvement Plan”), which shall at least include: i. areas where Partner must improve its performance; ii. metrics and targets that Polestar shall use to determine whether Partner’s performance in such areas has improved to Polestar’s satisfaction within the required time; and iii. a deadline by which such targets shall be met, which shall be no more than [***] from the date of Polestar’s initial notification under this Section. 5.3. Business Plan Review [***].
Partner Agreement Version: 1 Page 9 of 21 24-06-04 5.4. Customer Satisfaction 5.4.1. Partner undertakes to at all times perform its Operations with the highest level of skill, care and diligence and in accordance with generally recognised commercial practices and standards in the industry as well as in accordance with the provisions of this Agreement. 5.4.2. Partner will take part in Polestar’s customer satisfaction programmes applicable to its Operations and achieve all applicable objectives of such programmes. [***]. 5.4.3. Customer inquiries will be handled promptly, diligently and in accordance with the Standards and any other reasonable instructions from Polestar (which may require reporting to Polestar). 5.4.4. [***]. 6. PARTNER’S ORGANISATION 6.1. Change of Control 6.1.1. Partner must notify Polestar not less than [***] before any proposed Change of Control of the Partner (or any of its direct or indirect holding companies) as described in Appendix 1 (Partner’s Location and Organisation) and shall not implement such changes without the prior written consent of Polestar. Polestar will inform the Partner in writing of its decision and the reasons for its decision within a period of [***] after of Partner’s notification. 6.1.2. If Partner is a listed public limited company or is owned by a listed public limited company, Section 6.1.1 shall only apply where there is a Substantial Change of Control. A "Substantial Change of Control" means a change in ownership of the Partner as a result of: I. the sale or transfer of at least fifty per cent (50%) of the outstanding voting stock of the Partner (or any of its direct or indirect holding companies) to a third party; or II. the sale or transfer of at least fifty per cent (50%) of the assets, business and undertakings of Partner to a third party. 6.1.3. Partner shall not assign, transfer, novate, sub-license, delegate any of its rights any of the obligations under the Agreement or declare a trust in respect of this Agreement without Polestar’s prior written approval. Polestar may assign its rights and obligations under this Agreement to its Affiliated Companies. 6.1.4. In order to enable Polestar to verify compliance with this Section 6.1, the Partner shall submit to Polestar, upon its first request and in any case before the signature of the Agreement and upon each extension or renewal of the Agreement, a copy of its share register and an extract from the UBO-register. Partner Agreement Version: 1 Page 10 of 21 24-06-04 6.2. Death or Incapacity 6.2.1. Partner shall notify Polestar as soon as possible and in any event within [***], should a Principal Owner die or become permanently incapacitated. and whether that Principal Owner’s interest will be transferred to anyone and, if so, to whom, and whether that death or incapacity will result in any changes in day-to-day management of the Operations. 6.2.2. Transfer of a deceased or incapacitated Principal Owner’s interest to another person as part of that Principal Owner’s estate will not be subject to Polestar’s rights under Section 6.2. Polestar may, however, terminate this Agreement on [***] notice if the deceased or incapacitated Principal Owner’s interest passes to someone convicted by any court for any violation of law that materially affects the operation, business reputation or performance of the Partner or the interests of Polestar. 7. TERM AND TERMINATION 7.1. Term This Agreement takes effect on the Commencement Date and shall continue for [***], unless or until terminated in accordance with this Agreement. 7.2. Termination for Convenience 7.2.1. Each Party may terminate this Agreement by giving the other Party at least two (2) years’ written notice. Each Party may also terminate certain Specific Agreements in accordance with what is stated therein. 7.2.2. [***]. 7.3. Immediate Termination 7.3.1. Either Party may terminate this Agreement immediately at any time by written notice to the other Party if the other Party commits any material breach of this Agreement which breach is irremediable, or which breach (if remedial) is not remedied within thirty (30) calendar days after the service of written notice requiring the same. 7.3.2. In addition to the above, Polestar may terminate this Agreement with immediate effect, and without Partner being entitled to compensation, by giving written notice, in the following circumstances: a) [***] b) Partner repeatedly breaches any of its obligations under this Agreement, even if they can be remedied and, as the case may be, are remedied. Repeated breaches shall mean the breach at least 3 times of an obligation under this Agreement in a rolling 12-months period. Partner Agreement Version: 1 Page 11 of 21 24-06-04 7.4. Termination After Correction Period 7.4.1. If any of the following events or circumstances occurs and Partner fails to correct it no later than 60 days after having been notified of it, Polestar may terminate this Agreement immediately by giving Partner a written notice without judicial intervention and without Partner being entitled to compensation: a) [***] 7.5. Consequences of Termination 7.5.1. If this Agreement is terminated the following will apply: a) Partner will no longer be a Partner of Polestar b) Partner will have to remove all signs, displays and other items bearing Polestar’s Trademark. c) Within [***] of termination, at Partners’ own cost, return/transfer to Polestar (or someone nominated by Polestar) all of the following relating to the Operations: i. all Polestar Vehicles, Polestar Products and any other assets that Polestar owns; ii. any open orders for sale of Polestar Products and any potential customer deposits related thereto; iii. all customer service records; iv. all printed technical, sales, and service manuals and other materials, including advertising materials. 7.5.2. Partner shall certify its compliance with these requirements. Polestar or any of its representatives shall have power to enter the Approved Locations to take possession of all of the abovementioned items to ensure compliance with this obligation. a) Polestar may inform existing and prospective Customers of the termination and alternative arrangements for sales assistance of Polestar Products. b) All Specific Agreements will be automatically terminated upon termination of this Partner Agreement. Partner Agreement Version: 1 Page 12 of 21 24-06-04 7.6. Termination of Operations at a specific Approved Location Should Polestar be entitled to terminate this Agreement, Polestar is alternatively entitled to terminate Partner’s Operations at one or more of the Approved Locations (to the extent applicable). Provided that option is utilised, this Partner Agreement and any Specific Agreements shall continue to be in full force and effect with regards to any and all remaining Approved Locations whereas Section 7.5 shall apply in relation to the Approved Location(s) where the Operations have been terminated. 7.7. Termination of [***] and [***]. 7.7.1. [***] 7.7.2. [***]. 8. DISPUTES 8.1. Mediation The Parties should strive to solve disputes quickly and amicably and should consider mediating any dispute before starting any legal action in court. Should the Parties agree to a formal mediation process, neither Party will initiate any formal legal proceedings during the mediation process, and the running of any statute of limitations that applies to the claims being mediated will be delayed during the mediation process. The foregoing shall not apply to actions seeking injunctive relief. 8.2. Governing Law and Dispute Resolution This Agreement shall be subject to Swedish law. Any dispute, controversy or claim arising out or in connection with the Agreement shall be exclusively submitted to Swedish courts. The Parties acknowledge that disputes related to this Partner Agreement and/or one or more of the Specific Agreements may be joined into one and the same proceeding.
Partner Agreement Version: 1 Page 13 of 21 24-06-04 9. RESPONSIBLE BUSINESS 9.1. Compliance with laws and Code of Conduct 9.1.1. The Partner shall comply with the laws, rules, and regulations of the country/countries where it operates and all other laws, rules, and regulations of any other jurisdiction which is or may be applicable to the business and the activities of the Parties in connection with this Agreement. 9.1.2. The Partner and its officers, directors and employees, shall comply with Polestar’s Code of Conduct for Business Partners, published at Ethics and Codes of Conduct | Polestar (https://www.polestar.com/global/legal/ethics/) in connection with the conduct of its business and this Agreement. Partner shall ensure that the Code of Conduct for Business Partners or similar principles are communicated to and complied with by its subcontractors and sub-tier suppliers. 9.1.3. The Partner shall promptly notify Polestar if the Partner knows or has reason to believe that a breach of the Code of Conduct for Business Partners or any provision of this Section has occurred in connection with this Agreement, or if the Partner or any owner, officer, or director thereof comes under investigation or is convicted of any serious offense (defined as a felony or its equivalent) or if any owner, officer, director, or employee comes under investigation or is convicted of any offense in connection with its collaboration with Polestar. 9.1.4. In addition to any other rights Polestar has under this Agreement, Polestar may seek alternative remedies based upon a breach of the Agreement, including the right to withhold a reasonable amount of any bonus or margin which the Partner has qualified for prior to such date but which has not been paid by Polestar, provided that such remedies do not adversely affect the commercial viability of the Partner. Partner Agreement Version: 1 Page 14 of 21 24-06-04 9.2. Anti-Corruption and Anti-Money Laundering 9.2.1. The Partner shall comply with the anti-bribery and anti-money laundering laws, rules, and regulations of the United States, the United Kingdom, the European Union and the country where it is operating, and all other laws, rules, and regulations of any other jurisdiction which is or may be applicable to the business and the activities of the Parties in connection with this Agreement, including but not limited to the U.S. Foreign Corrupt Practices Act; the U.K. Bribery Act; and any legislation implementing the United Nations Convention Against Corruption, the United Nations Transnational Organized Crime Convention; or the Organization for Cooperation and Development Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. 9.2.2. The Partner agrees to maintain and enforce written anti-corruption and anti-money laundering and terrorist financing policies and procedures which are designed to promote and achieve compliance by the Partner and its respective directors, officers and employees with such laws. 9.3. Export Control and Trade Sanctions 9.3.1. The Partner represents and warrants that the Partner, its affiliates, officers, directors and employees: i. are not and have not been a Listed Person; ii. shall not, when performing its obligations under this Agreement (a) conduct any business activity, directly or indirectly, with any Listed Person, including by supplying to Polestar items sourced from a Listed Person, (b) conduct any business activity involving any Sanctioned Territory, (c) conduct any business activity that is prohibited or restricted under trade sanctions or export control laws applicable to the Parties, or (d) engage in any transaction that evades or attempts to violate restrictions under any trade sanctions or export control laws referenced in (a)-(c) above; iii. shall not sell, resell, export, re-export, assign, transport, or transfer any Polestar Product to any person located in a Sanctioned Territory or to any Listed Person. 9.3.2. The Partner agrees to maintain and enforce written trade sanctions policies and procedures which are designed to promote and achieve compliance by the Partner and its respective directors, officer and employees with such laws. 9.3.3. In this Agreement, the following definitions shall have the following meaning: a) Listed Person shall mean: i. Any individual, company, entity or organisation designated on: 1. the EU Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions, and Annex XIX of EU Regulation 833/2014 2. the UK’s Consolidated List of Financial Sanctions Targets – Asset Freeze Targets, and the List of Persons Subject to Restrictive Measures in View of Russia’s Actions Destabilising the Situation in Ukraine, maintained by Her Majesty’s Treasury 3. the List of Specially Designated National and Blocked Persons, and the lists on the Consolidated Sanctions List, maintained by the US Partner Agreement Version: 1 Page 15 of 21 24-06-04 Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) 4. the Entity List, Denied Persons List, the List of Statutorily Debarred Parties, the Terrorist Exclusion List and Unverified List maintained by the US Department of Commerce’s Bureau of Industry and Security (“BIS”) 5. the UN Security Council Consolidated List 6. any equivalent list maintained by any other sanctions authority in a jurisdiction in which any of the Parties is incorporated in. ii. Companies, entities or organisations that are owned 50% or greater by any combination of persons stated in item (a) or controlled by such persons, as applicable under laws and regulations pursuant to which the above lists are published. iii. The government of a Sanctioned Territory or a member of the government of a Sanctioned Territory. b) Sanctioned Territory shall mean, at any time, a country, region or territory which is the subject or target of any country-wide, region-wide or territory wide sanctions, being as at the date of this Agreement, Belarus, the Crimea Region, Cuba, Iran, North Korea, Russia, Syria, the Donetsk, Luhansk, Kherson and Zaporizhzhia regions of Ukraine. 9.4. Licenses and Permits Partner shall obtain any and all permits, licenses, authorisations, and/or certificates that may be required in any jurisdiction by any regulatory or administrative agency in connection with the conduct of its business and the sale of products or provision of services under this Agreement. 10. MISCELLANEOUS 10.1. Confidentiality 10.1.1. In this Agreement, “Confidential Information” includes information in permanent form (including for the purposes of this definition electronic form) labelled by the disclosing Party as confidential and information transmitted orally which is stated at the time it is disclosed to be confidential and then as soon as practicable afterwards, reduced to permanent form by the disclosing Party and sent to the receiving Party labelled confidential, as well as any other permanent or oral information which is reasonably to be considered as confidential. Even though information supplied by one Party to the other may be described or reasonably considered as confidential, it shall not qualify as Confidential Information or shall cease to qualify as such if the information: i. is already known to the Party receiving it, unless prior knowledge was obtained subject to a similar and still subsisting duty of confidentiality; ii. becomes known later to the Party receiving it, unless the later knowledge is obtained either unlawfully or subject to a similar duty of confidentiality; or iii. is or finds its way into the public domain other than by breach of any agreement by the receiving Party. Partner Agreement Version: 1 Page 16 of 21 24-06-04 10.1.2. Each of the Parties undertakes to maintain and procure the maintenance of the confidentiality of Confidential Information of the other Party at all times and to keep and procure the keeping of all Confidential Information of the other Party secure and protected against theft, damage, loss or unauthorised access, and not at any time, whether during the term of this Agreement or at any time thereafter, without the prior written consent of the other Party, directly or indirectly, to use or authorise or permit the use of or disclose, exploit, copy or modify any Confidential Information of the other Party, or authorise or permit any third party to do the same, other than for the sole purposes of the performance of its rights and obligations hereunder. 10.1.3. Each of the Parties undertakes to disclose Confidential Information of the other Party only to those of its officers, employees and contractors to who, and to the extent to which, such disclosure is necessary for the purposes contemplated under this Agreement and observe the confidentiality obligations in this Section 10.1 and execute and observe the terms of a confidentiality undertaking on terms comparable with the confidentiality obligations in this Agreement. 10.1.4. Without prejudice to the Partner’s obligations otherwise resulting from this Section 10.1, Polestar herewith explicitly prohibits Partner from sharing any Confidential Information of Polestar with third parties that are involved in the wholesale or retail sale of passenger cars of a competing brand. Partner acknowledges that it is of paramount importance that it complies with this instruction to avoid possible infringements of applicable competition laws. Partner acknowledges that specific measures (for example, but not limited to, firewalling Polestar information) may be required in case it acts as authorised dealer of such competing brands and commits to implementing such measures in an adequate manner. 10.1.5. Each Party shall immediately upon becoming aware of any unauthorised disclosure, misuse, theft or other loss of Confidential Information of the other Party, whether inadvertent or otherwise, give notice to the other of the same. 10.1.6. The terms of and obligations imposed by this Section 10.1 shall survive the termination or expiry of this Agreement but shall not apply to any Confidential Information which: i. at the time of receipt by the recipient is in the public domain, or subsequently comes into the public domain through no fault of the recipient, its officers, employees, agents or contractors; ii. is lawfully received by the recipient from a third party on an unrestricted basis; iii. is already known to the recipient before receipt hereunder; or iv. is independently developed by the recipient or its employees, agents or contractors outside the scope of this Agreement (as evidenced by files or other records created at the time of such independent development). 10.1.7. Each Party may disclose Confidential Information of the other Party as may be required by Law or order of a competent authority or applicable stock exchange regulations to be disclosed by the receiving Party, or as reasonably required to be disclosed to a professional adviser of the receiving Party, provided that, to the extent practicable and legally permissible in the circumstances, the disclosing Party is in each case given reasonable advance notice of the intended disclosure (to the extent allowed by applicable law) and a reasonable opportunity to challenge the same. 10.1.8. The existence and terms of this Agreement are confidential and, save as required by Law, may not be disclosed by Partner to any third party without Polestar’s prior written consent.
Partner Agreement Version: 1 Page 17 of 21 24-06-04 10.2. Force Majeure 10.2.1. If a Force Majeure Event prevents either Party from complying with any one or more obligations under this Agreement, that inability to comply will not constitute breach if; (i) that Party uses reasonable efforts to perform those obligations; (ii) that Party’s inability to perform those obligations is not due to its failure to take reasonable measures to protect itself against events or circumstances of the same type as that Force Majeure Event or develop and maintain a reasonable contingency plan to respond to events or circumstances of the same type as that Force Majeure Event, and (iii) that Party complies with its obligations under Section 10.2.3. 10.2.2. In this Agreement, “Force Majeure Event” means, with respect to either Party, any event or circumstance, whether or not foreseeable, that was not caused by that Party and any consequences of that event or circumstance, such as any event of natural disaster, pandemic, war, invasion, act of foreign power or enemy hostilities (whether war was declared or not), civil war, rebellion, revolution, insurrection or military or usurped power, or any statute, rules, regulations, orders or requisitions issued by any government department, council or other duly constituted authority, or from strikes, lockouts or breakdowns of plant. A Force Majeure Event shall not constitute a strike or other labour unrest of that Party’s own workforce, an increase in prices or other change in general economic conditions, a change in law, or an event or circumstance that results in that Party not having sufficient funds to comply with an obligation to pay money. Further, the Parties expressly agree that the concurrence of extraordinary circumstances relating to the COVID-19 pandemic that may take place from now onwards shall not be considered as a cause of Force Majeure that allows the Partner not to comply with the obligations arising from this Agreement. 10.2.3. If a Force Majeure Event occurs, the noncomplying Party will as soon as possible notify the other Party of the occurrence of that Force Majeure Event, its effect on performance, and how long the noncomplying Party expects it to last. Thereafter the noncomplying Party will update that information as reasonably necessary. During a Force Majeure Event, the noncomplying Party will use reasonable efforts to limit damages to the other Party and to resume its performance under this Agreement. 10.2.4. If a Force Majeure Event prevents the noncomplying Party from complying with its obligations for a continuous period of more than [***], the other Party may terminate this Agreement by giving at least [***] notice to the noncomplying Party. 10.3. Limitation of Liability 10.3.1. Nothing in this Agreement excludes or limits either Party's liability for: i. [***] Partner Agreement Version: 1 Page 18 of 21 24-06-04 10.3.2. Subject to Section 10.3.1 to the extent allowed by applicable law, neither Party shall in no event be liable to the other Party for loss of profits, loss of use, consequential, special, indirect or incidental damage, including negligence, arising out of or in connection with this Agreement. 10.4. Entire Agreement This Agreement (including, for avoidance of doubt, all of its schedules) constitute the entire understanding between the Parties as to the subject of this Agreement and supersede all other agreements, whether written or oral, between the Parties. 10.5. Amendment No amendment to this Agreement or any of its schedules will be effective unless it is in writing and signed by both Parties. 10.6. Assignment Neither Party may assign any rights or delegate any obligations under this Agreement without the prior written consent of the other Party, except that Polestar may assign its rights or delegate its obligations under this Agreement (or this entire Agreement) to any Polestar Affiliate. Any purported assignment or delegation in breach of this Section 10.6 will be void. 10.7. Waiver No failure or delay by either Party to exercise any right or remedy under this Agreement or by law will be a waiver of that or any other right or remedy, nor will it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of that right or remedy will prevent or restrict the further exercise of that or any other right or remedy. Partner Agreement Version: 1 Page 19 of 21 24-06-04 10.8. Severability 10.8.1. If any provision of this Agreement is held to be unenforceable, then that provision will be modified to the minimum extent necessary to make it enforceable, unless that modification is not permitted by law, in which case that provision will be disregarded; 10.8.2. If an unenforceable provision is modified or disregarded in accordance with this Section 10.8, then the rest of the Agreement will remain in effect as written. 10.9. Notices 10.9.1. For a notice or other communication in accordance with this Agreement to be valid, it must be in writing and delivered (i) by hand; (ii) by a national transportation company (with all fees prepaid); or (iii) to the e-mail address provided by each Party from time to time. 10.9.2. For a notice or other communication to a party under this Agreement to be valid, it must be addressed using the information specified below for that party or any other information specified by that party in a notice in accordance with this Section 10.9. To Polestar: [***] Polestar Automotive Sweden AB Assar Gabrielssons väg 9 405 31 Gothenburg, Sweden [***] With a copy to: Legal Department,[***]. To Partner: [***] Volvo Car Retail AB Box 466 191 24 Sollentuna, Sweden [***] Partner Agreement Version: 1 Page 20 of 21 24-06-04 10.9.3. If a notice or other communication addressed to a Party is received after 5:00 p.m. on a business day at the location specified in the address for that Party, or on a day that is not a business day, then the notice will be deemed received at 9:00 a.m. on the next business day. 10.9.4. Notwithstanding the foregoing, updates of Standards and which are generally applicable to Partners may be communicated via usage of a digital portal. 10.9.5. Notwithstanding the foregoing, notices related to data protection obligations shall be handled in accordance with what is set forth in the relevant data processing agreements attached to the Specific Agreements (as applicable). 10.10. No Partnership This Agreement does not establish or create a partnership or joint venture between the Parties or allow either Party to enter legally binding commitments on the other Party’s behalf, except to the extent explicitly stated in this Agreement. 10.11. Announcements Unless required by law, neither Party will make an announcement about this Agreement without first getting the other Party’s consent. 10.12. Remedies No remedy available to a party under this Agreement will exclude other remedies available by law. __________________ Place: Date: POLESTAR AUTOMOTIVE SWEDEN AB /s/ Martin Ölund /s/ Ola Sjölander Name: Martin Ölund Name: Ola Sjölander Title: Managing Director Title: Board Member Place: Date: VOLVO CAR RETAIL AB /s/ Anders Brocknäs /s/ Oscar Bertilsson Name: Anders Brocknäs Name: Oscar Bertilsson Title: CEO Title: Chairman of the Board
Partner Agreement Version: 1 Page 21 of 21 24-06-04 11. LIST OF SCHEDULES Schedule 1 - Agency Agreement Schedule 2 - Service Provider Agreement Schedule 3 - Polestar Pre-owned Agreement Schedule 4 – Authorised Repairer Agreement Schedule 5 - Trademark Sublicense Agreement Appendix 1 - Partner’s Locations and Organisation Appendix 2 - Facility Milestones Appendix 3 – VCR Side letter Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. Schedule 1 — Non-genuine Agency Agreement 1. INTRODUCTION AND APPOINTMENT 1.1. This Agency Agreement constitutes Schedule 1 to the Partner Agreement entered between Polestar and Partner. Any capitalised terms in this Agency Agreement shall have the same meaning as in the Partner Agreement, unless explicitly stated herein. 1.2. [***]. 2. SALE OF POLESTAR PRODUCTS 2.1. [***] 3. AREA OF INFLUENCE 3.1. [***]. 4. THE AGENCY ACTIVITIES 4.1. General (a) [***]. 4.2. Customer Activities (a) [***]. 4.3. Display- and Demonstrator Vehicles, point-of-sales material (a) [***]. 4.4. Local Marketing 4.4.1. [***]. 4.5. IT systems and Tools [***]. 4.6. New Product and Customer Offers [***]. 4.7. Stock of New Polestar Vehicles Etc [***]. 4.8. Changes of Polestar Products and Polestar Customer Offers 4.8.1. [***]. 4.9. Customer Warranties [***]. 4.10. No Agent Liability [***]. 5. POLESTAR’S OBLIGATIONS 5.1. [***]. 6. REMUNERATION 6.1. [***]. 7. TERM AND TERMINATION 7.1. [***]. Appendix 1 - Data processing agreement This Data Processing Agreement constitutes Appendix 1 to the Agency Agreement entered between Polestar and Partner. BACKGROUND a) Polestar has entered into, or will enter into, an agreement with Partner for the supply of products and/or services (the “Agreement”). b) Pursuant to the Agreement, Partner’s provision of the products and/or services involves processing of personal data by Partner on behalf of Polestar. c) The Parties have entered into this DPA to comply with the requirements in Article 28 of the Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as may be amended, updated, replaced or superseded from time to time (the "GDPR"). d) Where this DPA uses terms defined in the GDPR, but the terms are not defined in this DPA, those terms shall have the same meaning as in Article 4 of the GDPR. The Parties therefore agree as follows: 1. PROCESSING OF PERSONAL DATA 1.1 Polestar is controller of personal data processed under this DPA (hereinafter “Personal Data”) and Partner is processor of such personal data, except when Polestar acts as processor of personal data on behalf of a third party controller, in which case Partner is a sub-processor. 1.2 When Polestar is controller, Polestar undertakes to comply with all obligations laid down in the GDPR for controllers, including, but not limited to, ensuring the lawfulness of the processing of personal data, providing information to data subjects pursuant to Articles 13 and 14 in the GDPR and maintaining a record of processing activities under its responsibility. When a third party is controller of personal data processed by Partner under this DPA, the obligations that Partner has towards Polestar under this DPA (and the rights conferred upon Polestar under this DPA) shall also apply towards such third party controller, insofar as is necessary in order to comply with existing data protection laws, including the GDPR. 1.3 The categories of personal data subject to this DPA are specified in Appendix 1 which forms an integral part of this DPA. Without prejudice to this list, any other personal data processed by the Partner on behalf of Polestar in the course of performing the Agreement shall be subject to this DPA. 1.4 Polestar does not warrant the lawfulness of the personal data insofar as such data is not collected directly by Polestar or if the Partner processes personal data outside of the instructions of Polestar. 1.5 Partner warrants and is liable for the lawfulness and accuracy of the data it collects, either directly or through its permitted sub-processors, in its capacity as processor of Polestar.
2. CONTROLLER’S INSTRUCTIONS 2.1 The Partner shall only process Personal Data on documented instructions from Polestar, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by European Union or EU Member State law to which the Partner is subject. In such a case, the Partner shall inform Polestar of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. The Agreement and this DPA, along with subsequent instructions issued to the Partner by Polestar (including by email) throughout the duration of the processing of personal data, are Polestar’s instructions to Partner for processing of personal data. 2.2 Partner shall immediately inform Polestar in writing (including by email), if at any time, in its opinion, instructions are lacking or if instructions are infringing provisions of the GDPR or other European Union or EU Member State data protection provisions. Partner shall not proceed with the processing of personal data unless and until (i) Polestar issues new instructions, or (ii) if applicable, Polestar confirms the previous instructions. 2.3 Subject to Section 2.2, if the Partner cannot provide such compliance for whatever reasons, it shall promptly inform Polestar of its inability to comply, in which case Polestar is entitled to suspend or terminate the Agreement without any penalty. 2.4 The Partner shall deal promptly and properly with all inquiries from Polestar relating to its, or its Sub - processors’, processing of personal data on behalf of Polestar. 3. OBLIGATIONS OF THE PARTNER AS DATA PROCESSOR 3.1 The Partner shall ensure that only such employees (of the Partner or its subcontractors) which must have access to the personal data in order to meet Partner's obligations under this DPA shall have access to the Personal Data, based on the “need to know” and “least privileged access” principles, and that such employees have received appropriate training and instructions regarding processing of personal data as well as committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Partner shall provide Polestar, upon request, with proof of execution of the confidentiality agreements with personnel that may have access to Personal Data, as well as proof of periodic training in the field of personal data protect ion. 3.2 The Partner, taking into account the nature of the processing, shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk in accordance with GDPR Article 32 (and as a minimum the security measures further described in Appendix 2), and assist Polestar by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Polestar’s obligation to respond to requests for exercising the data subject's rights laid down in the GDPR. In particular, Partner shall ensure that Personal Data is properly isolated from data of other clients. 3.3 The Partner shall assist Polestar in ensuring compliance with the obligations pursuant to GDPR Articles 32 to 36 (e.g. assisting Polestar in case of data breach, when conducting a data protection impact assessment and prior consultations) taking into account the nature of the processing and the information available to the Partner. 3.4 Upon request of Polestar, the Partner shall make available to Polestar all information necessary to demonstrate compliance with the obligations laid down in this DPA and in Art. 28 GDPR and allows for and contributes to audits, including inspections, conducted by Polestar or another auditor mandated by Polestar, in accordance with Section 8 below. 4. PERSONAL DATA BREACHES 4.1 The Partner shall promptly, and in no case later than 48 hours of having become aware, notify Polestar of any personal data breach it has suffered, in order to enable Polestar to assess whether it is under the obligation to notify the personal data breach to the competent supervisory authority or to the data subjects, in accordance with GDPR. 4.2 Partner shall provide Polestar with all available information pertaining to such personal data breach, including at least the following matters, taking into account the nature of the processing and the information available to the Partner: a) The nature of the personal data including, where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned; b) the likely consequences of the personal data breach; c) the measures taken or proposed to be taken by the by Partner, as well as any measures suggested to be taken by Polestar (if the case), to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 4.3 The Partner shall thereafter implement all such measures as soon as possible, shall keep Polestar properly informed on developments and shall provide any and all cooperation requested by Polestar. 5. DATA ACCESS REQUESTS 5.1 The Partner shall promptly notify Polestar and shall subsequently supply Polestar with all information relating thereto, in case of : (i) any data subject requests or complaints regarding the processing of their personal data where Polestar is a controller, received directly by Partner; or (ii) any third party (including organisations or associations) requests or complaints regarding the processing of personal data by Partner on behalf of Polestar; or (iii) any supervisory authority or government requests for access to, information about, audit concerning, or any other regulatory action (including only notice of intent) concerning the processing of personal data undertaken by Partner in the context of the Agreement. 5.2 the Partner shall in no event respond directly, unless having received prior written instruction from Polestar to do so. 6. USE OF SUB-PROCESSORS 6.1 The Partner may continue to use those Sub-processors already engaged by Partner as at the date of this DPA, as listed in Appendix 1 to this DPA, so long as such use does not involve a transfer (as defined under EU data protection law) of Personal Data from the EEA to a third country other than those having been granted an adequacy decision by the European Commission, as indicated at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data- protection/adequacy-decisions_en. 6.2 The Partner shall inform Polestar in writing of any intended changes concerning the addition or replacement of sub-processors at least 30 days in advance. Polestar may submit an objection within this period of time, in which case it shall endeavour to explain the reasons why it objects to said sub- processor, without being obligated to do so. In the event of such an objection, even if Partner does not agree with Polestar’s position, the sub-processor shall not be engaged for processing Personal Data and the Parties will work in good faith to attempt to mutually resolve the matter. 6.3 Where the Partner engages a sub-processor for carrying out specific processing activities on behalf of Polestar, the Partner shall ensure that the same data protection obligations as set out in this DPA are imposed on that sub-processor, in particular audit rights and providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of this DPA and the GDPR. 6.4 Upon request, a copy of such a sub-processor agreement and subsequent amendments shall be made available to Polestar, with the exception of clauses on business related issues that do not affect the legal data protection content of the sub-processor agreement. 6.5 The Partner shall at all times keep an up-to-date list of all sub-processors used, including in each case the details required under Appendix 1, and shall make this list available to Polestar upon request. 6.6 Partner shall be liable for the acts and omissions of any such Sub-processor to the same extent as if the acts or omissions were performed by Partner. 7. TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS 7.1 Partner shall not transfer Personal Data to, or process such data in, a location outside of the EEA without Polestar’s prior written consent, except if in compliance with this Section 7 (in each case a “Transfer”). 7.2 Without prejudice to the sub-processor notification requirements in section 6.2, Partner may introduce Transfers where Partner has implemented a Transfer solution compliant with the GDPR, which for example may include: (a) where the destination country is subject to an adequacy decision by the European Commission; (b) a derogation pursuant to Article 49 of the GDPR applies or (c) the EU Commission Standard Contractual Clauses for the transfer of Personal Data to Processors established in third countries, together with supplementary measures. 7.3 Where the Transfer solution is the EU Commission Standard Contractual Clauses, the Partner shall provide Polestar with a transfer impact assessment, including details as to locations of processing, the processing activities that will be carried out, the types of data, any additional safeguards and measures (technical, organisational and contractual) to be implemented, as well as Partner’s risk assessment on the intended sub-processor and/or Transfer. Such notification shall be performed prior to implementation of the Transfer, and Polestar shall be given (by derogation from section 6.2 in case of sub-processors) at least 90 days to review it. Polestar may reject the Transfer, partially or entirely, in which case Partner shall not perform the envisaged Transfer. If the contracted services cannot be performed without the said Transfer, Polestar shall have the option to terminate the Agreement, entirely or partially as required, without any penalty. 7.4 If Partner is, or becomes, established outside of the EEA in a country that does not ensure an adequate level of data protection, the Parties shall enter into Standard Contractual Clauses based on the EU Commission Model Clauses. 8. AUDIT RIGHTS AND LOCATIONS 8.1 The Partner shall make available to Polestar, on request, all information necessary to demonstrate compliance with this DPA. 8.2 Polestar shall have the right to perform audits of the Partner's processing of Personal Data (including such processing as may be carried out by the Sub-processors, if any) in order to verify the Partner's, and any Sub-processors, compliance with this DPA. 8.3 The Partner will, during normal business hours and upon reasonable notice (whereby a notice period of five (5) Business Days shall always be deemed reasonable), provide to Polestar personnel or its hired consultants, its internal or external auditors, inspectors and regulators, reasonable access to the parts of facilities where the Partner is carrying out processing activities, to personnel, and to data and records (including tools and procedures) relating to the processing. Polestar’s auditors and other representatives shall comply with Partner's reasonable work rules, security requirements and standards when conducting site visits. 8.4 The right to perform audits and inspections shall also include a right to receive relevant information upon request and without Polestar staff being physically present at Partner’s site. 8.5 Partner will promptly remediate issues raised in any audit report to the reasonable satisfaction of Polestar, and Polestar shall have the right to conduct a follow-up audit on the same aspects where non-compliances have been initially discovered, under the same conditions laid out above. 8.6 The Partner shall at all times keep a comprehensive and up to date record of where the IT system(s) used to process personal data on behalf of Polestar is/are located. For the avoidance of doubt, this shall include the locations of any IT systems belonging to any Sub-processors. Upon request, the Partner shall promptly provide Polestar with a copy of the record. 9. GOVERNING LAW AND DISPUTE RESOLUTION 9.1 Swedish law, without regard to the conflict of law principles, governs all matters arising out of this DPA. 9.2 Any dispute, controversy or claim arising out of or in connection with this DPA, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Gothenburg, Sweden and the language to be used shall be English. 10. CONTRACT TERM AND TERMINATION 10.1 The term of this DPA corresponds to the term of the Agreement. The provisions regarding the ordinary termination of the Agreement apply accordingly. 10.2 On termination of this DPA for any reason, the Partner shall cease to process the Personal Data and shall arrange for the prompt and safe return to Polestar (or its nominated third party), or destruction,
at Polestar’s sole option, of all such Personal Data together with all copies in its or its Sub -processors’ possession or control, unless storage of the data is required under European Union law or EU member state law (which shall be notified to Polestar) in which case the Partner shall be controller of such data. Polestar may require the Partner to promptly confirm in writing that it has returned or destroyed all copies of the Personal Data. 11. LIABILITY 11.1 Breaches of this DPA shall be treated as breaches of the Agreement. 11.2 Each Party shall be liable for its own breaches of applicable data protection law and shall indemnify the other accordingly in case the other party suffers a damage following such breach. 11.3 For the avoidance of doubt, section 11.2 prevails over any limitation of liability in the Agreement. 12. GENERAL PROVISIONS 12.1 Compliance with laws. The Parties shall abide by all EU Data Protection Legislation even if not referenced in this DPA. 12.2 Attachments. The Appendices attached to this DPA are part of this DPA. In case of a conflict between the terms of such Appendices and the terms of this DPA, the terms of this DPA shall prevail. The Appendices shall take precedence in the order in which they are numbered. 12.3 Entire agreement. This DPA states all terms agreed between the Parties and supersedes all other agreements between the Parties relating to its subject matter. 12.4 Amendment and Waiver. No amendment of this DPA will be effective unless it is in writing and signed by both Parties. A waiver of any default is not a waiver of any later default and will not affect the validity of this DPA. 12.5 Assignment. Partner may not assign any rights or delegate any obligations under this DPA without Polestar’s written consent. 12.6 Severability. In case individual provisions of this agreement are ineffective or become ineffective or contain a gap, the remaining provisions shall remain unaffected. The parties undertake to replace the ineffective provision by a legally permissible provision which comes closest to the purpose of the ineffective provision and that best meets the requirements of Art. 28 GDPR. APPENDIX 1 — PROCESSING INSTRUCTIONS / DESCRIPTION OF THE PROCESSING 13. CATEGORIES OF PERSONAL DATA Partner will process the following types of personal data: a) [***] 14. CATEGORIES OF DATA SUBJECTS The personal data concern the following categories of data subjects: a) [***] 15. DURATION OF PROCESSING The processing activity will continue for as long as the agreement is valid and for a period of three months thereafter to allow the Partner to erase or retransfer the personal data. For specific personal data processing shorter retention times will be used according to Partners retention policy. 16. SUBJECT MATTER, NATURE AND PURPOSE OF PROCESSING [***]. 17. SUB-PROCESSORS [***] 18. PLACE(S) OF PROCESSING All operational data processing is done within EU/ EES. 19. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Polestar’s Minimum Information and IT Security Requirements as described in Appendix 2. Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 1 of 18 24-03-25 APPENDIX 2 – POLESTAR’S MINIMUM INFORMATION AND IT SECURITY REQUIREMENTS 1. SCOPE These Minimum Information and IT Security Requirements (hereinafter the “Security Requirements”) describe Polestar Performance’s minimum security requirements applicable when a Partner or seller (hereinafter the "Partner") provides services to Polestar Performance. In addition to these Security Requirements, other and or more stringent case-specific requirements for security arrangements may follow from the contract between the Partner and the relevant Polestar Performance company (hereinafter the "Contract"). Particularly, the Partner sha ll always adhere to Polestar Performance’s IT Security Directive (being Polestar Performance’s internal directive setting forth objectives, rules and principles for IT security management) when providing services internally at Polestar Performance’s premises or within Polestar Performance’s IT infrastructure. 2. STRUCTURE OF THESE SECURITY REQUIREMENTS 2.1 These Security Requirements have been structured to be aligned and consistent with ISO 27002. The document consists of 14 sections, of which each may contain one or more categories. Each category contains one or more control objectives. 3. RISK ASSESSMENT AND TREATMENT 3.1 The Partner shall have documented processes and routines for handling risks within its operations. The Partner is responsible for identifying security risks (including risks in the Partner’s business as well as risks identified by the Partner relating to the assignment/service performed for Polestar Performance) and taking necessary actions to control and mitigate such risks. 3.2 The Partner shall have at least one person having appropriate skills in the security area and being able to implement the security measures set forth in these Security Requirements. Such person(s) shall cooperate with Polestar Performance’s security staff if needed. 4. SECURITY POLICY 4.1 The Partner shall follow good practice in the information and IT security area and e.g. adopt standards such as the ISO 27000, have a documented information and IT security policy and run awareness campaigns. 4.2 A policy document pertaining to the management of information and IT security must be approved by the Partner’s management and be made available to all employees and relevant external parties. 4.3 A periodic review of the Partner’s information and IT security policy must be established in order to ensure that it remains adequate, relevant and effective. 5. ORGANISATION OF INFORMATION AND IT SECURITY 5.1 The Partner’s management shall actively support security within its organisation through clear direction, demonstrated commitment, explicit assignment and acknowledgment of information and IT security responsibilities. 5.2 Information and IT security activities shall be co-ordinated by representatives from different parts of the Partner’s organisation with relevant roles and job functions. Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 2 of 18 24-03-25 5.3 All information and IT security responsibilities within the Partner’s organisation shall be clearly defined. 5.4 The Partner must ensure that any requirements for confidentiality or nondisclosure agreements are identified, met and regularly reviewed. 5.5 The Partner shall ensure that appropriate contacts with relevant authorities are maintained. 5.6 Unless otherwise follows from the Contract, the Partner’s use of sub-contractors (other than such being affiliates of the Partner), requires Polestar Performance’s prior written consent. In any such case the Partner is fully responsible for the actions and omissions of the sub-contractor and shall specifically ensure that the sub-contractor complies with these Security Requirements. 6. INFORMATION SECURITY (ASSET MANAGEMENT) 6.1 The Partner shall not disclose any Polestar Performance information which may be considered as business or professional secrets, except to the extent necessary for the performance of its assignment under the Contract. 6.2 The Partner must ensure that rules for the acceptable use of information and assets associated with its information processing facilities are identified, documented, and implemented. 6.3 The Partner shall ensure that any software used in order to perform the services under the Contract is fully owned or licensed by the Partner. 6.4 The Partner shall ensure the security, integrity and consistency of information handled by the Partner and related to Polestar Performance. The Partner shall act diligently when handling Polestar Performance’s information. 6.5 The Partner shall not copy or reproduce information on data files, hard copy or other tangible media in such a way that marking of owner of information or security class is removed. Moreover, the Partner shall always handle information on data files, hard copy or other tangible media in such a way that considerable effort is required from unauthorized persons to acquire access to the information, regardless of if the information is handled within the Partner’s premises or not. 6.6 The Partner shall return or destroy, as requested by the relevant Polestar Performance company, any and all Polestar Performance’s information, software and equipment related to the Contract promptly after the Contract has expired or been terminated. If the information has been encrypted, the Partner shall hand over all encryption keys necessary in order to decrypt the information. If return is impossible, the Partner shall have a process in place for the secure destruction of media containing Polestar Performance’s information – e.g. shredding and burning of paper documents or physical destruction (media sanitisation) of hard drives. The Partner shall thereafter attest to Polestar Performance in a written and signed document or as otherwise agreed in the Contract that it has received or destroyed software, hardware or information in any form. In the event that the Partner for legal reasons should be prevented from destroying Polestar Performance’s information, the Partner shall immediately (i) notify Polestar Performance thereof, (ii) continue to protect the information as during the term of the Contract and (iii) cease any use or processing of the information which is not legally required. The abovementioned obligations of the Partner shall survive termination of the Contract. 7. HUMAN RESOURCES SECURITY 7.1 The Partner shall be able to certify and attest at any given time the identity of, and the contact information (such as telephone number and e-mail address) to, all of its employees, consultants, subcontractors and other individuals working under the Partner’s responsibility who are performing services under the Contract and have or will have access to Polestar Performance’s IT systems, information or premises. This information
Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 3 of 18 24-03-25 may at any point in time be used by Polestar Performance in audit situations as reference to verify the validity of issued access rights towards Polestar Performance’s IT systems, information or premises. 7.2 Polestar Performance might transfer relevant parts of the Partner’s personnel information to a third party, if that party hosts a service on behalf of Polestar Performance to which the Partner needs access. 7.3 The Partner is responsible for that the Partner’s personnel are given training to the extent reasonably necessary for providing the agreed services to Polestar Performance. 7.4 The Partner shall ensure that those of its personnel performing tasks for Polestar Performance are aware of the Partner’s confidentiality obligations under the Contract as well as the accepted use of information, facilities and systems. 7.5 The Partner further agrees that Polestar Performance is entitled to request and receive individual commitments from the Partner’s employees, consultants, sub-contractors and other representatives, stating that the individual in question has understood and will comply with certain obligations and accepted use of systems and facilities. 8. PHYSICAL AND ENVIRONMENTAL SECURITY 8.1 The Partner and any and all of its employees and sub-contractors shall, at all times, be aware of and comply with Polestar Performance’s safety and security arrangements whilst performing work on Polestar Performance’s premises. The Partner is responsible to inform itself, its employees and its sub-contractors of the safety and security regulations applicable on Polestar Performance’s premises from time to time. 8.2 The Partner shall adhere to all applicable laws and regulations and ensure that any required approvals are obtained from the relevant authorities when carrying out its assignment under the Contract. 8.3 The Partner shall adhere to the following provisions in order to secure Polestar Performance’s information or assets if they are processed or stored in the Partner’s premises: 8.3.1 Data centres hosting Polestar Performance business critical information, applications and infrastructure shall have appropriately physical and environmental protection in place, as set forth by applicable legislation, regulations and industry best practise (e.g. TIA-942). 8.3.2 The Partner shall have adequate perimeter and entry controls in line with local regulations and standards to ensure that only authorized personnel are allowed access. 8.3.3 Supplies received or sent on behalf of Polestar Performance shall be protected from theft, manipulation or destruction. 8.4 Admission to Polestar Performance’s premises and property is subject to the following rules. 8.4.1 Local regulations for Polestar Performance premises shall be observed when the Partner performs services under the Contract. 8.4.2 When working within Polestar Performance’s premises, Partner personnel shall carry an ID card or a visitor’s badge visible at all times. 8.4.3 Application procedures and responsibility conditions for admission to Polestar Performance’s premises are stipulated by Polestar Performance and are to be handled according to Polestar Performance’s procedures, if no other arrangements are specifically agreed. 8.4.4 After completing its assignment under the Contract, or when the Partner’s personnel are transferred to other tasks, the Partner shall without delay inform Polestar Performance of the change, and return, or change the distribution of, Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 4 of 18 24-03-25 keys, key cards, certificates, visitor’s badges and any other material handed out. 8.4.5 Keys or key cards shall be personally signed for use by the Partner’s personnel and keys or key cards shall be handled according to the written rules given on the receipt. 8.4.6 Loss of Polestar Performance’s keys or key cards shall be reported without delay to Polestar Performance according to the instructions defined in the Contract, or, if not specifically agreed, according to Polestar Performance’s general access rights procedures. 8.4.7 In the event of the Partner’s noncompliance with the Contract, Polestar Performance is entitled to deny, with immediate effect, access to Polestar Performance’s premises and to request all keys, key cards, etc., handed out to be returned without undue delay. 9. IT SECURITY (COMMUNICATIONS AND OPERATIONS MANAGEMENT) The Partner’s environment 9.1 In providing its services, the Partner shall utilize industry security best practices to protect, safeguard and secure the services as well as Polestar Performance’s information and IT systems against unauthorized access, use and disclosure. IT Systems, applications, platforms, infrastructure and networks operated by the Partner and related to its assignment under the Contract shall be configured in a consistent and accurate manner with approved security settings applied to ensure that IT systems and networks function as intended, are available when required and do not reveal unnecessary technical details. The Partner shall constantly monitor any attempted unauthorized access to, or use or disclosure of, any IT systems and Polestar Performance Information and shall immediately take all necessary and appropriate action in the event any such attempt is discovered. The Partner shall further notify Polestar Performance of any material or significant breach of security, data breach or other IT security incident. 9.2 The Partner shall, if not otherwise agreed, ensure that Polestar Performance’s information handled by the Partner is separated and secured from its other business partners’ information or access (i.e. not mixed with information not related to Polestar Performance). 9.3 The Partner shall at all times keep documentation as required by the Contract or by applicable law. Such documentation shall always be kept relevant and up-to-date. 9.4 The Partner shall not provide any services or software harmful to the handling of Polestar Performance’s information or system(s). 9.5 The Partner shall have a continuity plan for the IT environment used when providing services to Polestar Performance. 9.6 The Partner shall ensure segregation of duties in such a way that no single person can access, modify or use IT systems or assets without authorisation or detection. If duties for any reason cannot be appropriately separated or subdivided, the Partner shall implement compensating control measures in agreement with Polestar Performance. 9.7 The Partner shall have a formal and well defined change management process that as a minimum contains a formal "Request For Change" (RFC) procedure, a structured method of testing changes before moving them into production, a formal approval procedure for proposed changes, communication of change to all relevant persons and stakeholders and a defined set of procedures to recover from unsuccessful changes and unforeseen events. 9.8 All information relating to Polestar Performance which not obviously is of a public nature must, when handled by the Partner, be subject to the following rules. 9.8.1 Paper documents and removable media etc. shall be kept in safe control of an authorised person and handled according to security best practises such as Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 5 of 18 24-03-25 storing them in a physically secured location (e.g. a locked, document fireproof safe, cabinet or container) when not in use and arrange for proper protection when sending or receiving them (in transit). 9.8.2 Voice communication shall be performed in a secure manner; e.g. neither shall analogue wireless telephone systems, unencrypted public IP telephony nor unencrypted communication radio be used, unless otherwise agreed. Communicating confidential Polestar Performance related information from public premises is not allowed. 9.8.3 Data communication of Polestar Performance information shall be performed in a secure manner (e.g. by using end-to-end encryption during transmission, using communication links trusted by Polestar Performance or using security measures in generally used software). Exception from this rule requires Polestar Performance’s written consent. 9.8.4 The Partner’s personnel are not allowed to deliberately try to access Polestar Performance related information not needed for the assignment agreed upon, or information to which such personnel are not granted access. If any of the Partner’s personnel gets unauthorised access to information, this shall promptly be reported to Polestar Performance. 9.8.5 The Partner shall further have a process in place to monitor that access to Polestar Performance related information is in line with the abovementioned requirements. 9.9 The Partner shall ensure that back-ups of the information processed on behalf of Polestar Performance by the Partner are taken and that such back-ups are restorable when the information is handled in the Partner’s environment. 9.10 Back-up copies shall be handled with the same confidentiality as the original data. Back- up copies shall be stored separately from the original data to prevent simultaneous destruction of both the original data and the back-up copy in a disaster situation. 9.11 The Partner shall ensure that its own environments used for functions specified in the Contract are monitored in such a manner that events violating information and/or IT security are detected and traceable to a specific person. 9.12 The Partner shall at all times keep audit trails as required by applicable law or as otherwise stated in the Contract. Polestar Performance’s environment 9.13 Equipment and IT functionality supplied by Polestar Performance shall only be used for performing the agreed assignment and shall at all times be handled according to Polestar Performance’s instructions. 9.14 The Partner shall protect any Polestar Performance assets in its care from accidental losses or theft. 10. ACCESS CONTROL General 10.1 The Partner shall have access to Polestar Performance’s IT systems, information, functions or premises only to the extent and under the requirements specifically agreed in writing between Polestar Performance and the Partner in each case. 10.2 The extent of access shall always be based on the principle “least privilege needed”. 10.3 The Partner is responsible to inform Polestar Performance without undue delay about any changes regarding those of its employees, consultants, subcontractors and other individuals working under its responsibility who have or will have access to Polestar Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 6 of 18 24-03-25 Performance’s IT systems, information or premises (including such persons who function as contact persons for Polestar Performance). 10.4 Polestar Performance has the right to, at any point in time, revoke or initiate revocation of access rights to its information in case the Partner should not be compliant with these Security Requirements or with the Contract or for any other legitimate reason. Access rights management to Partner’s IT resources needed for the Contract 10.5 The Partner shall keep records of each change in its access rights. The time to retain these records is at least 2 years from the day the access right was changed. 10.6 The Partner shall upon request provide an up-to-date list of all individuals that have access to Polestar Performance’s information or functionality and which access rights are controlled by the Partner. 10.7 The Partner shall have a documented procedure and ensure that all access to Polestar Performance information or functionality is controlled on an individual basis and that all activities are logged according to applicable law and Polestar Performance’s instructions. 10.8 All access rights related to Polestar Performance information or functionality shall be revised at least every six months and all actions shall be reported to Polestar Performance. 10.9 All user IDs shall be personal and used only by the appointed individual(s). 10.10 The Partner shall have a documented procedure for management of all its personnel related to the Contract and their user IDs. 10.11 The Partner shall have a documented procedure for controlling administrator access rights. 10.12 The Partner is responsible for ensuring that any remote access to Polestar Performance’s IT resources utilised under the Contract is conducted in a secure manner. 10.13 Polestar Performance shall be informed of the use of remote access to Polestar Performance information. Access rights management for Polestar Performance’s IT resources needed to perform agreed task 10.14 Access rights to Polestar Performance’s IT resources shall only be granted to those of the Partners’ personnel assigned for the services as specified in the Contract. 10.15 Access rights to Polestar Performance’s IT resources are granted and revoked for the Partners’ personnel according to Polestar Performance’s procedures. 10.16 The methods to be used for remote access to Polestar Performance’s environment shall be specified in the Contract. No other form of remote access to Polestar Performance equipment or systems is allowed. 11. INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE 11.1 Systems to be developed by the Partner shall be developed by using a structured and approved system development methodology to build required information security functionality into systems during development. 11.2 The Partner shall ensure that appropriate controls are designed into applications used for the delivery of IT related services to Polestar Performance, including own developed applications to ensure correct processing. These controls shall include authentication, session management, access control and authorisation, input validation, output encoding/escaping, cryptography, error handling, logging, data protection, communication security, http security and security configuration.
Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 7 of 18 24-03-25 11.3 The Partner shall use suitable encryption techniques for protection of Polestar Performance confidential information. Where encryption cannot be implemented, appropriate compensating controls must be implemented to reduce the risk of unauthorised disclosure. 11.4 Whenever encryption is used in order to protect Polestar Performance information the Partner is responsible to ensure that key management in support of authorised encryption techniques is in place. The use of cryptography must be supported with procedures and protocols for generation, change, revocation, destruction, distribution, certification, storage, entry, use and archiving of cryptographic keys to ensure the protection of keys against modification and unauthorised disclosure. 11.5 The Partner shall have a formal, documented change control procedure in place that is enforced in order to minimise corruption of information systems. Major changes to existing systems shall follow a formal process of documentation, specification, testing, quality control and managed implementation. 11.6 The change control procedure shall ensure that existing implemented security and control procedures are not compromised. 11.7 The Partner shall ensure that verification testing is performed whenever major changes to the application take place and that such verification testing also includes security testing of the application. 11.8 When using live information from a production environment for test purposes in connection with system development, the information shall be made non-identifiable (i.e. impossible to be associated with an individual or user) if possible. Making data non-identifiable shall be a one way process, i.e. it shall not be possible to generate the original data by any means from data made non-identifiable. If non-identifiable test information cannot be used, instructions issued by Polestar Performance shall be followed in the processing of the test information. Obtaining information for test purposes from a production environment always requires Polestar Performance’s prior written consent. 11.9 The Partner shall warrant that its applications, and any component(s) used by such applications, do not contain any code that does not support an applicable software requirement or weaken the security of the application. Under no circumstances shall such applications or components contain computer viruses, worms, time bombs, back doors, Trojan horses or any other form of malicious code. 11.10 If so required by Polestar Performance prior to signing of the Contract, the Partner shall guarantee Polestar Performance access to any source code developed or maintained as a delivery or result under the Contract through an escrow arrangement with a trus ted external party (e.g. a law firm or a chamber of commerce). 12. INFORMATION AND IT SECURITY INCIDENT MANAGEMENT 12.1 If the Partner becomes aware of any security incidents including fraud that may include or affect Polestar Performance or its employees, customers or business partners, the Partner shall immediately report such incidents to Polestar Performance. The Partner shall take all necessary steps to mitigate the possible harm such incidents may cause. 12.2 The Partner shall cooperate with Polestar Performance in the handling of any such security incident as described in the above section and shall give Polestar Performance full insight of the cause and consequences of the incident. 12.3 After such an incident the Partner shall also deliver a written report stating the cause of the incident, the consequences of the incident and the steps taken in order to avoid similar events. 12.4 The Partner shall cooperate with and reasonably support Polestar Performance in the event of legal action that involves or requires Polestar Performance’s information (e.g. e - discovery requests or forensic investigations). Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 8 of 18 24-03-25 13. BUSINESS CONTINUITY MANAGEMENT Preparedness for disturbances under normal circumstances and for states of emergency 13.1 The Partner shall ensure its ability to operate and the sufficiency of its resources in the event of disturbances under normal circumstances and for states of emergency. 13.2 The Partner shall develop continuity arrangements appropriate in relation to the Contract and according to security best practises. The Partner shall identify any events with a potential to interrupt business processes and to a reasonable extent mitigate the effects of such events through the establishment of thorough continuity arrangements. Securing delivery of services 13.3 The Partner shall mitigate any risk of dependency of key personnel (e.g. through knowledge transfer to other personnel) in order to ensure continuity. 13.4 The Partner shall regularly test measures securing the delivery of services if such measures are put in place. 13.5 The Partner shall ensure that a test schedule, indicating how and when each element of the continuity arrangements shall be and has been tested, exists. Evidence from performed tests shall be kept by the Partner and made available to Polestar Performance upon request, demonstrating that processing can resume within agreed, or otherwise reasonable, time frames. 14. COMPLIANCE 14.1 The Partner shall at all times comply with these Security Requirements and any additional security requirements set forth in the Contract. 14.2 The Partner shall, upon request or otherwise as agreed in the Contract, provide Polestar Performance with a compliance notification in relation to these Security Requirements. 14.3 On Polestar Performance’s request, the Partner shall further inform Polestar Performance of the measures adopted to ensure compliance with these Security Requirements, any additional security requirements set forth in the Contract and any other security measures taken in order to protect Polestar Performance’s assets and information. 14.4 In the event that the Partner is not in compliance with these Security Requirements or any additional security requirements set forth in the Contract, and such non compliance is not cured within 30 days after receipt of a written notice, Polestar Performance may, without penalty, upon further notice to the Partner, partially or entirely terminate the Contract or any purchase order issued thereunder. 14.5 Polestar Performance shall upon prior written notice be entitled to perform audits in order to verify the Partner’s conformity with these Security Requirements and any additional security requirements set forth in the Contract. Schedule 1 – Non-genuine Agency Agreement Version: 1 Page 9 of 18 24-03-25 Internal Information - Polestar Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. PARTNER COMMERCIAL POLICY Version control — Version Date Version 1.0 14/5/23 1.0 Sales Remuneration New Cars 1.1 General In accordance with Section 6 of the Agency Agreement, Polestar will pay the Partner remuneration for Allocated Sales as further described in Section 1.2. [***] 1.2 Allocation 1.2.1 [***] . 1.3 Sales Remuneration 1.3.1 Overview [***] 2. Services Remuneration Polestar will pay a remuneration for the performance by the Partner of agreed services in accordance with the terms and conditions of the Service Provider Agreement. 2.1 Pre-Delivery Inspection (PDI) & Pre-Delivery Services (PDS) Remuneration 2.1.1 [***]
Internal Information - Polestar 2.2.1 Registration Remuneration 2.2.2 Polestar will pay a remuneration for the performance by the Partner of agreed Registration services in accordance with the table in paragraph 2.5. 2.3 Handover Remuneration 2.3.1 Polestar will remunerate the Partner for the Handover services provided. The services are based on by Polestar defined times and rates (see below paragraph 2.5). 2.3.2 [***] 2.4 Wheel Services Remuneration 2.4.1 Polestar will pay a remuneration for the performance by the Partner of agreed Registration services in accordance with the table in paragraph 2.5. 2.5 Remuneration Overview Service rates for service renumeration: [***] Service operations and renumeration: [***] 3. Payment Terms [***] Schedule 2_Polestar Service Provider Agreement Version: 2 Page 1 of 16 24-03-25 Internal Information - Polestar Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. Schedule 2 — Service Provider Agreement 1. INTRODUCTION 1.1. This Service Provider Agreement constitutes Schedule 2 to the Partner Agreement entered between Polestar and Partner. Any definitions used in the Partner Agreement shall have the meaning ascribed to them in the Partner Agreement unless otherwise expressly stated herein. 1.2. Partner is appointed as a non-exclusive service provider to the services described in this Service Provider Agreement to Polestar Customers. By signing the Partner Agreement, Partner has accepted this appointment. Partner’s operations under this Service Provider Agreement are referred to as the “Services”. 1.3. This Service Provider Agreement applies to the below Services to the extent applicable to Partner. 1.4. As a result of this appointment, Partner undertakes to provide the Services described in Section 3 in this Service Provider Agreement in accordance with the Standards provided from time to time by Polestar (including, for avoidance of doubt, any relevant standards, guidelines, processes and instructions set out in or issued under the Volvo Authorised Repairer Agreement). During the term of this Service Provider Agreement, the Services may be further developed and adjusted by Polestar. 1.5. This Agreement does not represent any guarantee from Polestar regarding the volume of Services to be ordered during the term of the Agreement and Polestar is always free to source services that are the same or similar to the Services from other partners/suppliers or to perform such services ourselves. 1.6. [***] 2. PARTNER’S SERVICE OPERATIONS 2.1. Non-exclusivity 2.1.1. Partner is a non-exclusive Service Provider of the Services, with no exclusive area to operate within. 2.2. Approved Locations and Facilities 2.2.1. Partner will only conduct the Services in Approved Locations as per Appendix 1 to the Partner Agreement or to the extent applicable, by a Polestar approved delivery truck/transport solution. 2.3. Partner’s obligations 2.3.1. Partner will provide the Services as further described in section 3 of this Service Provider Agreement, regardless of where the Polestar Vehicle was first sold or handed over. (a) [***] Schedule 2_Polestar Service Provider Agreement Version: 2 Page 2 of 16 24-03-25 Internal Information - Polestar 3. SPECIFICATION OF SERVICES 3.1. Pre-Delivery Inspection (PDI) and Pre-Delivery Services (PDS) (a) [***] 3.2. Registration Services 3.2.1. [***] 3.3. Handover Services (a) [***]. 3.4. Extras Services [***]. 3.5. Winter wheel Services (a) [***] 4. PARTNER REMUNERATION 4.1. [***]. 5. TERM AND TERMINATION 5.1. Term The Service Provider Agreement takes effect on the Commencement Date of the Partner Agreement and continues until further notice unless and until terminated in accordance with the below. 5.2. Termination 5.2.1. [***]. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 3 of 16 24-03-25 Internal Information - Polestar Appendix 1 - Data processing agreement This Data Processing Agreement constitutes Appendix 1 to the Service Provider Agreement entered between Polestar and Partner. BACKGROUND a) Polestar has entered into, or will enter into, an agreement with Partner for the supply of products and/or services (the “Agreement”). b) Pursuant to the Agreement, Partner’s provision of the products and/or services involves processing of personal data by Partner on behalf of Polestar. c) The Parties have entered into this DPA to comply with the requirements in Article 28 of the Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as may be amended, updated, replaced or superseded from time to time (the "GDPR"). d) Where this DPA uses terms defined in the GDPR, but the terms are not defined in this DPA, those terms shall have the same meaning as in Article 4 of the GDPR. The Parties therefore agree as follows: 1. PROCESSING OF PERSONAL DATA 1.1 Polestar is controller of personal data processed under this DPA (hereinafter “Personal Data”) and Partner is processor of such personal data, except when Polestar acts as processor of personal data on behalf of a third party controller, in which case Partner is a sub-processor. 2.1 When Polestar is controller, Polestar undertakes to comply with all obligations laid down in the GDPR for controllers, including, but not limited to, ensuring the lawfulness of the processing of personal data, providing information to data subjects pursuant to Articles 13 and 14 in the GDPR and maintaining a record of processing activities under its responsibility. When a third party is controller of personal data processed by Partner under this DPA, the obligations that Partner has towards Polestar under this DPA (and the rights conferred upon Polestar under this DPA) shall also apply towards such third party controller, insofar as is necessary in order to comply with existing data protection laws, including the GDPR. 3.1 The categories of personal data subject to this DPA are specified in Appendix 1 which forms an integral part of this DPA. Without prejudice to this list, any other personal data processed by the Partner on behalf of Polestar in the course of performing the Agreement shall be subject to this DPA. 4.1 Polestar does not warrant the lawfulness of the personal data insofar as such data is not collected directly by Polestar or if the Partner processes personal data outside of the instructions of Polestar. 5.1 Partner warrants and is liable for the lawfulness and accuracy of the data it collects, either directly or through its permitted sub-processors, in its capacity as processor of Polestar. 2. CONTROLLER’S INSTRUCTIONS 1.1 The Partner shall only process Personal Data on documented instructions from Polestar, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by European Union or EU Member State law to which the Partner is subject. In such a case, the
Schedule 2_Polestar Service Provider Agreement Version: 2 Page 4 of 16 24-03-25 Internal Information - Polestar Partner shall inform Polestar of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. The Agreement and this DPA, along with subsequent instructions issued to the Partner by Polestar (including by email) throughout the duration of the processing of personal data, are Polestar’s instructions to Partner for processing of personal data. 2.1 Partner shall immediately inform Polestar in writing (including by email), if at any time, in its opinion, instructions are lacking or if instructions are infringing provisions of the GDPR or other European Union or EU Member State data protection provisions. Partner shall not proceed with the processing of personal data unless and until (i) Polestar issues new instructions, or (ii) if applicable, Polestar confirms the previous instructions. 3.1 Subject to Section 2.2, if the Partner cannot provide such compliance for whatever reasons, it shall promptly inform Polestar of its inability to comply, in which case Polestar is entitled to suspend or terminate the Agreement without any penalty. 4.1 The Partner shall deal promptly and properly with all inquiries from Polestar relating to its, or its Sub- processors’, processing of personal data on behalf of Polestar. 3. OBLIGATIONS OF THE PARTNER AS DATA PROCESSOR 1.1 The Partner shall ensure that only such employees (of the Partner or its subcontractors) which must have access to the personal data in order to meet Partner's obligations under this DPA shall have access to the Personal Data, based on the “need to know” and “least privileged access” principles, and that such employees have received appropriate training and instructions regarding processing of personal data as well as committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Partner shall provide Polestar, upon request, with proof of execution of the confidentiality agreements with personnel that may have access to Personal Data, as well as proof of periodic training in the field of personal data protection. 2.1 The Partner, taking into account the nature of the processing, shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk in accordance with GDPR Article 32 (and as a minimum the security measures further described in Appendix 2), and assist Polestar by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Polestar’s obligation to respond to requests for exercising the data subject's rights laid down in the GDPR. In particular, Partner shall ensure that Personal Data is properly isolated from data of other clients. 3.1 The Partner shall assist Polestar in ensuring compliance with the obligations pursuant to GDPR Articles 32 to 36 (e.g. assisting Polestar in case of data breach, when conducting a data protection impact assessment and prior consultations) taking into account the nature of the processing and the information available to the Partner. 4.1 Upon request of Polestar, the Partner shall make available to Polestar all information necessary to demonstrate compliance with the obligations laid down in this DPA and in Art. 28 GDPR and allows for and contributes to audits, including inspections, conducted by Polestar or another auditor mandated by Polestar, in accordance with Section 8 below. 4. PERSONAL DATA BREACHES 1.1 The Partner shall promptly, and in no case later than 48 hours of having become aware, notify Polestar of any personal data breach it has suffered, in order to enable Polestar to assess whether it is under the obligation to notify the personal data breach to the competent supervisory authority or to the data subjects, in accordance with GDPR. 2.1 Partner shall provide Polestar with all available information pertaining to such personal data breach, including at least the following matters, taking into account the nature of the processing and the information available to the Partner: Schedule 2_Polestar Service Provider Agreement Version: 2 Page 5 of 16 24-03-25 Internal Information - Polestar a) The nature of the personal data including, where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned; b) the likely consequences of the personal data breach; c) the measures taken or proposed to be taken by the by Partner, as well as any measures suggested to be taken by Polestar (if the case), to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 3.1 The Partner shall thereafter implement all such measures as soon as possible, shall keep Polestar properly informed on developments and shall provide any and all cooperation requested by Polestar. 5. DATA ACCESS REQUESTS 1.1 The Partner shall promptly notify Polestar and shall subsequently supply Polestar with all information relating thereto, in case of : (i) any data subject requests or complaints regarding the processing of their personal data where Polestar is a controller, received directly by Partner; or (ii) any third party (including organisations or associations) requests or complaints regarding the processing of personal data by Partner on behalf of Polestar; or (iii) any supervisory authority or government requests for access to, information about, audit concerning, or any other regulatory action (including only notice of intent) concerning the processing of personal data undertaken by Partner in the context of the Agreement. 2.1 the Partner shall in no event respond directly, unless having received prior written instruction from Polestar to do so. 6. USE OF SUB-PROCESSORS 1.1 The Partner may continue to use those Sub-processors already engaged by Partner as at the date of this DPA, as listed in Appendix 1 to this DPA, so long as such use does not involve a transfer (as defined under EU data protection law) of Personal Data from the EEA to a third country other than those having been granted an adequacy decision by the European Commission, as indicated at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data- protection/adequacy-decisions_en. 2.1 The Partner shall inform Polestar in writing of any intended changes concerning the addition or replacement of sub-processors at least 30 days in advance. Polestar may submit an objection within this period of time, in which case it shall endeavour to explain the reasons why it objects to said sub- processor, without being obligated to do so. In the event of such an objection, even if Partner does not agree with Polestar’s position, the sub-processor shall not be engaged for processing Personal Data and the Parties will work in good faith to attempt to mutually resolve the matter. 3.1 Where the Partner engages a sub-processor for carrying out specific processing activities on behalf of Polestar, the Partner shall ensure that the same data protection obligations as set out in this DPA are imposed on that sub-processor, in particular audit rights and providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of this DPA and the GDPR. 4.1 Upon request, a copy of such a sub-processor agreement and subsequent amendments shall be made available to Polestar, with the exception of clauses on business related issues that do not affect the legal data protection content of the sub-processor agreement. 5.1 The Partner shall at all times keep an up-to-date list of all sub-processors used, including in each case the details required under Appendix 1, and shall make this list available to Polestar upon request. 6.1 Partner shall be liable for the acts and omissions of any such Sub-processor to the same extent as if the acts or omissions were performed by Partner. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 6 of 16 24-03-25 Internal Information - Polestar 7. TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS 1.1 Partner shall not transfer Personal Data to, or process such data in, a location outside of the EEA without Polestar’s prior written consent, except if in compliance with this Section 7 (in each case a “Transfer”). 2.1 Without prejudice to the sub-processor notification requirements in section 6.2, Partner may introduce Transfers where Partner has implemented a Transfer solution compliant with the GDPR, which for example may include: (a) where the destination country is subject to an adequacy decision by the European Commission; (b) a derogation pursuant to Article 49 of the GDPR applies or (c) the EU Commission Standard Contractual Clauses for the transfer of Personal Data to Processors established in third countries, together with supplementary measures. 3.1 Where the Transfer solution is the EU Commission Standard Contractual Clauses, the Partner shall provide Polestar with a transfer impact assessment, including details as to locations of processing, the processing activities that will be carried out, the types of data, any additional safeguards and measures (technical, organisational and contractual) to be implemented, as well as Partner’s risk assessment on the intended sub-processor and/or Transfer. Such notification shall be performed prior to implementation of the Transfer, and Polestar shall be given (by derogation from section 6.2 in case of sub-processors) at least 90 days to review it. Polestar may reject the Transfer, partially or entirely, in which case Partner shall not perform the envisaged Transfer. If the contracted services cannot be performed without the said Transfer, Polestar shall have the option to terminate the Agreement, entirely or partially as required, without any penalty. 4.1 If Partner is, or becomes, established outside of the EEA in a country that does not ensure an adequate level of data protection, the Parties shall enter into Standard Contractual Clauses based on the EU Commission Model Clauses. 8. AUDIT RIGHTS AND LOCATIONS 1.1 The Partner shall make available to Polestar, on request, all information necessary to demonstrate compliance with this DPA. 2.1 Polestar shall have the right to perform audits of the Partner's processing of Personal Data (including such processing as may be carried out by the Sub-processors, if any) in order to verify the Partner's, and any Sub-processors, compliance with this DPA. 3.1 The Partner will, during normal business hours and upon reasonable notice (whereby a notice period of five (5) Business Days shall always be deemed reasonable), provide to Polestar personnel or its hired consultants, its internal or external auditors, inspectors and regulators, reasonable access to the parts of facilities where the Partner is carrying out processing activities, to personnel, and to data and records (including tools and procedures) relating to the processing. Polestar’s auditors and other representatives shall comply with Partner's reasonable work rules, security requirements and standards when conducting site visits. 4.1 The right to perform audits and inspections shall also include a right to receive relevant information upon request and without Polestar staff being physically present at Partner’s site. 5.1 Partner will promptly remediate issues raised in any audit report to the reasonable satisfaction of Polestar, and Polestar shall have the right to conduct a follow-up audit on the same aspects where non- compliances have been initially discovered, under the same conditions laid out above. 6.1 The Partner shall at all times keep a comprehensive and up to date record of where the IT system(s) used to process personal data on behalf of Polestar is/are located. For the avoidance of doubt, this shall include the locations of any IT systems belonging to any Sub-processors. Upon request, the Partner shall promptly provide Polestar with a copy of the record. 9. GOVERNING LAW AND DISPUTE RESOLUTION 1.1 Swedish law, without regard to the conflict of law principles, governs all matters arising out of this DPA. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 7 of 16 24-03-25 Internal Information - Polestar 2.1 Any dispute, controversy or claim arising out of or in connection with this DPA, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Gothenburg, Sweden and the language to be used shall be English. 10. CONTRACT TERM AND TERMINATION 1.1 The term of this DPA corresponds to the term of the Agreement. The provisions regarding the ordinary termination of the Agreement apply accordingly. 2.1 On termination of this DPA for any reason, the Partner shall cease to process the Personal Data and shall arrange for the prompt and safe return to Polestar (or its nominated third party), or destruction, at Polestar’s sole option, of all such Personal Data together with all copies in its or its Sub-processors’ possession or control, unless storage of the data is required under European Union law or EU member state law (which shall be notified to Polestar) in which case the Partner shall be controller of such data. Polestar may require the Partner to promptly confirm in writing that it has returned or destroyed all copies of the Personal Data. 11. LIABILITY 1.1 Breaches of this DPA shall be treated as breaches of the Agreement. 2.1 Each Party shall be liable for its own breaches of applicable data protection law and shall indemnify the other accordingly in case the other party suffers a damage following such breach. 3.1 For the avoidance of doubt, section 11.2 prevails over any limitation of liability in the Agreement. 12. GENERAL PROVISIONS 1.1 Compliance with laws. The Parties shall abide by all EU Data Protection Legislation even if not referenced in this DPA. 2.1 Attachments. The Appendices attached to this DPA are part of this DPA. In case of a conflict between the terms of such Appendices and the terms of this DPA, the terms of this DPA shall prevail. The Appendices shall take precedence in the order in which they are numbered. 3.1 Entire agreement. This DPA states all terms agreed between the Parties and supersedes all other agreements between the Parties relating to its subject matter. 4.1 Amendment and Waiver. No amendment of this DPA will be effective unless it is in writing and signed by both Parties. A waiver of any default is not a waiver of any later default and will not affect the validity of this DPA. 5.1 Assignment. Partner may not assign any rights or delegate any obligations under this DPA without Polestar’s written consent. 6.1 Severability. In case individual provisions of this agreement are ineffective or become ineffective or contain a gap, the remaining provisions shall remain unaffected. The parties undertake to replace the ineffective provision by a legally permissible provision which comes closest to the purpose of the ineffective provision and that best meets the requirements of Art. 28 GDPR. APPENDIX 1 (A) — PROCESSING INSTRUCTIONS / DESCRIPTION OF THE PROCESSING
Schedule 2_Polestar Service Provider Agreement Version: 2 Page 8 of 16 24-03-25 Internal Information - Polestar 1. CATEGORIES OF PERSONAL DATA Partner will process the following types of personal data: a) [***] 2. CATEGORIES OF DATA SUBJECTS The personal data concern the following categories of data subjects: a) [***] 3. DURATION OF PROCESSING The processing activity will continue for as long as the agreement is valid and for a period of three months thereafter to allow the Partner to erase or retransfer the personal data. For specific personal data processing shorter retention times will be used according to Partners retention policy. 4. SUBJECT MATTER, NATURE AND PURPOSE OF PROCESSING The personal data shall be processed to give a great customer experience and manage sales, handover and delivery contacts with Polestar customers and leads. Other processing is done to provide IT-support services, cloud storage services and customer lead management. 5. SUB-PROCESSORS [***] 6. PLACE(S) OF PROCESSING All operational data processing is done within EU/ EES. 7. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Polestar’s Minimum Information and IT Security Requirements as described in Appendix 1(B). Schedule 2_Polestar Service Provider Agreement Version: 2 Page 9 of 16 24-03-25 Internal Information - Polestar APPENDIX 1 (B) – POLESTAR’S MINIMUM INFORMATION AND IT SECURITY REQUIREMENTS 1. SCOPE These Minimum Information and IT Security Requirements (hereinafter the “Security Requirements”) describe Polestar Performance’s minimum security requirements applicable when a Partner or seller (hereinafter the "Partner") provides services to Polestar Performance. In addition to these Security Requirements, other and or more stringent case-specific requirements for security arrangements may follow from the contract between the Partner and the relevant Polestar Performance company (hereinafter the "Contract"). Particularly, the Partner shall always adhere to Polestar Performance’s IT Security Directive (being Polestar Performance’s internal directive setting forth objectives, rules and principles for IT security management) when providing services internally at Polestar Performance’s premises or within Polestar Performance’s IT infrastructure. 2. STRUCTURE OF THESE SECURITY REQUIREMENTS 2.1 These Security Requirements have been structured to be aligned and consistent with ISO 27002. The document consists of 14 sections, of which each may contain one or more categories. Each category contains one or more control objectives. 3. RISK ASSESSMENT AND TREATMENT 3.1 The Partner shall have documented processes and routines for handling risks within its operations. The Partner is responsible for identifying security risks (including risks in the Partner’s business as well as risks identified by the Partner relating to the assignment/service performed for Polestar Performance) and taking necessary actions to control and mitigate such risks. 3.2 The Partner shall have at least one person having appropriate skills in the security area and being able to implement the security measures set forth in these Security Requirements. Such person(s) shall cooperate with Polestar Performance’s security staff if needed. 4. SECURITY POLICY 4.1 The Partner shall follow good practice in the information and IT security area and e.g. adopt standards such as the ISO 27000, have a documented information and IT security policy and run awareness campaigns. 4.2 A policy document pertaining to the management of information and IT security must be approved by the Partner’s management and be made available to all employees and relevant external parties. 4.3 A periodic review of the Partner’s information and IT security policy must be established in order to ensure that it remains adequate, relevant and effective. 5. ORGANISATION OF INFORMATION AND IT SECURITY 5.1 The Partner’s management shall actively support security within its organisation through clear direction, demonstrated commitment, explicit assignment and acknowledgment of information and IT security responsibilities. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 10 of 16 24-03-25 Internal Information - Polestar 5.2 Information and IT security activities shall be co-ordinated by representatives from different parts of the Partner’s organisation with relevant roles and job functions. 5.3 All information and IT security responsibilities within the Partner’s organisation shall be clearly defined. 5.4 The Partner must ensure that any requirements for confidentiality or nondisclosure agreements are identified, met and regularly reviewed. 5.5 The Partner shall ensure that appropriate contacts with relevant authorities are maintained. 5.6 Unless otherwise follows from the Contract, the Partner’s use of sub-contractors (other than such being affiliates of the Partner), requires Polestar Performance’s prior written consent. In any such case the Partner is fully responsible for the actions and omissions of the sub-contractor and shall specifically ensure that the sub-contractor complies with these Security Requirements. 6. INFORMATION SECURITY (ASSET MANAGEMENT) 6.1 The Partner shall not disclose any Polestar Performance information which may be considered as business or professional secrets, except to the extent necessary for the performance of its assignment under the Contract. 6.2 The Partner must ensure that rules for the acceptable use of information and assets associated with its information processing facilities are identified, documented, and implemented. 6.3 The Partner shall ensure that any software used in order to perform the services under the Contract is fully owned or licensed by the Partner. 6.4 The Partner shall ensure the security, integrity and consistency of information handled by the Partner and related to Polestar Performance. The Partner shall act diligently when handling Polestar Performance’s information. 6.5 The Partner shall not copy or reproduce information on data files, hard copy or other tangible media in such a way that marking of owner of information or security class is removed. Moreover, the Partner shall always handle information on data files, hard copy or other tangible media in such a way that considerable effort is required from unauthorized persons to acquire access to the information, regardless of if the information is handled within the Partner’s premises or not. 6.6 The Partner shall return or destroy, as requested by the relevant Polestar Performance company, any and all Polestar Performance’s information, software and equipment related to the Contract promptly after the Contract has expired or been terminated. If the information has been encrypted, the Partner shall hand over all encryption keys necessary in order to decrypt the information. If return is impossible, the Partner shall have a process in place for the secure destruction of media containing Polestar Performance’s information – e.g. shredding and burning of paper documents or physical destruction (media sanitisation) of hard drives. The Partner shall thereafter attest to Polestar Performance in a written and signed document or as otherwise agreed in the Contract that it has received or destroyed software, hardware or information in any form. In the event that the Partner for legal reasons should be prevented from destroying Polestar Performance’s information, the Partner shall immediately (i) notify Polestar Performance thereof, (ii) continue to protect the information as during the term of the Contract and (iii) cease any use or processing of the information which is not legally required. The abovementioned obligations of the Partner shall survive termination of the Contract. 7. HUMAN RESOURCES SECURITY 7.1 The Partner shall be able to certify and attest at any given time the identity of, and the contact information (such as telephone number and e-mail address) to, all of its employees, consultants, subcontractors and other individuals working under the Partner’s responsibility who are performing services under the Contract and have or will have access to Polestar Performance’s IT systems, information or premises. This information may at any point in time be used by Polestar Performance in audit situations as reference to verify the validity of issued access rights towards Polestar Performance’s IT systems, information or premises. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 11 of 16 24-03-25 Internal Information - Polestar 7.2 Polestar Performance might transfer relevant parts of the Partner’s personnel information to a third party, if that party hosts a service on behalf of Polestar Performance to which the Partner needs access. 7.3 The Partner is responsible for that the Partner’s personnel are given training to the extent reasonably necessary for providing the agreed services to Polestar Performance. 7.4 The Partner shall ensure that those of its personnel performing tasks for Polestar Performance are aware of the Partner’s confidentiality obligations under the Contract as well as the accepted use of information, facilities and systems. 7.5 The Partner further agrees that Polestar Performance is entitled to request and receive individual commitments from the Partner’s employees, consultants, sub-contractors and other representatives, stating that the individual in question has understood and will comply with certain obligations and accepted use of systems and facilities. 8. PHYSICAL AND ENVIRONMENTAL SECURITY 8.1 The Partner and any and all of its employees and sub-contractors shall, at all times, be aware of and comply with Polestar Performance’s safety and security arrangements whilst performing work on Polestar Performance’s premises. The Partner is responsible to inform itself, its employees and its sub-contractors of the safety and security regulations applicable on Polestar Performance’s premises from time to time. 8.2 The Partner shall adhere to all applicable laws and regulations and ensure that any required approvals are obtained from the relevant authorities when carrying out its assignment under the Contract. 8.3 The Partner shall adhere to the following provisions in order to secure Polestar Performance’s information or assets if they are processed or stored in the Partner’s premises: 8.3.1 Data centres hosting Polestar Performance business critical information, applications and infrastructure shall have appropriately physical and environmental protection in place, as set forth by applicable legislation, regulations and industry best practise (e.g. TIA-942). 8.3.2 The Partner shall have adequate perimeter and entry controls in line with local regulations and standards to ensure that only authorized personnel are allowed access. 8.3.3 Supplies received or sent on behalf of Polestar Performance shall be protected from theft, manipulation or destruction. 8.4 Admission to Polestar Performance’s premises and property is subject to the following rules. 8.4.1 Local regulations for Polestar Performance premises shall be observed when the Partner performs services under the Contract. 8.4.2 When working within Polestar Performance’s premises, Partner personnel shall carry an ID card or a visitor’s badge visible at all times. 8.4.3 Application procedures and responsibility conditions for admission to Polestar Performance’s premises are stipulated by Polestar Performance and are to be handled according to Polestar Performance’s procedures, if no other arrangements are specifically agreed. 8.4.4 After completing its assignment under the Contract, or when the Partner’s personnel are transferred to other tasks, the Partner shall without delay inform Polestar Performance of the change, and return, or change the distribution of, keys, key cards, certificates, visitor’s badges and any other material handed out. 8.4.5 Keys or key cards shall be personally signed for use by the Partner’s personnel and keys or key cards shall be handled according to the written rules given on the receipt. 8.4.6 Loss of Polestar Performance’s keys or key cards shall be reported without delay to Polestar Performance according to the instructions defined in the Contract, or, if not specifically agreed, according to Polestar Performance’s general access rights procedures. 8.4.7 In the event of the Partner’s noncompliance with the Contract, Polestar Performance is entitled to deny, with immediate effect, access to Polestar Performance’s premises and to request all keys, key cards, etc., handed out to be returned without undue delay.
Schedule 2_Polestar Service Provider Agreement Version: 2 Page 12 of 16 24-03-25 Internal Information - Polestar 9. IT SECURITY (COMMUNICATIONS AND OPERATIONS MANAGEMENT) The Partner’s environment 9.1 In providing its services, the Partner shall utilize industry security best practices to protect, safeguard and secure the services as well as Polestar Performance’s information and IT systems against unauthorized access, use and disclosure. IT Systems, applications, platforms, infrastructure and networks operated by the Partner and related to its assignment under the Contract shall be configured in a consistent and accurate manner with approved security settings applied to ensure that IT systems and networks function as intended, are available when required and do not reveal unnecessary technical details. The Partner shall constantly monitor any attempted unauthorized access to, or use or disclosure of, any IT systems and Polestar Performance Information and shall immediately take all necessary and appropriate action in the event any such attempt is discovered. The Partner shall further notify Polestar Performance of any material or significant breach of security, data breach or other IT security incident. 9.2 The Partner shall, if not otherwise agreed, ensure that Polestar Performance’s information handled by the Partner is separated and secured from its other business partners’ information or access (i.e. not mixed with information not related to Polestar Performance). 9.3 The Partner shall at all times keep documentation as required by the Contract or by applicable law. Such documentation shall always be kept relevant and up-to-date. 9.4 The Partner shall not provide any services or software harmful to the handling of Polestar Performance’s information or system(s). 9.5 The Partner shall have a continuity plan for the IT environment used when providing services to Polestar Performance. 9.6 The Partner shall ensure segregation of duties in such a way that no single person can access, modify or use IT systems or assets without authorisation or detection. If duties for any reason cannot be appropriately separated or subdivided, the Partner shall implement compensating control measures in agreement with Polestar Performance. 9.7 The Partner shall have a formal and well defined change management process that as a minimum contains a formal "Request For Change" (RFC) procedure, a structured method of testing changes before moving them into production, a formal approval procedure for proposed changes, communication of change to all relevant persons and stakeholders and a defined set of procedures to recover from unsuccessful changes and unforeseen events. 9.8 All information relating to Polestar Performance which not obviously is of a public nature must, when handled by the Partner, be subject to the following rules. 9.8.1 Paper documents and removable media etc. shall be kept in safe control of an authorised person and handled according to security best practises such as storing them in a physically secured location (e.g. a locked, document fireproof safe, cabinet or container) when not in use and arrange for proper protection when sending or receiving them (in transit). 9.8.2 Voice communication shall be performed in a secure manner; e.g. neither shall analogue wireless telephone systems, unencrypted public IP telephony nor unencrypted communication radio be used, unless otherwise agreed. Communicating confidential Polestar Performance related information from public premises is not allowed. 9.8.3 Data communication of Polestar Performance information shall be performed in a secure manner (e.g. by using end-to-end encryption during transmission, using communication links trusted by Polestar Performance or using security measures in generally used software). Exception from this rule requires Polestar Performance’s written consent. 9.8.4 The Partner’s personnel are not allowed to deliberately try to access Polestar Performance related information not needed for the assignment agreed upon, or information to which such personnel are not granted access. If any of the Partner’s personnel gets unauthorised access to information, this shall promptly be reported to Polestar Performance. 9.8.5 The Partner shall further have a process in place to monitor that access to Polestar Performance related information is in line with the abovementioned requirements. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 13 of 16 24-03-25 Internal Information - Polestar 9.9 The Partner shall ensure that back-ups of the information processed on behalf of Polestar Performance by the Partner are taken and that such back-ups are restorable when the information is handled in the Partner’s environment. 9.10 Back-up copies shall be handled with the same confidentiality as the original data. Back-up copies shall be stored separately from the original data to prevent simultaneous destruction of both the original data and the back-up copy in a disaster situation. 9.11 The Partner shall ensure that its own environments used for functions specified in the Contract are monitored in such a manner that events violating information and/or IT security are detected and traceable to a specific person. 9.12 The Partner shall at all times keep audit trails as required by applicable law or as otherwise stated in the Contract. Polestar Performance’s environment 9.13 Equipment and IT functionality supplied by Polestar Performance shall only be used for performing the agreed assignment and shall at all times be handled according to Polestar Performance’s instructions. 9.14 The Partner shall protect any Polestar Performance assets in its care from accidental losses or theft. 10. ACCESS CONTROL General 10.1 The Partner shall have access to Polestar Performance’s IT systems, information, functions or premises only to the extent and under the requirements specifically agreed in writing between Polestar Performance and the Partner in each case. 10.2 The extent of access shall always be based on the principle “least privilege needed”. 10.3 The Partner is responsible to inform Polestar Performance without undue delay about any changes regarding those of its employees, consultants, subcontractors and other individuals working under its responsibility who have or will have access to Polestar Performance’s IT systems, information or premises (including such persons who function as contact persons for Polestar Performance). 10.4 Polestar Performance has the right to, at any point in time, revoke or initiate revocation of access rights to its information in case the Partner should not be compliant with these Security Requirements or with the Contract or for any other legitimate reason. Access rights management to Partner’s IT resources needed for the Contract 10.5 The Partner shall keep records of each change in its access rights. The time to retain these records is at least 2 years from the day the access right was changed. 10.6 The Partner shall upon request provide an up-to-date list of all individuals that have access to Polestar Performance’s information or functionality and which access rights are controlled by the Partner. 10.7 The Partner shall have a documented procedure and ensure that all access to Polestar Performance information or functionality is controlled on an individual basis and that all activities are logged according to applicable law and Polestar Performance’s instructions. 10.8 All access rights related to Polestar Performance information or functionality shall be revised at least every six months and all actions shall be reported to Polestar Performance. 10.9 All user IDs shall be personal and used only by the appointed individual(s). 10.10 The Partner shall have a documented procedure for management of all its personnel related to the Contract and their user IDs. 10.11 The Partner shall have a documented procedure for controlling administrator access rights. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 14 of 16 24-03-25 Internal Information - Polestar 10.12 The Partner is responsible for ensuring that any remote access to Polestar Performance’s IT resources utilised under the Contract is conducted in a secure manner. 10.13 Polestar Performance shall be informed of the use of remote access to Polestar Performance information. Access rights management for Polestar Performance’s IT resources needed to perform agreed task 10.14 Access rights to Polestar Performance’s IT resources shall only be granted to those of the Partners’ personnel assigned for the services as specified in the Contract. 10.15 Access rights to Polestar Performance’s IT resources are granted and revoked for the Partners’ personnel according to Polestar Performance’s procedures. 10.16 The methods to be used for remote access to Polestar Performance’s environment shall be specified in the Contract. No other form of remote access to Polestar Performance equipment or systems is allowed. 11. INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE 11.1 Systems to be developed by the Partner shall be developed by using a structured and approved system development methodology to build required information security functionality into systems during development. 11.2 The Partner shall ensure that appropriate controls are designed into applications used for the delivery of IT related services to Polestar Performance, including own developed applications to ensure correct processing. These controls shall include authentication, session management, access control and authorisation, input validation, output encoding/escaping, cryptography, error handling, logging, data protection, communication security, http security and security configuration. 11.3 The Partner shall use suitable encryption techniques for protection of Polestar Performance confidential information. Where encryption cannot be implemented, appropriate compensating controls must be implemented to reduce the risk of unauthorised disclosure. 11.4 Whenever encryption is used in order to protect Polestar Performance information the Partner is responsible to ensure that key management in support of authorised encryption techniques is in place. The use of cryptography must be supported with procedures and protocols for generation, change, revocation, destruction, distribution, certification, storage, entry, use and archiving of cryptographic keys to ensure the protection of keys against modification and unauthorised disclosure. 11.5 The Partner shall have a formal, documented change control procedure in place that is enforced in order to minimise corruption of information systems. Major changes to existing systems shall follow a formal process of documentation, specification, testing, quality control and managed implementation. 11.6 The change control procedure shall ensure that existing implemented security and control procedures are not compromised. 11.7 The Partner shall ensure that verification testing is performed whenever major changes to the application take place and that such verification testing also includes security testing of the application. 11.8 When using live information from a production environment for test purposes in connection with system development, the information shall be made non-identifiable (i.e. impossible to be associated with an individual or user) if possible. Making data non-identifiable shall be a one way process, i.e. it shall not be possible to generate the original data by any means from data made non-identifiable. If non-identifiable test information cannot be used, instructions issued by Polestar Performance shall be followed in the processing of the test information. Obtaining information for test purposes from a production environment always requires Polestar Performance’s prior written consent. Schedule 2_Polestar Service Provider Agreement Version: 2 Page 15 of 16 24-03-25 Internal Information - Polestar 11.9 The Partner shall warrant that its applications, and any component(s) used by such applications, do not contain any code that does not support an applicable software requirement or weaken the security of the application. Under no circumstances shall such applications or components contain computer viruses, worms, time bombs, back doors, Trojan horses or any other form of malicious code. 11.10 If so required by Polestar Performance prior to signing of the Contract, the Partner shall guarantee Polestar Performance access to any source code developed or maintained as a delivery or result under the Contract through an escrow arrangement with a trusted external party (e.g. a law firm or a chamber of commerce). 12. INFORMATION AND IT SECURITY INCIDENT MANAGEMENT 12.1 If the Partner becomes aware of any security incidents including fraud that may include or affect Polestar Performance or its employees, customers or business partners, the Partner shall immediately report such incidents to Polestar Performance. The Partner shall take all necessary steps to mitigate the possible harm such incidents may cause. 12.2 The Partner shall cooperate with Polestar Performance in the handling of any such security incident as described in the above section and shall give Polestar Performance full insight of the cause and consequences of the incident. 12.3 After such an incident the Partner shall also deliver a written report stating the cause of the incident, the consequences of the incident and the steps taken in order to avoid similar events. 12.4 The Partner shall cooperate with and reasonably support Polestar Performance in the event of legal action that involves or requires Polestar Performance’s information (e.g. e-discovery requests or forensic investigations). 13. BUSINESS CONTINUITY MANAGEMENT Preparedness for disturbances under normal circumstances and for states of emergency 13.1 The Partner shall ensure its ability to operate and the sufficiency of its resources in the event of disturbances under normal circumstances and for states of emergency. 13.2 The Partner shall develop continuity arrangements appropriate in relation to the Contract and according to security best practises. The Partner shall identify any events with a potential to interrupt business processes and to a reasonable extent mitigate the effects of such events through the establishment of thorough continuity arrangements. Securing delivery of services 13.3 The Partner shall mitigate any risk of dependency of key personnel (e.g. through knowledge transfer to other personnel) in order to ensure continuity. 13.4 The Partner shall regularly test measures securing the delivery of services if such measures are put in place. 13.5 The Partner shall ensure that a test schedule, indicating how and when each element of the continuity arrangements shall be and has been tested, exists. Evidence from performed tests shall be kept by the Partner and made available to Polestar Performance upon request, demonstrating that processing can resume within agreed, or otherwise reasonable, time frames. 14. COMPLIANCE 14.1 The Partner shall at all times comply with these Security Requirements and any additional security requirements set forth in the Contract. 14.2 The Partner shall, upon request or otherwise as agreed in the Contract, provide Polestar Performance with a compliance notification in relation to these Security Requirements.
Schedule 2_Polestar Service Provider Agreement Version: 2 Page 16 of 16 24-03-25 Internal Information - Polestar 14.3 On Polestar Performance’s request, the Partner shall further inform Polestar Performance of the measures adopted to ensure compliance with these Security Requirements, any additional security requirements set forth in the Contract and any other security measures taken in order to protect Polestar Performance’s assets and information. 14.4 In the event that the Partner is not in compliance with these Security Requirements or any additional security requirements set forth in the Contract, and such non compliance is not cured within 30 days after receipt of a written notice, Polestar Performance may, without penalty, upon further notice to the Partner, partially or entirely terminate the Contract or any purchase order issued thereunder. 14.5 Polestar Performance shall upon prior written notice be entitled to perform audits in order to verify the Partner’s conformity with these Security Requirements and any additional security requirements set forth in the Contract. Schedule 3_Pre-owned Agreement Version: 2 Page 1 of 1 24-03-25 Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. Schedule 3 — Pre-owned Agreement 1. INTRODUCTION 1.1. This Pre-owned Agreement constitutes Schedule 3 to the Partner Agreement entered into between Polestar and Partner. Any capitalised terms in this Pre-owned Agreement shall have the same meaning as in the Partner Agreement, unless explicitly stated herein. 2. GENERAL 2.1. Pursuant to this Pre-owned Agreement, Partner is hereby granted a non-exclusive right to participate in selling second-hand Polestar vehicles under the ‘Polestar Pre-Owned Programme’ hereafter referred to as the “Programme”. 2.2. The appointment is subject to the condition that Partner, during the term of the Pre-owned Agreement, complies with the Standards of the Programme for sale of Polestar Pre-Owned Vehicles through the Programme. 3. POLESTAR PRE-OWNED PROGRAMME 3.1. [***] 4. SPECIFIC PARTNER OBLIGATIONS 4.1. [***] 5. PRE-OWNED STANDARDS When utilizing the Programme, Partner shall meet the relevant Standards all times and shall sell the Pre-owned Polestar Vehicles in accordance with these Standards. Failure by Partner to comply with the Standards at any time shall be constituted as a breach of this Agreement. 6. TERM AND TERMINATION 6.1. Term This Pre-Owned Agreement takes effect on the Commencement Date of the Partner Agreement and continues unless or until terminated in accordance with Section 6.2 below. 6.2. Termination 6.2.1. [***] Schedule 4_Authorised Repairer Agreement Version: 1 Page 1 of 3 24-03-25 Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. Schedule 4 — Authorised Repairer Agreement 1. INTRODUCTION 1.1. This Authorised Repairer Agreement constitutes Schedule 4 to the Partner Agreement entered into between Polestar and Partner. Any capitalised terms in this Authorised Repairer Agreement shall have the same meaning as in the Partner Agreement, unless explicitly stated herein. 2. GENERAL 2.1. Pursuant to this Authorised Repairer Agreement, Partner is hereby appointed as a non- exclusive authorized repairer authorized to service and repair Polestar Vehicles and other Polestar Products and sell Genuine Polestar Parts in its own name. By signing the Partner Agreement, the appointment is accepted. Partner’s operations under this Authorised Repairer Agreement are referred to as the “Repairer Services”. 2.2. [***]. 3. CONDITIONS FOR APPOINTMENT 3.1. [***]. 4. DEFINITIONS 4.1. For the purposes of this Authorised Repairer Agreement, the following specific definitions shall apply: Authorised Repairer A repairer authorised by us, or a Polestar Affiliate or an Authorised Importer, solely to provide Repairer Services and to sell Genuine Polestar Parts in the EEA, Switzerland or the United Kingdom. Commercial policy AR Commercial terms and conditions attached to this Authorised Repairer Agreement related to activities covered by the Agreement. Operational Guidelines Processes and requirements related to service and repair of Polestar Products provided by Polestar Parts of Matching Quality Spare parts made by a party other than us or an Affiliate and which can be certified at any moment as matching the quality of the components which are or were used in the assembly of the Polestar Vehicles in question but are not produced according to the specifications and production standards provided by us or an Affiliate. Polestar Paid Services [***] Repairer Services The servicing, repair and maintenance of Polestar Vehicles or other Polestar Products. Schedule 4_Authorised Repairer Agreement Version: 1 Page 2 of 3 24-03-25 Resale [***]. Repairer Standards [***] Warranty and Recall Work [***]. 5. PARTNER’S REPAIRER OPERATIONS 5.1. No exclusive area to operate within Partner is a non-exclusive Authorised Repairer and as such, Partner is free to sell Genuine Polestar Parts and Repairer Services to any customer within the United Kingdom, Switzerland and the EEA. 5.2. Approved Locations Partner will only conduct the Repairer Services in the Approved Locations. 5.3. Partner’s obligations 5.3.1. Partner will provide the Repairer Services meeting Customer demand for repairer and maintenance services related to Polestar Vehicles regardless of where the Polestar Vehicle was first handed over. 5.3.2. As part of its Repairer Services, Partner will at all times: (a) [***] 5.4. Polestar Paid Services 5.4.1. [***]
Schedule 4_Authorised Repairer Agreement Version: 1 Page 3 of 3 24-03-25 5.5. Warranty and Recall Work 5.5.1. New Polestar Vehicles come with warranties as communicated by Polestar from time to time. 5.5.2. [***]. 5.6. No modification of Polestar Products [***]. 6. SALE OF GENUINE POLESTAR PARTS 6.1.1. [***]. 6.2. Sales Prices Polestar may issue recommended retail prices and impose a maximum sale price for Genuine Polestar Parts, but otherwise Partner shall be free to determine its own prices or discounts. 6.3. Terms for Genuine Polestar Parts [***]. 7. TERM AND TERMINATION 7.1. Term This Authorised Repairer Agreement takes effect on the Commencement Date of the Partner Agreement and continues until and unless terminated in accordance with Section 7.2 below. 7.2. Termination 7.2.1. Either Party may terminate the Authorised Repairer Agreement by giving the other Party at least [****] written notice. 7.2.2. [***]. 7.2.3. [***] 7.2.4. Either Party may immediately terminate this Authorised Repairer Agreement by giving written notice if either Party (as the case may be) (i) commit a material breach of any of its obligations under the Authorised Repairer Agreement which is incapable of remedy or (ii) have failed to correct any material breach of this Authorised Repairer Agreement that is capable of being remedied within 60 days from when Polestar or the Partner (as the case may be) were made aware of such breach. 8. LIST OF SCHEDULES: 1. Data Sharing Agreement Internal Information - Polestar Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. COMMERCIAL POLICY AR Version control — Version Date Version 1.0 16/5/24 1 General This Schedule is part of the Authorised Repairer Agreement and specifies the renumeration for services and repair work paid by Polestar. During the term of the Agreement, changes to parts of this document may become necessary. Accordingly, reasonable changes may be made according to discussions and agreement between the parties. 2 Service rates Polestar will pay the Partner remuneration for the Service operations listed below: [***] 3 Payment Terms 3.1 The Remuneration for services listed under section 1 will be remunerated as described in the Operational Guidelines. [***] SCHEDULE 5 - TRADEMARK SUBLICENSE AGREEMENT ___________ This Trademark Sublicense Agreement is between: POLESTAR PERFORMANCE AB, registration no. 556653-3096, a corporation organized and existing under the laws of Sweden (“Polestar”), and the Partner. Each a “Party”, jointly the “Parties”. BACKGROUND A. Polestar manufactures and distributes passenger cars throughout the world. B. By a License Agreement entered into between Polestar Holding AB (“Polestar Holding”) and Polestar Performance AB dated 17 July 2018, Polestar is licensed to use and authorized to sublicense all Polestar Holding’s trademarks, devices and names set out in Appendix A. C. Partner [is appointed as a non-exclusive non-genuine agent to promote and assist in the sale of Polestar Customer Offers and to provide related services in connection thereto, all pursuant to a Partner Agreement entered into between Partner and an affiliate of Polestar; and, D. The parties have agreed that Partner should be authorised to use the trademarks set out in Appendix A in the Selective Network on the following terms and conditions. 1. DEFINITIONS Agreement means this agreement including all Appendixes. Affiliate means a legal entity that, directly or indirectly, controls, is controlled by a Party; and “control” means possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of a legal entity, whether through the ability to exercise voting power, by contract or otherwise. Commencement Date means the date of commencement of the Partner Agreement. Licensed Services mean the marketing, repairer services, free servicing work, recall work, warranty work and pre-delivery inspection work and finance services, all to the extent provided in connection with vehicles marketed by Polestar. Partner Agreement means the means the agreement entered into by Partner and a Polestar Affiliate. Polestar Trademarks means the trademarks listed in Appendix A, including, without limitation, the applications and registrations listed therein, or as amended from time to time by a written instrument executed by an officer or director of each of the Parties. Term means the period starting on the Commencement Date and ending on date that this Agreement terminates in accordance with clause 6.1. Selective Network means the countries of the European Economic Area and, as the case may be, Switzerland and the UK in which Polestar applies a selective distribution system. 2. GRANT OF LICENSE 2.1 Polestar hereby grants to Partner, during the Term and subject to the terms and conditions of this Agreement, a non-exclusive, royalty-free sublicense to use the Polestar Trademarks in the Selective Network in relation to the Licensed Services. 2.2 Partner shall not assign, transfer or sublicense its rights to use the Polestar Trademarks, and shall not otherwise assign, transfer, delegate or sublicense any of its rights or obligations under this Agreement, whether by operation of law or otherwise. 2.3 Partner shall have the right to authorize use of the Polestar Trademarks solely to the extent necessary in connection with the performance of its obligations and the exercise of its rights under the Partner Agreement. Partner shall maintain a list of all authorized users and the permitted uses, to be available to Polestar upon written request. 3. ACKNOWLEDGEMENTS 3.1 Rights and Ownership. Partner acknowledges Polestar Holding’s right, title and interest in and to the Polestar Trademarks. 3.2 Validity. Partner agrees that it will not, either during the Term of this Agreement or thereafter, attack or challenge in any manner or in any forum Polestar Holding’s ownership and interest in and to the Polestar Trademarks. 3.3 Compliance. Partner shall comply with all laws and regulations of the Selective Network in which the Licensed Services are to be provided in relation to its use of the Polestar Trademarks. 3.4 Goodwill. Partner acknowledges the goodwill associated with the Polestar Trademarks, and agrees that all goodwill, including any increase in the value of the Polestar Trademarks as a result of this Agreement, will inure solely to Polestar Holding’s benefit. Partner will not claim any title or proprietary right to the Polestar Trademarks or in any derivation, adaptation or variation thereof. 3.5 No Registration or Use. Unless Polestar expressly consents in writing, Partner will not adopt, use or attempt to register any trademark, service mark, logo, design, corporate name, company name, trade name, trade dress, domain name, social media account handle, telephone number or other identification, that contains, is derived from or is likely to be confused with the Polestar Trademarks, for example, any “POL” compound mark, or any other trademark owned by Polestar Holding or licensed to Polestar or any of Polestar’s Affiliates. 3.6 Recordation. Partner agrees to provide reasonable assistance to Polestar, at Polestar’s request and expense, to record this Agreement with any relevant or appropriate governmental agency or for the record of Partner as sub-licensee of the Polestar Trademarks and expressly agrees that recordation (or any similar action) shall be undertaken only by Polestar and will be at Polestar’s sole discretion. Partner’s assistance may, for example, include signing any required, additional
documents, including a shortened version or translation of the major terms of this Agreement or a Power of Attorney. 3.7 Warranty. Polestar warrants to Partner that it has full right, power and authority to grant the sublicense in the Polestar Trademarks as set out in paragraph 2.1. 3.8 Polestar may give the Partner 3 months’ notice in writing that when using any of the Polestar Trademarks, Partner shall indicate that such trademarks are owned by Polestar Holding and used pursuant to a license and Partner agrees to comply with any reasonable marking requests that Polestar may make in the notice (for example, that Partner use the phrase “Registered Trademark”) in relation to the Polestar Trademarks. 4. QUALITY CONTROL 4.1 Partner agrees to use the Polestar Trademarks only: (a) for Licensed Services; (b) in accordance with all standards for the Licensed Services set forth in the Partner Agreement; (c) in accordance with all applicable laws; and (d) in accordance with sound commercial practice. 5. INFRINGEMENT AND ENFORCEMENT 5.1 Partner shall promptly notify Polestar if Partner learns of the existence, use or promotion of any mark or design similar to any of the Polestar Trademarks. 5.2 Polestar may take, but shall not be required to take, any legal action that Polestar, in its sole discretion, deems necessary or advisable to protect the Polestar Trademarks. If Polestar chooses to take any action with respect to the Polestar Trademarks, Partner shall comply with all reasonable requests for assistance in connection therewith at Polestar’s cost, including but not limited to, providing testimony, exhibits, facts or similar co-operation. Any recovery as a result of such action shall belong solely to Polestar. Partner’s obligations and agreements under this paragraph shall survive the termination or expiration of this Agreement. 5.3 Partner shall not initiate, undertake or engage in any legal action for the protection or enforcement of any of the Polestar Trademarks, including but not limited to initiating civil or criminal proceedings against or contacting alleged infringers of the Polestar Trademarks. 6. TERM AND TERMINATION 6.1 This Agreement shall terminate automatically: (a) Upon mutual agreement of the Parties; or (b) following expiry or termination of the Partner Agreement. 7. PARTNER’S OBLIGATIONS UPON TERMINATION 7.1 Upon termination of this Agreement, for whatever reason, Partner shall immediately cease the use of, inter alia (without limitation), all Polestar Trademarks and any equipment or decoration that materialises, integrates or references any of the Polestar Trademarks. 7.2 The termination or expiration of this Agreement for any reason whatsoever shall not release either Party from any liability which at said time has already accrued to the other Party nor affect in any way the survival of any other right, duty or obligation of either Party which is expressly stated elsewhere in this Agreement to survive such termination. 8. INDEMNITY AND WARRANTY 8.1 Partner agrees to indemnify and hold Polestar, harmless from and against all claims that they may incur or suffer arising out of or connected with any breach by Partner of its obligations under this Agreement, including without limitation, reasonable attorneys’ fees associated with any such claims. 8.2 Polestar warrants that none of (a) the provision or receipt of the Polestar Trademarks; or (b) the possession or use of the Polestar Trademarks in accordance with the terms of this Agreement; shall knowingly infringe or violate any intellectual property rights or other rights of any third parties in the Selective Network. 8.3 Polestar agrees to indemnify and hold Partner harmless from and against all claims that they may incur or suffer arising out of or connected with any breach by Polestar of its obligations or warranties under this Agreement, including without limitation, reasonable attorney’s fees associated with any such claims. 9. GOVERNING LAW Swedish law, without regard to the conflict of law principles, governs all matters arising out of this Agreement. 10. DISPUTE RESOLUTION 10.1 Any dispute, controversy or claim arising out of or in connection with this Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce. The arbitral tribunal shall be composed of three arbitrators. The seat of the arbitration shall be Gothenburg, Sweden and the language to be used during the arbitration shall be English. 11. GENERAL PROVISIONS 11.1 Notices. All notices and other communications under this Agreement will be in writing and in English and must be delivered by personal delivery, email transmission or prepaid overnight courier using an internationally recognized courier service at the following addresses (or at such other address as any Party may provide by notice in accordance with this Section 11.1): If to Polestar: Polestar Performance AB Attn: Polestar Intellectual Property Assar Gabrielssons Väg 9 405 31 Göteborg Sweden Email: legal@polestar.com If to Partner: As specified in Appendix 1 to the Partner Agreement. 11.2 Survival. The terms of this Agreement that expressly are to, or by implication ought to, survive, will survive this Agreement. 11.3 No Third-Party Beneficiaries. This Agreement does not confer any benefits on any third party. 11.4 No License. Except those licenses expressly granted under this Agreement, all information shall remain the property of its owner and all rights in such information are expressly reserved. 11.5 Announcements. Neither Party may make any public statement regarding this Agreement without the other Party’s written approval. 11.6 Entire Agreement. This Agreement states all terms agreed between the Parties and supersedes all other agreements between the Parties relating to its subject matter. 11.7 Headings. The headings of the sections and subsections of this Agreement have been inserted for convenience of reference only and do not restrict or otherwise modify any of the terms or provisions of this Agreement. 11.8 Amendment and Waiver. No amendment of this Agreement will be effective unless it is in writing and signed by both Parties. A waiver of any default is not a waiver of any later default and will not affect the validity of this Agreement. 11.9 Relationship. The Parties are independent contractors. This Agreement does not create any partnership or joint venture between the Parties. 11.10 Assignment. Neither Party may assign any rights or delegate any obligations under these terms without the other Party’s written consent. Polestar may assign its rights and obligations under this Agreement to any Affiliate. 11.11 Severability. Unenforceable terms of this Agreement will be modified to reflect the Parties’ intention and only to the extent necessary to make them enforceable. The other terms will remain in effect without change. 11.12 Successor and Assigns. This Agreement shall inure to the benefit of and be binding upon Polestar, Partner and their respective permitted successors and assigns. 11.13 Language Versions. If terms of this Agreement have been made in other languages, in addition to English, then the English version shall prevail. 11.14 Counterparts. The Parties may execute this Agreement in counterparts, including electronic copies, which taken together will constitute one instrument. ______________________________ Appendix A The Polestar Trademarks POLESTAR (Polestar Unica)
Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. Partner’s Location and Organisation — Version Control Issued by: Polestar Date: The date of the Agreement Version: Two (2) Organisation 1. Company name: Volvo Car Retail AB Company number: 556627-6175 Place of Registration: Västra Götalands Län, Göteborg Kommun 2. Domain Name of Internet Website: www.volvocarretail.se 3. Company registered office address: Box 466 191 24 Sollentuna 4. Email address to be used for notifications by Polestar: [***] 5. Shareholders in the Company: Name Shareholding (%) Volvo Personvagnar Norden AB 100% Approved Locations 1. Functional designation (Trading Name): [***] 2. Adress [***] 3. Operations at Location Agent - Car Display X Agent - Test Drives X Service Provider - Handover X Pre-owned X Authorized repairer X 1. Functional designation (Trading Name): [***] 2. Adress [***] 3. Operations at Location Agent - Car Display X Agent - Test Drives X Service Provider - Handover X Pre-owned X Authorized repairer X 1. Functional designation (Trading Name): [***] 2. Adress [***] 3. Operations at Location Agent - Car Display X Agent - Test Drives X Service Provider - Handover X Pre-owned X Authorized repairer X 1. Functional designation (Trading Name): [***] 2. Adress [***] 3. Operations at Location Agent - Car Display X Agent - Test Drives X Service Provider - Handover X Pre-owned X Authorized repairer X Functional designation (Trading Name): [***] Adress [***] Operations at Location Agent - Car Display X Agent - Test Drives X Service Provider - Handover Pre-owned Authorized repairer Functional designation (Trading Name): [***] Adress [***] Operations at Location Agent - Car Display X Agent - Test Drives X Service Provider - Handover Pre-owned Authorized repairer Functional designation (Trading Name): [***] Adress [***] Operations at Location Agent - Car Display X Agent - Test Drives X Service Provider - Handover X Pre-owned Authorized repairer X Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. Appendix 2 – Facility Milestones — Version Control Issued by: Polestar Date: The date of the Partner Agreement Version: 1 [***] Address of the Polestar Space (as stated in Appendix 1): [***] Facility Milestones 1. Final Layout (conceptual drawing) approved by the Parties: XX 2. Supplier quotations approved by Partner (digital signature): 3. Start of construction: 4. Construction complete / Space opening: [***] Type of Facility [***] Address of the Polestar Space (as stated in Appendix 1): [***] Facility Milestones 1. Final Layout (conceptual drawing) approved by the Parties: XX 2. Supplier quotations approved by Partner (digital signature): 3. Start of construction: 4. Construction complete / Space opening: [***]
Add Additional milestones and individual locations as and when needed Type of Facility [***] Address of the Polestar Space (as stated in Appendix 1): [***] Facility Milestones 1. Final Layout (conceptual drawing) approved by the Parties: XX 2. Supplier quotations approved by Partner (digital signature): 3. Start of construction: 4. Construction complete / Space opening: [***] Add Additional milestones and individual locations as and when needed Type of Facility [***] Address of the Polestar Space (as stated in Appendix 1): [***] Facility Milestones 1. Final Layout (conceptual drawing) approved by the Parties: XX 2. Supplier quotations approved by Partner (digital signature): 3. Start of construction: 4. Construction complete / Space opening: [***] Add Additional milestones and individual locations as and when needed Type of Facility [***] Certain identified information marked with “[***]” has been omitted from this document because it is both (i) not material and (ii) the type that the registrant treats as private or confidential. APPENDIX 3 – VCR side letter — This Appendix 3 constitutes an appendix to the Partner Agreement and its accompanying Schedules entered between Polestar Automotive Sweden AB and Volvo Car Retail AB (collectively, the “Agreement”). Any definitions used in the Agreement shall apply to this Appendix 3 unless anything else is specifically stated herein. [***].