Annex to Terms of Service: Data Terms of Service for Connected Devices and Services

Effective Date: September 12, 2025

This Annex to the Terms of Service ("Data Terms of Service") forms an integral part of the main Terms of Service ("Terms of Service") between you, the user, and Cycling Sports Group, Inc. It specifically governs the collection, processing, and use of non-personal data generated by your use of connected devices and related services.

By continuing to use the connected devices and related services, you acknowledge that you have read, understood, and agree to be bound by these Data Terms of Service in addition to the main Terms of Service. In the event of any conflict between these Data Terms of Service and the main Terms of Service, these Data Terms of Service shall prevail with respect to data generated by connected devices.

What data is covered?

We collect data from your devices or related services that is readily available, as defined by the EU Data Act. This includes information such as:

• Type of data.
• How much data we expect to collect.
• How often the data is collected.
• Where the data is stored.
• How long the data is kept.

You can find a detailed list of all the data and its characteristics on our website: Cannondale Data Statement. If we start collecting new data, we will update the list on the website.

How Cycling Sports Group, Inc. uses and shares data.

Cycling Sports Group, Inc. will use non-personal data for the purposes below. These purposes include:

• Assisting with warranty claims or questions about your product or service.
• Ensuring the security and integrity of our products or services.
• Improving how our existing products or services work.
• Creating new products or services.
• We might combine your non-personal data with other data, or create new data from it, for any lawful purpose. This could include selling or sharing these combined or new datasets with third parties.
• Tracking stolen bikes.
• Sending invoices, creating reports, or handling payments.
• To comply with legal obligations, including those arising from the EU Data Act.
• Assisting with efforts to make mobility and road safety better for everyone.

Sharing non-personal data with others

We can share non-personal data with other companies (third parties) as long as:
They use the data only for purposes that comply with the EU Data Act and other applicable laws. This includes, but is not limited to:

• Improving and developing their own products and services.
• Doing research and analysis.
• Assisting with operations.
• Meeting legal requirements.
• Collaborating with partners.

We will ensure that third parties contractually agree to keep the data private and confidential and comply with applicable laws.

How we protect your data

Cycling Sports Group, Inc. will use reasonable protection measures for your data.

Data access by the user upon request

Cycling Sports Group, Inc. will share your data with you whenever you or someone you have authorized requests it. This data will include all the necessary background information so you can understand and use it properly. You can make this request by contacting us at: [email protected].

If the data contains personal information and you are not the data subject, we can only share it if there is a valid legal reason under applicable law. When you are requesting personal data and you are not the data subject, you must provide us with a valid legal reason for the request.

We will provide the data to you for free, and it will be of at least the same quality we have ourselves. You can find all the details about the data's characteristics and how you can receive access on our website: Cannondale Data Statement.

You will get access to the data:

• Easily and securely by either sending you the data or by giving you access to where it is stored.
• Without unnecessary delay.
• Continuously and in real-time or regularly.

Up-to-date information about your data and how you can access it is available on our website: Cannondale Data Statement. We will only notify you if there is a material change which significantly affects how you access or use the data. In such cases, we will advise you as is required under applicable law.

How you can use and share data.

You are free to use the data we provide to you for any lawful purpose.

Making data available to another company (Data Recipient).

You can ask us to send your data, along with its necessary background information, directly to another company (a "Data Recipient"). You can make this request using the form in Appendix A and sending it to [email protected]

If the data you are asking us to share contains personal information, and you are not the data subject, we can only share the data if there is a valid legal reason under applicable law. When you make such a request, you must clearly state your legal reason for requesting that personal data.

We will make sure the data we send to the Data Recipient is of at least the same quality we have ourselves. When you make such a request, we will work with the Data Recipient to set up the terms for sharing the data.

Please know that you cannot use this option to send data to a "gatekeeper" company (as defined by Article 3 of Regulation (EU) 2022/1925), nor can you request data to test new products, substances, or processes that are not yet available on the market.

When you transfer your product (or its use).

If you permanently transfer ownership of your product, or your right to use it, to another individual, that is called a "transfer of use." If you transfer your product, you need to tell us that you are no longer the user. Please also confirm that other individuals will not be able to access your old account. Please contact us at: [email protected] with questions about deleting your account.

Appendix A

ACCESS REQUEST BY THE USER

ACCESS REQUEST BY THE USER TO MAKE DATA AVAILABLE TO A THIRD PARTY