From afa6df87f4f6de7756ad08869bcc805f0d156169 Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Tue, 2 Jun 2026 09:45:23 +0200
Subject: [PATCH 01/18] WIP: Add upcoming terms of use page

---
 src/components/Pages/TermsOfUseUpcoming.vue | 815 ++++++++++++++++++++
 src/router/index.js                         |   6 +
 2 files changed, 821 insertions(+)
 create mode 100644 src/components/Pages/TermsOfUseUpcoming.vue

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
new file mode 100644
index 00000000..ecbab7da
--- /dev/null
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -0,0 +1,815 @@
+<template>
+  <v-main>
+    <v-container class="fill-height" fluid>
+      <v-row justify="center">
+        <v-col cols="8">
+          <h1>Terms Of Use</h1>
+          <h2>1. Definitions</h2>
+          <p>In addition to terms defined elsewhere in this
+                Agreement, the following terms have the following meanings:</p>
+          <p>1.1 “Manager Account” or “Account”: The personal Account provided by Wikibase.cloud
+                to the User on the Platform after the User’s registration.</p>
+          <p>1.2 “Content”: Any type of media (for example text, video files) uploaded to the
+                Platform by a User.</p>
+          <p>1.3 “User”: A natural person that registers for and
+                uses the Platform.</p>
+          <p>1.4 “Wikimedia”: Wikimedia Deutschland – Gesellschaft
+            zur Förderung Freien Wissens e. V.</p>
+          <p>1.5 “Wikibase Instance” or “Site”: an open knowledge base that can be
+                created and run by anyone on Wikibase.cloud.
+              </p>
+          <h2>2. Scope and Applicability</h2>
+          <p>2.1 Wikimedia, Tempelhofer Ufer 23/24, 10963 Berlin, provides
+            Wikibase.cloud (the „Platform“), a free cloud-based Platform that hosts
+            instances of Wikibase. It offers collaborative space to pool, edit and
+            curate information and is accessible under https://www.wikibase.cloud/.</p>
+          <p>2.2 These Terms of Use govern the legal relationship between Wikimedia
+            and the User and apply to all actions of the User and Wikimedia on or in
+            connection with the Platform (the „Agreement“).</p>
+          <h2>3. Conclusion of the Contract and Registration for an Account</h2>
+          <p>3.1 To use the Platform, the
+            User must open a Manager Account. Opening a Manager Account is free of
+            charge for the User. The User can sign up directly by visiting the
+            website https://www.wikibase.cloud/ and clicking “Sign Up”.</p>
+          <p>3.2 When registering, the User is required to provide certain basic
+            information, including an email address and a password.</p>
+          <p>3.3 By clicking
+            on “Create Account”, the User requests Wikimedia to create an Account on
+            the Platform. Wikimedia will send an email with a legally binding offer
+            to open the Account and to confirm the user’s email address. By clicking
+            on “verify email”, the User accepts the offer, concludes the Agreement
+            with Wikimedia and opens the Account.</p>
+          <p>3.4 The User shall keep the Account
+            information, in particular the chosen password, confidential and shall
+            not disclose it to third parties. Any misuse or suspected misuse must be
+            reported to Wikimedia Deutschland immediately.</p>
+          <p> 3.5 The User can access
+            the latest version of these Terms at any time on the Platform. The
+            Agreement is concluded in English and the Terms are only available in
+            English.</p>
+          <h2>4. Creating a Wikibase Instance and its basic functions</h2>
+          <p>4.1 After creating a Manager Account and logging into it, the User can
+            create a Wikibase Instance on their dashboard page.</p>
+          <p>4.2 To create a
+            Wikibase Instance, the User is required to provide certain basic
+            information, including Site Name, Site Domain and Username.</p>
+          <p>4.3 By
+            clicking on “Create Wiki”, the User submits the form. Once the form has
+            been successfully submitted, the Wikibase Instance will be created and
+            become available on the dashboard.</p>
+          <p>4.4 Wikimedia will send the User an
+            email with Account details, including the username and a temporary
+            password. After logging in with the provided password, the User is
+            prompted to create a new password.</p>
+          <p>4.5 The User shall keep the Account
+            information, in particular the chosen password, confidential and shall
+            not disclose it to third parties. Any misuse or suspected misuse must be
+            reported to Wikimedia immediately.</p>
+          <p>4.6 Once the Wikibase Instance has
+            been created, the basic functions are available to the User, which may
+            change from time to time. For example, the User can create a main page,
+            add a logo and create their own legal terms for their Wiki. The User can
+            also manually enter, import or delete data or any other information or
+            media (the “Content”) using the tools provided. Wikibase is a
+            collaborative Platform. The User can enable other persons to register
+            for an Account on their Wikibase Instance or upload Content.</p>
+          <h2>5. Rules of the Platform</h2>
+          <p>5.1 The User may only use the Platform in accordance with
+            the Terms of Use and the additional rules laid down in the Hosting
+            Policy, which is hereby explicitly incorporated into the Agreement. In
+            particular, the User may not create, post, share, link to or otherwise
+            interact with Content that violates our rules or any laws.</p>
+          <p>5.2 The User
+            is responsible for any Content that they or other persons publish on
+            their registered Wikibase Instance. The User shall take all reasonable
+            steps to inform other persons using their Wikibase Instance of all
+            restrictions laid down in these Terms of Use and to ensure that these
+            restrictions are obeyed. The User must have all the necessary rights to
+            create, publish or share Content. The User agrees not to upload or share
+            any Content on their Wikibase Instance that infringes the intellectual
+            property rights of third persons or that is otherwise unlawful.</p>
+          <p>5.3 It is
+            specifically prohibited to:
+            * Upload or distribute Content that is
+            insulting, abusive, offensive, racist, threatening, harmful to minors,
+            pornographic, violates personal rights, promotes violence or sedition,
+            incites criminal acts, provides instructions on how to commit criminal
+            acts, or provides services that involve pornographic and/or erotic
+            Content or any other illegal Content;<br />
+            * Upload or distribute Content
+            that is copied as a whole or in part from another protected work or
+            material without the permission of the respective copyright owner;
+            *Upload or distribute Content that violates or infringes the rights of
+            third parties, in particular personal rights, copyrights or other
+            intellectual property rights or any other rights of third parties;
+            *Upload or distribute Content that contains personal, confidential or
+            non-public information;<br />
+            * Contact other users of the Platform in a
+            disrespectful and rude manner, as well as to buy or sell products or
+            services;<br />
+            * Provide false data or information, as well as false data or
+            information of third parties; or<br />
+            * Sell or otherwise transfer the User Account to another person.</p>
+          <p>5.4 The User should be aware that the sites
+            may be edited by the public and, as such, may contain inappropriate
+            Content at any time.</p>
+          <h2>6. Moderation of Content</h2>
+          <p>6.1 Wikimedia does not
+            monitor Content on the Platform, but reserves the right to conduct
+            random checks, particularly if there are indications of violations.
+            Wikimedia does not use any automatic moderation technology or similar
+            tools that automatically scan, edit, block or remove Content.</p>
+          <p>6.2 Wikimedia may remove or restrict access to Content and/or delete or
+            restrict access to the User’s Account and/or delete or restrict access
+            to the Wikibase Instance if Wikimedia has reasonable grounds to believe
+            that Content violates the Agreement or applicable law.</p>
+          <p>6.3 If Wikimedia
+            removes or restricts access to Content, Wikimedia will notify the User
+            immediately and explain the reasons for the decision, unless to do so
+            would harm Wikimedia, or other third parties, or Wikimedia is legally
+            prevented from notifying the User.</p>
+          <p>6.4 Wikimedia will always proceed
+            carefully, objectively and proportionately when examining Content and
+            implementing measures, and will take into account the rights and
+            legitimate interests of all parties involved.</p>
+          <p>6.5 If the User believes
+            that Wikimedia has erred in one of the measures mentioned above in this
+            section 6, the User may request a review using the complaint functions
+            and Wikimedia will review and reconsider the decision. The following
+            rules apply to complaints<br />
+            * The User may file a complaint against the
+            removal of the Content, the suspension or termination of the Account, or
+            the rejection of a report submitted by the User regarding Content that
+            the User considers to be illegal.<br />
+              * The User is not entitled to file a
+            complaint if the User has already been warned for improper use of
+            Wikimedia’s complaint system. This is the case, for example, if the User
+            repeatedly submits identical complaints without justification. * A
+            complaint must be made within six months of the date on which the User
+            was notified of our decision.<br />
+              * Wikimedia deals with complaints
+            promptly, carefully and without discrimination or arbitrariness. In
+            order to do this, Wikimedia needs all relevant information from the User
+            to understand the complaint. Complaints with offensive or inappropriate
+            language may result in the suspension of complaints after a warning.<br />
+              * Wikimedia shall promptly decide whether to reverse or uphold the
+            original action. The User will receive the reasoned decision promptly.<br />
+              * In considering the complaint, Wikimedia will take into account the
+            seriousness of the breach, the reason for the complaint, the frequency
+            and impact of the breaches and the intention behind the breach.<br />
+              * This section is without prejudice to the rights of EU users to take their
+            case to certified out-of-court complaint bodies. For more information,
+            please click here.</p>
+          <h2>7. Grant of rights of use</h2>
+          <p>7.1 The User grants
+            Wikimedia the rights of use to the uploaded Content for the purpose of
+            Wikimedia’s provision of the Platform.</p>
+          <p>7.2 Wikimedia reserves the right to close, move, merge, or rename a site
+            for any reason. Wikimedia shall not be held liable for any modification,
+              suspension or discontinuance of any site, or of the Platform as a whole.</p>
+          <h2>8. Term and Termination</h2>
+          <p>8.1 The terms of this Agreement commence upon the
+              User’s registration.</p>
+          <p>8.2 The User can delete their Account by contacting
+            Wikimedia, for example, via https://www.wikibase.cloud/contact.</p>
+          <p>8.3 Wikimedia can (i) terminate the contract, (ii) suspend single instances,
+            (iii) permanently delete single instances, and/ or (iv) transfer
+            ownership of single instances to another User at any time and without
+              cause, provided that two weeks’ notice is given.</p>
+          <p>8.4 The User can delete
+            their Wikibase Instance at any time through the settings. All data and
+            Content associated with this Wikibase Instance will be permanently
+              deleted after 30 days. The domain may not be available for reuse.</p>
+          <p>8.5 Wikimedia may terminate or suspend any use of the Platform and the
+            User’s Account immediately, without notice or liability, if the User
+            breaches any of the terms and conditions of the Terms of Use. Upon
+            termination of the User’s Account, the User’s right to use the Platform
+              will immediately cease.</p>
+          <h2>9. Availability and Maintenance</h2>
+          <p>9.1 Wikimedia shall implement appropriate measures to ensure the availability and
+            error free functionality of the Platform. However, the User acknowledges
+            that for technical reasons and due to the dependence on external
+            influences, Wikimedia cannot guarantee the uninterrupted availability of
+            the Platform.</p>
+          <p>9.2 Wikimedia will occasionally carry out maintenance work
+            to ensure the functionality or expansion of the Platform. These tasks
+            may result in a temporary impairment of the usability of the Platform.
+            Insofar Wikimedia shall carry out the maintenance work during periods of
+            low use.</p>
+          <h2>10. Liability</h2>
+          <p>10.1 Wikimedia provides a free service that allows
+            the User to create their own Wikibase Instance. Wikimedia assumes no
+            responsibility for any material posted by the User. However, in
+            accordance with Art. 16 DSA Wikimedia provides a mechanism for the User
+            and third parties to report illegal Content hosted on the Platform.</p>
+          <p>10.2 Users are solely responsible for their Content and must ensure
+            compliance with applicable German laws.</p>
+          <p>10.3 The User agrees to indemnify
+            and hold harmless Wikimedia from any claims by third parties arising
+            from Content they publish or actions they take while using our Platform.</p>
+          <h2>11. Data Protection</h2>
+          <p>1.11 For comprehensive information on how Wikimedia
+            collects, processes or uses personal data of the User, please refer to
+            our Privacy Policy.</p>
+          <p>11.2 To the extent that the Content provided by the
+            User or by contributors and users of the User’s Wikimedia Instance
+            contains personal data of third parties, the User remains the controller
+            of such data and Wikimedia acts as the processor of the User’s personal
+            data under the GDPR. To this end, the Parties enter into the Standard
+            Contractual Clauses (Commission Implementing Decision (EU) 2021/915 of 4
+            June 2021) attached hereto in the Appendix 1.</p>
+          <p>11.3 If and sofar the User
+            resides and/or processes personal data in a state outside of the EU and
+            the data transfers between Wikimedia and the User constitute an
+            international data transfer according to Chapter 5 of the GDPR, the User
+            and Wikimedia enter into the Standard Contractual Clauses for transfers
+            of personal data to third countries as laid down in the Commission
+            Implementing Decision (EU) 2021/914 4 June 2021, attached hereto as
+            Appendix 2 (the “International Standard Contractual Clauses”) in form of
+            Module 4 (Processor to Controller). The Annexes I, II, III and IV of
+            Appendix 1 apply accordingly.</p>
+          <h2>12. Miscellaneous</h2>
+          <p>12.1 This Agreement is
+            governed by, and shall be interpreted in accordance with, the laws of,
+            and directly applicable in, the Federal Republic of Germany, excluding,
+            however, the provisions of the United Nations Convention on Contracts
+            for the International Sale of Goods and any conflict of law provisions
+            that would require the application of the material law of another
+            country.</p>
+          <p>12.2 The Parties hereby irrevocably submit to the exclusive
+            jurisdiction of the courts of Berlin, Germany, for all disputes or
+            claims arising out of or in connection with this Agreement made
+            hereunder.</p>
+          <p>12.3. If any provision of this Agreement is invalid or
+            unenforceable in whole or in part, this shall not affect the validity
+            and enforceability of any other provision of this Agreement. The invalid
+            or unenforceable provision shall be deemed replaced by a valid and
+            enforceable provision that comes as close as possible to the economic
+            purpose that both parties had in mind with the invalid or unenforceable
+            provision.</p>
+          <h2>Appendix 1: Standard contractual clauses (Commission Implementing
+            Decision (EU) 2021/915 of 4 June 2021)</h2>
+          <h3>SECTION I</h3>
+          <h4>Clause 1</h4>
+          <h4>Purpose and scope</h4>
+            <p>(a) The purpose of these Standard
+            Contractual Clauses (the Clauses) is to ensure compliance with Article
+            28(3) and (4) of Regulation (EU) 2016/679 of the European Parliament and
+            of the Council of 27 April 2016 on the protection of natural persons
+            with regard to the processing of personal data and on the free movement
+            of such data, and repealing Directive 95/46/EC (General Data Protection
+            Regulation).</p>
+            <p>(b) The controllers and processors listed in Annex I have
+            agreed to these Clauses in order to ensure compliance with Article 28(3)
+            and (4) of Regulation (EU) 2016/679 and/or Article 29(3) and (4) of
+            Regulation (EU) 2018/1725.</p>
+            <p>(c) These Clauses apply to the processing of
+            personal data as specified in Annex II.</p>
+            <p>(d) Annexes I to IV are an
+            integral part of the Clauses.</p>
+            <p>(e) These Clauses are without prejudice to
+            obligations to which the controller is subject by virtue of Regulation
+            (EU) 2016/679 and/or Regulation (EU) 2018/1725.</p>
+            <p>(f) These Clauses do not
+            by themselves ensure compliance with obligations related to
+            international transfers in accordance with Chapter V of Regulation (EU)
+            2016/679 and/or Regulation (EU) 2018/1725.</p>
+          <h4>Clause 2</h4>
+          <h4>Invariability of the Clauses</h4>
+            <p>(a) The Parties undertake not to modify the Clauses, except for
+            adding information to the Annexes or updating information in them.</p>
+            <p>(b)This does not prevent the Parties from including the standard
+            contractual clauses laid down in these Clauses in a broader contract, or
+            from adding other clauses or additional safeguards provided that they do
+            not directly or indirectly contradict the Clauses or detract from the
+              fundamental rights or freedoms of data subjects.</p>
+          <h4>Clause 3</h4>
+          <h4>Interpretation</h4>
+            <p>(a) Where these Clauses use the terms defined in Regulation (EU)
+            2016/679 or Regulation (EU) 2018/1725 respectively, those terms shall
+            have the same meaning as in that Regulation.</p>
+            <p>(b) These Clauses shall be
+            read and interpreted in the light of the provisions of Regulation (EU)
+            2016/679 or Regulation (EU) 2018/1725 respectively.</p>
+            <p>(c) These Clauses
+            shall not be interpreted in a way that runs counter to the rights and
+            obligations provided for in Regulation (EU) 2016/679 / Regulation (EU)
+            2018/1725 or in a way that prejudices the fundamental rights or freedoms
+              of the data subjects.</p>
+          <h3>Clause 4</h3>
+          <h4>Hierarchy</h4>
+            <p>In the event of a contradiction
+            between these Clauses and the provisions of related agreements between
+            the Parties existing at the time when these Clauses are agreed or
+            entered into thereafter, these Clauses shall prevail.</p>
+          <h3>SECTION II</h3>
+          <h3>OBLIGATIONS OF THE PARTIES</h3>
+          <h4>Clause 5</h4>
+          <h4>Description of processing(s)</h4>
+            <p>The details of the processing operations, in particular the categories of
+            personal data and the purposes of processing for which the personal data
+            is processed on behalf of the controller, are specified in Annex II.</p>
+          <h4>Clause 6</h4>
+          <h4>Obligations of the Parties</h4>
+          <h5>6.1. Instructions</h5>
+            <p>(a) The processor
+            shall process personal data only on documented instructions from the
+            controller, unless required to do so by Union or Member State law to
+            which the processor is subject. In this case, the processor shall inform
+            the controller of that legal requirement before processing, unless the
+            law prohibits this on important grounds of public interest. Subsequent
+            instructions may also be given by the controller throughout the duration
+            of the processing of personal data. These instructions shall always be
+              documented.</p>
+            <p>(b) The processor shall immediately inform the controller
+            if, in the processor’s opinion, instructions given by the controller
+            infringe Regulation (EU) 2016/679 / Regulation (EU) 2018/1725 or the
+              applicable Union or Member State data protection provisions.</p>
+          <h5>6.2. Purpose limitation</h5>
+            <p>The processor shall process the personal data only
+            for the specific purpose(s) of the processing, as set out in Annex II,
+            unless it receives further instructions from the controller.</p>
+          <h5>6.3. Duration of the processing of personal data</h5>
+            <p>Processing by the processor
+              shall only take place for the duration specified in Annex II.</p>
+          <h5>6.4. Security of processing</h5>
+            <p>(a) The processor shall at least implement the
+            technical and organisational measures specified in Annex III to ensure
+            the security of the personal data. This includes protecting the data
+            against a breach of security leading to accidental or unlawful
+            destruction, loss, alteration, unauthorised disclosure or access to the
+            data (personal data breach). In assessing the appropriate level of
+            security, the Parties shall take due account of the state of the art,
+            the costs of implementation, the nature, scope, context and purposes of
+            processing and the risks involved for the data subjects.</p>
+            <p>(b) The
+            processor shall grant access to the personal data undergoing processing
+            to members of its personnel only to the extent strictly necessary for
+            implementing, managing and monitoring of the contract. The processor
+            shall ensure that persons authorised to process the personal data
+            received have committed themselves to confidentiality or are under an
+            appropriate statutory obligation of confidentiality.</p>
+          <h5>6.5. Sensitive data</h5>
+            <p>If the processing involves personal data revealing racial or ethnic
+            origin, political opinions, religious or philosophical beliefs, or trade
+            union membership, genetic data or biometric data for the purpose of
+            uniquely identifying a natural person, data concerning health or a
+            person’s sex life or sexual orientation, or data relating to criminal
+            convictions and offences (“sensitive data”), the processor shall apply
+            specific restrictions and/or additional safeguards.</p>
+          <h5>6.6. Documentation and compliance</h5>
+             <p>(a) The Parties shall be able to demonstrate compliance
+            with these Clauses.</p>
+            <p>(b) The processor shall deal promptly and adequately
+            with inquiries from the controller about the processing of data in
+            accordance with these Clauses.</p>
+            <p>(c) The processor shall make available to
+            the controller all information necessary to demonstrate compliance with
+            the obligations that are set out in these Clauses and stem directly from
+            Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. At the
+            controller’s request, the processor shall also permit and contribute to
+            audits of the processing activities covered by these Clauses, at
+            reasonable intervals or if there are indications of non-compliance. In
+            deciding on a review or an audit, the controller may take into account
+            relevant certifications held by the processor.</p>
+            <p>(d) The controller may
+            choose to conduct the audit by itself or mandate an independent auditor.
+            Audits may also include inspections at the premises or physical
+            facilities of the processor and shall, where appropriate, be carried out
+            with reasonable notice.</p>
+            <p>(e) The Parties shall make the information
+            referred to in this Clause, including the results of any audits,
+            available to the competent supervisory authority/ies on request.</p>
+          <h5>6.7. Use of sub-processors</h5>
+            <p>(a) GENERAL WRITTEN AUTHORISATION: The processor
+            has the controller’s general authorisation for the engagement of
+            sub-processors from an agreed list. The processor shall specifically
+            inform in writing the controller of any intended changes of that list
+            through the addition or replacement of sub-processors at least two
+            months in advance, thereby giving the controller sufficient time to be
+            able to object to such changes prior to the engagement of the concerned
+            sub-processor(s). The processor shall provide the controller with the
+            information necessary to enable the controller to exercise the right to
+            object.</p>
+            <p>(b) Where the processor engages a sub-processor for carrying out
+            specific processing activities (on behalf of the controller), it shall
+            do so by way of a contract which imposes on the sub-processor, in
+            substance, the same data protection obligations as the ones imposed on
+            the data processor in accordance with these Clauses. The processor shall
+            ensure that the sub-processor complies with the obligations to which the
+            processor is subject pursuant to these Clauses and to Regulation (EU)
+            2016/679 and/or Regulation (EU) 2018/1725.</p>
+            <p>(c) At the controller’s
+            request, the processor shall provide a copy of such a sub-processor
+            agreement and any subsequent amendments to the controller. To the extent
+            necessary to protect business secret or other confidential information,
+            including personal data, the processor may redact the text of the
+            agreement prior to sharing the copy.</p>
+            <p>(d) The processor shall remain
+            fully responsible to the controller for the performance of the
+            sub-processor’s obligations in accordance with its contract with the
+            processor. The processor shall notify the controller of any failure by
+            the sub-processor to fulfil its contractual obligations.</p>
+            <p>(e) The processor shall agree a third party beneficiary clause with the
+            sub-processor whereby - in the event the processor has factually
+            disappeared, ceased to exist in law or has become insolvent - the
+            controller shall have the right to terminate the sub-processor contract
+            and to instruct the sub-processor to erase or return the personal data.</p>
+            <h5>6.8. International transfers</h5>
+            <p>(a) Any transfer of data to a third country
+            or an international organisation by the processor shall be done only on
+            the basis of documented instructions from the controller or in order to
+            fulfil a specific requirement under Union or Member State law to which
+            the processor is subject and shall take place in compliance with Chapter
+            V of Regulation (EU) 2016/679 or Regulation (EU) 2018/1725.</p>
+            <p>(b) The
+            controller agrees that where the processor engages a sub-processor in
+            accordance with Clause 7.7. for carrying out specific processing
+            activities (on behalf of the controller) and those processing activities
+            involve a transfer of personal data within the meaning of Chapter V of
+            Regulation (EU) 2016/679, the processor and the sub-processor can ensure
+            compliance with Chapter V of Regulation (EU) 2016/679 by using standard
+            contractual clauses adopted by the Commission in accordance with of
+            Article 46(2) of Regulation (EU) 2016/679, provided the conditions for
+            the use of those standard contractual clauses are met.</p>
+          <h4>Clause 7</h4>
+          <h4>Assistance to the controller</h4>
+            <p>(a) The processor shall promptly notify the
+            controller of any request it has received from the data subject. It
+            shall not respond to the request itself, unless authorised to do so by
+            the controller.</p>
+            <p>(b) The processor shall assist the controller in
+            fulfilling its obligations to respond to data subjects’ requests to
+            exercise their rights, taking into account the nature of the processing.
+            In fulfilling its obligations in accordance with (a) and (b), the
+            processor shall comply with the controller’s instructions</p>
+            <p>(c) In
+            addition to the processor’s obligation to assist the controller pursuant
+            to Clause 8(b), the processor shall furthermore assist the controller in
+            ensuring compliance with the following obligations, taking into account
+            the nature of the data processing and the information available to the
+              processor:</p>
+              <div class="pl-8">
+                <p>(1) the obligation to carry out an assessment of the impact
+                  of the envisaged processing operations on the protection of personal
+                  data (a ‘data protection impact assessment’) where a type of processing
+                  is likely to result in a high risk to the rights and freedoms of natural
+                  persons;</p>
+                <p>(2) the obligation to consult the competent supervisory
+                  authority/ies prior to processing where a data protection impact
+                  assessment indicates that the processing would result in a high risk in
+                  the absence of measures taken by the controller to mitigate the risk;</p>
+                <p>(3) the obligation to ensure that personal data is accurate and up to
+                  date, by informing the controller without delay if the processor becomes
+                  aware that the personal data it is processing is inaccurate or has
+                  become outdated;</p>
+                <p>(4) the obligations in Article 32 of Regulation (EU)
+                  2016/679.</p>
+              </div>
+            <p>(d) The Parties shall set out in Annex III the appropriate technical and organisational measures by which the processor is required to assist the controller in the application of this Clause as well as the scope and the extent of the assistance required.</p>
+          <h4>Clause 8</h4>
+          <h4>Notification of personal data breach</h4>
+            <p>In the event of a personal data
+            breach, the processor shall cooperate with and assist the controller for
+            the controller to comply with its obligations under Articles 33 and 34
+            of Regulation (EU) 2016/679 or under Articles 34 and 35 of Regulation
+            (EU) 2018/1725, where applicable, taking into account the nature of
+              processing and the information available to the processor.</p>
+          <h5>8.1 Data breach concerning data processed by the controller</h5>
+             <p>In the event of a
+            personal data breach concerning data processed by the controller, the
+            processor shall assist the controller:</p>
+            <p>(a) in notifying the personal
+            data breach to the competent supervisory authority/ies, without undue
+            delay after the controller has become aware of it, where
+            relevant/(unless the personal data breach is unlikely to result in a
+            risk to the rights and freedoms of natural persons);</p>
+            <p>(b) in obtaining
+            the following information which, pursuant to Article 33(3) of Regulation
+            (EU) 2016/679, shall be stated in the controller’s notification, and
+              must at least include:</p>
+            <div class="pl-8">
+              <p>(1) the nature of the personal data including
+              where possible, the categories and approximate number of data subjects
+              concerned and the categories and approximate number of personal data
+                records concerned;</p>
+              <p>(2) the likely consequences of the personal data
+                breach;</p>
+              <p>(3) the measures taken or proposed to be taken by the controller
+              to address the personal data breach, including, where appropriate,
+                measures to mitigate its possible adverse effects.</p>
+            </div>
+            <p>Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.</p>
+            <p>(c) in complying, pursuant to Article 34 of Regulation (EU) 2016/679,
+              with the obligation to communicate without undue delay the personal data
+              breach to the data subject, when the personal data breach is likely to
+              result in a high risk to the rights and freedoms of natural persons.</p>
+          <h5>8.2 Data breach concerning data processed by the processor</h5>
+               <p>In the event of a
+              personal data breach concerning data processed by the processor, the
+              processor shall notify the controller without undue delay after the
+              processor having become aware of the breach. Such notification shall
+              contain, at least:</p>
+            <p>(a) a description of the nature of the breach (including, where
+              possible, the categories and approximate number of data subjects and
+              data records concerned);</p>
+            <p>(b)the details of a contact point where more information concerning the
+                  personal data breach can be obtained;</p>
+            <p>(c)its likely consequences and the measures taken or proposed to be
+                  taken to address the breach, including to mitigate its possible adverse
+                  effects.</p>
+            <p>Where, and insofar as, it is not possible to provide all this
+                  information at the same time, the initial notification shall contain the
+                  information then available and further information shall, as it becomes
+                  available, subsequently be provided without undue delay.</p>
+            <p>The Parties
+                  shall set out in Annex III all other elements to be provided by the
+                  processor when assisting the controller in the compliance with the
+                  controller’s obligations under Articles 33 and 34 of Regulation (EU)
+                  2016/679.</p>
+          <h3>SECTION III</h3>
+          <h3> FINAL PROVISIONS</h3>
+          <h4>Clause 9</h4>
+          <h4>Non-compliance with the Clauses and termination</h4>
+          <p>(a) Without prejudice to any provisions of Regulation
+            (EU) 2016/679 and/or Regulation (EU) 2018/1725, in the event that the
+            processor is in breach of its obligations under these Clauses, the
+            controller may instruct the processor to suspend the processing of
+            personal data until the latter complies with these Clauses or the
+            contract is terminated. The processor shall promptly inform the
+            controller in case it is unable to comply with these Clauses, for
+            whatever reason.</p>
+          <p>(b) The controller shall be entitled to terminate the
+            contract insofar as it concerns processing of personal data in
+            accordance with these Clauses if:</p>
+            <div class="pl-8">
+              <p>(1) the processing of personal data by
+              the processor has been suspended by the controller pursuant to point (a)
+              and if compliance with these Clauses is not restored within a reasonable
+              time and in any event within one month following suspension;</p>
+              <p>(2) the
+              processor is in substantial or persistent breach of these Clauses or its
+              obligations under Regulation (EU) 2016/679 and/or Regulation (EU)
+                2018/1725;</p>
+              <p>(3) the processor fails to comply with a binding decision of
+              a competent court or the competent supervisory authority/ies regarding
+              its obligations pursuant to these Clauses or to Regulation (EU) 2016/679
+                and/or Regulation (EU) 2018/1725.</p>
+            </div>
+          <p>(c) The processor shall be entitled to terminate the contract insofar as it concerns processing of personal data under these Clauses where, after having informed the controller that its instructions infringe applicable legal requirements in accordance with Clause 7.1 (b), the controller insists on compliance with the instructions.</p>
+          <p>(d) Following termination of the contract, the processor shall, at the choice of the controller, delete all personal data processed on behalf of the controller and certify to the controller that it has done so, or, return all the personal data to the controller and delete existing copies unless Union or Member State law requires storage of the personal data. Until the data is deleted or returned, the processor shall continue to ensure compliance with these Clauses.</p>
+          <h4>ANNEX I</h4>
+          <h5>List of parties</h5>
+          <p></p><b>Controller(s):</b> [Identity and contact details
+            of the controller(s), and, where applicable, of the controller’s data
+            protection officer]<p/>
+            <p>The User as specified in the Terms of Use.</p>
+            <p><b>Processor(s):</b>
+            [Identity and contact details of the processor(s) and,
+            where applicable, of the processor’s data protection officer]</p>
+            <p>Wikimedia
+            Deutschland e. V., Tempelhofer Ufer 23-24, 10369 Berlin</p>
+          <h4>ANNEX II</h4>
+          <h5>Description of the processing</h5>
+          <i>Categories of data subjects
+            whose personal data is processed</i>
+          <li class="pl-8"> Any categories of data subjects
+          contained in the data uploaded by the User</li>.
+          <i>Categories of personal data
+            processed</i>
+          <li class="pl-8">Any categories of personal data contained in the data
+          uploaded by the User.</li>
+          <i>Sensitive data processed (if applicable) and
+            applied restrictions or safeguards that fully take into consideration
+            the nature of the data and the risks involved, such as for instance
+            strict purpose limitation, access restrictions (including access only
+            for staff having followed specialised training), keeping a record of
+            access to the data, restrictions for onward transfers or additional
+            security measures.</i>
+          <li class="pl-8">The categories of personal data may include
+            sensitive data depending on the Content uploaded by the User. Since
+            Wikimedia has no knowledge of the specific categories processed it lies
+            in the User’s responsibility to ensure that the safeguards are
+            sufficient to process the specific categories of personal data.</li>
+          <i>Nature of the processing</i>
+          <li class="pl-8" >Any processing necessary to fulfil the contractual
+            purposes. Especially collection, storage, disclosure and dissemination
+            and making publicly available as well as anonymization and/or deletion.</li>
+          <i>Purpose(s) for which the personal data is processed on behalf of the
+            controller</i>
+          <li class="pl-8">Publishing the Wikibase as well as the data uploaded to and
+            contained in it and making it available to the public. Wikimedia does
+            not act as a processor for the User with regard to the processing of
+            personal data of persons browsing the Wikibase and any personal data
+            that is processed to establish the connection.</li>
+          <i>Duration of the processing</i>
+          <li class="pl-8">The rules of the Agreement regarding the
+            Term and Termination apply.</li>
+            <i>For processing by (sub-) processors, also specify subject matter, nature
+            and duration of the processing</i>
+          <h4>ANNEX III</h4>
+          <b>Technical and organisational measures including technical
+            and organisational measures to ensure the security of the data</b><br />
+          <i>You may
+            obtain a copy of our technical and organisational measures on request,
+            to do so please send an email to: datenschutz@wikimedia.de.</i>
+          <h4>ANNEX IV</h4>
+          <b>List of sub-processors</b>
+          <b>EXPLANATORY NOTE:</b>
+          <p>This Annex needs to
+            be completed in case of specific authorisation of sub-processors (Clause
+            7.7(a), Option 1). The controller has authorised the use of the
+            following sub-processors:</p>
+          <ol class="pl-8">
+            <li><b>Name: Google Ireland Ltd.</b><br /> Address: Gordon
+            House, Barrow Street, Dublin 4 Contact person’s name, position and
+            contact details: Please contact Wikimedia for the contact information
+            Description of the processing (including a clear delimitation of
+            responsibilities in case several sub-processors are authorised): Hosting
+              of the Wikibase.cloud service</li> <li><b>Name: Mailgun Technologies, Inc</b><br />
+            Address: 112 E Pecan St #1135, San Antonio, TX 78205 Contact person’s
+            name, position and contact details: Please contact Wikimedia for the
+            contact information Description of the processing : Email service
+            provisioning</li>
+          </ol>
+          <h2>Appendix 2: International Standard Contractual Clauses : MODULE FOUR:
+            Transfer processor to controller</h2>
+          <h3>SECTION I</h3>
+          <h4>Clause 1</h4>
+          <h4>Purpose and scope</h4>
+          <p>(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)[1] for the transfer of personal data to a third country.</p>
+          <p>(b) The Parties:</p>
+          <div class="pl-8">
+            <p>(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”),</p>
+            <p>and</p>
+            <p>(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)</p>
+            <p>have agreed to these standard contractual clauses (hereinafter: “Clauses”).</p>
+            <p>(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.</p>
+            <p>(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.</p>
+          </div>
+          <p>Clause 2 Effect and invariability of the Clauses</p>
+          <ol type="a">
+            <li><pre><code>   These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.</code></pre></li>
+            <li><pre><code>   These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.</code></pre></li>
+          </ol>
+          <p>Clause 3 Third-party beneficiaries</p>
+          <ol type="a">
+            <li><pre><code>   Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:</code></pre></li>
+            <li><pre><code>   Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;</code></pre></li>
+          </ol>
+          <ol start="2" type="i">
+            <li><pre><code>   Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);</code></pre></li>
+            <li><pre><code>   Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);</code></pre></li>
+            <li><pre><code>   Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);</code></pre></li>
+            <li><pre><code>   Clause 13;</code></pre></li>
+            <li><pre><code>   Clause 15.1(c), (d) and (e);</code></pre></li>
+            <li><pre><code>   Clause 16(e);</code></pre></li>
+            <li><pre><code>   Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.</code></pre></li>
+          </ol>
+          <ol start="2" type="a">
+            <li><pre><code>   Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.</code></pre></li>
+          </ol>
+          <p>Clause 4 Interpretation</p>
+          <ol type="a">
+            <li><pre><code>   Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.</code></pre></li>
+            <li><pre><code>   These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.</code></pre></li>
+            <li><pre><code>   These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.</code></pre></li>
+          </ol>
+          <p>Clause 5 Hierarchy</p>
+          <p>In the event of a contradiction between these Clauses and the
+            provisions of related agreements between the Parties, existing at the
+            time these Clauses are agreed or entered into thereafter, these Clauses
+            shall prevail.</p>
+          <p>Clause 6 Description of the transfer(s)</p>
+          <p>The details of the transfer(s), and in particular the categories of
+            personal data that are transferred and the purpose(s) for which they are
+            transferred, are specified in Annex I.B.</p>
+          <p>Clause 7 - Optional Docking clause</p>
+          <ol type="a">
+            <li><pre><code>   An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A. </code></pre></li>
+            <li><pre><code>   Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.</code></pre></li>
+            <li><pre><code>   The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.</code></pre></li>
+          </ol>
+          <p>SECTION II – OBLIGATIONS OF THE PARTIES Clause 8 Data protection
+            safeguards</p>
+          <p>The data exporter warrants that it has used reasonable efforts to
+            determine that the data importer is able, through the implementation of
+            appropriate technical and organisational measures, to satisfy its
+            obligations under these Clauses.</p>
+          <p>8.1 Instructions</p>
+          <ol type="a">
+            <li><pre><code>   The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.</code></pre></li>
+            <li><pre><code>   The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.</code></pre></li>
+            <li><pre><code>   The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.</code></pre></li>
+            <li><pre><code>   After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.</code></pre></li>
+          </ol>
+          <p>8.2 Security of processing</p>
+          <ol type="a">
+            <li><pre><code>   The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data[2], the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.</code></pre></li>
+            <li><pre><code>   The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.</code></pre></li>
+            <li><pre><code>   The data exporter shall ensure that persons authorised to process the personal data   have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.</code></pre></li>
+          </ol>
+          <p>8.3 Documentation and compliance</p>
+          <ol type="a">
+            <li><pre><code>   The Parties shall be able to demonstrate compliance with these Clauses.</code></pre></li>
+            <li><pre><code>   The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.</code></pre></li>
+          </ol>
+          <p>Clause 9 [not applicable] Use of sub-processors</p>
+          <p>Clause 10 Data subject rights</p>
+          <p>The Parties shall assist each other in responding to enquiries and
+            requests made by data subjects under the local law applicable to the
+            data importer or, for data processing by the data exporter in the EU,
+            under Regulation (EU) 2016/679.</p>
+          <p>Clause 11 Redress</p>
+          <ol type="a">
+            <li><pre><code>   The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.</code></pre></li>
+          </ol>
+          <p>Clause 12 Liability</p>
+          <ol type="a">
+            <li><pre><code>   Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.</code></pre></li>
+            <li><pre><code>   Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.</code></pre></li>
+            <li><pre><code>   Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.</code></pre></li>
+            <li><pre><code>   The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.</code></pre></li>
+            <li><pre><code>   The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.</code></pre></li>
+          </ol>
+          <p>Clause 13 [not applicable] Supervision</p>
+          <p>SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC
+            AUTHORITIES</p>
+          <p>Clause 14 [not applicable]</p>
+          <p>Clause 15 [not applicable]</p>
+          <p>SECTION IV – FINAL PROVISIONS</p>
+          <p>Clause 16 Non-compliance with the Clauses and termination</p>
+          <ol type="a">
+            <li><pre><code>   The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.</code></pre></li>
+            <li><pre><code>   In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).</code></pre></li>
+            <li><pre><code>   The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:</code></pre></li>
+            <li><pre><code>   the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;</code></pre></li>
+          </ol>
+          <ol start="2" type="i">
+            <li><pre><code>   the data importer is in substantial or persistent breach of these Clauses; or</code></pre></li>
+            <li><pre><code>   the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.</code></pre>
+              In these cases, it shall inform the competent supervisory authority of
+              such non-compliance. Where the contract involves more than two Parties,
+              the data exporter may exercise this right to termination only with
+              respect to the relevant Party, unless the Parties have agreed
+              otherwise.</li>
+            <li><pre><code>   Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.</code></pre></li>
+          </ol>
+          <ol start="5" type="a">
+            <li><pre><code>   Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.</code></pre></li>
+          </ol>
+          <p>Clause 17 Governing law</p>
+          <p>These Clauses shall be governed by the law of a country allowing for
+            third-party beneficiary rights. The Parties agree that this shall be the
+            law of Germany (specify country).</p>
+          <p>Clause 18 Choice of forum and jurisdiction</p>
+          <p>Any dispute arising from these Clauses shall be resolved by the
+            courts of Germany (specify country).</p>
+          <hr />
+          <p>[1] Where the data exporter is a processor subject to Regulation (EU)
+            2016/679 acting on behalf of a Union institution or body as controller,
+            reliance on these Clauses when engaging another processor
+            (sub-processing) not subject to Regulation (EU) 2016/679 also ensures
+            compliance with Article 29(4) of Regulation (EU) 2018/1725 of the
+            European Parliament and of the Council of 23 October 2018 on the
+            protection of natural persons with regard to the processing of personal
+            data by the Union institutions, bodies, offices and agencies and on the
+            free movement of such data, and repealing Regulation (EC) No 45/2001 and
+            Decision No 1247/2002/EC (OJ L 295 of 21.11.2018, p. 39), to the extent
+            these Clauses and the data protection obligations as set out in the
+            contract or other legal act between the controller and the processor
+            pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This
+            will in particular be the case where the controller and processor rely
+            on the standard contractual clauses included in Decision 2021/915. [2]
+            This includes whether the transfer and further processing involves
+            personal data revealing racial or ethnic origin, political opinions,
+            religious or philosophical beliefs, or trade union membership, genetic
+            data or biometric data for the purpose of uniquely identifying a natural
+            person, data concerning health or a person’s sex life or sexual
+            orientation, or data relating to criminal convictions or offences.</p>
+          <p>[a]This should only be visible when the policy becomes enforced
+            [b]This will only be included if we have to include minor immaterial
+            changes to an existing version [c]Such changes can also be appended to
+            ‘what changed’ with a note like:</p>
+          <p>Revisions marked with an asterisk reflect minor clarifications that
+            do not affect your rights or obligations and did not require
+            re-acceptance. [d]shown only for outdated or upcoming versions</p>
+
+        </v-col>
+      </v-row>
+    </v-container>
+  </v-main>
+</template>
+
+<script>
+export default {
+  name: 'TermsOfUse',
+  computed: {},
+}
+</script>
+
+<style scoped>
+h5 {
+  margin-bottom: 16px;
+}
+</style>
diff --git a/src/router/index.js b/src/router/index.js
index c164fc9d..3fefe9ca 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -20,6 +20,7 @@ import User from '@/components/Pages/User'
 import Discovery from '@/components/Pages/Discovery/Discovery'
 import Complaint from '@/components/Pages/Complaint.vue'
 import HostingPolicy from '@/components/Pages/HostingPolicy.vue'
+import TermsOfUseUpcoming from "@/components/Pages/TermsOfUseUpcoming.vue";
 
 Vue.use(Router)
 
@@ -74,6 +75,11 @@ const router = new Router({
       name: 'TermsOfUse',
       component: TermsOfUse,
     },
+    {
+      path: '/terms-of-use/upcoming',
+      name: 'TermsOfUseUpcoming',
+      component: TermsOfUseUpcoming,
+    },
     {
       path: '/hosting-policy/pilot',
       name: 'Hosting Policy',

From e32aa1921a8e8ce81746b31228eecb3483659a09 Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 12:26:13 +0200
Subject: [PATCH 02/18] list wrapping + router links

---
 src/components/Pages/TermsOfUseUpcoming.vue | 73 +++++++++++----------
 1 file changed, 40 insertions(+), 33 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index ecbab7da..9f4e6f8b 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -88,28 +88,31 @@
             create, publish or share Content. The User agrees not to upload or share
             any Content on their Wikibase Instance that infringes the intellectual
             property rights of third persons or that is otherwise unlawful.</p>
-          <p>5.3 It is
-            specifically prohibited to:
-            * Upload or distribute Content that is
+          <p>5.3 It is specifically prohibited to:</p>
+            <ul>
+            <li>Upload or distribute Content that is
             insulting, abusive, offensive, racist, threatening, harmful to minors,
             pornographic, violates personal rights, promotes violence or sedition,
             incites criminal acts, provides instructions on how to commit criminal
             acts, or provides services that involve pornographic and/or erotic
-            Content or any other illegal Content;<br />
-            * Upload or distribute Content
+            Content or any other illegal Content</li>
+
+            <li>Upload or distribute Content
             that is copied as a whole or in part from another protected work or
             material without the permission of the respective copyright owner;
             *Upload or distribute Content that violates or infringes the rights of
             third parties, in particular personal rights, copyrights or other
-            intellectual property rights or any other rights of third parties;
-            *Upload or distribute Content that contains personal, confidential or
-            non-public information;<br />
-            * Contact other users of the Platform in a
+            intellectual property rights or any other rights of third parties</li>
+
+            <li>Upload or distribute Content that contains personal, confidential or
+            non-public information</li>
+            <li>Contact other users of the Platform in a
             disrespectful and rude manner, as well as to buy or sell products or
-            services;<br />
-            * Provide false data or information, as well as false data or
-            information of third parties; or<br />
-            * Sell or otherwise transfer the User Account to another person.</p>
+            services;</li>
+            <li>Provide false data or information, as well as false data or
+            information of third parties; or</li>
+            <li>Sell or otherwise transfer the User Account to another person.</li>
+            </ul>
           <p>5.4 The User should be aware that the sites
             may be edited by the public and, as such, may contain inappropriate
             Content at any time.</p>
@@ -136,30 +139,32 @@
             that Wikimedia has erred in one of the measures mentioned above in this
             section 6, the User may request a review using the complaint functions
             and Wikimedia will review and reconsider the decision. The following
-            rules apply to complaints<br />
-            * The User may file a complaint against the
+            rules apply to complaints:</p>
+            <ul>
+            <li>The User may file a complaint against the
             removal of the Content, the suspension or termination of the Account, or
             the rejection of a report submitted by the User regarding Content that
-            the User considers to be illegal.<br />
-              * The User is not entitled to file a
+            the User considers to be illegal.</li>
+              <li>The User is not entitled to file a
             complaint if the User has already been warned for improper use of
             Wikimedia’s complaint system. This is the case, for example, if the User
-            repeatedly submits identical complaints without justification. * A
+            repeatedly submits identical complaints without justification. <li>A
             complaint must be made within six months of the date on which the User
-            was notified of our decision.<br />
-              * Wikimedia deals with complaints
+            was notified of our decision.</li>
+              <li>Wikimedia deals with complaints
             promptly, carefully and without discrimination or arbitrariness. In
             order to do this, Wikimedia needs all relevant information from the User
             to understand the complaint. Complaints with offensive or inappropriate
-            language may result in the suspension of complaints after a warning.<br />
-              * Wikimedia shall promptly decide whether to reverse or uphold the
-            original action. The User will receive the reasoned decision promptly.<br />
-              * In considering the complaint, Wikimedia will take into account the
+            language may result in the suspension of complaints after a warning.</li>
+              <li>Wikimedia shall promptly decide whether to reverse or uphold the
+            original action. The User will receive the reasoned decision promptly.</li>
+              <li>In considering the complaint, Wikimedia will take into account the
             seriousness of the breach, the reason for the complaint, the frequency
-            and impact of the breaches and the intention behind the breach.<br />
-              * This section is without prejudice to the rights of EU users to take their
+            and impact of the breaches and the intention behind the breach.</li>
+              <li>This section is without prejudice to the rights of EU users to take their
             case to certified out-of-court complaint bodies. For more information,
-            please click here.</p>
+            <router-link to="/dsa-info">please click here</router-link>.</li>
+            </ul>
           <h2>7. Grant of rights of use</h2>
           <p>7.1 The User grants
             Wikimedia the rights of use to the uploaded Content for the purpose of
@@ -210,7 +215,8 @@
           <h2>11. Data Protection</h2>
           <p>1.11 For comprehensive information on how Wikimedia
             collects, processes or uses personal data of the User, please refer to
-            our Privacy Policy.</p>
+            our <router-link to="/privacy-policy">Privacy
+          Policy</router-link>.</p>
           <p>11.2 To the extent that the Content provided by the
             User or by contributors and users of the User’s Wikimedia Instance
             contains personal data of third parties, the User remains the controller
@@ -609,7 +615,7 @@
             and duration of the processing</i>
           <h4>ANNEX III</h4>
           <b>Technical and organisational measures including technical
-            and organisational measures to ensure the security of the data</b><br />
+            and organisational measures to ensure the security of the data</b></p>
           <i>You may
             obtain a copy of our technical and organisational measures on request,
             to do so please send an email to: datenschutz@wikimedia.de.</i>
@@ -620,18 +626,19 @@
             be completed in case of specific authorisation of sub-processors (Clause
             7.7(a), Option 1). The controller has authorised the use of the
             following sub-processors:</p>
-          <ol class="pl-8">
-            <li><b>Name: Google Ireland Ltd.</b><br /> Address: Gordon
+          <ul class="pl-8">
+            <li><b>1. Name: Google Ireland Ltd.</b></li> Address: Gordon
             House, Barrow Street, Dublin 4 Contact person’s name, position and
             contact details: Please contact Wikimedia for the contact information
             Description of the processing (including a clear delimitation of
             responsibilities in case several sub-processors are authorised): Hosting
-              of the Wikibase.cloud service</li> <li><b>Name: Mailgun Technologies, Inc</b><br />
+              of the Wikibase.cloud service</p>
+              <li><b>2. Name: Mailgun Technologies, Inc</b></li>
             Address: 112 E Pecan St #1135, San Antonio, TX 78205 Contact person’s
             name, position and contact details: Please contact Wikimedia for the
             contact information Description of the processing : Email service
             provisioning</li>
-          </ol>
+          </ul>
           <h2>Appendix 2: International Standard Contractual Clauses : MODULE FOUR:
             Transfer processor to controller</h2>
           <h3>SECTION I</h3>

From 047b7eead9376d29dbcec4d854bd9a60003c4878 Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 12:28:23 +0200
Subject: [PATCH 03/18] format HTML

---
 src/components/Pages/TermsOfUseUpcoming.vue | 542 ++++++++++++--------
 1 file changed, 323 insertions(+), 219 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index 9f4e6f8b..23a6a0ce 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -6,18 +6,18 @@
           <h1>Terms Of Use</h1>
           <h2>1. Definitions</h2>
           <p>In addition to terms defined elsewhere in this
-                Agreement, the following terms have the following meanings:</p>
+            Agreement, the following terms have the following meanings:</p>
           <p>1.1 “Manager Account” or “Account”: The personal Account provided by Wikibase.cloud
-                to the User on the Platform after the User’s registration.</p>
+            to the User on the Platform after the User’s registration.</p>
           <p>1.2 “Content”: Any type of media (for example text, video files) uploaded to the
-                Platform by a User.</p>
+            Platform by a User.</p>
           <p>1.3 “User”: A natural person that registers for and
-                uses the Platform.</p>
+            uses the Platform.</p>
           <p>1.4 “Wikimedia”: Wikimedia Deutschland – Gesellschaft
             zur Förderung Freien Wissens e. V.</p>
           <p>1.5 “Wikibase Instance” or “Site”: an open knowledge base that can be
-                created and run by anyone on Wikibase.cloud.
-              </p>
+            created and run by anyone on Wikibase.cloud.
+          </p>
           <h2>2. Scope and Applicability</h2>
           <p>2.1 Wikimedia, Tempelhofer Ufer 23/24, 10963 Berlin, provides
             Wikibase.cloud (the „Platform“), a free cloud-based Platform that hosts
@@ -89,30 +89,30 @@
             any Content on their Wikibase Instance that infringes the intellectual
             property rights of third persons or that is otherwise unlawful.</p>
           <p>5.3 It is specifically prohibited to:</p>
-            <ul>
+          <ul>
             <li>Upload or distribute Content that is
-            insulting, abusive, offensive, racist, threatening, harmful to minors,
-            pornographic, violates personal rights, promotes violence or sedition,
-            incites criminal acts, provides instructions on how to commit criminal
-            acts, or provides services that involve pornographic and/or erotic
-            Content or any other illegal Content</li>
+              insulting, abusive, offensive, racist, threatening, harmful to minors,
+              pornographic, violates personal rights, promotes violence or sedition,
+              incites criminal acts, provides instructions on how to commit criminal
+              acts, or provides services that involve pornographic and/or erotic
+              Content or any other illegal Content</li>
 
             <li>Upload or distribute Content
-            that is copied as a whole or in part from another protected work or
-            material without the permission of the respective copyright owner;
-            *Upload or distribute Content that violates or infringes the rights of
-            third parties, in particular personal rights, copyrights or other
-            intellectual property rights or any other rights of third parties</li>
+              that is copied as a whole or in part from another protected work or
+              material without the permission of the respective copyright owner;
+              *Upload or distribute Content that violates or infringes the rights of
+              third parties, in particular personal rights, copyrights or other
+              intellectual property rights or any other rights of third parties</li>
 
             <li>Upload or distribute Content that contains personal, confidential or
-            non-public information</li>
+              non-public information</li>
             <li>Contact other users of the Platform in a
-            disrespectful and rude manner, as well as to buy or sell products or
-            services;</li>
+              disrespectful and rude manner, as well as to buy or sell products or
+              services;</li>
             <li>Provide false data or information, as well as false data or
-            information of third parties; or</li>
+              information of third parties; or</li>
             <li>Sell or otherwise transfer the User Account to another person.</li>
-            </ul>
+          </ul>
           <p>5.4 The User should be aware that the sites
             may be edited by the public and, as such, may contain inappropriate
             Content at any time.</p>
@@ -140,56 +140,58 @@
             section 6, the User may request a review using the complaint functions
             and Wikimedia will review and reconsider the decision. The following
             rules apply to complaints:</p>
-            <ul>
+          <ul>
             <li>The User may file a complaint against the
-            removal of the Content, the suspension or termination of the Account, or
-            the rejection of a report submitted by the User regarding Content that
-            the User considers to be illegal.</li>
-              <li>The User is not entitled to file a
-            complaint if the User has already been warned for improper use of
-            Wikimedia’s complaint system. This is the case, for example, if the User
-            repeatedly submits identical complaints without justification. <li>A
-            complaint must be made within six months of the date on which the User
-            was notified of our decision.</li>
-              <li>Wikimedia deals with complaints
-            promptly, carefully and without discrimination or arbitrariness. In
-            order to do this, Wikimedia needs all relevant information from the User
-            to understand the complaint. Complaints with offensive or inappropriate
-            language may result in the suspension of complaints after a warning.</li>
-              <li>Wikimedia shall promptly decide whether to reverse or uphold the
-            original action. The User will receive the reasoned decision promptly.</li>
-              <li>In considering the complaint, Wikimedia will take into account the
-            seriousness of the breach, the reason for the complaint, the frequency
-            and impact of the breaches and the intention behind the breach.</li>
-              <li>This section is without prejudice to the rights of EU users to take their
-            case to certified out-of-court complaint bodies. For more information,
-            <router-link to="/dsa-info">please click here</router-link>.</li>
-            </ul>
+              removal of the Content, the suspension or termination of the Account, or
+              the rejection of a report submitted by the User regarding Content that
+              the User considers to be illegal.</li>
+            <li>The User is not entitled to file a
+              complaint if the User has already been warned for improper use of
+              Wikimedia’s complaint system. This is the case, for example, if the User
+              repeatedly submits identical complaints without justification.
+            <li>A
+              complaint must be made within six months of the date on which the User
+              was notified of our decision.</li>
+            <li>Wikimedia deals with complaints
+              promptly, carefully and without discrimination or arbitrariness. In
+              order to do this, Wikimedia needs all relevant information from the User
+              to understand the complaint. Complaints with offensive or inappropriate
+              language may result in the suspension of complaints after a warning.</li>
+            <li>Wikimedia shall promptly decide whether to reverse or uphold the
+              original action. The User will receive the reasoned decision promptly.</li>
+            <li>In considering the complaint, Wikimedia will take into account the
+              seriousness of the breach, the reason for the complaint, the frequency
+              and impact of the breaches and the intention behind the breach.</li>
+            <li>This section is without prejudice to the rights of EU users to take their
+              case to certified out-of-court complaint bodies. For more information,
+              <router-link to="/dsa-info">please click here</router-link>.
+            </li>
+          </ul>
           <h2>7. Grant of rights of use</h2>
           <p>7.1 The User grants
             Wikimedia the rights of use to the uploaded Content for the purpose of
             Wikimedia’s provision of the Platform.</p>
           <p>7.2 Wikimedia reserves the right to close, move, merge, or rename a site
             for any reason. Wikimedia shall not be held liable for any modification,
-              suspension or discontinuance of any site, or of the Platform as a whole.</p>
+            suspension or discontinuance of any site, or of the Platform as a whole.</p>
           <h2>8. Term and Termination</h2>
           <p>8.1 The terms of this Agreement commence upon the
-              User’s registration.</p>
+            User’s registration.</p>
           <p>8.2 The User can delete their Account by contacting
             Wikimedia, for example, via https://www.wikibase.cloud/contact.</p>
           <p>8.3 Wikimedia can (i) terminate the contract, (ii) suspend single instances,
             (iii) permanently delete single instances, and/ or (iv) transfer
             ownership of single instances to another User at any time and without
-              cause, provided that two weeks’ notice is given.</p>
+            cause, provided that two weeks’ notice is given.</p>
           <p>8.4 The User can delete
             their Wikibase Instance at any time through the settings. All data and
             Content associated with this Wikibase Instance will be permanently
-              deleted after 30 days. The domain may not be available for reuse.</p>
+            deleted after 30 days. The domain may not be available for reuse.</p>
           <p>8.5 Wikimedia may terminate or suspend any use of the Platform and the
             User’s Account immediately, without notice or liability, if the User
             breaches any of the terms and conditions of the Terms of Use. Upon
             termination of the User’s Account, the User’s right to use the Platform
-              will immediately cease.</p>
+            will immediately cease.</p>
           <h2>9. Availability and Maintenance</h2>
           <p>9.1 Wikimedia shall implement appropriate measures to ensure the availability and
             error free functionality of the Platform. However, the User acknowledges
@@ -216,7 +218,7 @@
           <p>1.11 For comprehensive information on how Wikimedia
             collects, processes or uses personal data of the User, please refer to
             our <router-link to="/privacy-policy">Privacy
-          Policy</router-link>.</p>
+              Policy</router-link>.</p>
           <p>11.2 To the extent that the Content provided by the
             User or by contributors and users of the User’s Wikimedia Instance
             contains personal data of third parties, the User remains the controller
@@ -258,53 +260,53 @@
           <h3>SECTION I</h3>
           <h4>Clause 1</h4>
           <h4>Purpose and scope</h4>
-            <p>(a) The purpose of these Standard
+          <p>(a) The purpose of these Standard
             Contractual Clauses (the Clauses) is to ensure compliance with Article
             28(3) and (4) of Regulation (EU) 2016/679 of the European Parliament and
             of the Council of 27 April 2016 on the protection of natural persons
             with regard to the processing of personal data and on the free movement
             of such data, and repealing Directive 95/46/EC (General Data Protection
             Regulation).</p>
-            <p>(b) The controllers and processors listed in Annex I have
+          <p>(b) The controllers and processors listed in Annex I have
             agreed to these Clauses in order to ensure compliance with Article 28(3)
             and (4) of Regulation (EU) 2016/679 and/or Article 29(3) and (4) of
             Regulation (EU) 2018/1725.</p>
-            <p>(c) These Clauses apply to the processing of
+          <p>(c) These Clauses apply to the processing of
             personal data as specified in Annex II.</p>
-            <p>(d) Annexes I to IV are an
+          <p>(d) Annexes I to IV are an
             integral part of the Clauses.</p>
-            <p>(e) These Clauses are without prejudice to
+          <p>(e) These Clauses are without prejudice to
             obligations to which the controller is subject by virtue of Regulation
             (EU) 2016/679 and/or Regulation (EU) 2018/1725.</p>
-            <p>(f) These Clauses do not
+          <p>(f) These Clauses do not
             by themselves ensure compliance with obligations related to
             international transfers in accordance with Chapter V of Regulation (EU)
             2016/679 and/or Regulation (EU) 2018/1725.</p>
           <h4>Clause 2</h4>
           <h4>Invariability of the Clauses</h4>
-            <p>(a) The Parties undertake not to modify the Clauses, except for
+          <p>(a) The Parties undertake not to modify the Clauses, except for
             adding information to the Annexes or updating information in them.</p>
-            <p>(b)This does not prevent the Parties from including the standard
+          <p>(b)This does not prevent the Parties from including the standard
             contractual clauses laid down in these Clauses in a broader contract, or
             from adding other clauses or additional safeguards provided that they do
             not directly or indirectly contradict the Clauses or detract from the
-              fundamental rights or freedoms of data subjects.</p>
+            fundamental rights or freedoms of data subjects.</p>
           <h4>Clause 3</h4>
           <h4>Interpretation</h4>
-            <p>(a) Where these Clauses use the terms defined in Regulation (EU)
+          <p>(a) Where these Clauses use the terms defined in Regulation (EU)
             2016/679 or Regulation (EU) 2018/1725 respectively, those terms shall
             have the same meaning as in that Regulation.</p>
-            <p>(b) These Clauses shall be
+          <p>(b) These Clauses shall be
             read and interpreted in the light of the provisions of Regulation (EU)
             2016/679 or Regulation (EU) 2018/1725 respectively.</p>
-            <p>(c) These Clauses
+          <p>(c) These Clauses
             shall not be interpreted in a way that runs counter to the rights and
             obligations provided for in Regulation (EU) 2016/679 / Regulation (EU)
             2018/1725 or in a way that prejudices the fundamental rights or freedoms
-              of the data subjects.</p>
+            of the data subjects.</p>
           <h3>Clause 4</h3>
           <h4>Hierarchy</h4>
-            <p>In the event of a contradiction
+          <p>In the event of a contradiction
             between these Clauses and the provisions of related agreements between
             the Parties existing at the time when these Clauses are agreed or
             entered into thereafter, these Clauses shall prevail.</p>
@@ -312,13 +314,13 @@
           <h3>OBLIGATIONS OF THE PARTIES</h3>
           <h4>Clause 5</h4>
           <h4>Description of processing(s)</h4>
-            <p>The details of the processing operations, in particular the categories of
+          <p>The details of the processing operations, in particular the categories of
             personal data and the purposes of processing for which the personal data
             is processed on behalf of the controller, are specified in Annex II.</p>
           <h4>Clause 6</h4>
           <h4>Obligations of the Parties</h4>
           <h5>6.1. Instructions</h5>
-            <p>(a) The processor
+          <p>(a) The processor
             shall process personal data only on documented instructions from the
             controller, unless required to do so by Union or Member State law to
             which the processor is subject. In this case, the processor shall inform
@@ -326,20 +328,20 @@
             law prohibits this on important grounds of public interest. Subsequent
             instructions may also be given by the controller throughout the duration
             of the processing of personal data. These instructions shall always be
-              documented.</p>
-            <p>(b) The processor shall immediately inform the controller
+            documented.</p>
+          <p>(b) The processor shall immediately inform the controller
             if, in the processor’s opinion, instructions given by the controller
             infringe Regulation (EU) 2016/679 / Regulation (EU) 2018/1725 or the
-              applicable Union or Member State data protection provisions.</p>
+            applicable Union or Member State data protection provisions.</p>
           <h5>6.2. Purpose limitation</h5>
-            <p>The processor shall process the personal data only
+          <p>The processor shall process the personal data only
             for the specific purpose(s) of the processing, as set out in Annex II,
             unless it receives further instructions from the controller.</p>
           <h5>6.3. Duration of the processing of personal data</h5>
-            <p>Processing by the processor
-              shall only take place for the duration specified in Annex II.</p>
+          <p>Processing by the processor
+            shall only take place for the duration specified in Annex II.</p>
           <h5>6.4. Security of processing</h5>
-            <p>(a) The processor shall at least implement the
+          <p>(a) The processor shall at least implement the
             technical and organisational measures specified in Annex III to ensure
             the security of the personal data. This includes protecting the data
             against a breach of security leading to accidental or unlawful
@@ -348,7 +350,7 @@
             security, the Parties shall take due account of the state of the art,
             the costs of implementation, the nature, scope, context and purposes of
             processing and the risks involved for the data subjects.</p>
-            <p>(b) The
+          <p>(b) The
             processor shall grant access to the personal data undergoing processing
             to members of its personnel only to the extent strictly necessary for
             implementing, managing and monitoring of the contract. The processor
@@ -356,7 +358,7 @@
             received have committed themselves to confidentiality or are under an
             appropriate statutory obligation of confidentiality.</p>
           <h5>6.5. Sensitive data</h5>
-            <p>If the processing involves personal data revealing racial or ethnic
+          <p>If the processing involves personal data revealing racial or ethnic
             origin, political opinions, religious or philosophical beliefs, or trade
             union membership, genetic data or biometric data for the purpose of
             uniquely identifying a natural person, data concerning health or a
@@ -364,12 +366,12 @@
             convictions and offences (“sensitive data”), the processor shall apply
             specific restrictions and/or additional safeguards.</p>
           <h5>6.6. Documentation and compliance</h5>
-             <p>(a) The Parties shall be able to demonstrate compliance
+          <p>(a) The Parties shall be able to demonstrate compliance
             with these Clauses.</p>
-            <p>(b) The processor shall deal promptly and adequately
+          <p>(b) The processor shall deal promptly and adequately
             with inquiries from the controller about the processing of data in
             accordance with these Clauses.</p>
-            <p>(c) The processor shall make available to
+          <p>(c) The processor shall make available to
             the controller all information necessary to demonstrate compliance with
             the obligations that are set out in these Clauses and stem directly from
             Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. At the
@@ -378,16 +380,16 @@
             reasonable intervals or if there are indications of non-compliance. In
             deciding on a review or an audit, the controller may take into account
             relevant certifications held by the processor.</p>
-            <p>(d) The controller may
+          <p>(d) The controller may
             choose to conduct the audit by itself or mandate an independent auditor.
             Audits may also include inspections at the premises or physical
             facilities of the processor and shall, where appropriate, be carried out
             with reasonable notice.</p>
-            <p>(e) The Parties shall make the information
+          <p>(e) The Parties shall make the information
             referred to in this Clause, including the results of any audits,
             available to the competent supervisory authority/ies on request.</p>
           <h5>6.7. Use of sub-processors</h5>
-            <p>(a) GENERAL WRITTEN AUTHORISATION: The processor
+          <p>(a) GENERAL WRITTEN AUTHORISATION: The processor
             has the controller’s general authorisation for the engagement of
             sub-processors from an agreed list. The processor shall specifically
             inform in writing the controller of any intended changes of that list
@@ -397,7 +399,7 @@
             sub-processor(s). The processor shall provide the controller with the
             information necessary to enable the controller to exercise the right to
             object.</p>
-            <p>(b) Where the processor engages a sub-processor for carrying out
+          <p>(b) Where the processor engages a sub-processor for carrying out
             specific processing activities (on behalf of the controller), it shall
             do so by way of a contract which imposes on the sub-processor, in
             substance, the same data protection obligations as the ones imposed on
@@ -405,30 +407,30 @@
             ensure that the sub-processor complies with the obligations to which the
             processor is subject pursuant to these Clauses and to Regulation (EU)
             2016/679 and/or Regulation (EU) 2018/1725.</p>
-            <p>(c) At the controller’s
+          <p>(c) At the controller’s
             request, the processor shall provide a copy of such a sub-processor
             agreement and any subsequent amendments to the controller. To the extent
             necessary to protect business secret or other confidential information,
             including personal data, the processor may redact the text of the
             agreement prior to sharing the copy.</p>
-            <p>(d) The processor shall remain
+          <p>(d) The processor shall remain
             fully responsible to the controller for the performance of the
             sub-processor’s obligations in accordance with its contract with the
             processor. The processor shall notify the controller of any failure by
             the sub-processor to fulfil its contractual obligations.</p>
-            <p>(e) The processor shall agree a third party beneficiary clause with the
+          <p>(e) The processor shall agree a third party beneficiary clause with the
             sub-processor whereby - in the event the processor has factually
             disappeared, ceased to exist in law or has become insolvent - the
             controller shall have the right to terminate the sub-processor contract
             and to instruct the sub-processor to erase or return the personal data.</p>
-            <h5>6.8. International transfers</h5>
-            <p>(a) Any transfer of data to a third country
+          <h5>6.8. International transfers</h5>
+          <p>(a) Any transfer of data to a third country
             or an international organisation by the processor shall be done only on
             the basis of documented instructions from the controller or in order to
             fulfil a specific requirement under Union or Member State law to which
             the processor is subject and shall take place in compliance with Chapter
             V of Regulation (EU) 2016/679 or Regulation (EU) 2018/1725.</p>
-            <p>(b) The
+          <p>(b) The
             controller agrees that where the processor engages a sub-processor in
             accordance with Clause 7.7. for carrying out specific processing
             activities (on behalf of the controller) and those processing activities
@@ -440,99 +442,103 @@
             the use of those standard contractual clauses are met.</p>
           <h4>Clause 7</h4>
           <h4>Assistance to the controller</h4>
-            <p>(a) The processor shall promptly notify the
+          <p>(a) The processor shall promptly notify the
             controller of any request it has received from the data subject. It
             shall not respond to the request itself, unless authorised to do so by
             the controller.</p>
-            <p>(b) The processor shall assist the controller in
+          <p>(b) The processor shall assist the controller in
             fulfilling its obligations to respond to data subjects’ requests to
             exercise their rights, taking into account the nature of the processing.
             In fulfilling its obligations in accordance with (a) and (b), the
             processor shall comply with the controller’s instructions</p>
-            <p>(c) In
+          <p>(c) In
             addition to the processor’s obligation to assist the controller pursuant
             to Clause 8(b), the processor shall furthermore assist the controller in
             ensuring compliance with the following obligations, taking into account
             the nature of the data processing and the information available to the
-              processor:</p>
-              <div class="pl-8">
-                <p>(1) the obligation to carry out an assessment of the impact
-                  of the envisaged processing operations on the protection of personal
-                  data (a ‘data protection impact assessment’) where a type of processing
-                  is likely to result in a high risk to the rights and freedoms of natural
-                  persons;</p>
-                <p>(2) the obligation to consult the competent supervisory
-                  authority/ies prior to processing where a data protection impact
-                  assessment indicates that the processing would result in a high risk in
-                  the absence of measures taken by the controller to mitigate the risk;</p>
-                <p>(3) the obligation to ensure that personal data is accurate and up to
-                  date, by informing the controller without delay if the processor becomes
-                  aware that the personal data it is processing is inaccurate or has
-                  become outdated;</p>
-                <p>(4) the obligations in Article 32 of Regulation (EU)
-                  2016/679.</p>
-              </div>
-            <p>(d) The Parties shall set out in Annex III the appropriate technical and organisational measures by which the processor is required to assist the controller in the application of this Clause as well as the scope and the extent of the assistance required.</p>
+            processor:</p>
+          <div class="pl-8">
+            <p>(1) the obligation to carry out an assessment of the impact
+              of the envisaged processing operations on the protection of personal
+              data (a ‘data protection impact assessment’) where a type of processing
+              is likely to result in a high risk to the rights and freedoms of natural
+              persons;</p>
+            <p>(2) the obligation to consult the competent supervisory
+              authority/ies prior to processing where a data protection impact
+              assessment indicates that the processing would result in a high risk in
+              the absence of measures taken by the controller to mitigate the risk;</p>
+            <p>(3) the obligation to ensure that personal data is accurate and up to
+              date, by informing the controller without delay if the processor becomes
+              aware that the personal data it is processing is inaccurate or has
+              become outdated;</p>
+            <p>(4) the obligations in Article 32 of Regulation (EU)
+              2016/679.</p>
+          </div>
+          <p>(d) The Parties shall set out in Annex III the appropriate technical and organisational measures by which
+            the processor is required to assist the controller in the application of this Clause as well as the scope
+            and the extent of the assistance required.</p>
           <h4>Clause 8</h4>
           <h4>Notification of personal data breach</h4>
-            <p>In the event of a personal data
+          <p>In the event of a personal data
             breach, the processor shall cooperate with and assist the controller for
             the controller to comply with its obligations under Articles 33 and 34
             of Regulation (EU) 2016/679 or under Articles 34 and 35 of Regulation
             (EU) 2018/1725, where applicable, taking into account the nature of
-              processing and the information available to the processor.</p>
+            processing and the information available to the processor.</p>
           <h5>8.1 Data breach concerning data processed by the controller</h5>
-             <p>In the event of a
+          <p>In the event of a
             personal data breach concerning data processed by the controller, the
             processor shall assist the controller:</p>
-            <p>(a) in notifying the personal
+          <p>(a) in notifying the personal
             data breach to the competent supervisory authority/ies, without undue
             delay after the controller has become aware of it, where
             relevant/(unless the personal data breach is unlikely to result in a
             risk to the rights and freedoms of natural persons);</p>
-            <p>(b) in obtaining
+          <p>(b) in obtaining
             the following information which, pursuant to Article 33(3) of Regulation
             (EU) 2016/679, shall be stated in the controller’s notification, and
-              must at least include:</p>
-            <div class="pl-8">
-              <p>(1) the nature of the personal data including
+            must at least include:</p>
+          <div class="pl-8">
+            <p>(1) the nature of the personal data including
               where possible, the categories and approximate number of data subjects
               concerned and the categories and approximate number of personal data
-                records concerned;</p>
-              <p>(2) the likely consequences of the personal data
-                breach;</p>
-              <p>(3) the measures taken or proposed to be taken by the controller
+              records concerned;</p>
+            <p>(2) the likely consequences of the personal data
+              breach;</p>
+            <p>(3) the measures taken or proposed to be taken by the controller
               to address the personal data breach, including, where appropriate,
-                measures to mitigate its possible adverse effects.</p>
-            </div>
-            <p>Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.</p>
-            <p>(c) in complying, pursuant to Article 34 of Regulation (EU) 2016/679,
-              with the obligation to communicate without undue delay the personal data
-              breach to the data subject, when the personal data breach is likely to
-              result in a high risk to the rights and freedoms of natural persons.</p>
+              measures to mitigate its possible adverse effects.</p>
+          </div>
+          <p>Where, and insofar as, it is not possible to provide all this information at the same time, the initial
+            notification shall contain the information then available and further information shall, as it becomes
+            available, subsequently be provided without undue delay.</p>
+          <p>(c) in complying, pursuant to Article 34 of Regulation (EU) 2016/679,
+            with the obligation to communicate without undue delay the personal data
+            breach to the data subject, when the personal data breach is likely to
+            result in a high risk to the rights and freedoms of natural persons.</p>
           <h5>8.2 Data breach concerning data processed by the processor</h5>
-               <p>In the event of a
-              personal data breach concerning data processed by the processor, the
-              processor shall notify the controller without undue delay after the
-              processor having become aware of the breach. Such notification shall
-              contain, at least:</p>
-            <p>(a) a description of the nature of the breach (including, where
-              possible, the categories and approximate number of data subjects and
-              data records concerned);</p>
-            <p>(b)the details of a contact point where more information concerning the
-                  personal data breach can be obtained;</p>
-            <p>(c)its likely consequences and the measures taken or proposed to be
-                  taken to address the breach, including to mitigate its possible adverse
-                  effects.</p>
-            <p>Where, and insofar as, it is not possible to provide all this
-                  information at the same time, the initial notification shall contain the
-                  information then available and further information shall, as it becomes
-                  available, subsequently be provided without undue delay.</p>
-            <p>The Parties
-                  shall set out in Annex III all other elements to be provided by the
-                  processor when assisting the controller in the compliance with the
-                  controller’s obligations under Articles 33 and 34 of Regulation (EU)
-                  2016/679.</p>
+          <p>In the event of a
+            personal data breach concerning data processed by the processor, the
+            processor shall notify the controller without undue delay after the
+            processor having become aware of the breach. Such notification shall
+            contain, at least:</p>
+          <p>(a) a description of the nature of the breach (including, where
+            possible, the categories and approximate number of data subjects and
+            data records concerned);</p>
+          <p>(b)the details of a contact point where more information concerning the
+            personal data breach can be obtained;</p>
+          <p>(c)its likely consequences and the measures taken or proposed to be
+            taken to address the breach, including to mitigate its possible adverse
+            effects.</p>
+          <p>Where, and insofar as, it is not possible to provide all this
+            information at the same time, the initial notification shall contain the
+            information then available and further information shall, as it becomes
+            available, subsequently be provided without undue delay.</p>
+          <p>The Parties
+            shall set out in Annex III all other elements to be provided by the
+            processor when assisting the controller in the compliance with the
+            controller’s obligations under Articles 33 and 34 of Regulation (EU)
+            2016/679.</p>
           <h3>SECTION III</h3>
           <h3> FINAL PROVISIONS</h3>
           <h4>Clause 9</h4>
@@ -548,43 +554,51 @@
           <p>(b) The controller shall be entitled to terminate the
             contract insofar as it concerns processing of personal data in
             accordance with these Clauses if:</p>
-            <div class="pl-8">
-              <p>(1) the processing of personal data by
+          <div class="pl-8">
+            <p>(1) the processing of personal data by
               the processor has been suspended by the controller pursuant to point (a)
               and if compliance with these Clauses is not restored within a reasonable
               time and in any event within one month following suspension;</p>
-              <p>(2) the
+            <p>(2) the
               processor is in substantial or persistent breach of these Clauses or its
               obligations under Regulation (EU) 2016/679 and/or Regulation (EU)
-                2018/1725;</p>
-              <p>(3) the processor fails to comply with a binding decision of
+              2018/1725;</p>
+            <p>(3) the processor fails to comply with a binding decision of
               a competent court or the competent supervisory authority/ies regarding
               its obligations pursuant to these Clauses or to Regulation (EU) 2016/679
-                and/or Regulation (EU) 2018/1725.</p>
-            </div>
-          <p>(c) The processor shall be entitled to terminate the contract insofar as it concerns processing of personal data under these Clauses where, after having informed the controller that its instructions infringe applicable legal requirements in accordance with Clause 7.1 (b), the controller insists on compliance with the instructions.</p>
-          <p>(d) Following termination of the contract, the processor shall, at the choice of the controller, delete all personal data processed on behalf of the controller and certify to the controller that it has done so, or, return all the personal data to the controller and delete existing copies unless Union or Member State law requires storage of the personal data. Until the data is deleted or returned, the processor shall continue to ensure compliance with these Clauses.</p>
+              and/or Regulation (EU) 2018/1725.</p>
+          </div>
+          <p>(c) The processor shall be entitled to terminate the contract insofar as it concerns processing of personal
+            data under these Clauses where, after having informed the controller that its instructions infringe
+            applicable legal requirements in accordance with Clause 7.1 (b), the controller insists on compliance with
+            the instructions.</p>
+          <p>(d) Following termination of the contract, the processor shall, at the choice of the controller, delete all
+            personal data processed on behalf of the controller and certify to the controller that it has done so, or,
+            return all the personal data to the controller and delete existing copies unless Union or Member State law
+            requires storage of the personal data. Until the data is deleted or returned, the processor shall continue
+            to ensure compliance with these Clauses.</p>
           <h4>ANNEX I</h4>
           <h5>List of parties</h5>
           <p></p><b>Controller(s):</b> [Identity and contact details
-            of the controller(s), and, where applicable, of the controller’s data
-            protection officer]<p/>
-            <p>The User as specified in the Terms of Use.</p>
-            <p><b>Processor(s):</b>
+          of the controller(s), and, where applicable, of the controller’s data
+          protection officer]
+          <p />
+          <p>The User as specified in the Terms of Use.</p>
+          <p><b>Processor(s):</b>
             [Identity and contact details of the processor(s) and,
             where applicable, of the processor’s data protection officer]</p>
-            <p>Wikimedia
+          <p>Wikimedia
             Deutschland e. V., Tempelhofer Ufer 23-24, 10369 Berlin</p>
           <h4>ANNEX II</h4>
           <h5>Description of the processing</h5>
           <i>Categories of data subjects
             whose personal data is processed</i>
           <li class="pl-8"> Any categories of data subjects
-          contained in the data uploaded by the User</li>.
+            contained in the data uploaded by the User</li>.
           <i>Categories of personal data
             processed</i>
           <li class="pl-8">Any categories of personal data contained in the data
-          uploaded by the User.</li>
+            uploaded by the User.</li>
           <i>Sensitive data processed (if applicable) and
             applied restrictions or safeguards that fully take into consideration
             the nature of the data and the risks involved, such as for instance
@@ -598,7 +612,7 @@
             in the User’s responsibility to ensure that the safeguards are
             sufficient to process the specific categories of personal data.</li>
           <i>Nature of the processing</i>
-          <li class="pl-8" >Any processing necessary to fulfil the contractual
+          <li class="pl-8">Any processing necessary to fulfil the contractual
             purposes. Especially collection, storage, disclosure and dissemination
             and making publicly available as well as anonymization and/or deletion.</li>
           <i>Purpose(s) for which the personal data is processed on behalf of the
@@ -611,7 +625,7 @@
           <i>Duration of the processing</i>
           <li class="pl-8">The rules of the Agreement regarding the
             Term and Termination apply.</li>
-            <i>For processing by (sub-) processors, also specify subject matter, nature
+          <i>For processing by (sub-) processors, also specify subject matter, nature
             and duration of the processing</i>
           <h4>ANNEX III</h4>
           <b>Technical and organisational measures including technical
@@ -632,8 +646,8 @@
             contact details: Please contact Wikimedia for the contact information
             Description of the processing (including a clear delimitation of
             responsibilities in case several sub-processors are authorised): Hosting
-              of the Wikibase.cloud service</p>
-              <li><b>2. Name: Mailgun Technologies, Inc</b></li>
+            of the Wikibase.cloud service</p>
+            <li><b>2. Name: Mailgun Technologies, Inc</b></li>
             Address: 112 E Pecan St #1135, San Antonio, TX 78205 Contact person’s
             name, position and contact details: Please contact Wikimedia for the
             contact information Description of the processing : Email service
@@ -644,43 +658,81 @@
           <h3>SECTION I</h3>
           <h4>Clause 1</h4>
           <h4>Purpose and scope</h4>
-          <p>(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)[1] for the transfer of personal data to a third country.</p>
+          <p>(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of
+            Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
+            natural persons with regard to the processing of personal data and on the free movement of such data
+            (General Data Protection Regulation)[1] for the transfer of personal data to a third country.</p>
           <p>(b) The Parties:</p>
           <div class="pl-8">
-            <p>(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”),</p>
+            <p>(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter
+              “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”),
+            </p>
             <p>and</p>
-            <p>(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)</p>
+            <p>(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or
+              indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data
+              importer”)</p>
             <p>have agreed to these standard contractual clauses (hereinafter: “Clauses”).</p>
             <p>(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.</p>
-            <p>(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.</p>
+            <p>(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of
+              these Clauses.</p>
           </div>
           <p>Clause 2 Effect and invariability of the Clauses</p>
           <ol type="a">
-            <li><pre><code>   These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.</code></pre></li>
-            <li><pre><code>   These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.</code></pre></li>
+            <li>
+              <pre><code>   These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.</code></pre>
+            </li>
+            <li>
+              <pre><code>   These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.</code></pre>
+            </li>
           </ol>
           <p>Clause 3 Third-party beneficiaries</p>
           <ol type="a">
-            <li><pre><code>   Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:</code></pre></li>
-            <li><pre><code>   Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;</code></pre></li>
+            <li>
+              <pre><code>   Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:</code></pre>
+            </li>
+            <li>
+              <pre><code>   Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;</code></pre>
+            </li>
           </ol>
           <ol start="2" type="i">
-            <li><pre><code>   Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);</code></pre></li>
-            <li><pre><code>   Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);</code></pre></li>
-            <li><pre><code>   Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);</code></pre></li>
-            <li><pre><code>   Clause 13;</code></pre></li>
-            <li><pre><code>   Clause 15.1(c), (d) and (e);</code></pre></li>
-            <li><pre><code>   Clause 16(e);</code></pre></li>
-            <li><pre><code>   Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.</code></pre></li>
+            <li>
+              <pre><code>   Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);</code></pre>
+            </li>
+            <li>
+              <pre><code>   Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);</code></pre>
+            </li>
+            <li>
+              <pre><code>   Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);</code></pre>
+            </li>
+            <li>
+              <pre><code>   Clause 13;</code></pre>
+            </li>
+            <li>
+              <pre><code>   Clause 15.1(c), (d) and (e);</code></pre>
+            </li>
+            <li>
+              <pre><code>   Clause 16(e);</code></pre>
+            </li>
+            <li>
+              <pre><code>   Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.</code></pre>
+            </li>
           </ol>
           <ol start="2" type="a">
-            <li><pre><code>   Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.</code></pre></li>
+            <li>
+              <pre><code>   Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.</code></pre>
+            </li>
           </ol>
           <p>Clause 4 Interpretation</p>
           <ol type="a">
-            <li><pre><code>   Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.</code></pre></li>
-            <li><pre><code>   These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.</code></pre></li>
-            <li><pre><code>   These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.</code></pre></li>
+            <li>
+              <pre><code>   Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.</code></pre>
+            </li>
+            <li>
+              <pre><code>   These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.</code></pre>
+            </li>
+            <li>
+              <pre><code>   These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.</code></pre>
+            </li>
           </ol>
           <p>Clause 5 Hierarchy</p>
           <p>In the event of a contradiction between these Clauses and the
@@ -693,9 +745,15 @@
             transferred, are specified in Annex I.B.</p>
           <p>Clause 7 - Optional Docking clause</p>
           <ol type="a">
-            <li><pre><code>   An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A. </code></pre></li>
-            <li><pre><code>   Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.</code></pre></li>
-            <li><pre><code>   The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.</code></pre></li>
+            <li>
+              <pre><code>   An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A. </code></pre>
+            </li>
+            <li>
+              <pre><code>   Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.</code></pre>
+            </li>
           </ol>
           <p>SECTION II – OBLIGATIONS OF THE PARTIES Clause 8 Data protection
             safeguards</p>
@@ -705,21 +763,39 @@
             obligations under these Clauses.</p>
           <p>8.1 Instructions</p>
           <ol type="a">
-            <li><pre><code>   The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.</code></pre></li>
-            <li><pre><code>   The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.</code></pre></li>
-            <li><pre><code>   The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.</code></pre></li>
-            <li><pre><code>   After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.</code></pre></li>
+            <li>
+              <pre><code>   The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.</code></pre>
+            </li>
+            <li>
+              <pre><code>   After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.</code></pre>
+            </li>
           </ol>
           <p>8.2 Security of processing</p>
           <ol type="a">
-            <li><pre><code>   The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data[2], the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.</code></pre></li>
-            <li><pre><code>   The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.</code></pre></li>
-            <li><pre><code>   The data exporter shall ensure that persons authorised to process the personal data   have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.</code></pre></li>
+            <li>
+              <pre><code>   The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data[2], the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The data exporter shall ensure that persons authorised to process the personal data   have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.</code></pre>
+            </li>
           </ol>
           <p>8.3 Documentation and compliance</p>
           <ol type="a">
-            <li><pre><code>   The Parties shall be able to demonstrate compliance with these Clauses.</code></pre></li>
-            <li><pre><code>   The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.</code></pre></li>
+            <li>
+              <pre><code>   The Parties shall be able to demonstrate compliance with these Clauses.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.</code></pre>
+            </li>
           </ol>
           <p>Clause 9 [not applicable] Use of sub-processors</p>
           <p>Clause 10 Data subject rights</p>
@@ -729,15 +805,27 @@
             under Regulation (EU) 2016/679.</p>
           <p>Clause 11 Redress</p>
           <ol type="a">
-            <li><pre><code>   The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.</code></pre></li>
+            <li>
+              <pre><code>   The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.</code></pre>
+            </li>
           </ol>
           <p>Clause 12 Liability</p>
           <ol type="a">
-            <li><pre><code>   Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.</code></pre></li>
-            <li><pre><code>   Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.</code></pre></li>
-            <li><pre><code>   Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.</code></pre></li>
-            <li><pre><code>   The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.</code></pre></li>
-            <li><pre><code>   The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.</code></pre></li>
+            <li>
+              <pre><code>   Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.</code></pre>
+            </li>
+            <li>
+              <pre><code>   Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.</code></pre>
+            </li>
+            <li>
+              <pre><code>   Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.</code></pre>
+            </li>
+            <li>
+              <pre><code>   The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.</code></pre>
+            </li>
           </ol>
           <p>Clause 13 [not applicable] Supervision</p>
           <p>SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC
@@ -747,23 +835,39 @@
           <p>SECTION IV – FINAL PROVISIONS</p>
           <p>Clause 16 Non-compliance with the Clauses and termination</p>
           <ol type="a">
-            <li><pre><code>   The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.</code></pre></li>
-            <li><pre><code>   In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).</code></pre></li>
-            <li><pre><code>   The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:</code></pre></li>
-            <li><pre><code>   the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;</code></pre></li>
+            <li>
+              <pre><code>   The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.</code></pre>
+            </li>
+            <li>
+              <pre><code>   In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).</code></pre>
+            </li>
+            <li>
+              <pre><code>   The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:</code></pre>
+            </li>
+            <li>
+              <pre><code>   the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;</code></pre>
+            </li>
           </ol>
           <ol start="2" type="i">
-            <li><pre><code>   the data importer is in substantial or persistent breach of these Clauses; or</code></pre></li>
-            <li><pre><code>   the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.</code></pre>
+            <li>
+              <pre><code>   the data importer is in substantial or persistent breach of these Clauses; or</code></pre>
+            </li>
+            <li>
+              <pre><code>   the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.</code></pre>
               In these cases, it shall inform the competent supervisory authority of
               such non-compliance. Where the contract involves more than two Parties,
               the data exporter may exercise this right to termination only with
               respect to the relevant Party, unless the Parties have agreed
-              otherwise.</li>
-            <li><pre><code>   Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.</code></pre></li>
+              otherwise.
+            </li>
+            <li>
+              <pre><code>   Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.</code></pre>
+            </li>
           </ol>
           <ol start="5" type="a">
-            <li><pre><code>   Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.</code></pre></li>
+            <li>
+              <pre><code>   Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.</code></pre>
+            </li>
           </ol>
           <p>Clause 17 Governing law</p>
           <p>These Clauses shall be governed by the law of a country allowing for

From 1f3d65b43c17bf6e70556d2e953020c8fc9325db Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 12:29:48 +0200
Subject: [PATCH 04/18] close li

---
 src/components/Pages/TermsOfUseUpcoming.vue | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index 23a6a0ce..36f502f9 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -89,6 +89,7 @@
             any Content on their Wikibase Instance that infringes the intellectual
             property rights of third persons or that is otherwise unlawful.</p>
           <p>5.3 It is specifically prohibited to:</p>
+
           <ul>
             <li>Upload or distribute Content that is
               insulting, abusive, offensive, racist, threatening, harmful to minors,
@@ -113,9 +114,11 @@
               information of third parties; or</li>
             <li>Sell or otherwise transfer the User Account to another person.</li>
           </ul>
+
           <p>5.4 The User should be aware that the sites
             may be edited by the public and, as such, may contain inappropriate
             Content at any time.</p>
+
           <h2>6. Moderation of Content</h2>
           <p>6.1 Wikimedia does not
             monitor Content on the Platform, but reserves the right to conduct
@@ -148,7 +151,7 @@
             <li>The User is not entitled to file a
               complaint if the User has already been warned for improper use of
               Wikimedia’s complaint system. This is the case, for example, if the User
-              repeatedly submits identical complaints without justification.
+              repeatedly submits identical complaints without justification.</li>
             <li>A
               complaint must be made within six months of the date on which the User
               was notified of our decision.</li>

From 75e3b2d0e4764b994929da15a21ebf5570f59780 Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 13:39:46 +0200
Subject: [PATCH 05/18] headlines and dividers

---
 src/components/Pages/TermsOfUseUpcoming.vue | 196 +++++++++++++-------
 1 file changed, 126 insertions(+), 70 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index 36f502f9..276bc76f 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -170,6 +170,7 @@
               <router-link to="/dsa-info">please click here</router-link>.
             </li>
           </ul>
+
           <h2>7. Grant of rights of use</h2>
           <p>7.1 The User grants
             Wikimedia the rights of use to the uploaded Content for the purpose of
@@ -177,6 +178,7 @@
           <p>7.2 Wikimedia reserves the right to close, move, merge, or rename a site
             for any reason. Wikimedia shall not be held liable for any modification,
             suspension or discontinuance of any site, or of the Platform as a whole.</p>
+
           <h2>8. Term and Termination</h2>
           <p>8.1 The terms of this Agreement commence upon the
             User’s registration.</p>
@@ -195,7 +197,8 @@
             breaches any of the terms and conditions of the Terms of Use. Upon
             termination of the User’s Account, the User’s right to use the Platform
             will immediately cease.</p>
-          <h2>9. Availability and Maintenance</h2>
+
+            <h2>9. Availability and Maintenance</h2>
           <p>9.1 Wikimedia shall implement appropriate measures to ensure the availability and
             error free functionality of the Platform. However, the User acknowledges
             that for technical reasons and due to the dependence on external
@@ -206,7 +209,8 @@
             may result in a temporary impairment of the usability of the Platform.
             Insofar Wikimedia shall carry out the maintenance work during periods of
             low use.</p>
-          <h2>10. Liability</h2>
+
+            <h2>10. Liability</h2>
           <p>10.1 Wikimedia provides a free service that allows
             the User to create their own Wikibase Instance. Wikimedia assumes no
             responsibility for any material posted by the User. However, in
@@ -217,6 +221,7 @@
           <p>10.3 The User agrees to indemnify
             and hold harmless Wikimedia from any claims by third parties arising
             from Content they publish or actions they take while using our Platform.</p>
+
           <h2>11. Data Protection</h2>
           <p>1.11 For comprehensive information on how Wikimedia
             collects, processes or uses personal data of the User, please refer to
@@ -239,6 +244,7 @@
             Appendix 2 (the “International Standard Contractual Clauses”) in form of
             Module 4 (Processor to Controller). The Annexes I, II, III and IV of
             Appendix 1 apply accordingly.</p>
+
           <h2>12. Miscellaneous</h2>
           <p>12.1 This Agreement is
             governed by, and shall be interpreted in accordance with, the laws of,
@@ -258,11 +264,14 @@
             enforceable provision that comes as close as possible to the economic
             purpose that both parties had in mind with the invalid or unenforceable
             provision.</p>
+
+          <v-divider class="my-8" />
+
           <h2>Appendix 1: Standard contractual clauses (Commission Implementing
             Decision (EU) 2021/915 of 4 June 2021)</h2>
           <h3>SECTION I</h3>
-          <h4>Clause 1</h4>
-          <h4>Purpose and scope</h4>
+
+          <h4>Clause 1 &mdash; Purpose and scope</h4>
           <p>(a) The purpose of these Standard
             Contractual Clauses (the Clauses) is to ensure compliance with Article
             28(3) and (4) of Regulation (EU) 2016/679 of the European Parliament and
@@ -285,8 +294,9 @@
             by themselves ensure compliance with obligations related to
             international transfers in accordance with Chapter V of Regulation (EU)
             2016/679 and/or Regulation (EU) 2018/1725.</p>
-          <h4>Clause 2</h4>
-          <h4>Invariability of the Clauses</h4>
+
+          <h4>Clause 2 &mdash; Invariability of the Clauses
+          </h4>
           <p>(a) The Parties undertake not to modify the Clauses, except for
             adding information to the Annexes or updating information in them.</p>
           <p>(b)This does not prevent the Parties from including the standard
@@ -294,8 +304,8 @@
             from adding other clauses or additional safeguards provided that they do
             not directly or indirectly contradict the Clauses or detract from the
             fundamental rights or freedoms of data subjects.</p>
-          <h4>Clause 3</h4>
-          <h4>Interpretation</h4>
+
+          <h4>Clause 3 &mdash; Interpretation</h4>
           <p>(a) Where these Clauses use the terms defined in Regulation (EU)
             2016/679 or Regulation (EU) 2018/1725 respectively, those terms shall
             have the same meaning as in that Regulation.</p>
@@ -307,21 +317,22 @@
             obligations provided for in Regulation (EU) 2016/679 / Regulation (EU)
             2018/1725 or in a way that prejudices the fundamental rights or freedoms
             of the data subjects.</p>
-          <h3>Clause 4</h3>
-          <h4>Hierarchy</h4>
+
+          <h4>Clause 4 &mdash; Hierarchy</h4>
           <p>In the event of a contradiction
             between these Clauses and the provisions of related agreements between
             the Parties existing at the time when these Clauses are agreed or
             entered into thereafter, these Clauses shall prevail.</p>
-          <h3>SECTION II</h3>
-          <h3>OBLIGATIONS OF THE PARTIES</h3>
-          <h4>Clause 5</h4>
-          <h4>Description of processing(s)</h4>
+
+
+          <h3>SECTION II &mdash; OBLIGATIONS OF THE PARTIES</h3>
+
+          <h4>Clause 5 &mdash; Description of processing(s)</h4>
           <p>The details of the processing operations, in particular the categories of
             personal data and the purposes of processing for which the personal data
             is processed on behalf of the controller, are specified in Annex II.</p>
-          <h4>Clause 6</h4>
-          <h4>Obligations of the Parties</h4>
+
+          <h4>Clause 6 &mdash; Obligations of the Parties</h4>
           <h5>6.1. Instructions</h5>
           <p>(a) The processor
             shall process personal data only on documented instructions from the
@@ -433,8 +444,7 @@
             fulfil a specific requirement under Union or Member State law to which
             the processor is subject and shall take place in compliance with Chapter
             V of Regulation (EU) 2016/679 or Regulation (EU) 2018/1725.</p>
-          <p>(b) The
-            controller agrees that where the processor engages a sub-processor in
+          <p>(b) The controller agrees that where the processor engages a sub-processor in
             accordance with Clause 7.7. for carrying out specific processing
             activities (on behalf of the controller) and those processing activities
             involve a transfer of personal data within the meaning of Chapter V of
@@ -443,6 +453,7 @@
             contractual clauses adopted by the Commission in accordance with of
             Article 46(2) of Regulation (EU) 2016/679, provided the conditions for
             the use of those standard contractual clauses are met.</p>
+
           <h4>Clause 7</h4>
           <h4>Assistance to the controller</h4>
           <p>(a) The processor shall promptly notify the
@@ -454,8 +465,7 @@
             exercise their rights, taking into account the nature of the processing.
             In fulfilling its obligations in accordance with (a) and (b), the
             processor shall comply with the controller’s instructions</p>
-          <p>(c) In
-            addition to the processor’s obligation to assist the controller pursuant
+          <p>(c) In addition to the processor’s obligation to assist the controller pursuant
             to Clause 8(b), the processor shall furthermore assist the controller in
             ensuring compliance with the following obligations, taking into account
             the nature of the data processing and the information available to the
@@ -480,8 +490,7 @@
           <p>(d) The Parties shall set out in Annex III the appropriate technical and organisational measures by which
             the processor is required to assist the controller in the application of this Clause as well as the scope
             and the extent of the assistance required.</p>
-          <h4>Clause 8</h4>
-          <h4>Notification of personal data breach</h4>
+          <h4>Clause 8 &mdash; Notification of personal data breach</h4>
           <p>In the event of a personal data
             breach, the processor shall cooperate with and assist the controller for
             the controller to comply with its obligations under Articles 33 and 34
@@ -519,7 +528,8 @@
             with the obligation to communicate without undue delay the personal data
             breach to the data subject, when the personal data breach is likely to
             result in a high risk to the rights and freedoms of natural persons.</p>
-          <h5>8.2 Data breach concerning data processed by the processor</h5>
+
+            <h5>8.2 Data breach concerning data processed by the processor</h5>
           <p>In the event of a
             personal data breach concerning data processed by the processor, the
             processor shall notify the controller without undue delay after the
@@ -530,7 +540,7 @@
             data records concerned);</p>
           <p>(b)the details of a contact point where more information concerning the
             personal data breach can be obtained;</p>
-          <p>(c)its likely consequences and the measures taken or proposed to be
+          <p>(c) its likely consequences and the measures taken or proposed to be
             taken to address the breach, including to mitigate its possible adverse
             effects.</p>
           <p>Where, and insofar as, it is not possible to provide all this
@@ -542,10 +552,14 @@
             processor when assisting the controller in the compliance with the
             controller’s obligations under Articles 33 and 34 of Regulation (EU)
             2016/679.</p>
-          <h3>SECTION III</h3>
-          <h3> FINAL PROVISIONS</h3>
-          <h4>Clause 9</h4>
-          <h4>Non-compliance with the Clauses and termination</h4>
+
+          <h3>
+            SECTION III  &mdash; FINAL PROVISIONS
+          </h3>
+
+          <h4>
+            Clause 9 &mdash; Non-compliance with the Clauses and termination
+          </h4>
           <p>(a) Without prejudice to any provisions of Regulation
             (EU) 2016/679 and/or Regulation (EU) 2018/1725, in the event that the
             processor is in breach of its obligations under these Clauses, the
@@ -580,28 +594,38 @@
             return all the personal data to the controller and delete existing copies unless Union or Member State law
             requires storage of the personal data. Until the data is deleted or returned, the processor shall continue
             to ensure compliance with these Clauses.</p>
+
           <h4>ANNEX I</h4>
           <h5>List of parties</h5>
-          <p></p><b>Controller(s):</b> [Identity and contact details
+          <p>
+          <b>Controller(s):</b> [Identity and contact details
           of the controller(s), and, where applicable, of the controller’s data
-          protection officer]
-          <p />
+          protection officer]</p>
           <p>The User as specified in the Terms of Use.</p>
+
           <p><b>Processor(s):</b>
             [Identity and contact details of the processor(s) and,
             where applicable, of the processor’s data protection officer]</p>
           <p>Wikimedia
             Deutschland e. V., Tempelhofer Ufer 23-24, 10369 Berlin</p>
+
           <h4>ANNEX II</h4>
           <h5>Description of the processing</h5>
+          <p>
           <i>Categories of data subjects
             whose personal data is processed</i>
-          <li class="pl-8"> Any categories of data subjects
-            contained in the data uploaded by the User</li>.
+          <ul class="pl-8"><li>Any categories of data subjects
+            contained in the data uploaded by the User.</li></ul>
+          </p>
+
+          <p>
           <i>Categories of personal data
             processed</i>
-          <li class="pl-8">Any categories of personal data contained in the data
-            uploaded by the User.</li>
+          <ul class="pl-8"><li>Any categories of personal data contained in the data
+            uploaded by the User.</li></ul>
+          </p>
+
+          <p>
           <i>Sensitive data processed (if applicable) and
             applied restrictions or safeguards that fully take into consideration
             the nature of the data and the risks involved, such as for instance
@@ -609,53 +633,85 @@
             for staff having followed specialised training), keeping a record of
             access to the data, restrictions for onward transfers or additional
             security measures.</i>
-          <li class="pl-8">The categories of personal data may include
+          <ul class="pl-8"><li>The categories of personal data may include
             sensitive data depending on the Content uploaded by the User. Since
             Wikimedia has no knowledge of the specific categories processed it lies
             in the User’s responsibility to ensure that the safeguards are
-            sufficient to process the specific categories of personal data.</li>
-          <i>Nature of the processing</i>
-          <li class="pl-8">Any processing necessary to fulfil the contractual
-            purposes. Especially collection, storage, disclosure and dissemination
-            and making publicly available as well as anonymization and/or deletion.</li>
-          <i>Purpose(s) for which the personal data is processed on behalf of the
-            controller</i>
-          <li class="pl-8">Publishing the Wikibase as well as the data uploaded to and
-            contained in it and making it available to the public. Wikimedia does
-            not act as a processor for the User with regard to the processing of
-            personal data of persons browsing the Wikibase and any personal data
-            that is processed to establish the connection.</li>
-          <i>Duration of the processing</i>
-          <li class="pl-8">The rules of the Agreement regarding the
-            Term and Termination apply.</li>
-          <i>For processing by (sub-) processors, also specify subject matter, nature
-            and duration of the processing</i>
+            sufficient to process the specific categories of personal data.</li></ul>
+            </p>
+
+          <p>
+            <i>Nature of the processing</i>
+            <ul class="pl-8"><li>Any processing necessary to fulfil the contractual
+              purposes. Especially collection, storage, disclosure and dissemination
+              and making publicly available as well as anonymization and/or deletion.</li></ul>
+          </p>
+
+          <p>
+            <i>Purpose(s) for which the personal data is processed on behalf of the
+              controller</i>
+            <ul class="pl-8"><li>Publishing the Wikibase as well as the data uploaded to and
+              contained in it and making it available to the public. Wikimedia does
+              not act as a processor for the User with regard to the processing of
+              personal data of persons browsing the Wikibase and any personal data
+              that is processed to establish the connection.</li></ul>
+          </p>
+
+          <p>
+            <i>Duration of the processing</i>
+            <ul class="pl-8"><li>The rules of the Agreement regarding the
+              Term and Termination apply.</li></ul>
+          </p>
+
+          <p>
+            <i>For processing by (sub-) processors, also specify subject matter, nature
+              and duration of the processing</i>
+          </p>
+
           <h4>ANNEX III</h4>
-          <b>Technical and organisational measures including technical
-            and organisational measures to ensure the security of the data</b></p>
-          <i>You may
-            obtain a copy of our technical and organisational measures on request,
-            to do so please send an email to: datenschutz@wikimedia.de.</i>
+            <p>Technical and organisational measures including technical
+              and organisational measures to ensure the security of the data</p>
+
+              <p>
+                <i>You may obtain a copy of our technical and organisational measures on request,
+                to do so please send an email to: datenschutz@wikimedia.de.</i>
+              </p>
+
           <h4>ANNEX IV</h4>
-          <b>List of sub-processors</b>
-          <b>EXPLANATORY NOTE:</b>
+          <p class="font-weight-bold">List of sub-processors</p>
+          <p class="font-weight-bold">EXPLANATORY NOTE:</p>
+
           <p>This Annex needs to
             be completed in case of specific authorisation of sub-processors (Clause
-            7.7(a), Option 1). The controller has authorised the use of the
+            7.7(a), Option 1).</p><p>The controller has authorised the use of the
             following sub-processors:</p>
+
           <ul class="pl-8">
-            <li><b>1. Name: Google Ireland Ltd.</b></li> Address: Gordon
-            House, Barrow Street, Dublin 4 Contact person’s name, position and
-            contact details: Please contact Wikimedia for the contact information
-            Description of the processing (including a clear delimitation of
+            <li>
+              <p><b>1. Name: Google Ireland Ltd.</b></p>
+              <p>Address: Gordon House, Barrow Street, Dublin 4</p>
+
+            <p>Contact person’s name, position and contact details: Please contact Wikimedia for the contact information</p>
+
+            <p>Description of the processing (including a clear delimitation of
             responsibilities in case several sub-processors are authorised): Hosting
             of the Wikibase.cloud service</p>
-            <li><b>2. Name: Mailgun Technologies, Inc</b></li>
-            Address: 112 E Pecan St #1135, San Antonio, TX 78205 Contact person’s
-            name, position and contact details: Please contact Wikimedia for the
-            contact information Description of the processing : Email service
-            provisioning</li>
+          </li>
+
+            <li>
+              <p><b>2. Name: Mailgun Technologies, Inc</b></p>
+
+              <p>Address: 112 E Pecan St #1135, San Antonio, TX 78205</p>
+              <p>Contact person’s name, position and contact details: Please contact Wikimedia for the
+              contact information</p>
+
+              <p>Description of the processing: Email service
+              provisioning</p>
+            </li>
           </ul>
+
+          <v-divider class="my-8" />
+
           <h2>Appendix 2: International Standard Contractual Clauses : MODULE FOUR:
             Transfer processor to controller</h2>
           <h3>SECTION I</h3>

From a6eb223620b34c3f8002c9337a43e544213e8807 Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 13:40:25 +0200
Subject: [PATCH 06/18] format html

---
 src/components/Pages/TermsOfUseUpcoming.vue | 111 +++++++++++---------
 1 file changed, 63 insertions(+), 48 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index 276bc76f..fb161f90 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -198,7 +198,7 @@
             termination of the User’s Account, the User’s right to use the Platform
             will immediately cease.</p>
 
-            <h2>9. Availability and Maintenance</h2>
+          <h2>9. Availability and Maintenance</h2>
           <p>9.1 Wikimedia shall implement appropriate measures to ensure the availability and
             error free functionality of the Platform. However, the User acknowledges
             that for technical reasons and due to the dependence on external
@@ -210,7 +210,7 @@
             Insofar Wikimedia shall carry out the maintenance work during periods of
             low use.</p>
 
-            <h2>10. Liability</h2>
+          <h2>10. Liability</h2>
           <p>10.1 Wikimedia provides a free service that allows
             the User to create their own Wikibase Instance. Wikimedia assumes no
             responsibility for any material posted by the User. However, in
@@ -529,7 +529,7 @@
             breach to the data subject, when the personal data breach is likely to
             result in a high risk to the rights and freedoms of natural persons.</p>
 
-            <h5>8.2 Data breach concerning data processed by the processor</h5>
+          <h5>8.2 Data breach concerning data processed by the processor</h5>
           <p>In the event of a
             personal data breach concerning data processed by the processor, the
             processor shall notify the controller without undue delay after the
@@ -554,7 +554,7 @@
             2016/679.</p>
 
           <h3>
-            SECTION III  &mdash; FINAL PROVISIONS
+            SECTION III &mdash; FINAL PROVISIONS
           </h3>
 
           <h4>
@@ -598,9 +598,10 @@
           <h4>ANNEX I</h4>
           <h5>List of parties</h5>
           <p>
-          <b>Controller(s):</b> [Identity and contact details
-          of the controller(s), and, where applicable, of the controller’s data
-          protection officer]</p>
+            <b>Controller(s):</b> [Identity and contact details
+            of the controller(s), and, where applicable, of the controller’s data
+            protection officer]
+          </p>
           <p>The User as specified in the Terms of Use.</p>
 
           <p><b>Processor(s):</b>
@@ -612,55 +613,67 @@
           <h4>ANNEX II</h4>
           <h5>Description of the processing</h5>
           <p>
-          <i>Categories of data subjects
-            whose personal data is processed</i>
-          <ul class="pl-8"><li>Any categories of data subjects
-            contained in the data uploaded by the User.</li></ul>
+            <i>Categories of data subjects
+              whose personal data is processed</i>
+          <ul class="pl-8">
+            <li>Any categories of data subjects
+              contained in the data uploaded by the User.</li>
+          </ul>
           </p>
 
           <p>
-          <i>Categories of personal data
-            processed</i>
-          <ul class="pl-8"><li>Any categories of personal data contained in the data
-            uploaded by the User.</li></ul>
+            <i>Categories of personal data
+              processed</i>
+          <ul class="pl-8">
+            <li>Any categories of personal data contained in the data
+              uploaded by the User.</li>
+          </ul>
           </p>
 
           <p>
-          <i>Sensitive data processed (if applicable) and
-            applied restrictions or safeguards that fully take into consideration
-            the nature of the data and the risks involved, such as for instance
-            strict purpose limitation, access restrictions (including access only
-            for staff having followed specialised training), keeping a record of
-            access to the data, restrictions for onward transfers or additional
-            security measures.</i>
-          <ul class="pl-8"><li>The categories of personal data may include
-            sensitive data depending on the Content uploaded by the User. Since
-            Wikimedia has no knowledge of the specific categories processed it lies
-            in the User’s responsibility to ensure that the safeguards are
-            sufficient to process the specific categories of personal data.</li></ul>
-            </p>
+            <i>Sensitive data processed (if applicable) and
+              applied restrictions or safeguards that fully take into consideration
+              the nature of the data and the risks involved, such as for instance
+              strict purpose limitation, access restrictions (including access only
+              for staff having followed specialised training), keeping a record of
+              access to the data, restrictions for onward transfers or additional
+              security measures.</i>
+          <ul class="pl-8">
+            <li>The categories of personal data may include
+              sensitive data depending on the Content uploaded by the User. Since
+              Wikimedia has no knowledge of the specific categories processed it lies
+              in the User’s responsibility to ensure that the safeguards are
+              sufficient to process the specific categories of personal data.</li>
+          </ul>
+          </p>
 
           <p>
             <i>Nature of the processing</i>
-            <ul class="pl-8"><li>Any processing necessary to fulfil the contractual
+          <ul class="pl-8">
+            <li>Any processing necessary to fulfil the contractual
               purposes. Especially collection, storage, disclosure and dissemination
-              and making publicly available as well as anonymization and/or deletion.</li></ul>
+              and making publicly available as well as anonymization and/or deletion.</li>
+          </ul>
           </p>
 
           <p>
             <i>Purpose(s) for which the personal data is processed on behalf of the
               controller</i>
-            <ul class="pl-8"><li>Publishing the Wikibase as well as the data uploaded to and
+          <ul class="pl-8">
+            <li>Publishing the Wikibase as well as the data uploaded to and
               contained in it and making it available to the public. Wikimedia does
               not act as a processor for the User with regard to the processing of
               personal data of persons browsing the Wikibase and any personal data
-              that is processed to establish the connection.</li></ul>
+              that is processed to establish the connection.</li>
+          </ul>
           </p>
 
           <p>
             <i>Duration of the processing</i>
-            <ul class="pl-8"><li>The rules of the Agreement regarding the
-              Term and Termination apply.</li></ul>
+          <ul class="pl-8">
+            <li>The rules of the Agreement regarding the
+              Term and Termination apply.</li>
+          </ul>
           </p>
 
           <p>
@@ -669,13 +682,13 @@
           </p>
 
           <h4>ANNEX III</h4>
-            <p>Technical and organisational measures including technical
-              and organisational measures to ensure the security of the data</p>
+          <p>Technical and organisational measures including technical
+            and organisational measures to ensure the security of the data</p>
 
-              <p>
-                <i>You may obtain a copy of our technical and organisational measures on request,
-                to do so please send an email to: datenschutz@wikimedia.de.</i>
-              </p>
+          <p>
+            <i>You may obtain a copy of our technical and organisational measures on request,
+              to do so please send an email to: datenschutz@wikimedia.de.</i>
+          </p>
 
           <h4>ANNEX IV</h4>
           <p class="font-weight-bold">List of sub-processors</p>
@@ -683,7 +696,8 @@
 
           <p>This Annex needs to
             be completed in case of specific authorisation of sub-processors (Clause
-            7.7(a), Option 1).</p><p>The controller has authorised the use of the
+            7.7(a), Option 1).</p>
+          <p>The controller has authorised the use of the
             following sub-processors:</p>
 
           <ul class="pl-8">
@@ -691,22 +705,23 @@
               <p><b>1. Name: Google Ireland Ltd.</b></p>
               <p>Address: Gordon House, Barrow Street, Dublin 4</p>
 
-            <p>Contact person’s name, position and contact details: Please contact Wikimedia for the contact information</p>
+              <p>Contact person’s name, position and contact details: Please contact Wikimedia for the contact
+                information</p>
 
-            <p>Description of the processing (including a clear delimitation of
-            responsibilities in case several sub-processors are authorised): Hosting
-            of the Wikibase.cloud service</p>
-          </li>
+              <p>Description of the processing (including a clear delimitation of
+                responsibilities in case several sub-processors are authorised): Hosting
+                of the Wikibase.cloud service</p>
+            </li>
 
             <li>
               <p><b>2. Name: Mailgun Technologies, Inc</b></p>
 
               <p>Address: 112 E Pecan St #1135, San Antonio, TX 78205</p>
               <p>Contact person’s name, position and contact details: Please contact Wikimedia for the
-              contact information</p>
+                contact information</p>
 
               <p>Description of the processing: Email service
-              provisioning</p>
+                provisioning</p>
             </li>
           </ul>
 

From cbb56dc81396f41268d50604fb28366ec23f0e0a Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 14:08:25 +0200
Subject: [PATCH 07/18] headlines, lists, footnote

---
 src/components/Pages/TermsOfUseUpcoming.vue | 219 +++++++++++---------
 1 file changed, 120 insertions(+), 99 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index fb161f90..2bf6e407 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -730,12 +730,11 @@
           <h2>Appendix 2: International Standard Contractual Clauses : MODULE FOUR:
             Transfer processor to controller</h2>
           <h3>SECTION I</h3>
-          <h4>Clause 1</h4>
-          <h4>Purpose and scope</h4>
+          <h4>Clause 1 &mdash; Purpose and scope</h4>
           <p>(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of
             Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
             natural persons with regard to the processing of personal data and on the free movement of such data
-            (General Data Protection Regulation)[1] for the transfer of personal data to a third country.</p>
+            (General Data Protection Regulation)<router-link :to="{ hash: '#tou-footnote-1' }">[1]</router-link> for the transfer of personal data to a third country.</p>
           <p>(b) The Parties:</p>
           <div class="pl-8">
             <p>(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter
@@ -750,208 +749,233 @@
             <p>(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of
               these Clauses.</p>
           </div>
-          <p>Clause 2 Effect and invariability of the Clauses</p>
-          <ol type="a">
+
+          <h4>Clause 2 &mdash; Effect and invariability of the Clauses</h4>
+          <ul>
             <li>
-              <pre><code>   These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.</code></pre>
+              (a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
             </li>
             <li>
-              <pre><code>   These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.</code></pre>
+              (b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
             </li>
-          </ol>
-          <p>Clause 3 Third-party beneficiaries</p>
-          <ol type="a">
+          </ul>
+
+          <h4>Clause 3 &mdash; Third-party beneficiaries</h4>
+          <ul>
             <li>
-              <pre><code>   Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:</code></pre>
+              (a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
             </li>
+          <ul>
             <li>
-              <pre><code>   Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;</code></pre>
+              (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
             </li>
-          </ol>
-          <ol start="2" type="i">
             <li>
-              <pre><code>   Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);</code></pre>
+              (ii) Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
             </li>
             <li>
-              <pre><code>   Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);</code></pre>
+              (iii) Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
             </li>
             <li>
-              <pre><code>   Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);</code></pre>
+              (iv) Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
             </li>
             <li>
-              <pre><code>   Clause 13;</code></pre>
+              (v) Clause 13;
             </li>
             <li>
-              <pre><code>   Clause 15.1(c), (d) and (e);</code></pre>
+              (vi) Clause 15.1(c), (d) and (e);
             </li>
             <li>
-              <pre><code>   Clause 16(e);</code></pre>
+              (vii) Clause 16(e);
             </li>
             <li>
-              <pre><code>   Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.</code></pre>
+              (viii) Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
             </li>
-          </ol>
-          <ol start="2" type="a">
+          </ul>
             <li>
-              <pre><code>   Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.</code></pre>
+              (b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
             </li>
-          </ol>
-          <p>Clause 4 Interpretation</p>
-          <ol type="a">
+          </ul>
+
+          <h4>Clause 4 &mdash; Interpretation</h4>
+          <ul>
             <li>
-              <pre><code>   Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.</code></pre>
+              (a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
             </li>
             <li>
-              <pre><code>   These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.</code></pre>
+              (b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
             </li>
             <li>
-              <pre><code>   These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.</code></pre>
+              (c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
             </li>
-          </ol>
-          <p>Clause 5 Hierarchy</p>
+          </ul>
+
+          <h4>Clause 5 &mdash; Hierarchy</h4>
           <p>In the event of a contradiction between these Clauses and the
             provisions of related agreements between the Parties, existing at the
             time these Clauses are agreed or entered into thereafter, these Clauses
             shall prevail.</p>
-          <p>Clause 6 Description of the transfer(s)</p>
+
+          <h4>Clause 6 &mdash; Description of the transfer(s)</h4>
           <p>The details of the transfer(s), and in particular the categories of
             personal data that are transferred and the purpose(s) for which they are
             transferred, are specified in Annex I.B.</p>
-          <p>Clause 7 - Optional Docking clause</p>
-          <ol type="a">
+
+          <h4>Clause 7 &mdash; Optional Docking clause</h4>
+          <ul>
             <li>
-              <pre><code>   An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A. </code></pre>
+              (a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
             </li>
             <li>
-              <pre><code>   Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.</code></pre>
+              (b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
             </li>
             <li>
-              <pre><code>   The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.</code></pre>
+              (c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
             </li>
-          </ol>
-          <p>SECTION II – OBLIGATIONS OF THE PARTIES Clause 8 Data protection
-            safeguards</p>
+          </ul>
+
+
+          <h3>SECTION II &mdash; OBLIGATIONS OF THE PARTIES</h3>
+
+          <h4>
+            Clause 8 &mdash; Data protection
+            safeguards
+          </h4>
+
           <p>The data exporter warrants that it has used reasonable efforts to
             determine that the data importer is able, through the implementation of
             appropriate technical and organisational measures, to satisfy its
             obligations under these Clauses.</p>
+
           <p>8.1 Instructions</p>
-          <ol type="a">
+          <ul>
             <li>
-              <pre><code>   The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.</code></pre>
+              (a) The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.
             </li>
             <li>
-              <pre><code>   The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.</code></pre>
+              (b) The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.
             </li>
             <li>
-              <pre><code>   The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.</code></pre>
+              (c) The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.
             </li>
             <li>
-              <pre><code>   After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.</code></pre>
+              (d) After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.</code></>
             </li>
-          </ol>
+          </ul>
+
           <p>8.2 Security of processing</p>
-          <ol type="a">
+          <ul>
             <li>
-              <pre><code>   The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data[2], the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.</code></pre>
+              (a) The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data[2], the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
             </li>
             <li>
-              <pre><code>   The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.</code></pre>
+              (b) The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.</code></>
             </li>
             <li>
-              <pre><code>   The data exporter shall ensure that persons authorised to process the personal data   have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.</code></pre>
+              (c) The data exporter shall ensure that persons authorised to process the personal data   have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
             </li>
-          </ol>
+          </ul>
+
           <p>8.3 Documentation and compliance</p>
-          <ol type="a">
+          <ul>
             <li>
-              <pre><code>   The Parties shall be able to demonstrate compliance with these Clauses.</code></pre>
+              (a) The Parties shall be able to demonstrate compliance with these Clauses.
             </li>
             <li>
-              <pre><code>   The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.</code></pre>
+              (b) The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.
             </li>
-          </ol>
-          <p>Clause 9 [not applicable] Use of sub-processors</p>
-          <p>Clause 10 Data subject rights</p>
+          </ul>
+
+          <h4>Clause 9 [not applicable] Use of sub-processors</h4>
+
+          <h4>Clause 10 Data subject rights</h4>
           <p>The Parties shall assist each other in responding to enquiries and
             requests made by data subjects under the local law applicable to the
             data importer or, for data processing by the data exporter in the EU,
             under Regulation (EU) 2016/679.</p>
-          <p>Clause 11 Redress</p>
-          <ol type="a">
+
+          <h4>Clause 11 Redress</h4>
+          <ul>
             <li>
-              <pre><code>   The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.</code></pre>
+              (a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
             </li>
-          </ol>
-          <p>Clause 12 Liability</p>
-          <ol type="a">
+          </ul>
+
+          <h4>Clause 12 Liability</h4>
+          <ul>
             <li>
-              <pre><code>   Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.</code></pre>
+              (a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
             </li>
             <li>
-              <pre><code>   Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.</code></pre>
+              (b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
             </li>
             <li>
-              <pre><code>   Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.</code></pre>
+              (c) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
             </li>
             <li>
-              <pre><code>   The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.</code></pre>
+              (d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
             </li>
             <li>
-              <pre><code>   The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.</code></pre>
+              (e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.
             </li>
-          </ol>
-          <p>Clause 13 [not applicable] Supervision</p>
-          <p>SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC
-            AUTHORITIES</p>
-          <p>Clause 14 [not applicable]</p>
-          <p>Clause 15 [not applicable]</p>
-          <p>SECTION IV – FINAL PROVISIONS</p>
-          <p>Clause 16 Non-compliance with the Clauses and termination</p>
-          <ol type="a">
+          </ul>
+
+          <h4>Clause 13 [not applicable] Supervision</h4>
+
+          <h3>SECTION III &mdash; LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC
+            AUTHORITIES</h3>
+          <h4>Clause 14 [not applicable]</h4>
+          <h4>Clause 15 [not applicable]</h4>
+
+          <h3>SECTION IV – FINAL PROVISIONS</h3>
+          <h4>Clause 16 &mdash; Non-compliance with the Clauses and termination</h4>
+          <ul>
             <li>
-              <pre><code>   The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.</code></pre>
+              (a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
             </li>
             <li>
-              <pre><code>   In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).</code></pre>
+              (b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
             </li>
             <li>
-              <pre><code>   The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:</code></pre>
+              (c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
             </li>
+
+
+          <ul>
             <li>
-              <pre><code>   the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;</code></pre>
+              (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
             </li>
-          </ol>
-          <ol start="2" type="i">
             <li>
-              <pre><code>   the data importer is in substantial or persistent breach of these Clauses; or</code></pre>
+              (ii) the data importer is in substantial or persistent breach of these Clauses; or
             </li>
             <li>
-              <pre><code>   the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.</code></pre>
+              (iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
               In these cases, it shall inform the competent supervisory authority of
               such non-compliance. Where the contract involves more than two Parties,
               the data exporter may exercise this right to termination only with
               respect to the relevant Party, unless the Parties have agreed
               otherwise.
             </li>
+          </ul>
             <li>
-              <pre><code>   Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.</code></pre>
+              (d) Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
             </li>
-          </ol>
-          <ol start="5" type="a">
             <li>
-              <pre><code>   Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.</code></pre>
+              (e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
             </li>
-          </ol>
-          <p>Clause 17 Governing law</p>
+          </ul>
+
+          <h4>Clause 17 &mdash; Governing law</h4>
           <p>These Clauses shall be governed by the law of a country allowing for
             third-party beneficiary rights. The Parties agree that this shall be the
             law of Germany (specify country).</p>
-          <p>Clause 18 Choice of forum and jurisdiction</p>
+
+          <h4>Clause 18 &mdash; Choice of forum and jurisdiction</h4>
           <p>Any dispute arising from these Clauses shall be resolved by the
             courts of Germany (specify country).</p>
-          <hr />
-          <p>[1] Where the data exporter is a processor subject to Regulation (EU)
+
+          <v-divider class="my-4" />
+
+          <p id="tou-footnote-1">[1] Where the data exporter is a processor subject to Regulation (EU)
             2016/679 acting on behalf of a Union institution or body as controller,
             reliance on these Clauses when engaging another processor
             (sub-processing) not subject to Regulation (EU) 2016/679 also ensures
@@ -988,13 +1012,10 @@
 
 <script>
 export default {
-  name: 'TermsOfUse',
+  name: 'TermsOfUseUpcoming',
   computed: {},
 }
 </script>
 
 <style scoped>
-h5 {
-  margin-bottom: 16px;
-}
 </style>

From 03fe4d829c9b4285ff078d02263e0ef017dfb00e Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 14:09:05 +0200
Subject: [PATCH 08/18] cleanup

---
 src/components/Pages/TermsOfUseUpcoming.vue | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index 2bf6e407..d5449c60 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -858,7 +858,7 @@
               (c) The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.
             </li>
             <li>
-              (d) After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.</code></>
+              (d) After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.
             </li>
           </ul>
 
@@ -868,7 +868,7 @@
               (a) The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data[2], the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
             </li>
             <li>
-              (b) The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.</code></>
+              (b) The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.
             </li>
             <li>
               (c) The data exporter shall ensure that persons authorised to process the personal data   have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

From dbc52f5b727bafaedfc630d416189e019711ad73 Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 14:19:30 +0200
Subject: [PATCH 09/18] footnote 2, headings, lists, formatting

---
 src/components/Pages/TermsOfUseUpcoming.vue | 288 ++++++++++++--------
 1 file changed, 180 insertions(+), 108 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index d5449c60..0a8e479c 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -734,7 +734,8 @@
           <p>(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of
             Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
             natural persons with regard to the processing of personal data and on the free movement of such data
-            (General Data Protection Regulation)<router-link :to="{ hash: '#tou-footnote-1' }">[1]</router-link> for the transfer of personal data to a third country.</p>
+            (General Data Protection Regulation)<router-link :to="{ hash: '#tou-footnote-1' }">[1]</router-link> for the
+            transfer of personal data to a third country.</p>
           <p>(b) The Parties:</p>
           <div class="pl-8">
             <p>(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter
@@ -753,44 +754,55 @@
           <h4>Clause 2 &mdash; Effect and invariability of the Clauses</h4>
           <ul>
             <li>
-              (a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
+              (a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective
+              legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with
+              respect to data transfers from controllers to processors and/or processors to processors, standard
+              contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified,
+              except to select the appropriate Module(s) or to add or update information in the Appendix. This does not
+              prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider
+              contract and/or to add other clauses or additional safeguards, provided that they do not contradict,
+              directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
             </li>
             <li>
-              (b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
+              (b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of
+              Regulation (EU) 2016/679.
             </li>
           </ul>
 
           <h4>Clause 3 &mdash; Third-party beneficiaries</h4>
           <ul>
             <li>
-              (a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
+              (a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data
+              exporter and/or data importer, with the following exceptions:
             </li>
-          <ul>
-            <li>
-              (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
-            </li>
-            <li>
-              (ii) Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
-            </li>
-            <li>
-              (iii) Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
-            </li>
-            <li>
-              (iv) Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
-            </li>
-            <li>
-              (v) Clause 13;
-            </li>
-            <li>
-              (vi) Clause 15.1(c), (d) and (e);
-            </li>
-            <li>
-              (vii) Clause 16(e);
-            </li>
-            <li>
-              (viii) Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
-            </li>
-          </ul>
+            <ul>
+              <li>
+                (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
+              </li>
+              <li>
+                (ii) Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c),
+                (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g);
+                Module Four: Clause 8.1 (b) and Clause 8.3(b);
+              </li>
+              <li>
+                (iii) Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
+              </li>
+              <li>
+                (iv) Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
+              </li>
+              <li>
+                (v) Clause 13;
+              </li>
+              <li>
+                (vi) Clause 15.1(c), (d) and (e);
+              </li>
+              <li>
+                (vii) Clause 16(e);
+              </li>
+              <li>
+                (viii) Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
+              </li>
+            </ul>
             <li>
               (b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
             </li>
@@ -799,13 +811,16 @@
           <h4>Clause 4 &mdash; Interpretation</h4>
           <ul>
             <li>
-              (a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
+              (a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the
+              same meaning as in that Regulation.
             </li>
             <li>
-              (b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
+              (b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU)
+              2016/679.
             </li>
             <li>
-              (c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
+              (c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided
+              for in Regulation (EU) 2016/679.
             </li>
           </ul>
 
@@ -823,13 +838,18 @@
           <h4>Clause 7 &mdash; Optional Docking clause</h4>
           <ul>
             <li>
-              (a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
+              (a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these
+              Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and
+              signing Annex I.A.
             </li>
             <li>
-              (b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
+              (b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to
+              these Clauses and have the rights and obligations of a data exporter or data importer in accordance with
+              its designation in Annex I.A.
             </li>
             <li>
-              (c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
+              (c) The acceding entity shall have no rights or obligations arising under these Clauses from the period
+              prior to becoming a Party.
             </li>
           </ul>
 
@@ -846,121 +866,175 @@
             appropriate technical and organisational measures, to satisfy its
             obligations under these Clauses.</p>
 
-          <p>8.1 Instructions</p>
+          <h5>8.1 Instructions</h5>
           <ul>
             <li>
-              (a) The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.
+              (a) The data exporter shall process the personal data only on documented instructions from the data
+              importer acting as its controller.
             </li>
             <li>
-              (b) The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.
+              (b) The data exporter shall immediately inform the data importer if it is unable to follow those
+              instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member
+              State data protection law.
             </li>
             <li>
-              (c) The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.
+              (c) The data importer shall refrain from any action that would prevent the data exporter from fulfilling
+              its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards
+              cooperation with competent supervisory authorities.
             </li>
             <li>
-              (d) After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.
+              (d) After the end of the provision of the processing services, the data exporter shall, at the choice of
+              the data importer, delete all personal data processed on behalf of the data importer and certify to the
+              data importer that it has done so, or return to the data importer all personal data processed on its
+              behalf and delete existing copies.
             </li>
           </ul>
 
-          <p>8.2 Security of processing</p>
+          <h5>8.2 Security of processing</h5>
           <ul>
             <li>
-              (a) The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data[2], the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
+              (a) The Parties shall implement appropriate technical and organisational measures to ensure the security
+              of the data, including during transmission, and protection against a breach of security leading to
+              accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter
+              “personal data breach”). In assessing the appropriate level of security, they shall take due account of
+              the state of the art, the costs of implementation, the nature of the personal data<router-link
+                :to="{ hash: '#tou-footnote-2' }">[2]</router-link>, the nature, scope, context and purpose(s) of
+              processing and the risks involved in the processing for the data subjects, and in particular consider
+              having recourse to encryption or pseudonymisation, including during transmission, where the purpose of
+              processing can be fulfilled in that manner.
             </li>
             <li>
-              (b) The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.
+              (b) The data exporter shall assist the data importer in ensuring appropriate security of the data in
+              accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by
+              the data exporter under these Clauses, the data exporter shall notify the data importer without undue
+              delay after becoming aware of it and assist the data importer in addressing the breach.
             </li>
             <li>
-              (c) The data exporter shall ensure that persons authorised to process the personal data   have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
+              (c) The data exporter shall ensure that persons authorised to process the personal data have committed
+              themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
             </li>
           </ul>
 
-          <p>8.3 Documentation and compliance</p>
+          <h5>8.3 Documentation and compliance</h5>
           <ul>
             <li>
               (a) The Parties shall be able to demonstrate compliance with these Clauses.
             </li>
             <li>
-              (b) The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.
+              (b) The data exporter shall make available to the data importer all information necessary to demonstrate
+              compliance with its obligations under these Clauses and allow for and contribute to audits.
             </li>
           </ul>
 
-          <h4>Clause 9 [not applicable] Use of sub-processors</h4>
+          <h4>Clause 9 [not applicable] &mdash; Use of sub-processors</h4>
 
-          <h4>Clause 10 Data subject rights</h4>
+          <h4>Clause 10 &mdash; Data subject rights</h4>
           <p>The Parties shall assist each other in responding to enquiries and
             requests made by data subjects under the local law applicable to the
             data importer or, for data processing by the data exporter in the EU,
             under Regulation (EU) 2016/679.</p>
 
-          <h4>Clause 11 Redress</h4>
+          <h4>Clause 11 &mdash; Redress</h4>
+          <p>
           <ul>
             <li>
-              (a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
+              (a) The data importer shall inform data subjects in a transparent and easily accessible format, through
+              individual notice or on its website, of a contact point authorised to handle complaints. It shall deal
+              promptly with any complaints it receives from a data subject.
             </li>
           </ul>
+          </p>
 
-          <h4>Clause 12 Liability</h4>
+          <h4>Clause 12 &mdash; Liability</h4>
+          <p>
           <ul>
             <li>
-              (a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
+              (a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any
+              breach of these Clauses.
             </li>
             <li>
-              (b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
+              (b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive
+              compensation, for any material or non-material damages that the Party causes the data subject by breaching
+              the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the
+              data exporter under Regulation (EU) 2016/679.
             </li>
             <li>
-              (c) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
+              (c) Where more than one Party is responsible for any damage caused to the data subject as a result of a
+              breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data
+              subject is entitled to bring an action in court against any of these Parties.
             </li>
             <li>
-              (d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
+              (d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim
+              back from the other Party/ies that part of the compensation corresponding to its / their responsibility
+              for the damage.
             </li>
             <li>
-              (e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.
+              (e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own
+              liability.
             </li>
           </ul>
+          </p>
 
-          <h4>Clause 13 [not applicable] Supervision</h4>
+          <h4>Clause 13 [not applicable] &mdash; Supervision</h4>
 
           <h3>SECTION III &mdash; LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC
             AUTHORITIES</h3>
           <h4>Clause 14 [not applicable]</h4>
           <h4>Clause 15 [not applicable]</h4>
 
-          <h3>SECTION IV – FINAL PROVISIONS</h3>
+          <h3>SECTION IV &mdash; FINAL PROVISIONS</h3>
           <h4>Clause 16 &mdash; Non-compliance with the Clauses and termination</h4>
           <ul>
             <li>
-              (a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
+              (a) The data importer shall promptly inform the data exporter if it is unable to comply with these
+              Clauses, for whatever reason.
             </li>
             <li>
-              (b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
+              (b) In the event that the data importer is in breach of these Clauses or unable to comply with these
+              Clauses, the data exporter shall suspend the transfer of personal data to the data importer until
+              compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
             </li>
             <li>
-              (c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
+              (c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing
+              of personal data under these Clauses, where:
             </li>
 
 
-          <ul>
+            <ul>
+              <li>
+                (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to
+                paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any
+                event within one month of suspension;
+              </li>
+              <li>
+                (ii) the data importer is in substantial or persistent breach of these Clauses; or
+              </li>
+              <li>
+                (iii) the data importer fails to comply with a binding decision of a competent court or supervisory
+                authority regarding its obligations under these Clauses.
+                In these cases, it shall inform the competent supervisory authority of
+                such non-compliance. Where the contract involves more than two Parties,
+                the data exporter may exercise this right to termination only with
+                respect to the relevant Party, unless the Parties have agreed
+                otherwise.
+              </li>
+            </ul>
             <li>
-              (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
+              (d) Personal data collected by the data exporter in the EU that has been transferred prior to the
+              termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety,
+              including any copy thereof. The data importer shall certify the deletion of the data to the data exporter.
+              Until the data is deleted or returned, the data importer shall continue to ensure compliance with these
+              Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the
+              transferred personal data, the data importer warrants that it will continue to ensure compliance with
+              these Clauses and will only process the data to the extent and for as long as required under that local
+              law.
             </li>
             <li>
-              (ii) the data importer is in substantial or persistent breach of these Clauses; or
-            </li>
-            <li>
-              (iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
-              In these cases, it shall inform the competent supervisory authority of
-              such non-compliance. Where the contract involves more than two Parties,
-              the data exporter may exercise this right to termination only with
-              respect to the relevant Party, unless the Parties have agreed
-              otherwise.
-            </li>
-          </ul>
-            <li>
-              (d) Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
-            </li>
-            <li>
-              (e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
+              (e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission
+              adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of
+              personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal
+              framework of the country to which the personal data is transferred. This is without prejudice to other
+              obligations applying to the processing in question under Regulation (EU) 2016/679.
             </li>
           </ul>
 
@@ -975,35 +1049,25 @@
 
           <v-divider class="my-4" />
 
-          <p id="tou-footnote-1">[1] Where the data exporter is a processor subject to Regulation (EU)
-            2016/679 acting on behalf of a Union institution or body as controller,
-            reliance on these Clauses when engaging another processor
-            (sub-processing) not subject to Regulation (EU) 2016/679 also ensures
-            compliance with Article 29(4) of Regulation (EU) 2018/1725 of the
-            European Parliament and of the Council of 23 October 2018 on the
-            protection of natural persons with regard to the processing of personal
-            data by the Union institutions, bodies, offices and agencies and on the
-            free movement of such data, and repealing Regulation (EC) No 45/2001 and
-            Decision No 1247/2002/EC (OJ L 295 of 21.11.2018, p. 39), to the extent
-            these Clauses and the data protection obligations as set out in the
-            contract or other legal act between the controller and the processor
-            pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This
-            will in particular be the case where the controller and processor rely
-            on the standard contractual clauses included in Decision 2021/915. [2]
-            This includes whether the transfer and further processing involves
-            personal data revealing racial or ethnic origin, political opinions,
-            religious or philosophical beliefs, or trade union membership, genetic
-            data or biometric data for the purpose of uniquely identifying a natural
-            person, data concerning health or a person’s sex life or sexual
-            orientation, or data relating to criminal convictions or offences.</p>
-          <p>[a]This should only be visible when the policy becomes enforced
-            [b]This will only be included if we have to include minor immaterial
-            changes to an existing version [c]Such changes can also be appended to
-            ‘what changed’ with a note like:</p>
-          <p>Revisions marked with an asterisk reflect minor clarifications that
-            do not affect your rights or obligations and did not require
-            re-acceptance. [d]shown only for outdated or upcoming versions</p>
+          <p id="tou-footnote-1">
+            [1] Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union
+            institution or body as controller, reliance on these Clauses when engaging another processor
+            (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of
+            Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection
+            of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices
+            and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No
+            1247/2002/EC (OJ L 295 of 21.11.2018, p. 39), to the extent these Clauses and the data protection
+            obligations as set out in the contract or other legal act between the controller and the processor pursuant
+            to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the
+            controller and processor rely on the standard contractual clauses included in Decision 2021/915.
+          </p>
 
+          <p id="tou-footnote-2">
+            [2] This includes whether the transfer and further processing involves personal data revealing racial or
+            ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic
+            data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a
+            person’s sex life or sexual orientation, or data relating to criminal convictions or offences.
+          </p>
         </v-col>
       </v-row>
     </v-container>
@@ -1018,4 +1082,12 @@ export default {
 </script>
 
 <style scoped>
+h3 {
+  margin-top: 8px;
+}
+
+h4,
+h5 {
+  margin-top: 4px;
+}
 </style>

From 2e5c5e9d6050f06490dc46cb15076bcf2e152c35 Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 14:50:18 +0200
Subject: [PATCH 10/18] add footnote backlinks

---
 src/components/Pages/TermsOfUseUpcoming.vue | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index 0a8e479c..36743a44 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -734,7 +734,7 @@
           <p>(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of
             Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
             natural persons with regard to the processing of personal data and on the free movement of such data
-            (General Data Protection Regulation)<router-link :to="{ hash: '#tou-footnote-1' }">[1]</router-link> for the
+            (General Data Protection Regulation)<router-link :to="{ hash: '#tou-footnote-1' }" id="tou-footnote-link-1">[1]</router-link> for the
             transfer of personal data to a third country.</p>
           <p>(b) The Parties:</p>
           <div class="pl-8">
@@ -898,7 +898,7 @@
               accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter
               “personal data breach”). In assessing the appropriate level of security, they shall take due account of
               the state of the art, the costs of implementation, the nature of the personal data<router-link
-                :to="{ hash: '#tou-footnote-2' }">[2]</router-link>, the nature, scope, context and purpose(s) of
+                :to="{ hash: '#tou-footnote-2' }" id="tou-footnote-link-2">[2]</router-link>, the nature, scope, context and purpose(s) of
               processing and the risks involved in the processing for the data subjects, and in particular consider
               having recourse to encryption or pseudonymisation, including during transmission, where the purpose of
               processing can be fulfilled in that manner.
@@ -1050,7 +1050,7 @@
           <v-divider class="my-4" />
 
           <p id="tou-footnote-1">
-            [1] Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union
+            <router-link :to="{ hash: '#tou-footnote-link-1' }">[1]</router-link> Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union
             institution or body as controller, reliance on these Clauses when engaging another processor
             (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of
             Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection
@@ -1063,7 +1063,7 @@
           </p>
 
           <p id="tou-footnote-2">
-            [2] This includes whether the transfer and further processing involves personal data revealing racial or
+            <router-link :to="{ hash: '#tou-footnote-link-2' }">[2]</router-link> This includes whether the transfer and further processing involves personal data revealing racial or
             ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic
             data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a
             person’s sex life or sexual orientation, or data relating to criminal convictions or offences.

From 046a60c2603a35c8f872abd4c6d561844b9d1da2 Mon Sep 17 00:00:00 2001
From: dena <dena@wikimedia.de>
Date: Tue, 2 Jun 2026 15:05:24 +0200
Subject: [PATCH 11/18] formatting

---
 src/components/Pages/TermsOfUseUpcoming.vue | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index 36743a44..f6b5fb67 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -734,7 +734,8 @@
           <p>(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of
             Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
             natural persons with regard to the processing of personal data and on the free movement of such data
-            (General Data Protection Regulation)<router-link :to="{ hash: '#tou-footnote-1' }" id="tou-footnote-link-1">[1]</router-link> for the
+            (General Data Protection Regulation)<router-link :to="{ hash: '#tou-footnote-1' }"
+              id="tou-footnote-link-1">[1]</router-link> for the
             transfer of personal data to a third country.</p>
           <p>(b) The Parties:</p>
           <div class="pl-8">
@@ -898,7 +899,8 @@
               accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter
               “personal data breach”). In assessing the appropriate level of security, they shall take due account of
               the state of the art, the costs of implementation, the nature of the personal data<router-link
-                :to="{ hash: '#tou-footnote-2' }" id="tou-footnote-link-2">[2]</router-link>, the nature, scope, context and purpose(s) of
+                :to="{ hash: '#tou-footnote-2' }" id="tou-footnote-link-2">[2]</router-link>, the nature, scope, context
+              and purpose(s) of
               processing and the risks involved in the processing for the data subjects, and in particular consider
               having recourse to encryption or pseudonymisation, including during transmission, where the purpose of
               processing can be fulfilled in that manner.
@@ -1050,7 +1052,8 @@
           <v-divider class="my-4" />
 
           <p id="tou-footnote-1">
-            <router-link :to="{ hash: '#tou-footnote-link-1' }">[1]</router-link> Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union
+            <router-link :to="{ hash: '#tou-footnote-link-1' }">[1]</router-link> Where the data exporter is a processor
+            subject to Regulation (EU) 2016/679 acting on behalf of a Union
             institution or body as controller, reliance on these Clauses when engaging another processor
             (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of
             Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection
@@ -1063,7 +1066,8 @@
           </p>
 
           <p id="tou-footnote-2">
-            <router-link :to="{ hash: '#tou-footnote-link-2' }">[2]</router-link> This includes whether the transfer and further processing involves personal data revealing racial or
+            <router-link :to="{ hash: '#tou-footnote-link-2' }">[2]</router-link> This includes whether the transfer and
+            further processing involves personal data revealing racial or
             ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic
             data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a
             person’s sex life or sexual orientation, or data relating to criminal convictions or offences.

From f7729cc689981771944fe9b466aa0418e5a0fc09 Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Tue, 2 Jun 2026 20:20:29 +0200
Subject: [PATCH 12/18] Add what changed from previous version card

---
 src/components/Pages/TermsOfUseUpcoming.vue | 55 ++++++++++++++++++++-
 src/router/index.js                         |  2 +-
 2 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUseUpcoming.vue
index f6b5fb67..cce3b8f9 100644
--- a/src/components/Pages/TermsOfUseUpcoming.vue
+++ b/src/components/Pages/TermsOfUseUpcoming.vue
@@ -3,6 +3,51 @@
     <v-container class="fill-height" fluid>
       <v-row justify="center">
         <v-col cols="8">
+          <v-card class="mx-auto" color="light-blue">
+            <v-card-title>
+              What changed from <a> previous version</a>
+            </v-card-title>
+
+            <v-card-text>
+              <p>The Terms of Use were revised to ensure compliance with the European Union’s
+              Digital Services Act (DSA) and to improve transparency about how Wikibase Cloud
+                operates.</p>
+              <v-expand-transition>
+                <div v-if="show || !isMobile">
+                  Key updates:
+                  <ul>
+                    <li>
+                      We have clarified when and how user accounts or individual instances may
+                      be suspended or terminated, including notice periods and proportionality
+                      principles.
+                    </li>
+                    <li>
+                      The new version explains more clearly how decisions are made, including
+                      how users can raise concerns or file complaints about moderation actions.
+                    </li>
+                    <li>
+                      The responsibilities of instance managers and contributors are described
+                      in more detail.
+                    </li>
+                    <li>
+                      The Terms now explicitly reference applicable GDPR requirements.
+                    </li>
+                    <li>
+                      The document has been reorganized and clarified.
+                    </li>
+                  </ul>
+                </div>
+              </v-expand-transition>
+            </v-card-text>
+            <v-card-actions v-if="isMobile">
+              <v-btn
+                variant="text"
+                @click="show = !show"
+              >
+                {{ show ? 'See less' : 'See more' }}
+              </v-btn>
+            </v-card-actions>
+          </v-card>
           <h1>Terms Of Use</h1>
           <h2>1. Definitions</h2>
           <p>In addition to terms defined elsewhere in this
@@ -1081,7 +1126,15 @@
 <script>
 export default {
   name: 'TermsOfUseUpcoming',
-  computed: {},
+  computed: {
+    isMobile() {
+       return this.$vuetify.breakpoint.smAndDown
+    }
+  },
+  data: () => ({
+    show: false,
+  }),
+
 }
 </script>
 
diff --git a/src/router/index.js b/src/router/index.js
index 3fefe9ca..8e0be6a1 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -20,7 +20,7 @@ import User from '@/components/Pages/User'
 import Discovery from '@/components/Pages/Discovery/Discovery'
 import Complaint from '@/components/Pages/Complaint.vue'
 import HostingPolicy from '@/components/Pages/HostingPolicy.vue'
-import TermsOfUseUpcoming from "@/components/Pages/TermsOfUseUpcoming.vue";
+import TermsOfUseUpcoming from '@/components/Pages/TermsOfUseUpcoming.vue'
 
 Vue.use(Router)
 

From 2d0a5780498193e067d8f403d84a4d0c1efb10df Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Thu, 4 Jun 2026 11:16:38 +0200
Subject: [PATCH 13/18] Move all ToU versions to a ToU folder

---
 .../Pages/{TermsOfUse.vue => TermsOfUse/Current.vue}          | 0
 .../Pages/{TermsOfUseUpcoming.vue => TermsOfUse/Upcoming.vue} | 0
 src/router/index.js                                           | 4 ++--
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename src/components/Pages/{TermsOfUse.vue => TermsOfUse/Current.vue} (100%)
 rename src/components/Pages/{TermsOfUseUpcoming.vue => TermsOfUse/Upcoming.vue} (100%)

diff --git a/src/components/Pages/TermsOfUse.vue b/src/components/Pages/TermsOfUse/Current.vue
similarity index 100%
rename from src/components/Pages/TermsOfUse.vue
rename to src/components/Pages/TermsOfUse/Current.vue
diff --git a/src/components/Pages/TermsOfUseUpcoming.vue b/src/components/Pages/TermsOfUse/Upcoming.vue
similarity index 100%
rename from src/components/Pages/TermsOfUseUpcoming.vue
rename to src/components/Pages/TermsOfUse/Upcoming.vue
diff --git a/src/router/index.js b/src/router/index.js
index 8e0be6a1..4af22226 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -14,13 +14,13 @@ import ResetPassword from '@/components/Pages/ResetPassword'
 import EmailVerification from '@/components/Pages/EmailVerification'
 import CreateWiki from '@/components/Pages/CreateWiki'
 import TabSettings from '@/components/Pages/ManageWiki/TabSettings'
-import TermsOfUse from '@/components/Pages/TermsOfUse'
+import TermsOfUse from '@/components/Pages/TermsOfUse/Current.vue'
 import Privacy from '@/components/Pages/Privacy/Privacy'
 import User from '@/components/Pages/User'
 import Discovery from '@/components/Pages/Discovery/Discovery'
 import Complaint from '@/components/Pages/Complaint.vue'
 import HostingPolicy from '@/components/Pages/HostingPolicy.vue'
-import TermsOfUseUpcoming from '@/components/Pages/TermsOfUseUpcoming.vue'
+import TermsOfUseUpcoming from '@/components/Pages/TermsOfUse/Upcoming.vue'
 
 Vue.use(Router)
 

From a072ef1a5f1d8d1eb32bb319a6a972dc52baee81 Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Thu, 4 Jun 2026 12:43:55 +0200
Subject: [PATCH 14/18] fix card style and color

---
 src/components/Pages/TermsOfUse/Upcoming.vue | 29 +++++++++++---------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/src/components/Pages/TermsOfUse/Upcoming.vue b/src/components/Pages/TermsOfUse/Upcoming.vue
index cce3b8f9..946bc1df 100644
--- a/src/components/Pages/TermsOfUse/Upcoming.vue
+++ b/src/components/Pages/TermsOfUse/Upcoming.vue
@@ -1,19 +1,22 @@
-<template>
+<template xmlns="http://www.w3.org/1999/html">
   <v-main>
     <v-container class="fill-height" fluid>
       <v-row justify="center">
-        <v-col cols="8">
-          <v-card class="mx-auto" color="light-blue">
-            <v-card-title>
-              What changed from <a> previous version</a>
+        <v-col cols="12">
+          <h1>Terms Of Use</h1>
+          <p>last updated on: November 9, 2025</p>
+          <v-card class="mx-auto card-design text--info">
+            <v-card-title class="text--primary">
+              <span>What changed from <a> previous version</a></span>
             </v-card-title>
 
             <v-card-text>
-              <p>The Terms of Use were revised to ensure compliance with the European Union’s
-              Digital Services Act (DSA) and to improve transparency about how Wikibase Cloud
-                operates.</p>
+              The Terms of Use were revised to ensure compliance with the
+              European Union’s Digital Services Act (DSA) and to
               <v-expand-transition>
                 <div v-if="show || !isMobile">
+                  improve transparency about how Wikibase Cloud
+                  operates.<br /><br/>
                   Key updates:
                   <ul>
                     <li>
@@ -41,14 +44,14 @@
             </v-card-text>
             <v-card-actions v-if="isMobile">
               <v-btn
-                variant="text"
+                class=""
+                text
                 @click="show = !show"
               >
                 {{ show ? 'See less' : 'See more' }}
               </v-btn>
             </v-card-actions>
           </v-card>
-          <h1>Terms Of Use</h1>
           <h2>1. Definitions</h2>
           <p>In addition to terms defined elsewhere in this
             Agreement, the following terms have the following meanings:</p>
@@ -369,7 +372,6 @@
             the Parties existing at the time when these Clauses are agreed or
             entered into thereafter, these Clauses shall prevail.</p>
 
-
           <h3>SECTION II &mdash; OBLIGATIONS OF THE PARTIES</h3>
 
           <h4>Clause 5 &mdash; Description of processing(s)</h4>
@@ -1046,7 +1048,6 @@
               of personal data under these Clauses, where:
             </li>
 
-
             <ul>
               <li>
                 (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to
@@ -1134,7 +1135,6 @@ export default {
   data: () => ({
     show: false,
   }),
-
 }
 </script>
 
@@ -1147,4 +1147,7 @@ h4,
 h5 {
   margin-top: 4px;
 }
+.card-design {
+  background-color: #E5EDF6 !important;
+}
 </style>

From 244a8b0a87307a149f41bf58910fd913e861eb4d Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Fri, 5 Jun 2026 09:57:38 +0200
Subject: [PATCH 15/18] Remove v-card and use v-alert and add css classes

---
 src/components/Pages/TermsOfUse/Upcoming.vue | 64 +++++++++++---------
 1 file changed, 35 insertions(+), 29 deletions(-)

diff --git a/src/components/Pages/TermsOfUse/Upcoming.vue b/src/components/Pages/TermsOfUse/Upcoming.vue
index 946bc1df..a8b13589 100644
--- a/src/components/Pages/TermsOfUse/Upcoming.vue
+++ b/src/components/Pages/TermsOfUse/Upcoming.vue
@@ -4,33 +4,30 @@
       <v-row justify="center">
         <v-col cols="12">
           <h1>Terms Of Use</h1>
-          <p>last updated on: November 9, 2025</p>
-          <v-card class="mx-auto card-design text--info">
-            <v-card-title class="text--primary">
-              <span>What changed from <a> previous version</a></span>
-            </v-card-title>
-
-            <v-card-text>
-              The Terms of Use were revised to ensure compliance with the
-              European Union’s Digital Services Act (DSA) and to
-              <v-expand-transition>
-                <div v-if="show || !isMobile">
-                  improve transparency about how Wikibase Cloud
-                  operates.<br /><br/>
-                  Key updates:
+          <p class="grey--text text--darken-1">last updated on: November 9, 2025</p>
+          <v-alert
+            text
+            color="info"
+          >
+            <div class="text-h6 mb-3 blue--text text--darken-2">
+              What changed from <a class=""><u>previous version</u></a></div>
+            <p>The Terms of Use were revised to ensure compliance with the European Union’s
+              Digital Services Act (DSA) and to improve transparency about how Wikibase Cloud operates.</p>
+            <v-expand-transition>
+              <div v-if="show || !isMobile">
+                <div>
+                  <div>Key updates:</div>
                   <ul>
                     <li>
-                      We have clarified when and how user accounts or individual instances may
-                      be suspended or terminated, including notice periods and proportionality
-                      principles.
+                      We have clarified when and how user accounts or individual instances
+                      may be suspended or terminated.
                     </li>
                     <li>
-                      The new version explains more clearly how decisions are made, including
-                      how users can raise concerns or file complaints about moderation actions.
+                      The new version explains more clearly how decisions are made.
                     </li>
                     <li>
-                      The responsibilities of instance managers and contributors are described
-                      in more detail.
+                      The responsibilities of instance managers and contributors are
+                      described in more detail.
                     </li>
                     <li>
                       The Terms now explicitly reference applicable GDPR requirements.
@@ -40,19 +37,28 @@
                     </li>
                   </ul>
                 </div>
-              </v-expand-transition>
-            </v-card-text>
-            <v-card-actions v-if="isMobile">
+              </div>
+            </v-expand-transition>
+
+            <div v-if="isMobile" class="mt-2 d-flex justify-space-between">
               <v-btn
-                class=""
                 text
+                class="blue--text text-darken-2"
+                variant="text"
+                size="small"
                 @click="show = !show"
               >
                 {{ show ? 'See less' : 'See more' }}
               </v-btn>
-            </v-card-actions>
-          </v-card>
-          <h2>1. Definitions</h2>
+              <v-btn
+                class="pa-2 mt-auto d-flex justify-end"
+                icon
+                @click="show = !show"
+              >
+                <v-icon>{{ show ? 'mdi-chevron-up' : 'mdi-chevron-down' }}</v-icon>
+              </v-btn>
+            </div>
+          </v-alert>          <h2>1. Definitions</h2>
           <p>In addition to terms defined elsewhere in this
             Agreement, the following terms have the following meanings:</p>
           <p>1.1 “Manager Account” or “Account”: The personal Account provided by Wikibase.cloud
@@ -1129,7 +1135,7 @@ export default {
   name: 'TermsOfUseUpcoming',
   computed: {
     isMobile() {
-       return this.$vuetify.breakpoint.smAndDown
+       return this.$vuetify.breakpoint.xs
     }
   },
   data: () => ({

From ff9a878798b4e03d403291be511dbab32f7df496 Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Fri, 5 Jun 2026 10:16:10 +0200
Subject: [PATCH 16/18] Fix linting

---
 src/components/Pages/TermsOfUse/Upcoming.vue | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/components/Pages/TermsOfUse/Upcoming.vue b/src/components/Pages/TermsOfUse/Upcoming.vue
index a8b13589..34ab8ed6 100644
--- a/src/components/Pages/TermsOfUse/Upcoming.vue
+++ b/src/components/Pages/TermsOfUse/Upcoming.vue
@@ -907,7 +907,6 @@
             </li>
           </ul>
 
-
           <h3>SECTION II &mdash; OBLIGATIONS OF THE PARTIES</h3>
 
           <h4>
@@ -1134,9 +1133,9 @@
 export default {
   name: 'TermsOfUseUpcoming',
   computed: {
-    isMobile() {
-       return this.$vuetify.breakpoint.xs
-    }
+    isMobile () {
+      return this.$vuetify.breakpoint.xs
+    },
   },
   data: () => ({
     show: false,

From 396974dd247dcd6bb1b05c9a3b7d2502c50da988 Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Fri, 5 Jun 2026 10:41:36 +0200
Subject: [PATCH 17/18] Fix linting

---
 src/components/Pages/TermsOfUse/Upcoming.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/Pages/TermsOfUse/Upcoming.vue b/src/components/Pages/TermsOfUse/Upcoming.vue
index 34ab8ed6..97187ebe 100644
--- a/src/components/Pages/TermsOfUse/Upcoming.vue
+++ b/src/components/Pages/TermsOfUse/Upcoming.vue
@@ -1,4 +1,4 @@
-<template xmlns="http://www.w3.org/1999/html">
+<template>
   <v-main>
     <v-container class="fill-height" fluid>
       <v-row justify="center">

From ff4de8c5e17356d88de1d2aeb0b19a7de530a740 Mon Sep 17 00:00:00 2001
From: Perside Rosalie <perside.rosalie@wikimedia.de>
Date: Fri, 5 Jun 2026 15:26:18 +0200
Subject: [PATCH 18/18] Apply the color as on the figma design

---
 src/components/Pages/TermsOfUse/Upcoming.vue | 98 ++++++++++----------
 1 file changed, 51 insertions(+), 47 deletions(-)

diff --git a/src/components/Pages/TermsOfUse/Upcoming.vue b/src/components/Pages/TermsOfUse/Upcoming.vue
index 97187ebe..66554161 100644
--- a/src/components/Pages/TermsOfUse/Upcoming.vue
+++ b/src/components/Pages/TermsOfUse/Upcoming.vue
@@ -9,55 +9,59 @@
             text
             color="info"
           >
-            <div class="text-h6 mb-3 blue--text text--darken-2">
-              What changed from <a class=""><u>previous version</u></a></div>
-            <p>The Terms of Use were revised to ensure compliance with the European Union’s
-              Digital Services Act (DSA) and to improve transparency about how Wikibase Cloud operates.</p>
-            <v-expand-transition>
-              <div v-if="show || !isMobile">
-                <div>
-                  <div>Key updates:</div>
-                  <ul>
-                    <li>
-                      We have clarified when and how user accounts or individual instances
-                      may be suspended or terminated.
-                    </li>
-                    <li>
-                      The new version explains more clearly how decisions are made.
-                    </li>
-                    <li>
-                      The responsibilities of instance managers and contributors are
-                      described in more detail.
-                    </li>
-                    <li>
-                      The Terms now explicitly reference applicable GDPR requirements.
-                    </li>
-                    <li>
-                      The document has been reorganized and clarified.
-                    </li>
-                  </ul>
-                </div>
+            <div class="light-blue--text text--darken-4">
+              <div class="text-h6 mb-3">What changed from
+                <router-link class="text-decoration-none light-blue--text text--darken-4" to="/terms-of-use">
+                  previous version</router-link>
               </div>
-            </v-expand-transition>
-
-            <div v-if="isMobile" class="mt-2 d-flex justify-space-between">
-              <v-btn
-                text
-                class="blue--text text-darken-2"
-                variant="text"
-                size="small"
-                @click="show = !show"
-              >
-                {{ show ? 'See less' : 'See more' }}
-              </v-btn>
-              <v-btn
-                class="pa-2 mt-auto d-flex justify-end"
-                icon
-                @click="show = !show"
-              >
-                <v-icon>{{ show ? 'mdi-chevron-up' : 'mdi-chevron-down' }}</v-icon>
-              </v-btn>
+              <p>The Terms of Use were revised to ensure compliance with the European Union’s
+                Digital Services Act (DSA) and to improve transparency about how Wikibase Cloud operates.</p>
+              <v-expand-transition>
+                <div v-if="show || !isMobile">
+                  <div>
+                    <div>Key updates:</div>
+                    <ul>
+                      <li>
+                        We have clarified when and how user accounts or individual instances
+                        may be suspended or terminated.
+                      </li>
+                      <li>
+                        The new version explains more clearly how decisions are made.
+                      </li>
+                      <li>
+                        The responsibilities of instance managers and contributors are
+                        described in more detail.
+                      </li>
+                      <li>
+                        The Terms now explicitly reference applicable GDPR requirements.
+                      </li>
+                      <li>
+                        The document has been reorganized and clarified.
+                      </li>
+                    </ul>
+                  </div>
+                </div>
+              </v-expand-transition>
             </div>
+
+              <div v-if="isMobile" class="mt-2 d-flex justify-space-between">
+                <v-btn
+                  text
+                  class="light-blue--text text-darken-2"
+                  variant="text"
+                  size="small"
+                  @click="show = !show"
+                >
+                  {{ show ? 'See less' : 'See more' }}
+                </v-btn>
+                <v-btn
+                  class="pa-2 mt-auto d-flex justify-end"
+                  icon
+                  @click="show = !show"
+                >
+                  <v-icon>{{ show ? 'mdi-chevron-up' : 'mdi-chevron-down' }}</v-icon>
+                </v-btn>
+              </div>
           </v-alert>          <h2>1. Definitions</h2>
           <p>In addition to terms defined elsewhere in this
             Agreement, the following terms have the following meanings:</p>