Infrastructure

"5.2 The Customer hereby warrants that it has the consent of the users to disclose their personal data to the Supplier for the purpose of using the service and that for the same purpose the users have agreed that their personal data may be transferred to territories outside the EEA."

That could be a problem no ?

"5.4 The Customer agrees that the Supplier may, without notice to the Customer, report to the appropriate authorities any conduct by the Customer or any of the Customer's customers or end users that the Supplier believes violates applicable law, and provide any information that it has about the Customer or any of its customers or end users in response to a formal or informal request from a law enforcement or regulatory agency or in response to a formal request in a civil action that on its face meets the requirements for such a request."

that is even a bigger problem: "appropriate authorities" is not defined
"the Supplier believes violates applicable law, " that is vague too...

"response to a formal or informal request "
that is way too lax.
if basically say that any 'law enforcement or regulatory agency' of unspecified jurisdiction can give them a call and get whatever they want.

It also means that in civil action there is no requirement for a judge supervised subpoena , just the supplier gut feeling that it 'looks' legit.

Anyhow.. I always read contract in the worse possible way... and I suppose, as CDN goes they are not that bad....
The question become: do we actually really need a CDN ? does forcing our European user from availing themselves of EU privacy laws is worth whatever gain is expected?
is it possible to limit the cdn to outside-EU connection ? (clearly UK is not really in the EU :-) )

With the points that Norbert point out, I would be very careful using this service. Being in Europe I am keen to protect my privacy rights.

If we use the service, we should use it with a special org. user, that do not have any special data connected to it.