MASTER SUBSCRIPTION AGREEMENT

THIS MASTER SUBSCRIPTION AGREEMENT (“AGREEMENT”) IS BETWEEN YOU AND CHILI PIPER, INC., A DELAWARE CORPORATION, AND THIS AGREEMENT GOVERNS YOUR ACQUISITION AND USE OF OUR SERVICES.

BY STARTING USING OUR SERVICES, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

You may not access the Services if You are Our direct competitor, except with Our prior written consent. In addition, You may not access the Services for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.

This Agreement was last updated on September 3, 2018. It is effective between You and Us as of the date of You accepting this Agreement by starting using or continuing to use the Services.

  1. DEFINITIONS

“Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Documentation” means the Service Description, user guides, blog posts, and other technical and operations documents and specifications for the Services located on the domain chilipiper.com, as updated from time to time. You acknowledge that You have had the opportunity to review the Documentation.

“Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.

“Services” means the products and services made available by Us online via the customer login link at https://www.chilipiper.com and/ or other web pages designated by Us, including associated offline components, as described in the Documentation. “Services” exclude Third-Party Applications.

“Subscription” means a subscription to the Services based on the Services offerings and prices listed at https://www.chilipiper.com/pricing/

“Order Form” means the invoice or online form used for placing orders, including the type and number of Subscriptions.

“Subscription Term” means the term of a Subscription as set forth in the applicable Order Form.

“Service Description” means the description of the features, functions, pricing, limitations, and restrictions (including acceptable use policies and the service terms for specific Services) associated with a Service and located at https://www.chilipiper.com, as updated from time to time.

“Third-Party Applications” means online applications and offline software products that are provided by entities or individuals other than Us and are clearly identified as such, and that interoperate with the Services.

“Users” means individuals who are authorized by You to use the Services, for whom subscriptions to a Service have been ordered. Users may include but are not limited to Your employees, consultants, contractors and agents, and third parties with which You transact business.

“We,” “Us” or “Our” means Chili Piper, Inc.

“You” or “Your” means the company or other legal entity for which you are accepting this Agreement, and Affiliates of that company or entity.

“Your Data” means all electronic data or information submitted by You to, or made available by You to and collected by Us as part of, the Purchased Services.

“Your Systems” means the systems, tools or applications (including those developed by, or licensed from, a third party) made available by You to the Services.

2.PROVISION OF SERVICES

We shall make the purchased Services available to You pursuant to this Agreement and the relevant Order Forms during a Subscription Term. You agree that Your purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by Us regarding future functionality or features.

3.SUBSCRIPTIONS.

Unless otherwise specified in the applicable Order Form, (i) Services are purchased as Subscriptions and may be accessed by no more than the specified number of Users specified in the Order Form, (ii) additional Subscriptions may be added during the applicable Subscription Term at the same pricing as that for the pre-existing Subscriptions thereunder, prorated for the remainder of the Subscription Term in effect at the time the additional Subscriptions are added, and (iii) the added Subscriptions shall terminate on the same date as the pre-existing Subscriptions. Unless otherwise specified in the applicable Order Form, Subscriptions are for designated Users only and cannot be shared or used by more than one User but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Services.

  1. USE OF THE SERVICES

4.1. Our Responsibilities.

We shall: (i) provide Our basic support for the purchased Services to You at no additional charge, and/or upgraded support if purchased separately, (ii) use commercially reasonable efforts to make the purchased Services available 24 hours a day, 7 days a week, except for: (a) planned downtime (of which We shall give at least 8 hours notice via the purchased Services and which We shall schedule to the extent practicable during the hours from 9:00 p.m. to 6:00 a.m. Eastern Time), or (b) any unavailability caused by circumstances beyond Our reasonable control, including without limitation, acts of God, acts of government, floods, fires, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Our employees), Internet service provider failures or delays, or denial of service attacks, and (iii) provide the purchased Services only in accordance with applicable laws and government regulations.

4.2. Your Responsibilities.

You shall: (i) be responsible for Users’ compliance with this Agreement, (ii) be responsible for the accuracy, quality and legality of Your Data and of the means by which You acquired Your Data, (iii) be responsible for ensuring that Your Systems meet the specifications set forth in the Documentation, (iv) be responsible for providing Us with the right to access and use Your Data and Your Systems, solely as necessary for Us to provide the Services in accordance with this Agreement, (v) use commercially reasonable efforts to prevent unauthorized access to or use of the Services, and notify Us promptly of any such unauthorized access or use, and (vi) use the Services only in accordance with the Documentation and applicable laws and government regulations. You shall not: (a) make the Services available to anyone other than Users, (b) sell, resell, rent or lease the Services, (c) use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use the Services to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of the Services or third-party data contained therein, or (f) attempt to gain unauthorized access to the Services or their related systems or networks.

4.3. Usage Limitations.

Services may be subject to other limitations, such as, for example, limits on disk storage space, API usage and other limitations as specified in the Documentation.

  1. DATA PROTECTION

5.1. Our Protection of Your Data.

We shall design, engineer and maintain appropriate administrative, physical, and technical safeguards, in accordance with industry practice, for protection of the security, confidentiality and integrity of Your Data. We shall not: (a) modify Your Data, (b) disclose Your Data except as compelled by law in accordance with Section 6.3 (Compelled Disclosure) or as expressly permitted in writing by You, or (c) access Your Data except to provide the Services and prevent or address service or technical problems, or at Your request in connection with customer support matters.

5.2. Our Limited Rights to Your Data and Systems.

Subject to the limited rights granted by You hereunder, We acquire no right, title or interest from You or Your licensors under this Agreement in or to Your Data or Your Systems, including any intellectual property rights therein.

5.3. Processing subject to EU General Data Protection Regulation

Notwithstanding the aforementioned, if you as a data controller are subject to the EU General Data Protection Regulation, Regulation (EU) 2016/679, Parties have agreed to enter into a data processor agreement prior to any processing of Your Data. The data processor agreement is attached to this Agreement (Exhibit A) and together with its annexes, forms an integral part of this Agreement.

  1. CONFIDENTIALITY

6.1. Definition of Confidential Information.

As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information shall include Your Data and Your Systems; Our Confidential Information shall include the Services; and Confidential Information of each party shall include the terms and conditions of this Agreement and all Order Forms, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information (other than Your Data and Your Systems) shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

6.2. Protection of Confidential Information.

The Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. Neither party shall disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates and their legal counsel and accountants without the other party’s prior written consent.

6.3. Compelled Disclosure.

The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.

  1. THIRD-PARTY APPLICATIONS

The Services may contain features designed to interoperate with Third-Party Applications (e.g., Salesforce, Google, LinkedIn or Twitter applications). To use such features, You may be required to obtain access to such Third-Party Applications from their providers. If the provider of any such Third-Party Application ceases to make the Third-Party Application available for interoperation with the corresponding Service features on reasonable terms, We may cease providing such Service features without entitling You to any refund, credit, or other compensation.

  1. FEES AND PAYMENT FOR PURCHASED SERVICES

8.1. Fees.

You shall pay all fees specified in all Order Forms hereunder. Except as otherwise specified herein or in an Order Form, (i) fees are based on Subscriptions purchased and not actual usage, (ii) payment obligations are non-cancelable and fees paid are non-refundable, and (iii) the number of Subscriptions purchased cannot be decreased during the relevant Subscription Term stated on the Order Form. Unless specified otherwise in the applicable Order Form, Subscription fees are based on annual periods that begin on the subscription start date and each anniversary thereof; therefore, fees for Subscriptions added in the middle of a monthly period will be charged for that full monthly period and the monthly periods remaining in the Subscription Term.

8.2. Invoicing and Payment.

If You provide credit card information to Us, You authorize Us to charge such credit card for all Subscriptions listed in the Order Form for the initial Subscription Term and any renewal Subscription Term(s) as set forth in Section 13.2 (Term of Purchased Subscriptions). Such charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. If the Order Form specifies that payment will be by a method other than a credit card, We will invoice You in advance and otherwise in accordance with the relevant Order Form. Subscriptions will only become active upon payment receipt. You are responsible for providing complete and accurate billing and contact information to Us and notifying Us of any changes to such information.

8.3. Overdue Charges & Suspension of Service.

If any charges are not received from You by the due date, then at Our discretion, (a) such charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid, and/or (b) we may suspend Our services to You until such charges are paid in full. We will give You at least 5 days’ prior notice that Your account is overdue, in accordance with Section 14.1 (Manner of Giving Notice), before suspending services to You.

8.4. Payment Disputes.

We shall not exercise Our rights under Section 8.3 (Overdue Charges & Suspension of Service) if You are disputing the applicable charges reasonably and in good faith and are cooperating diligently to resolve the dispute.

8.5. Taxes.

Unless otherwise stated, Our fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”). You are responsible for paying all Taxes associated with Your purchases hereunder. If We have the legal obligation to pay or collect Taxes for which You are responsible under this paragraph, the appropriate amount shall be invoiced to and paid by You, unless You provide Us with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, We are solely responsible for taxes assessable against Us based on Our income, property and employees.

  1. PROPRIETARY RIGHTS

9.1. Reservation of Rights in Services.

Subject to the limited rights expressly granted hereunder, We reserve all rights, title and interest in and to the Services, including all related intellectual property rights. No rights are granted to You hereunder other than as expressly set forth herein.

9.2. Restrictions.

You shall not: (i) permit any third party to access the Services except as permitted herein or in an Order Form, (ii) create derivate works based on the Services except as authorized herein, (iii) copy, frame or mirror any part or content of the Services, other than copying or framing on Your own intranets or otherwise for Your own internal business purposes, (iv) reverse engineer the Services, or (v) access the Services in order to: (a) build a competitive product or service, or (b) copy any features, functions or graphics of the Services.

9.3. Your Applications and Code.

If You, a third party acting on Your behalf, or a User creates applications or program code using the Services, You authorize Us to host, copy, transmit, display and adapt such applications and program code, solely as necessary for Us to provide the Services in accordance with this Agreement. Subject to the above, We acquire no right, title or interest from You or Your licensors under this Agreement in or to such applications or program code, including any intellectual property rights therein.

9.4. Suggestions.

We shall have a royalty-free, worldwide, irrevocable, perpetual license to use and incorporate into the Services any suggestions, enhancement requests, recommendations or other feedback provided by You, including Users, relating to the operation of the Services.

9.5. Federal Government End Use Provisions.

We provide the Services, including related software and technology, for ultimate federal government end use solely in accordance with the following: Government technical data and software rights related to the Services include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency has a need for rights not conveyed under these terms, it must negotiate with Us to determine if there are acceptable terms for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable contract or agreement.

  1. WARRANTIES AND DISCLAIMERS

10.1. Our Warranties.

We warrant that: (i) We have validly entered into this Agreement and have the legal power to do so, (ii) the Services shall perform materially in accordance with the Documentation, and (iii) subject to Section 7 (Third-Party Applications), the functionality of the Services will not be materially decreased during a Subscription Term. For any breach of a warranty above, Your exclusive remedy shall be as provided in Section 13.3 (Termination for Cause) and Section 13.4 (Refund or Payment upon Termination) below.

10.2. Your Warranties.

You warrant that You have validly entered into this Agreement and have the legal power to do so.

10.3. Disclaimer.

EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

10.4. Beta Services.

From time to time We may invite You to try, at no charge, Our products or services that are not generally available to Our customers (“Beta Services”). You may accept or decline any such trial in Your sole discretion. Any Beta Services will be clearly designated as beta, pilot, limited release, developer preview, non-production or by a description of similar import. Beta Services are provided for evaluation purposes and not for production use, are not supported, may contain bugs or errors, and may be subject to additional terms. BETA SERVICES ARE NOT CONSIDERED “SERVICES” HEREUNDER AND ARE PROVIDED “AS IS” WITH NO EXPRESS OR IMPLIED WARRANTY. We may discontinue Beta Services at any time in Our sole discretion and may never reinstate them.

  1. MUTUAL INDEMNIFICATION

11.1. Indemnification by Us.

We shall defend You against any claim, demand, suit, or proceeding made or brought against You by a third party alleging that the use of the Services as permitted hereunder infringes or misappropriates the intellectual property rights of a third party (a “Claim Against You”), and shall indemnify You for any damages, attorney fees and costs finally awarded against You as a result of, and for amounts paid by You under a court-approved settlement of, a Claim Against You; provided that You: (a) promptly give Us written notice of the Claim Against You; (b) give Us sole control of the defense and settlement of the Claim Against You (provided that We may not settle any Claim Against You without your prior approval unless the settlement unconditionally releases You of all liability); and (c) provide to Us all reasonable assistance, at Our expense. In the event of a Claim Against You, or if We reasonably believe the Services may infringe or misappropriate, We may in Our discretion and at no cost to You: (i) modify the Services so that they no longer infringe or misappropriate, without breaching Our warranties under Section 10.1 (Our Warranties) above, (ii) obtain a license for Your continued use of the Services in accordance with this Agreement, or (iii) terminate Your Subscriptions for such Services upon 30 days’ written notice and refund to You any prepaid fees covering the remainder of the term of such User subscriptions after the effective date of termination.

11.2. Indemnification by You.

You shall defend Us against any claim, demand, suit or proceeding made or brought against Us by a third party alleging that Your Data, Our use of Your Systems to provide the Services in accordance with this Agreement, or Your use of the Services in breach of this Agreement, infringes or misappropriates the intellectual property rights of a third party or violates applicable law (a “Claim Against Us”), and shall indemnify Us for any damages, attorney fees and costs finally awarded against Us as a result of, or for any amounts paid by Us under a court-approved settlement of, a Claim Against Us; provided that We: (a) promptly give You written notice of the Claim Against Us; (b) give You sole control of the defense and settlement of the Claim Against Us (provided that You may not settle any Claim Against Us unless the settlement unconditionally releases Us of all liability); and (c) provide to You all reasonable assistance, at Your expense.

11.3. Exclusive Remedy.

This Section 11 (Mutual Indemnification) states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim described in this Section.

  1. LIMITATION OF LIABILITY

12.1. Limitation of Liability.

NEITHER PARTY’S LIABILITY WITH RESPECT TO ANY SINGLE INCIDENT ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) SHALL EXCEED THE LESSER OF $50,000 OR THE AMOUNT PAID BY YOU HEREUNDER IN THE 12 MONTHS PRECEDING THE INCIDENT, PROVIDED THAT IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID BY YOU HEREUNDER. THE FOREGOING SHALL NOT LIMIT YOUR PAYMENT OBLIGATIONS UNDER SECTION 8 (FEES AND PAYMENT FOR PURCHASED SERVICES).

12.2. Exclusion of Consequential and Related Damages.

IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

  1. TERM AND TERMINATION

13.1. Term of Agreement.

This Agreement commences on the date You accept it and continues until all Subscriptions granted in accordance with this Agreement have expired or been terminated.

13.2. Term of Purchased Subscriptions.

Subscriptions purchased by You are activated and commence upon payment receipt and continue for the Subscription Term specified therein. Except as otherwise specified in the applicable Order Form, all Subscriptions shall automatically renew for additional periods equal to the expiring Subscription Term or one year (whichever is shorter), unless either party gives the other notice of non-renewal at least 30 days before the end of the relevant subscription term. The per-unit pricing during any such renewal term shall be the same as that during the prior term unless We have given You written notice of a pricing change at least 30 days before the end of such prior term, in which case the pricing change shall be effective upon renewal and thereafter.

13.3. Termination for Cause.

A party may terminate this Agreement for cause: (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.

13.4. Refund or Payment upon Termination.

Upon any termination for cause by You, We shall refund You any prepaid fees covering the remainder of the term of all subscriptions after the effective date of termination. Upon any termination for cause by Us, You shall pay any unpaid fees covering the remainder of the term of all Order Forms after the effective date of termination. In no event shall any termination relieve You of the obligation to pay any fees payable to Us for the period prior to the effective date of termination.

13.5. Exporting Your Data upon Termination.

For a period of 30 days after the effective date of termination of a Purchased Services subscription, You will be able to access Your Data for purposes of exporting Your Data. After such 30-day period, We shall have no obligation to maintain or provide access to any of Your Data and shall thereafter, unless legally prohibited, delete all of Your Data in Our systems or otherwise in Our possession or under Our control. Therefore, You must export Your Data within 30 days after the effective date of termination or Your Data will be permanently lost.

13.6. Surviving Provisions.

Section 6 (Confidentiality), 8 (Fees and Payment for Purchased Services), 9 (Proprietary Rights), 10.3 (Disclaimer), 11 (Mutual Indemnification), 12 (Limitation of Liability), 13.4 (Refund or Payment upon Termination), 13.5 (Exporting Your Data upon Termination), 14 (Notices, Governing Law and Jurisdiction) and 15 (General Provisions) shall survive any termination or expiration of this Agreement.

  1. NOTICES, GOVERNING LAW AND JURISDICTION

14.1. Manner of Giving Notice.

Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after mailing, (iii) the second business day after sending by confirmed facsimile, or (iv) the first business day after sending by email (provided email shall not be sufficient for notices of termination or an indemnifiable claim). Billing-related notices to You shall be addressed to the relevant billing contact designated by You. All other notices to You shall be addressed to the relevant Services system administrator designated by You.

14.2. Governing Law and Jurisdiction.

This Agreement shall be interpreted, construed and enforced in all respects in accordance with the laws of the State of New York except for its conflicts of laws principles. Each party irrevocably consents and submits to the exclusive jurisdiction of the courts of any state or Federal court sitting in the Manhattan Borough of the City of New York in the State of New York, in connection with any action to enforce the provisions of this Agreement, to recover damages or other relief for breach or default under this Agreement, or otherwise arising under or by reason of this Agreement.

14.3. Waiver of Jury Trial.

Each party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.

  1. GENERAL PROVISIONS

15.1. Export Compliance.

The Services, other technology We make available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. You shall not permit Users to access or use Services in a U.S.-embargoed country (currently Cuba, Iran, North Korea, Sudan or Syria) or

in violation of any U.S. export law or regulation.

15.2. Anti-Corruption.

You have not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Our employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If You learn of any violation of the above restriction, You will use reasonable efforts to promptly notify Us (admin@floatingapps.com).

15.3. Relationship of the Parties.

The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

15.4. No Third-Party Beneficiaries.

There are no third-party beneficiaries to this Agreement.

15.5. Waiver.

No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.

15.6. Severability.

If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

15.7. Attorney Fees.

You shall pay on demand all of Our reasonable attorney fees and other costs incurred by Us to collect any fees or charges due Us under this Agreement following Your breach of Section 8.2 (Invoicing and Payment).

15.8. Assignment.

Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the other party. A party’s sole remedy for any purported assignment by the other party in breach of this paragraph shall be, at the non-assigning party’s election, termination of this Agreement upon written notice to the assigning party. In the event of such a termination, We shall refund to You any prepaid fees covering the remainder of the term of all subscriptions after the effective date of termination. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

15.9. Entire Agreement.

This Agreement, including all exhibits and addenda hereto and all Order Forms, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and either signed or accepted electronically. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum hereto or any Order Form, the terms of such exhibit, addendum or Order Form shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in Your purchase order or other order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

 

EXHIBIT A

DATA PROCESSOR AGREEMENT

This data processing agreement (the Processor Agreement) was entered into between:

  1. Chili Piper, Inc (Processor); and
  2. You (Controller),

hereinafter collectively referred to as Parties, each individually being a Party.

WHEREAS:

  1. Controller has appointed Processor to provide the Services, as defined in the Agreement and as further specified in Annex 1;
  2. Where providing the Services, Processor will process Personal Data (as defined below) on behalf of Controller within the meaning of the EU General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR and the processing of Personal Data: The Processing);
  3. Controller determines the purposes and means of the Processing;
  4. To be compliant with the requirements as set out in the GDPR, Parties would like to make written arrangements on the Processing;
  5. Parties therefore enter into this Processor Agreement;
  1. Interpretation
    1. In this Processor Agreement, unless otherwise expressly provided, capitalized terms shall have the meaning ascribed to such term in Section 1 of the Agreement.
    2. The headings in this Processor Agreement are for convenience only and shall not affect the interpretation of any provision of this Processor Agreement.
    3. The singular includes the plural and vice versa, and each gender includes the other gender.
    4. Recitals A up to and including E and the Annexes constitute an integral part of this Processor Agreement.
  2. Position of Parties; General Arrangements
    1. Controller is ‘controller’ and Processor is ‘processor’ within the meaning of the GDPR.
    2. Controller is responsible for the personal data, which will be provided to Processor in the context of the Processing and as part of the provision of the Services, including any updates or expansions of, or modifications or adjustments to the personal data (the Personal Data).
    3. Notwithstanding any entire agreement clauses as set out in the Agreement, Processor shall process the Personal Data in accordance with the written instructions (including e-mail) of Controller, and only for and in accordance with the means and purposes of the Processing as determined by Controller.
    4. Processor will not process Personal Data for its own purposes.
    5. Processor is authorized to engage with third parties for the Processing. Before Processor contracts with any third party, Processor shall inform Controller on any intended changes concerning the addition or replacement of the specific processor. Controller has the right to object to such changes. The current list of approved processors is attached as Annex 2.
    6. In case Processor engages with a sub-processor or other processor; this processor or sub-processor shall be bound to the same obligations as Processor is bound to under this Processor Agreement. In particular, the other processor or sub-processor has to provide sufficient guarantees on compliance with the GDPR.
    7. Controller acknowledges that Processor may transfer Personal Data to or access Personal Data from outside the European Economic Area (the EEA), including for storage. Controller is responsible for ensuring that such transfer outside the EEA is lawful vis-à-vis the data subjects and Controller shall provide confirmation thereof to Processor at Processor’s first request.
    8. On request, Processor shall reasonably assist Controller in fulfilling Controller’s obligations to respond to requests of data subjects exercising their rights under the GDPR.
  1. Term of the Processor Agreement
    1. In accordance with Section 13.1 of the Agreement, this Processor Agreement enters into force on the date the Controller accepted the Agreement.
    2. This Processor Agreement remains in effect for as long as Processor provides the Services. This Processor Agreement shall terminate automatically if and when the Agreement has ended.
    3. Parties cannot terminate, dissolve or annul this Processor Agreement as long as Processor provides the Services.
  1. Security
    1. Processor will implement appropriate technical and organizational measures to protect the Personal Data from loss, destruction, damage or any unlawful forms of processing. Taking into account the state of the art and the cost of their implementation, such technical and organizational measures shall guarantee a level of security appropriate to the risks represented by the Processing and the nature of the Personal Data.
    2. Processor warrants that every natural person acting under its authority and having access to the Personal Data shall only process the Personal Data under the authority of Processor and in accordance with this Processor Agreement.
    3. Processor will promptly notify Controller, after becoming aware of a personal data breach within the meaning of articles 33 and 34 GDPR respectively (a Data Breach). Processor will reasonably assist Controller on handling the Data Breach and will provide Controller with all reasonably necessary information regarding the Data Breach. Processor shall not be responsible for filing any notification or communicating with any data protection supervisory authority or data subjects.
    4. Examples of a Data Breach include but are not limited to any breach of security, the loss of a laptop, hardcopy file, smartphone, or USB-stick on which Personal Data has been stored, and the (knowingly or unknowingly) unauthorized sharing of Personal Data by employees of the Processor with third parties.
    5. In case of doubt as to whether a Data Breach occurred, Processor will notify Controller as if it were an actual Data Breach. Parties acknowledge that is better to report an incident that in retrospect did not qualify as a Data Breach, than to not report an incident that was a Data Breach.
  1. Confidentiality
    1. Processor is obliged to keep the Personal Data confidential and shall not disclose the Personal Data to any third parties (directly or indirectly), unless Processor is obliged to disclose the Personal Data on the basis of a statutory obligation, a court ruling or a request from a supervisory authority. If such is the case, Processor will only disclose Personal Data to the extent necessary to fulfil its obligations in this respect. Before disclosing the Personal Data, Processor will consult Controller about the intended disclosure, unless Processor is not allowed to do so on the basis of the law, legal ruling or supervisory authority’s decision. Parties shall comply with the provisions of article 48 GDPR.
    2. Processor shall ensure that its employees (including any contracted personnel) and any (authorized) third parties, which are necessarily involved in the Processing, are contractually bound by and comply with the aforementioned confidentiality obligations.
    3. Processor will notify Controller of any request from a data subject to access, receipt or any other form of provision or disclosure of the Personal Data as referred to in Clause 5.1.
  1. Liability and indemnification
    1. Processor’s liability towards Controller for any loss or damage suffered by Controller arising out of or in relation to this Processor Agreement, regardless of the legal basis of such claim, is subject to the exclusions and limitations of liability set out in the Agreement. Processor shall never be liable for any indirect, special, consequential or punitive damages, including reputational damages.
  1. Audit
    1. Upon request, however no more than once per calendar year, Processor will provide Controller with a report conducted by an external third party with regard to Processor’s compliance with the requirements as set out in this Processor Agreement (Audit Report).
    2. If the Controller reasonably believes that the Audit Report is insufficient to demonstrate compliance with this Processor Agreement, Controller has the right to have an audit performed by an independent third party to verify Processor’s compliance with the requirements as set out in this Processor Agreement. An audit may be performed no more than once per 12 month-period and with a reasonable notice period of not less than ten (10) business days.
    3. Controller shall ensure that the audits do not lead to any delay in the provision of the Services. In the event that the audit leads to a delay in the provision of the Services, Parties will enter into discussions to solve the matter as soon as possible.
    4. The costs of the audit will be borne by Controller.
  1. Backup
    1. Processor is obliged to make backups of the Personal Data at least monthly.
    2. At Controller’s request, Processor shall provide Controller with a copy of the backup.
    3. Processor shall delete the back-up at the earlier of (i) receipt of a written instruction (which includes e-mail) from Controller to do so; or (ii) termination of this Agreement
  1. International Transfers outside the EEA
    1. In respect of the Processing, Controller (as data exporter) and the Processor (as data importer) have agreed to enter into EU Standard Contractual Clauses (SCCs) in respect of any transfer of Personal Data from Controller to the Processor. The EU Standard Contractual Clauses are included in Annex 3 of this Processor Agreement and are incorporated here by reference.
  1. Upon termination of the Processor Agreement
    1. Upon termination of this Processor Agreement, Processor will return all Personal Data (including any copies thereof and adaptions to it) to Controller or a third party designated by Controller, or, at the choice of Controller, delete all the Personal Data (including any copies thereof and adaptions to it).
    2. Upon termination of this Processor Agreement, Processor is obliged to reasonably cooperate with the transfer of any data (including the Personal Data), information and documentation relating to the Processing to Controller or a subsequent processor, in a manner that ensures the continuity of the Services from the moment the transfer takes place. All costs involved with the efforts of Processor directly relating to the transfer will be borne by Controller.
  1. Conflict of terms
    1. In the event of any conflict between the Agreement and this Processor Agreement, the relevant provision of this Processor Agreement shall prevail to the extent of the conflict.
    2. Where applicable, in the event of any conflict between a provision of the Agreement or of this Processor Agreement, and a provision of the SCCs, the relevant provision of the SCCs shall prevail to the extent of the conflict.
  1. Miscellaneous
    1. If any provision of this Processor Agreement shall be held to be illegal, void, invalid or unenforceable under the laws of any jurisdiction, the legality, validity and enforceability of the remainder of this Processor Agreement in that jurisdiction shall not be affected and the legality, validity and enforceability of the whole of this Processor Agreement in any other jurisdiction shall not be affected.
    2. This Processor Agreement shall be binding on the parties hereto and their respective successors and permitted assigns. This Processor Agreement, and each Party’s respective rights and obligations hereunder, cannot be assigned by any Party without the prior written approval of the other Party. This provision makes such rights non-transferable within the meaning of article 3:83 (2) of the Dutch Civil Code.
    3. Any provision that by its nature is intended to survive the expiration or termination of this Processor Agreement, shall survive such termination. This includes in any event, but is not necessarily limited to, the following: Section 1, Section 4, Section 1, Section 10, Section 11, Section 12.1 and 12.3, and Section 13.
  1. Applicable law and disputes
    1. This Processor Agreement shall be governed by and construed in accordance with the laws applicable to the Agreement (save that the SCCSs in Annex 1 shall be governed by the nominated governing law in accordance with their terms), with exclusion of its conflict of laws rules.
    2. All disputes that may arise out of or in connection with this Processor Agreement, or with any agreement, document, or instrument entered into pursuant hereto or in furtherance hereof, shall be exclusively settled in accordance with the dispute resolution provisions set out in the Agreement, it being understood that the SCCs have a separate dispute resolution clause that prevails over this article 13.2.

 

Annex 1

 

Subject matter of processing

 

 

Meeting Automation

 

 

Duration of processing

 

 

For the duration of the Agreement

 

 

Nature of processing, e.g. means of processing

 

 

Cloud based, server-to-server API access, chrome extension and/or outlook add-in

 

 

Purpose of processing

 

 

Facilitate meeting creation, update, re-scheduling, deletion and reminders

 

 

Categories of data subjects

 

  1. Controller’s customer’s representatives and end-users
  2. Controller’s employees, contractors, collaborators
  3. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by Processor
 

Type of personal data (including special categories of personal data)

 

Meeting date and time, title, description, guest list including names and email addresses

 

 

 

 

 

Annex 2 – Approved processors

Google Cloud Engine

Amazon AWS

 

 

Annex 3 – Standard Contractual Clauses

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, Controller (as data exporter) and Processor (as data importer, whose signature appears below), each a party; together the parties have agreed on the following Contractual Clauses (the Clauses or Standard Contractual Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1: Definitions

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the data exporter’ means the controller who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2: Details of the transfer

 

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 below.

Clause 3: Third-party beneficiary clause

  1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
  2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
  3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
  4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4: Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 below;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5: Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(ii) any accidental or unauthorised access, and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11; and

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6: Liability

  1. The parties agree that any data subject who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
  2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

  1. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7: Mediation and jurisdiction

  1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

  1. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8: Cooperation with supervisory authorities

 

  1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
  2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
  3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9: Governing Law.

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10: Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11: Subprocessing

  1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
  2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
  3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
  4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12: Obligation after the termination of personal data processing services

  1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
  2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1 to the Standard Contractual Clauses

Data exporter: Controller is the data exporter. The data exporter is a user of the Services as defined in the Agreement.

Data importer: The data importer is Chili Piper, Inc. (the Processor), a provider of sales & marketing automation for business customers globally.

Data subjects: Data subjects include the data exporter’s customer’s representatives and end-users including employees, contractors, collaborators, and customers of the data exporter. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by data importer.

Categories of data: The personal data transferred includes meeting date and time, title, description, guest list, including names and email addresses in an electronic form all in the context of the Services.

Processing operations: The personal data transferred will be subject to the following basic processing activities:

  1. Duration and Object of Data Processing. The duration of data processing shall be for the term designated under the Agreement between data exporter and data importer. The objective of the data processing is the performance of the Services.
  2. Scope and Purpose of Data Processing. The scope and purpose of processing personal data is described in the Agreement. The data importer provides sales and marketing automation services used by business customers globally.

Appendix 2 to the Standard Contractual Clauses

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):

  1. Personnel. Data importer’s personnel will not process Data without authorization. Personnel are obligated to maintain the confidentiality of any Data and this obligation continues even after their engagement ends.
  2. Technical and Organization Measures. The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect Personal Data, as defined in the Processor Agreement, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction, based on the Google Security Model as described at https://cloud.google.com/security/