Common use of PERSONAL DATA AND CUSTOMER DATA Clause in Contracts

PERSONAL DATA AND CUSTOMER DATA. 7.1. Content Square agrees to: (i) comply with applicable Data Protection and privacy laws and regulations; and (ii) maintain a data privacy and information security program, that includes appropriate physical, technical, administrative, and organisational safeguards, designed to: (a) protect against any anticipated threats or hazards to the security or integrity of the Customer Data; (b) protect against unauthorised disclosure, alteration, access to, or use of the Customer Data; (c) ensure the proper disposal of Customer Data; and, (d) ensure that all employees, agents, and subcontractors, if any, comply with all of the foregoing. 7.2. Customer shall use of the CS Solution in accordance with all applicable laws, including any applicable privacy or Data Protection Laws. Customer acknowledges and agrees that it is Customer’s responsibility to ensure that Customer’s use of the CS Solution complies with all Data Protection Laws applicable to Customer, including, but not limiting (i)providing the appropriate notice to Visitors (e.g. privacy policy conspicuously posted on the Customer Site/s) that clearly and accurately discloses its privacy practices (including how data is collected and used); (ii) its placement and use of cookies relating to the CS Solution and its use of the CS Solution with respect to the collection of Visitor Data; and (iii) if required by law, obtaining appropriate consent from Visitors. Customer warrants it has a valid lawful basis to collect and enable the processing of Customer Data pursuant to the terms of the Agreement. Customer shall not commit any act or omit to act in a way which places or is likely to place Content Square in breach of any Data Protection Laws or any other applicable laws or regulations. 7.3. Customer agrees and acknowledges that the CS Solution is not intended for the collection of any Restricted Personal Data, unless Content Square has provided its explicit written consent to such collection. For such purpose, Customer shall implement the appropriate blocking Scripts on such areas of the Customer Site/s where Restricted Personal Data may be inserted by a Visitor (e.g., through keystrokes) or displayed (e.g., prefilled, data within the HTML). 7.4. If it becomes known to either party that Restricted Personal Data has been collected or is being displayed through the CS Solution, then, without limiting any of the rights or remedies available to a party under the Agreement or under applicable law, the parties agree to cooperate in good faith to delete any such Restricted Personal Data from the CS Solution. It is hereby clarified that if Restricted Personal Data is required to be removed pursuant to this Section and it is not commercially reasonable or technically feasible to delete only the Restricted Personal Data (as shall be determined by Content Square), other Customer Data collected may be deleted in the process. 7.5. Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability and copyright of all Customer Data. Customer acknowledges and agrees that while Customer Data is stored solely in the EU, Customer Data may be processed by Content Square, its Affiliates and subcontractors outside the EU. List of locations of such Affiliates and subcontractors can be found in the List of Subprocessors. Content Square will provide notice via this link of updates to the list of Affiliates and subcontractors. Customer may subscribe to receive notifications of updates to this list by providing a written request to Content Square via xxxxxxx@xxxxxxxxxxxxx.xxx. Customer may object in writing to the use of a new subcontractors within thirty (30) days following the update of the list by Content Square and such objection shall describe Customer's legitimate reason(s) for objection. If Customer does not object during such time period the new Affiliates or subcontractors shall be deemed accepted. If Customer objects to the use of a new subcontractors, Content Square shall have the right to cure the objection through one of the following options (to be selected Content Square’s sole discretion): (i) Content Square will cease to use the new subcontractors with regard to Customer Data; (ii) subcontractors will take the corrective steps requested by Customer in its objection (which steps will be deemed to resolve Customer’s objection) and proceed to use the subcontractor to process Customer Data; or (iii) Content Square may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of a Content Square Service that would involve use of the subcontractor to process Customer Data. 7.6. Customer Data collected in connection with Customer’s use of the CS Solution shall be retained by Content Square for use by Customer through the CS Solution for the data retention period specified in the Order Form. Following such applicable retention period, Customer Data shall no longer be available to the Customer and shall be deleted.

PERSONAL DATA AND CUSTOMER DATA. 7.19.1. Content Square agrees to: (i) comply with applicable Data Protection and privacy laws and regulations; and (ii) maintain a data privacy and information security program, that includes appropriate physical, technical, administrative, and organisational organizational safeguards, designed to: (a) protect against any anticipated threats or hazards to the security or integrity of the Customer Data; (b) protect against unauthorised unauthorized disclosure, alteration, access to, or use of the Customer Data; (c) ensure the proper disposal of Customer Data; and, (d) ensure that all employees, agents, and subcontractors, if any, comply with all of the foregoing. 7.29.2. Customer shall use of the CS Solution in accordance with all applicable laws, including any applicable privacy or Data Protection Laws. Customer acknowledges and agrees that it is Customer’s responsibility to ensure that Customer’s use of the CS Solution complies with all Data Protection Laws applicable to Customer, including, but not limiting (i)providing the appropriate notice to Visitors (e.g. privacy policy conspicuously posted on the Customer Site/s) that clearly and accurately discloses its privacy practices (including how data is collected and used); (ii) its placement and use of cookies relating to the CS Solution and its use of the CS Solution with respect to the collection of Visitor Data; and (iii) if required by law, obtaining appropriate consent from Visitors. Customer warrants it has a valid lawful basis to collect and enable the processing of Customer Data pursuant to the terms of the Agreement. Customer shall not commit any act or omit to act in a way which places or is likely to place Content Square in breach of any Data Protection Laws or any other applicable laws or regulations. 7.39.3. Customer agrees and acknowledges that the CS Solution is not intended for the collection of any Restricted Personal Data, unless Content Square has provided its explicit written consent to such collection. For such purpose, Customer shall implement the appropriate blocking Scripts on such areas of the Customer Site/s where Restricted Personal Data may be inserted by a Visitor (e.g., through keystrokes) or displayed (e.g., prefilled, data within the HTML). 7.49.4. If it becomes known to either party that Restricted Personal Data has been collected or is being displayed through the CS Solution, then, without limiting any of the rights or remedies available to a party under the Agreement or under applicable law, the parties agree to cooperate in good faith to delete any such Restricted Personal Data from the CS Solution. It is hereby clarified that if Restricted Personal Data is required to be removed pursuant to this Section and it is not commercially reasonable or technically feasible to delete only the Restricted Personal Data (as shall be determined by Content Square), other Customer Data collected may be deleted in the process. 7.59.5. Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability and copyright of all Customer Data. Customer acknowledges and agrees that while Customer Data is stored solely in the EUUnited States, Customer Data may be processed by Content Square, its Affiliates and subcontractors outside the EUUS. List of locations of such Affiliates and subcontractors can be found in the List of Subprocessors. Content Square will provide notice via this link of updates to the list of Affiliates and subcontractors. Customer may subscribe to receive notifications of updates to this list by providing a written request to Content Square via xxxxxxx@xxxxxxxxxxxxx.xxxSquare. Customer may object in writing to the use of a new subcontractors within thirty (30) days following the update of the list by Content Square and such objection shall describe Customer's legitimate reason(s) for objection. If Customer does not object during such time period the new Affiliates or subcontractors shall be deemed accepted. If Customer objects to the use of a new subcontractors, Content Square shall have the right to cure the objection through one of the following options (to be selected Content Square’s sole discretion): (i) Content Square will cease to use the new subcontractors with regard to Customer Data; (ii) subcontractors will take the corrective steps requested by Customer in its objection (which steps will be deemed to resolve Customer’s objection) and proceed to use the subcontractor to process Customer Data; or (iii) Content Square may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of a Content Square Service that would involve use of the subcontractor to process Customer Data. 7.69.6. Customer Data collected in connection with Customer’s use of the CS Solution shall be retained by Content Square for use by Customer through the CS Solution for the data retention period specified in the Order FormForm or Documentation (to the extent it is a Free Solution). Following such applicable retention period, Customer Data shall no longer be available to the Customer and shall be deleted.

PERSONAL DATA AND CUSTOMER DATA. 7.1. Content Square agrees to: (i) comply with applicable Data Protection and privacy laws and regulations; and (ii) maintain a data privacy and information security program, that includes appropriate physical, technical, administrative, and organisational safeguards, designed to: (a) protect against any anticipated threats or hazards to the security or integrity of the Customer Data; (b) protect against unauthorised disclosure, alteration, access to, or use of the Customer Data; (c) ensure the proper disposal of Customer Data; and, (d) ensure that all employees, agents, and subcontractors, if any, comply with all of the foregoing. 7.2. Customer shall use of the CS Solution in accordance with all applicable laws, including any applicable privacy or Data Protection Laws. Customer acknowledges and agrees that it is Customer’s responsibility to ensure that Customer’s use of the CS Solution complies with all Data Protection Laws applicable to Customer, Customer (including, but not limiting (i)providing in particular, in respect of the appropriate notice to Visitors (e.g. privacy policy conspicuously posted on the Customer Site/s) that clearly and accurately discloses its privacy practices (including how data is collected and used); (ii) its placement placing and use of cookies relating to upon which the CS Solution rely and its use the capturing of any consent to cookies required to be obtained from the CS Solution with respect to the collection of Visitor Data; relevant end user) and (iiithat Customer’s privacy policy(ies) if required by law, obtaining appropriate consent from Visitors. Customer warrants it has a valid lawful basis to collect and enable the processing of Customer Data pursuant to the terms of the permit all activities contemplated under this Agreement. Customer shall not commit any act or omit to act in a way which places or is likely to place Content Square in breach of any Data Protection Laws or any other applicable laws or regulations. 7.37.2. Customer agrees and acknowledges that Standard functionalities of the CS Solution is not intended for allows Customer to exclude personal data from the collection of any Restricted Personal Data, unless Content Square has provided its explicit written consent to such data collection. For such purpose, Customer shall implement the appropriate blocking Scripts on such areas It is Customer’s sole responsibility to identify all zones of the Customer Site/s where Restricted Personal Data that contain or display (or may be inserted by a Visitor (e.g.contain or display) personal data, through keystrokes) to ensure that no personal data is transmitted, provided or displayed (e.g.otherwise made available in any way to Content Square, prefilledduring the term of this Agreement. 7.3. Content Square has implemented reasonable information security practices regarding the protection of Customer Data, data within including administrative, technical and physical security measures. Content Square reserves the HTML)right to, and may update or modify such measures from time to time provided that such updates or modifications do not result in any material degradation to the security of Customer Data. 7.4. If it becomes known to either party Customer acknowledges and agrees that Restricted Personal Customer Data has been collected or is being displayed through the CS Solution, then, without limiting any may be transferred outside of the rights country or remedies available to a party under the Agreement or under applicable lawother jurisdiction in which Customer is located. In addition, the parties agree to cooperate in good faith to delete any such Restricted Personal Data from the CS Solution. It is hereby clarified that if Restricted Personal Data is required to be removed pursuant to this Section and it is not commercially reasonable or technically feasible to delete only the Restricted Personal Data (as shall be determined by Content Square), other Customer Data collected may be deleted in the process. 7.5. Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability and copyright of all Customer Data. 7.5. Customer acknowledges When and agrees that while Customer Data is stored solely as applicable, if Content Square engages in the EUprocessing of any Personal Data within the meaning of, Customer and as governed by, the General Data may be processed by Content SquareProtection Regulation, its Affiliates and subcontractors outside the EU. List of locations of such Affiliates and subcontractors can be found on Customer’s behalf, in the List of Subprocessors. Content Square will provide notice via this link of updates to the list of Affiliates and subcontractors. Customer may subscribe to receive notifications of updates to this list by providing a written request to Content Square via xxxxxxx@xxxxxxxxxxxxx.xxx. Customer may object in writing to the use of a new subcontractors within thirty (30) days following the update of the list by Content Square and such objection shall describe Customer's legitimate reason(s) for objection. If Customer does not object during such time period the new Affiliates or subcontractors shall be deemed accepted. If Customer objects to the use of a new subcontractors, Content Square shall have the right to cure the objection through one of the following options (to be selected Content Square’s sole discretion): (i) Content Square will cease to use the new subcontractors with regard to Customer Data; (ii) subcontractors will take the corrective steps requested by Customer in its objection (which steps will be deemed to resolve Customer’s objection) and proceed to use the subcontractor to process Customer Data; or (iii) Content Square may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of a Content Square Service that would involve use of the subcontractor to process Customer Data. 7.6. Customer Data collected in connection with Customer’s use provision of the CS Solution shall Solution, the parties agree to execute a data processing addendum terms (DPA) and to comply with such terms, which will be retained hereby incorporated by Content Square for use by Customer through the CS Solution for the data retention period specified in the Order Form. Following such applicable retention period, Customer Data shall no longer be available to the Customer and shall be deletedreference.

PERSONAL DATA AND CUSTOMER DATA. ‌ 7.1. Content Square agrees to: (i) comply with applicable Data Protection and privacy laws and regulations; and (ii) maintain a data privacy and information security program, that includes appropriate physical, technical, administrative, and organisational organizational safeguards, designed to: (a) protect against any anticipated threats or hazards to the security or integrity of the Customer Data; (b) protect against unauthorised unauthorized disclosure, alteration, access to, or use of the Customer Data; (c) ensure the proper disposal of Customer Data; and, (d) ensure that all employees, agents, and subcontractors, if any, comply with all of the foregoing. 7.2. Customer shall use of the CS Solution in accordance with all applicable laws, including any applicable privacy or Data Protection Laws. Customer acknowledges and agrees that it is Customer’s responsibility to ensure that Customer’s use of the CS Solution complies with all Data Protection Laws applicable to Customer, including, but not limiting (i)providing the appropriate notice to Visitors (e.g. privacy policy conspicuously posted on the Customer Site/s) that clearly and accurately discloses its privacy practices (including how data is collected and used); (ii) its placement and use of cookies relating to the CS Solution and its use of the CS Solution with respect to the collection of Visitor Data; and (iii) if required by law, obtaining appropriate consent from Visitors. Customer warrants it has a valid lawful basis to collect and enable the processing of Customer Data pursuant to the terms of the Agreement. Customer shall not commit any act or omit to act in a way which places or is likely to place Content Square in breach of any Data Protection Laws or any other applicable laws or regulations. 7.3. Customer agrees and acknowledges that the CS Solution is not intended for the collection of any Restricted Personal Data, unless Content Square has provided its explicit written consent to such collection. For such purpose, Customer shall implement the appropriate blocking Scripts on such areas of the Customer Site/s where Restricted Personal Data may be inserted by a Visitor (e.g., through keystrokes) or displayed (e.g., prefilled, data within the HTML). 7.4. If it becomes known to either party that Restricted Personal Data has been collected or is being displayed through the CS Solution, then, without limiting any of the rights or remedies available to a party under the Agreement or under applicable law, the parties agree to cooperate in good faith to delete any such Restricted Personal Data from the CS Solution. It is hereby clarified that if Restricted Personal Data is required to be removed pursuant to this Section and it is not commercially reasonable or technically feasible to delete only the Restricted Personal Data (as shall be determined by Content Square), other Customer Data collected may be deleted in the process. 7.5. Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability and copyright of all Customer Data. Customer acknowledges and agrees that while Customer Data is stored solely in the EUUnited States, Customer Data may be processed by Content Square, its Affiliates and subcontractors outside the EUUS. List of locations of such Affiliates and subcontractors can be found in the List of Subprocessors. Content Square will provide notice via this link of updates to the list of Affiliates and subcontractors. Customer may subscribe to receive notifications of updates to this list by providing a written request to Content Square via xxxxxxx@xxxxxxxxxxxxx.xxxSquare. Customer may object in writing to the use of a new subcontractors within thirty (30) days following the update of the list by Content Square and such objection shall describe Customer's legitimate reason(s) for objection. If Customer does not object during such time period the new Affiliates or subcontractors shall be deemed accepted. If Customer objects to the use of a new subcontractors, Content Square shall have the right to cure the objection through one of the following options (to be selected Content Square’s sole discretion): (i) Content Square will cease to use the new subcontractors with regard to Customer Data; (ii) subcontractors will take the corrective steps requested by Customer in its objection (which steps will be deemed to resolve Customer’s objection) and proceed to use the subcontractor to process Customer Data; or (iii) Content Square may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of a Content Square Service that would involve use of the subcontractor to process Customer Data. 7.6. Customer Data collected in connection with Customer’s use of the CS Solution shall be retained by Content Square for use by Customer through the CS Solution for the data retention period specified in the Order Form. Following such applicable retention period, Customer Data shall no longer be available to the Customer and shall be deleted.