Common use of Processing of Customer Personal Data Clause in Contracts

Processing of Customer Personal Data. 2.1. This DPA shall only apply with respect to Personal Data obtained by Coralogix as a result of Customer’s use of Coralogix’s Services, as described in Annex 1 (Details of Processing of Customer Personal Data) attached hereto. In connection with each Party’s rights and obligations under this Agreement, as between the Parties, Coralogix shall Process Customer Personal Data solely as a data Processor acting on behalf of Customer, and Customer shall be deemed the Controller of such Personal Data. 2.2. Coralogix shall not Process Customer Personal Data other than according to the Customer’s documented reasonable and customary instructions as specified in the Principal Agreement or this DPA, which were specifically and explicitly agreed to by Coralogix, unless such Processing is required by Applicable Laws. The Coralogix shall inform the Customer of such legal requirement before processing unless the law prohibits such action on public interest grounds, provided, however, that such duty to inform Customer shall not constitute a general obligation on Coralogix to interpret or monitor the laws applicable to Customer and any information provided by Coralogix in connection thereto shall not be deemed legal advice. 2.3. Customer instructs Coralogix (and authorizes Coralogix to instruct each Sub Processor) to (i) Process Customer Personal Data to the extent required for the provision of Coralogix’s Services under the Agreement; and, in particular (ii) transfer Customer Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with Sections 2.1-2.2 above, Section 12 below, and the Principal Agreement, and in accordance with Applicable Laws. 2.4. Furthermore, Customer warrants and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Customer Affiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Coralogix is lawfully processing the Customer Personal Data. In addition, Customer warrants and represents that it has obtained all permissions, consents, authorizations and approvals, including by making all notices, required for it to allow Coralogix to access and process Customer Personal Data as permitted hereunder. 2.5. Customer sets forth the details of the Processing of Customer Personal Data, as required by Article 28(3) of the GDPR in Annex 1 (Details of Processing of Customer Personal Data), attached hereto. 2.6. Without derogating from any other provision of the Agreement, and in the event that the Customer Personal Data includes, any Personal Data which is not expressly identified under Annex 1 (Details of Processing of Customer Personal Data) (collectively, “Excess Personal Data”), Customer and not Coralogix, shall be fully responsible for any use, processing, editing, hosting, transferring, storing, reproducing, modifying of such Excess Personal Data, and Customer hereby represents and warrants that Customer has provided sufficient notices and obtained necessary or advisable consents required from any third-party and otherwise has the lawful basis upon which to share the Excess Information, including any Personal Data, included therein with Coralogix and its Affiliates, and to make any and all uses as otherwise contemplated under the Agreement.

Processing of Customer Personal Data. 2.1. This DPA shall only apply 2.1 5thPort shall: 2.1.1 comply with respect to Personal all applicable Data obtained by Coralogix as a result of Customer’s use of Coralogix’s Services, as described Protection Laws in Annex 1 (Details of the Processing of Customer Personal Data) attached hereto. In connection with each Party’s rights and obligations under this Agreement, as between the Parties, Coralogix shall Process Customer Personal Data solely as a data Processor acting on behalf of Customer, and Customer shall be deemed the Controller of such Personal Data.; and 2.2. Coralogix shall 2.1.2 not Process Customer Personal Data other than according to the Customer’s documented reasonable and customary instructions as what has been specified in the Principal Agreement or this DPA, which were specifically and explicitly agreed to by Coralogix, an applicable OD unless such Processing is required by Applicable Laws. The Coralogix Laws to which 5thPort is subject, in which case 5thPort shall to the extent permitted by Applicable Laws inform the Customer of such that legal requirement before processing unless the law prohibits such action on public interest grounds, provided, however, relevant Processing of that such duty to inform Customer shall not constitute a general obligation on Coralogix to interpret or monitor the laws applicable to Customer and any information provided by Coralogix in connection thereto shall not be deemed legal advicePersonal Data. 2.3. 2.2 Customer instructs Coralogix (and authorizes Coralogix 5thPort to instruct each Sub Processor) to (i) Process Customer Personal Data to the extent required for the provision of Coralogix’s Services under the Agreement; and, in particular (ii) and transfer Customer Personal Data to any country or territory, all territory as reasonably necessary for the provision of the Services and consistent with Sections 2.1-2.2 abovethe SA. Notwithstanding the preceding sentence, Section 12 below5thPort shall not transfer Customer Personal Data unless it takes all such measures as are reasonably required by Customer to ensure such transfer is in compliance with any applicable Data Protection Laws. Such measures may include executing the SCCs with Customer as “data exporter” and 5thPort as “data importer” (as defined in the SCCs). Where and to the extent there is any conflict between this Addendum, the SA, and the Principal AgreementSCCs, the SCCs will prevail in all cases. 2.3 Customer shall be responsible for compliance with the requirements of any Data Protection Laws imposed on data controllers, including but not limited to Article 6(1)(a) of the GDPR, to obtain consent from Data Subjects to the processing of their Personal Data for the purposes specified in the SA, any applicable OD, and in accordance with Applicable Laws. 2.4this Addendum. FurthermoreCustomer agrees to defend, Customer warrants indemnify and represents that it is hold harmless 5thPort and will remain duly its respective officers, directors, shareholders, managers, members, employees and effectively authorized to give the instruction set out in Section 2.1 agents (each, a “5thPort Indemnified Party”) against any claim, loss, damage, liability, penalty, fine or expense (including, without limitation, reasonable attorney’s fees and any additional instructions as provided pursuant to the Agreement and/or litigation costs and expenses) (a “Claim”) incurred by a 5thPort Indemnified Party by reason of or in connection with the performance thereof, on behalf Customer’s failure to obtain consent from any Data Subject for such processing. 2.4 5thPorts privacy policy sets out certain information regarding 5thPort’s Processing of itself and each relevant Customer Affiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Coralogix is lawfully processing the Customer Personal Data. In addition, Customer warrants and represents that it has obtained all permissions, consents, authorizations and approvals, including by making all notices, required for it to allow Coralogix to access and process Customer Personal Data as permitted hereunder. 2.5. Customer sets forth the details of the Processing of Customer Personal Data, as required by Article 28(3) of the GDPR GDPR. Nothing in Annex 1 (Details of Processing of Customer Personal Data), attached hereto5thPorts privacy policy confers any right or imposes any obligation on any party to this Addendum. 2.6. Without derogating from any other provision of the Agreement, and in the event that the Customer Personal Data includes, any Personal Data which is not expressly identified under Annex 1 (Details of Processing of Customer Personal Data) (collectively, “Excess Personal Data”), Customer and not Coralogix, shall be fully responsible for any use, processing, editing, hosting, transferring, storing, reproducing, modifying of such Excess Personal Data, and Customer hereby represents and warrants that Customer has provided sufficient notices and obtained necessary or advisable consents required from any third-party and otherwise has the lawful basis upon which to share the Excess Information, including any Personal Data, included therein with Coralogix and its Affiliates, and to make any and all uses as otherwise contemplated under the Agreement.

Processing of Customer Personal Data. 2.1. This DPA shall only apply with respect to Personal Data obtained by Coralogix as a result of Customer’s use of Coralogix’s Services, as described in Annex 1 (Details of Processing of Customer Personal Data) attached hereto. In connection with each Party’s rights and obligations under this Agreement, as between the Parties, Coralogix shall 2.1 CrowdStrike shall: 2.1.1 Process Customer Personal Data solely only on Customer’s documented instructions, as a data Processor acting on behalf of Customerset out in the Agreement and this DPA, including Customer providing instructions via APIs made available by CrowdStrike with the Offerings, and as required by Applicable Laws (the “Documented Instructions”). Any additional or alternate instructions, having an impact to the Offerings must be agreed upon by the Parties separately in writing; and 2.1.2 Unless prohibited by Applicable Law, inform the Customer shall be deemed the Controller of such Personal Data.if CrowdStrike determines that: 2.2. Coralogix shall not Process Customer Personal Data other than according (i) Customer’s instructions conflict with Applicable Laws; or (ii) Applicable Laws require any Processing contrary to the Customer’s documented reasonable and customary instructions as specified in the Principal Agreement or this DPA, which were specifically and explicitly agreed to by Coralogix, unless such Processing is required by Applicable Laws. The Coralogix shall inform the Customer of such legal requirement before processing unless the law prohibits such action on public interest grounds, provided, however, that such duty to inform Customer shall not constitute a general obligation on Coralogix to interpret or monitor the laws applicable to Customer and any information provided by Coralogix in connection thereto shall not be deemed legal adviceinstructions. 2.3. 2.2 Customer instructs Coralogix (and authorizes Coralogix to instruct each Sub Processor) to (i) Process Customer Personal Data to the extent required shall: 2.2.1 Be responsible for the provision of Coralogix’s Services under the Agreement; and, in particular (ii) transfer Customer Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with Sections 2.1-2.2 above, Section 12 below, and the Principal Agreement, and in accordance complying with Applicable Laws. 2.4. Furthermore, Customer warrants Laws when making decisions and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 and any additional issuing instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Customer Affiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Coralogix is lawfully processing the Customer Personal Data. In addition, Customer warrants and represents that it has obtained all permissions, consents, authorizations and approvals, including by making all notices, required for it to allow Coralogix to access and process Customer Personal Data as permitted hereunder. 2.5. Customer sets forth the details of the Processing of Customer Personal Data, as required by Article 28(3) of the GDPR in Annex 1 (Details of Processing of Customer Personal Data)including securing all permissions, attached hereto.consents or authorizations that may be required; and 2.6. Without derogating from any other provision of the Agreement2.2.2 Defend and indemnify CrowdStrike, and in the event that the Customer Personal Data includes, any Personal Data which is not expressly identified under Annex 1 (Details of Processing of Customer Personal Data) (collectively, “Excess Personal Data”), Customer and not Coralogix, shall be fully responsible for any use, processing, editing, hosting, transferring, storing, reproducing, modifying of such Excess Personal Data, and Customer hereby represents and warrants that Customer has provided sufficient notices and obtained necessary or advisable consents required from any third-party and otherwise has the lawful basis upon which to share the Excess Information, including any Personal Data, included therein with Coralogix and its CrowdStrike Affiliates, and CrowdStrike Subprocessors for any claim brought against any one or more of them arising from an allegation of Customer’s breach of this Section, whether by a Data Subject or a government authority. In the event of such a claim, the Parties shall follow the process set forth in the Agreement for Customer to defend and indemnify CrowdStrike and if none, then CrowdStrike will: (a) notify Customer of such claim, (b) permit Customer to control the defense or settlement of such claim; provided, however, Customer shall not settle any claim in a manner that requires CrowdStrike to admit liability or make any changes with respect to the Offerings without CrowdStrike’s prior written consent, and all uses as otherwise contemplated (c) provide Customer with reasonable assistance in connection with the defense or settlement of such claim, at Customer’s cost and expense. In addition, CrowdStrike may participate in the defense of any claim, and if Customer is already defending such claim, CrowdStrike’s participation will be at CrowdStrike’s expense. This provision does not diminish Customer or Data Subject’s rights under the AgreementApplicable Laws related to CrowdStrike’s adherence to its obligations under Applicable Laws.

Processing of Customer Personal Data. 2.1. This DPA 3.1 Vendor shall, and shall only apply ensure that each relevant Vendor Affiliate does,: (a) comply with respect to Personal all applicable Data obtained by Coralogix as a result of Customer’s use of Coralogix’s Services, as described Protection Laws in Annex 1 (Details of the Processing of Customer Personal Data; and (b) attached hereto. In connection with each Party’s rights and obligations under this Agreement, as between the Parties, Coralogix shall Process Customer Personal Data solely as a data Processor acting on behalf of Customer, and Customer shall be deemed the Controller of such Personal Data. 2.2. Coralogix shall not Process Customer Personal Data other than according to on the Customerrelevant Customer Group Member’s reasonable documented reasonable and customary instructions as specified (including those set forth in the Principal Agreement or this DPA, which were specifically and explicitly agreed to by Coralogix), unless such Processing is required by Applicable applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor shall, or shall require the relevant Vendor Affiliate to, to the extent permitted by applicable Laws. The Coralogix shall , inform the relevant Customer Group Member of such that legal requirement before processing unless the law prohibits such action on public interest grounds, provided, however, relevant Processing of that such duty to inform Customer shall not constitute a general obligation on Coralogix to interpret or monitor the laws applicable to Customer and any information provided by Coralogix in connection thereto shall not be deemed legal advicePersonal Data. 2.3. 3.2 Each Customer Group Member: (a) instructs Coralogix Vendor and each Vendor Affiliate (and authorizes Coralogix Vendor and each Vendor Affiliate to instruct each Sub ProcessorSubprocessor) to to: (i) Process Customer Personal Data to the extent required for the provision of Coralogix’s Services under the AgreementData; and, in particular (ii) in particular, transfer Customer Personal Data to any country or territoryterritory (except for any Restricted Transfer, all which may require the execution of Standard Contractual Clauses or other actions required by applicable Data Protection Laws), in each case, as reasonably necessary for the provision of the Service, Content, Vendor Technology, Support, Maintenance, or Professional Services and consistent with Sections 2.1-2.2 above, Section 12 below, and the Principal Agreement, and in accordance with Applicable Laws.; and 2.4. Furthermore, Customer (b) warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instruction set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, 3.2(a) of this DPA on behalf of itself and each relevant Customer Affiliate, at all relevant times and at least for as long as . 3.3 If Customer’s use of the Agreement is in effect and for any additional period during which Coralogix is lawfully processing the Customer Personal Data. In additionService requires a Restricted Transfer, Customer warrants (and represents Vendor at Customer’s instruction) will take all appropriate steps to ensure that it has obtained all permissionsthe relevant regulatory requirements are met, consentswhich could involve among others: (a) the use of Standard Contractual Clauses executed between the relevant Customer Group Member that is the data exporter and the Vendor as data importer, authorizations (b) filing with the appropriate regulatory agency, if required by the Data Protection Laws applicable with regard to the transfer, and approvals, including by making all notices, required for it (c) taking such other steps as may be appropriate to allow Coralogix ensure compliance with the Data Protection Laws. 3.4 Annex 1 to access and process this DPA sets out certain information regarding the Contracted Processors’ Processing of the Customer Personal Data as permitted hereunder. 2.5. Customer sets forth the details of the Processing of Customer Personal Data, as required by Article article 28(3) of the GDPR (and any equivalent requirements of other Data Protection Laws). Customer may request amendments to Annex 1 by written notice to Vendor from time to time as Customer reasonably considers necessary to meet the requirements of applicable Data Protection Laws, and Vendor will not unreasonably withhold, delay, or condition its agreement to such amendments. Nothing in Annex 1 (Details of Processing of Customer Personal Data), attached heretoincluding as amended pursuant to this Section 3.3) confers any right or imposes any obligation on any party to this DPA. 2.6. Without derogating from any other provision of the Agreement, and in the event that the Customer Personal Data includes, any Personal Data which is not expressly identified under Annex 1 (Details of Processing of Customer Personal Data) (collectively, “Excess Personal Data”), Customer and not Coralogix, shall be fully responsible for any use, processing, editing, hosting, transferring, storing, reproducing, modifying of such Excess Personal Data, and Customer hereby represents and warrants that Customer has provided sufficient notices and obtained necessary or advisable consents required from any third-party and otherwise has the lawful basis upon which to share the Excess Information, including any Personal Data, included therein with Coralogix and its Affiliates, and to make any and all uses as otherwise contemplated under the Agreement.