Common use of Processing of Data Clause in Contracts

Processing of Data. 2.1. The parties acknowledge and agree that with regard to the processing of Personal Data, Customer acts as the Controller and UsabilityHub acts as the Processor. Customer, in its use of the Services, shall provide UsabilityHub instructions for the processing of Personal Data, in compliance with Data Protection Laws. Customer shall ensure that the processing of Personal Data in accordance with Customer’s instructions will not cause UsabilityHub to be in breach of the Data Protection Laws. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to UsabilityHub by or on behalf of Customer, (ii) the means by which Customer acquired any such Personal Data, and (iii) the instructions it provides to UsabilityHub regarding the processing of such Personal Data. Customer shall not provide or make available to UsabilityHub any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify UsabilityHub from all claims and losses in connection therewith. 2.2. UsabilityHub shall not process Personal Data (i) for purposes other than those set forth in the Agreement and/or Exhibit A, (ii) in a manner inconsistent with the terms and conditions set forth in this DPA or any other documented instructions provided by Customer, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority to which UsabilityHub is subject; in such a case, UsabilityHub shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, or (iii) in violation of Data Protection Laws. Customer hereby instructs UsabilityHub to process Personal Data in accordance with the foregoing and as part of any processing initiated by Customer in its use of the Services. 2.3. The subject matter, nature, purpose, and duration of this processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.4. Following completion of the Services, at Customer’s choice, UsabilityHub shall return or delete Customer’s Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, UsabilityHub shall take measures to block such Personal Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Customer and UsabilityHub have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the UK SCCs and Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) shall be provided by UsabilityHub to Customer only upon Customer’s request.

Processing of Data. 2.1. The parties acknowledge and agree that with regard to the processing of Personal Data, a. Customer acts as the Controller and UsabilityHub acts as the Processor. Customershall, in its use of the Services, shall at all times Process Personal Data, and provide UsabilityHub instructions Instructions for the processing Processing of Personal Data, in compliance with the Data Protection Privacy Laws. Customer shall ensure that its Instructions comply with all laws, rules and regulations applicable in relation to the processing Personal Data, and that the Processing of Personal Data in accordance with Customer’s instructions Instructions will not cause UsabilityHub Pendo to be in breach of the Data Protection Laws. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to UsabilityHub Pendo by or on behalf of Customer, (ii) the means by which Customer acquired any such the Personal Data, and (iii) the instructions Instructions it provides to UsabilityHub regarding the processing of such Personal DataPendo. Customer shall not provide or make available to UsabilityHub Pendo any Personal Data in violation of the Agreement or which is otherwise inappropriate for the nature of the Services, Services and shall indemnify UsabilityHub Pendo from all claims and losses in connection therewithwith Customer’s breach of applicable Data Privacy Laws. 2.2. UsabilityHub x. Xxxxx shall not process Process Personal Data (i) for the purposes other than those set forth in the Agreement and/or Exhibit AAgreement, (ii) in a manner inconsistent accordance with the terms and conditions set forth in this DPA or and any other documented instructions Instructions provided by Customer, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority to which UsabilityHub is subject; in such a case, UsabilityHub shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, or and (iii) in violation compliance with the Data Privacy Laws. For the avoidance of doubt, if Xxxxx’x processing activities involving Personal Data Protection Lawsare not within the scope of a given Data Privacy Law, such law is not applicable for purposes of this DPA. Customer hereby instructs UsabilityHub Pendo to process Process Personal Data in accordance with the foregoing and as part of any processing initiated by Customer in its Customer’s use of the Services. 2.3c. The parties acknowledge and agree that Pendo is a processor of Personal Data under the GDPR, and a service provider for the purposes of the CCPA receiving Personal Data from Customer pursuant to the Agreement for a business purpose. Pendo shall not sell any such Personal Data nor retain, use or disclose any Personal Data provided by Customer pursuant to the Agreement except as necessary for performing the Services or otherwise as set forth in the Agreement or as permitted by the CCPA. The terms “service provider,” and “sell” are as defined in Section 1798.140 of the CCPA. Pendo certifies that it understands the restrictions of this section. d. The subject matter, nature, purpose, purpose and duration of this processingProcessing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.4. e. Following completion of the Services, at Customer’s choiceoption, UsabilityHub Pendo shall return or delete Customer’s the Personal Data, unless further storage of such Personal Data is except as required or authorized to be retained by applicable law. If return The provisions of this DPA survive the termination or destruction is impracticable or prohibited by law, rule or regulation, UsabilityHub shall take measures to block such Personal Data from any further processing (except to expiration of the extent necessary Agreement for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect so long as Pendo Processes the Personal Data remaining in its possession, custody, or control. If Customer and UsabilityHub have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the UK SCCs and Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) shall be provided by UsabilityHub to Customer only upon Customer’s request.

Processing of Data. 2.12.1 The rights and obligations of Customer with respect to this Processing are described herein. The parties acknowledge and agree that with regard to the processing of Personal Data, Customer acts as the Controller and UsabilityHub acts as the Processor. Customershall, in its use of the Services, shall at all times Process Personal Data, and provide UsabilityHub instructions for the processing Processing of Personal Data, in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the California Consumer Privacy Act (the “CCPA”), and any other applicable legislation relating to data protection and privacy (together with the GDPR and CCPA, “Data Protection Laws”). Customer shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the processing Personal Data, and that the Processing of Personal Data in accordance with Customer’s instructions will not cause UsabilityHub Recurly to be in breach of the Data Protection Laws. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to UsabilityHub Recurly by or on behalf of Customer, (ii) the means by which Customer acquired any such Personal Data, and (iii) the instructions it provides to UsabilityHub Recurly regarding the processing Processing of such Personal Data. Customer shall not provide or make available to UsabilityHub Recurly any Personal Data in violation of Data Protection Laws or the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify UsabilityHub Recurly from all claims and losses in connection therewith. This Addendum does not apply to Personal Data for which Recurly is a Controller. 2.2. UsabilityHub 2.2 Recurly, in its capacity as the Processor, shall not process (a) retain, use, sell, or otherwise disclose Personal Data outside of its relationship with Customer other than as expressly stated in the Agreement or in this Addendum or as necessary to provide the Services or (b) Process Personal Data (i) for purposes other than those set forth in the Agreement and/or Exhibit A, and (ii) in a manner inconsistent with the terms and conditions set forth in this DPA Addendum or any other documented instructions provided by Customer, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority Data Protection Laws to which UsabilityHub Recurly is subject; in such a case, UsabilityHub Recurly shall inform the Customer of that legal requirement before processingProcessing, unless that law prohibits such information on important grounds of public interest, or (iii) . Recurly certifies that it understands and will comply with the restrictions and obligations contained in violation of Data Protection Lawsthis Addendum. Customer hereby instructs UsabilityHub Recurly to process Process Personal Data in accordance with the foregoing and as part of any processing Processing initiated by Customer in its use of the Services. 2.3. 2.3 The subject matter, nature, purpose, and duration of this processingProcessing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPAAddendum. 2.4. 2.4 Following completion of the Services, at Customer’s choice, UsabilityHub Recurly shall return or delete Customer’s the Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, UsabilityHub Recurly shall take measures to block such Personal Data from any further processing Processing (except to the extent necessary for its continued hosting or processing Processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Customer and UsabilityHub Recurly have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the UK SCCs and Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) Standard Contractual Clauses shall be provided by UsabilityHub Recurly to Customer only upon Customer’s request.

Processing of Data. 2.12.1 Your rights and obligations with respect to this Processing are described herein. The parties acknowledge and agree that with regard to You shall, in your use of the processing of SignalWire Services, at all times Process Personal Data, Customer acts as the Controller and UsabilityHub acts as the Processor. Customer, in its use of the Services, shall provide UsabilityHub instructions for the processing Processing of Personal Data, in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR” and together, “Data Protection Laws”)). Customer You shall ensure that your instructions comply with all laws, rules and regulations applicable in relation to the processing Personal Data, and that the Processing of Personal Data in accordance with Customer’s your instructions will not cause UsabilityHub us to be in breach of the Data Protection Laws. Customer is You are solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to UsabilityHub us by or on behalf of Customeryou, (ii) the means by which Customer you acquired any such Personal Data, and (iii) the instructions it provides to UsabilityHub us regarding the processing Processing of such Personal Data. Customer you shall not provide or make available to UsabilityHub us any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the SignalWire Services, and shall indemnify UsabilityHub us from all claims and losses in connection therewith. This Addendum does not apply to Personal Data for which SignalWire is a controller. 2.2. UsabilityHub 2.2 We shall not process Process Personal Data (i) for purposes other than those set forth in the Agreement and/or Exhibit A, (ii) in a manner inconsistent with the terms and conditions set forth in this DPA Addendum or any other documented instructions provided by Customeryou, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority to which UsabilityHub SignalWire is subject; in such a case, UsabilityHub we shall inform the Customer you of that legal requirement before processingProcessing, unless that law prohibits such information on important grounds of public interest, or interest and (iii) in violation of Data Protection Lawsthe GDPR. Customer You hereby instructs UsabilityHub instruct us to process Process Personal Data in accordance with the foregoing and as part of any processing Processing initiated by Customer you in its your use of the SignalWire Services. 2.3. The subject matter, nature, purpose, and duration of this processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.4. 2.3 Following completion of the SignalWire Services, at Customer’s your choice, UsabilityHub we shall return or delete Customer’s the Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, UsabilityHub We shall take measures to block such Personal Data from any further processing Processing (except to the extent necessary for its continued hosting or processing Processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Customer you and UsabilityHub SignalWire have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the UK SCCs and Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) Standard Contractual Clauses shall be provided by UsabilityHub us to Customer you only upon Customer’s your request.

Processing of Data. 2.1. The parties acknowledge and agree that with regard to the processing of Personal Data, Customer acts may act either as a controller or processor and, except as expressly set forth in this DPA or the Controller and UsabilityHub acts as the ProcessorAgreement, Lyssna is a processor. CustomerCustomer shall, in its use of the Services, shall at all times process Personal Data, and provide UsabilityHub instructions for the processing of Personal Data, in compliance with Data Protection Laws. Customer shall ensure that the processing of Personal Data in accordance with Customer’s instructions will not cause UsabilityHub Lyssna to be in breach of the Data Protection Laws. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to UsabilityHub Lyssna by or on behalf of Customer, (ii) the means by which Customer acquired any such Personal Data, and (iii) the instructions it provides to UsabilityHub Lyssna regarding the processing of such Personal Data. Customer shall not provide or make available to UsabilityHub Lyssna any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify UsabilityHub Lyssna from all claims and losses in connection therewith. 2.2. UsabilityHub Lyssna shall not process Personal Data (i) for purposes other than those set forth in the Agreement and/or Exhibit A, (ii) in a manner inconsistent with the terms and conditions set forth in this DPA or any other documented instructions provided by Customer, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority to which UsabilityHub Lyssna is subject; in such a case, UsabilityHub Lyssna shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, or (iii) in violation of Data Protection Laws. Customer hereby instructs UsabilityHub Lyssna to process Personal Data in accordance with the foregoing and as part of any processing initiated by Customer in its use of the Services. 2.3. The subject matter, nature, purpose, and duration of this processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.4. Following completion of the Services, at Customer’s choice, UsabilityHub Lyssna shall return or delete Customer’s Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, UsabilityHub Lyssna shall take measures to block such Personal Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Customer and UsabilityHub Lyssna have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the UK SCCs and Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) shall be provided by UsabilityHub Lyssna to Customer only upon Customer’s request.

Processing of Data. 2.12.1 The rights and obligations of Merchant with respect to this Processing are described herein. The As between Recurly and Merchant, except as otherwise provided herein, Merchant is the Controller of Personal Data and Recurly shall process Personal Data only as a Processor acting on behalf of Merchant. In the event that, during the course of the Agreement, in response to emerging guidance or legislation Recurly considers that its categorization for any Processing carried out under the Agreement should change from Processor to Controller, Recurly shall provide written notice of this change to Merchant and the parties acknowledge and agree that with regard the terms under this Addendum relating to the processing new status shall apply to all Processing from the date of Personal Data, Customer acts as the Controller and UsabilityHub acts as the Processor. Customerreceipt of such notice. 2.2 Merchant shall, in its use of the Services, shall at all times Process Personal Data, and provide UsabilityHub instructions for the processing Processing of Personal Data, in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the California Consumer Privacy Act (the “CCPA”), and any other applicable legislation relating to data protection and privacy (together with the GDPR and CCPA, “Data Protection Laws”). Customer Merchant shall ensure that its Instructions comply with all laws, rules and regulations applicable in relation to the processing Personal Data, and that the Processing of Personal Data in accordance with CustomerMerchant’s instructions Instructions will not cause UsabilityHub Recurly to be in breach of the Data Protection Laws. Customer Merchant is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to UsabilityHub Recurly by or on behalf of CustomerMerchant, (ii) the means by which Customer Merchant acquired any such Personal Data, and (iii) the instructions Instructions it provides to UsabilityHub Recurly regarding the processing Processing of such Personal Data, including providing notice and obtaining all consents and rights necessary for Recurly to process Personal Data pursuant to the Agreement and this Addendum. Customer Merchant shall not provide or make available to UsabilityHub Recurly any Personal Data in violation of Data Protection Laws or the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify UsabilityHub Recurly from all claims and losses in connection therewith. 2.2. UsabilityHub 2.3 Recurly, in its capacity as the Processor, shall not process (a) retain, use, sell, or otherwise disclose Personal Data outside of its relationship with Merchant other than as required by law, as stated in the Agreement or in this Addendum, or as necessary to provide the Services or (b) Process Personal Data (i) for purposes other than those set forth in the Agreement and/or Exhibit AAnnex I, and (ii) in a manner inconsistent with the terms and conditions set forth in this DPA Addendum or any other documented instructions Instructions provided by CustomerXxxxxxxx, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority any law or regulation to which UsabilityHub Recurly is subject; in such a case, UsabilityHub shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, or (iii) in violation of Data Protection Laws. Customer Merchant hereby instructs UsabilityHub Recurly to process Process Personal Data in accordance with the foregoing and as part of any processing Processing initiated by Customer Merchant in its use of the Services. 2.3. The subject matter, nature, purpose, and duration of this processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.4. 2.4 Following completion of the Services, at CustomerMerchant’s choice, UsabilityHub Recurly shall return or delete Customer’s the Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, UsabilityHub shall take measures to block such Personal Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) Merchant and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Customer and UsabilityHub Recurly have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the UK SCCs and Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) Standard Contractual Clauses shall be provided by UsabilityHub Recurly to Customer Merchant only upon CustomerMerchant’s request.

Processing of Data. 2.1. a. The parties acknowledge and agree that with regard to Customer may act either as a controller or processor in processing Personal Data and, except as expressly set forth in this DPA or the processing of Personal DataAgreement, Pendo is a processor. Customer acts as the Controller and UsabilityHub acts as the Processor. Customershall, in its use of the Services, shall process Personal Data, and provide UsabilityHub instructions Instructions for the processing of Personal Data, in compliance with the Data Protection LawsPrivacy Laws at all times. Customer shall ensure that its Instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the processing of Personal Data in accordance with Customer’s instructions Instructions will not cause UsabilityHub Pendo to be in breach of the Data Protection Privacy Laws. Customer warrants it has undertaken due diligence in relation to Pendo’s processing operations, and it is satisfied that Pendo’s processing operations are suitable for the purposes for which the Customer proposes to use the Services and engage Pendo to process Personal Data. b. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to UsabilityHub Pendo by or on behalf of Customer, (ii) the means by which Customer acquired any such the Personal Data, and (iii) the instructions Instructions it provides to UsabilityHub regarding the processing of such Personal DataPendo. Customer shall not provide or make available to UsabilityHub Pendo any Personal Data in violation of either this DPA or the Agreement Agreement, or which is otherwise inappropriate for the nature of the Services, and shall indemnify UsabilityHub Pendo from all claims and losses Losses in connection therewithwith Customer’s breach of applicable Data Privacy Laws including, without limitation, any neglect of proper notice to or legal consent from Data Subjects. Customer shall notify Pendo in the event of any change to the nature of the Personal Data it makes available to Pendo as part of the Agreement. 2.2. UsabilityHub x. Xxxxx shall not process Personal Data (i) for the purposes other than those set forth in the Agreement and/or Exhibit AAgreement, (ii) in a manner inconsistent accordance with the terms and conditions set forth in this DPA or and any other documented instructions Instructions provided by Customer, including with regard to transfers of personal data to a third country or an international organization, Customer (unless required otherwise by EEA or UK law applicable to do so by Supervisory Authority to Pendo, in which UsabilityHub is subject; in such a case, UsabilityHub case Pendo shall inform the Customer of that legal requirement before processing, unless that such law prohibits the provision of such information on important grounds of public interest, or information); and (iii) in violation of compliance with the Data Protection Privacy Laws. Customer hereby instructs UsabilityHub Pendo to process Personal Data in accordance with the foregoing and as part of any processing initiated by Customer in its Customer’s use of the Services. 2.3d. In relation to any Personal Data that Customer provides or makes available to Pendo, or that Pendo processes on Customer's behalf pursuant to the Agreement, the parties acknowledge and agree that Pendo is a processor of Personal Data under the GDPR and/or the UK GDPR, the VCDPA, the CPA, the CTDPA, and the UCPA, and a service provider for the purposes of the CCPA receiving Personal Data from Customer pursuant to the Agreement for a business purpose. Pendo shall not sell any such Personal Data nor retain, use or disclose any Personal Data provided by Customer pursuant to the Agreement except as necessary for performing the Services or otherwise as set forth in the Agreement or as permitted by the State Privacy Laws. The terms “service provider,” and “sell” are as defined in Section 1798.140 of the CCPA. Pendo certifies that it understands the restrictions of this section. e. The subject matter, nature, purpose, purpose and duration of this processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.4. f. Following completion of the Services, at Customer’s choice, UsabilityHub Pendo shall return or delete Customer’s Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, UsabilityHub Pendo shall take measures to block such Personal Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Customer and UsabilityHub Pendo have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data)this DPA, the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the UK SCCs and Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) shall be provided by UsabilityHub Pendo to Customer only upon Customer’s request. g. U.S.