Common use of Schedule of Disposition Clause in Contracts

Schedule of Disposition. Data shall be disposed of by the following date: ✔ As soon as commercially practicable. By [ ] 4. Signature Authorized Representative of XXX 01/31/2024 Date 5. Verification of Disposition of Data Authorized Representative of Company Date 1. Offer of Terms Provider offers the same privacy protections found in this DPA between it and Xxxxxxx School District 61 (“Originating LEA”) which is dated 1/30/2024 , to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing XXX may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues; (2) a material change in the services and products listed in the originating Service Agreement; or three (3) years after the date of Provider’s signature to this Form. Subscribing LEAs should send the signed Exhibit “E” to Provider at the following email address: xxxxxxxxxx@xxxxxxxxxxxxx.xxx . Digitally signed by Xxxxx Xxxxxx Date: 2024.01.30 18:00:17 -08'00' PROVIDER: Ripple Effects BY: Date: 01/30/2024 Printed Name: Xxxxx Xxxxxx Title/Position: COO 2. Subscribing LEA A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between the and **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. EXHIBIT "G" - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Illinois This Exhibit G, Supplemental SDPC State Terms for Illinois ("Supplemental State Terms"), effective simultaneously with the attached Student Data Privacy Agreement ("DPA") by and between

Schedule of Disposition. Data shall be disposed of by the following date: ✔ As soon as commercially practicable. By [ ] 4. Signature Authorized Representative of XXX 01/31/2024 LEA 5/17/2024 Date 5. Verification of Disposition of Data Authorized Representative of Company 05/14/2021 Date 1. Offer of Terms Provider offers the same privacy protections found in this DPA between it and Xxxxxxx Columbia Unit School District 61 Distri (“Originating LEA”) which is dated 1/30/2024 05/14/2021 , to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing XXX LEA may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues; (2) a material change in the services and products listed in the originating Service Agreement; or three (3) years after the date of Provider’s signature to this Form. Subscribing LEAs should send the signed Exhibit “E” to Provider at the following email address: xxxxxxxxxx@xxxxxxxxxxxxx.xxx xxxxxxx@xxxxxxxxxx.xxx . Digitally signed by Xxxxx Xxxxxx Date: 2024.01.30 18:00:17 -08'00' PROVIDER: Ripple Effects :CodeCombat Inc. BY: Date: 01/30/2024 5/14/2021 Printed Name: Xxxxx Xxxxxxxx Xxxxxx Title/Position: COOCEO 2. Subscribing LEA A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between the Columbia Unit School Distri and CodeCombat Inc. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** #:: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. EXHIBIT "G" - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Illinois This Exhibit G, Supplemental SDPC State Terms for Illinois ("Supplemental State Terms"), effective simultaneously with the attached Student Data Privacy Agreement ("DPA") by and betweenbetween Columbia Unit School District #4 "LEA") and C__ode__Com__ba_t _Inc_. _ __ __ __ ____ __ __ __ ___ (the "Provider"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Schedule of Disposition. Data shall be disposed of by the following date: __ ✔ _ As soon as commercially practicable. ___ _ By [ ] 4. Signature Authorized Representative of XXX 01/31/2024 12/02/2021 Date 5. Verification of Disposition of Data Authorized Representative of Company 11/29/2021 Date 1. Offer of Terms Provider offers the same privacy protections found in this DPA between it and Xxxxxxx School District 61 Central CUSD 301 (“Originating LEA”) which is dated 1/30/2024 11/29/21 , to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing XXX may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues; (2) a material change in the services and products listed in the originating Service Agreement; or three (3) years after the date of Provider’s signature to this Form. Subscribing LEAs should send the signed Exhibit “E” to Provider at the following email address: xxxxxxxxxx@xxxxxxxxxxxxx.xxx xxxxx@xxxxxxxx.xxx . Digitally signed by Xxxxx Xxxxxx Date: 2024.01.30 18:00:17 -08'00' PROVIDER: Ripple Effects :Symbaloo BY: Date: 01/30/2024 11/29/2021 Printed Name: Xxxxx Xxxxxx Xxxxxxx Title/Position: COOAccount Manager 2. Subscribing LEA A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between the Central CUSD 301 and Symbaloo **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** by: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization Information technology — Security techniques — Information security management systems xxxxxxx (ISO 27000 XXX 00000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. EXHIBIT "G" - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Illinois This Exhibit G, Supplemental SDPC State Terms for Illinois ("Supplemental State Terms"), effective simultaneously with the attached Student Data Privacy Agreement ("DPA") by and betweenbetween Central CUSD 301 "LEA") and S_y_mba_lo_o __ __ __ __ __ __ ____ __ __ __ ___ (the "Provider"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

Schedule of Disposition. Data shall be disposed of by the following date: __ ✔ _ _ As soon as commercially practicable. ___ _ By [ ] Xxxx Xxxxxx Digitally signed by Xxxx Xxxxxx Date: 2023.11.03 14:57:11 -05'00' 4. Signature Authorized Representative of XXX 01/31/2024 11/3/2023 Date 5. Verification of Disposition of Data Authorized Representative of Company 10/31/2023 Date 1. Offer of Terms Provider offers the same privacy protections found in this DPA between it and Xxxxxxx School District 61 (“Originating LEA”) which is dated 1/30/2024 10/31/202, to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing XXX may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues; (2) a material change in the services and products listed in the originating Service Agreement; or three (3) years after the date of Provider’s signature to this Form. Subscribing LEAs should send the signed Exhibit “E” to Provider at the following email address: xxxxxxxxxx@xxxxxxxxxxxxx.xxx xxx_xxxxxx@xxxxxxxxxxxxxxx.xxx . Digitally signed by Xxxxx Xxxxxx Date: 2024.01.30 18:00:17 -08'00' PROVIDER: Ripple Effects BY: Date: 01/30/2024 Printed Name: Xxxxx Xxx Xxxxxx Title/Position: COOCTO 2. Subscribing LEA A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between the and **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING XXX MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** BY: Date: Printed Name: Title/Position: SCHOOL DISTRICT NAME: DESIGNATED REPRESENTATIVE OF LEA: Name: Title: Address: Telephone Number: Email: The Education Security and Privacy Exchange (“Edspex”) works in partnership with the Student Data Privacy Consortium and industry leaders to maintain a list of known and credible cybersecurity frameworks which can protect digital learning ecosystems chosen based on a set of guiding cybersecurity principles* (“Cybersecurity Frameworks”) that may be utilized by Provider . Cybersecurity Frameworks MAINTAINING ORGANIZATION/GROUP FRAMEWORK(S) ✔ National Institute of Standards and Technology NIST Cybersecurity Framework Version 1.1 National Institute of Standards and Technology NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171 International Standards Organization Information technology — Security techniques — Information security management systems (ISO 27000 series) Secure Controls Framework Council, LLC Security Controls Framework (SCF) Center for Internet Security CIS Critical Security Controls (CSC, CIS Top 20) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR) Please visit xxxx://xxx.xxxxxx.xxx for further details about the noted frameworks. EXHIBIT "G" - Supplemental SDPC (Student Data Privacy Consortium) State Terms for Illinois This Exhibit G, Supplemental SDPC State Terms for Illinois ("Supplemental State Terms"), effective simultaneously with the attached Student Data Privacy Agreement ("DPA") by and betweenbetween "LEA") and _ (the "Provider"), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows: