Common use of Supplementary Measures Clause in Contracts

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this AddendumDPA, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 If, after the date of this AddendumDPA, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum DPA cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 6.5.1 As of the date of this AddendumDPA, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 6.5.2 If, after the date of this AddendumDPA, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 6.5.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 6.5.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 6.5.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum DPA cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK TransferTransfer made pursuant to the Standard Contractual Clauses, the following supplementary measures shall apply: 6.6.1 5.6.1 As of the date of this AddendumDPA, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 5.6.2 If, after the date of this AddendumDPA, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and; 6.6.3 5.6.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 5.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 5.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum DPA cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK International Data Transfer, the following supplementary measures shall apply: 6.6.1 (i) As of the date of this Addendum, the Data Importer Temporal has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Customer Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“"Government Agency Requests”"); 6.6.2 (ii) If, after the date of this Addendum, the Data Importer Temporal receives any Government Agency Requests, Company Temporal shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company Temporal may provide Customer’s 's basic contact information to the government agency. If compelled to disclose Customer’s Temporal's Personal Data to a law enforcement or government agency, Company Temporal shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company Temporal is legally prohibited from doing so. Company Temporal shall not voluntarily disclose Customer Personal Data to any law enforcement or government agency. Data Exporter Customer and Data Importer Temporal shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Customer Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 (iii) The Data Exporter Customer and Data Importer Temporal will meet as needed regularly to consider whether: (i1) the protection afforded by the laws of the country of the Data Importer Temporal to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii2) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Applicable Privacy Laws; and (iii3) it is still appropriate for Customer Personal Data to be transferred to the relevant Data ImporterTemporal, taking into account all relevant information available to the partiesParties, together with guidance provided by the supervisory authorities. 6.6.4 (iv) If Data Protection Applicable Privacy Laws require the Data Exporter Customer to execute the Standard Contractual Clauses applicable to a particular transfer of Customer Personal Data to a Data Importer Temporal as a separate agreement, the Data Importer Temporal shall, on request of the Data ExporterCustomer, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter Customer to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant applicable Data Protection Laws. 6.6.5 (v) If either (i) any of the means of legitimizing transfers of Customer Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Customer Personal Data pursuant to those means to be suspended, then Data Importer may by notice Temporal agrees to amend the Data Exportermeans of legitimizing transfers or alternative arrangements with Customer, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Applicable Privacy Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 7.6.1 As of the date of this AddendumDPA, the Data Importer Cloze has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Customer Account Data (“Government Agency Requests”); 6.6.2 7.6.2 If, after the date of this AddendumDPA, the Data Importer Cloze receives any Government Agency Requests, Company Cloze shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company Cloze may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Customer Account Data to a law enforcement or government agency, Company Cloze shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company Cloze is legally prohibited from doing so. Company Cloze shall not voluntarily disclose Personal Customer Account Data to any law enforcement or government agency. Data Exporter and Data Importer The Parties shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 7.6.3 The Data Exporter and Data Importer Parties will meet as needed to consider whether: (i) the protection afforded by the laws of the country of the Cloze (Data Importer Importer) to data subjects Data Subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the partiesParties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Each of the Data Exporter and Data Importer will meet as needed to regularly consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, the Company shall attempt to redirect the law enforcement or government agency to request that data directly from the Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 A. As of the date of this Addendum, the Data Importer Company has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customereither Party’s Personal Data (“Government Agency Requests”);. 6.6.2 IfB. Where allowed by Applicable Law, if after the date of this Addendum, the Data Importer Company receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand demand, where allowed by Applicable Law, and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer Company shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 C. If Data Protection Applicable Laws require the Data Exporter Parties to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer Parties shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Applicable Laws. 6.6.5 D. If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice each Party agrees to amend the Data Exportermeans of legitimizing transfers or alternative arrangements with Customer, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Applicable Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 6.6.1. As of the date of this AddendumDPA, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 6.6.2. If, after the date of this AddendumAgreement, the Data Importer receives any Government Agency Requests, Company Lyssna shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company Lyssna may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company Lyssna shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company Lyssna is legally prohibited from doing so. Company Lyssna shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 6.6.3. The Data Exporter and Data Importer will meet as needed to consider whether: (i) i. the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) . additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) . it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 6.6.4. If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 6.6.5. If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum Agreement cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 5.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 5.6.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 5.6.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 5.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 5.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 6.6.1. As of the date of this AddendumAgreement, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 6.6.2. If, after the date of this AddendumAgreement, the Data Importer receives any Government Agency Requests, Company UsabilityHub shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company UsabilityHub may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company UsabilityHub shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company UsabilityHub is legally prohibited from doing so. Company UsabilityHub shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum Agreement should be suspended in the light of the such Government Agency Requests; and 6.6.3 6.6.3. The Data Exporter and Data Importer will meet as needed to consider whether: (i) i. the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) . additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) . it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 6.6.4. If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 6.6.5. If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum Agreement cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK TransferTransfer made pursuant to the Standard Contractual Clauses, the following supplementary measures shall apply: 6.6.1 i. As of the date of this AddendumDPA was last updated, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 ii. If, after the date of this AddendumDPA, the Data Importer receives any Government Agency Requests, Company Pendo shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company Pendo may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company Pendo shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company Pendo is legally prohibited from doing so. Company Pendo shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 iii. The Data Exporter and Data Importer will meet as needed from time to time to consider whether: (i) A. the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) B. additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Privacy Laws; and (iii) C. it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 iv. If Data Protection Privacy Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Privacy Laws. 6.6.5 v. If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum DPA cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Privacy Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 (i) As of the date of this Addendum, the Data Importer Company has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Customer Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 (ii) If, after the date of this Addendum, the Data Importer Company receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose CustomerCompany’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Customer Personal Data to any law enforcement or government agency. Data Exporter Customer and Data Importer Company shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Customer Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 (iii) The Data Exporter Customer and Data Importer Company will meet as needed regularly to consider whether: (i1) the protection afforded by the laws of the country of the Data Importer Company to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii2) additional measures are reasonably necessary to enable the transfer to be compliant with the Applicable Data Protection Laws; and (iii3) it is still appropriate for Customer Personal Data to be transferred to the relevant Data ImporterCompany, taking into account all relevant information available to the partiesParties, together with guidance provided by the supervisory authorities. 6.6.4 (iv) If Data Protection Laws require the Data Exporter Customer to execute the Standard Contractual Clauses applicable to a particular transfer of Customer Personal Data to a Data Importer Company as a separate agreement, the Data Importer Company shall, on request of the Data ExporterCustomer, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter Customer to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Applicable Data Protection Laws. 6.6.5 (v) If either (i) any of the means of legitimizing transfers of Customer Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Customer Personal Data pursuant to those means to be suspended, then Data Importer may by notice Company agrees to amend the Data Exportermeans of legitimizing transfers or alternative arrangements with Customer, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Applicable Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK TransferTransfer made pursuant to the Standard Contractual Clauses, the following supplementary measures shall apply: 6.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 5.5.1 If, after the date of this AddendumDPA, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and; 6.6.3 5.5.2 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 5.5.3 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 5.5.4 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum DPA cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 6.7.1 As of the date of this AddendumDPA, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 6.7.2 If, after the date of this AddendumDPA, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 6.7.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 6.7.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 6.7.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum DPA cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, Xxxxxxx provides the following supplementary measures shall apply: 6.6.1 As to ensure an adequate level of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country protection pursuant to which the Personal Data is being exported, Article 44 et seq. GDPR for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 Iftransferred to Bentley Systems, after Incorporated provided that Xxxxxxx is not barred under applicable law to comply with these supplementary measures: • Bentley shall notify the date of this Addendum, the Data Importer receives Customer without undue delay should any Government Agency Requests, Company shall attempt public authority request access to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data Data. Should Bentley be barred from notifying the Customer in a situation due to a law enforcement or government agencyapplicable law, Company Bentley shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to without undue delay ensure that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to the country that requested the access is ceased and notify the Customer that it had to do so. The Parties shall enter into discussions how to mitigate the situation. • Xxxxxxx shall take without undue delay any available legal recourse against any data access requests by public authorities and not disclose any Personal Data until ordered so by final and binding court decision. • Xxxxxxx shall assist the Customer by providing any information to the extent reasonable if the Customer decides to inform the Data Subjects if their Personal Data are affected by a request on data access by a public authority. • Xxxxxxx will provide Customer on a regular basis with a transparency report about requests for access to Personal Data Importer as a separate agreementreceived from public authorities in an aggregated form, including at least information on the amount of data requests, the Data Importer shalltype of data requested, on request of the Data Exporter, promptly execute requesting public authority and to what extent Xxxxxxx has disclosed personal data to such public authorities. • Xxxxxxx shall constantly monitor any legal or policy developments that might lead to its inability to comply with the obligations under the EU Standard Contractual Clauses incorporating and without undue delay inform the Customer of any such amendments as may reasonably changes and developments. • Xxxxxxx hereby confirms that it has not purposefully created backdoors or similar programming that could be required by used to access Bentley’s systems and/or Customer’s personal data stored therein. Further information relating to supplementary safeguards is available upon request. This Schedule 2 specifies the Data Exporter to reflect information on the applicable appendices Processing and annexes, the details transfer of Personal data in accordance with Section 2.5 of the transfer and the requirements DPA. Customer’s use of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers Bentley’s Services involves Processing of Personal Data outside by Xxxxxxx on behalf of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers Customer. Any Processing of Personal Data pursuant to those means to be suspended, then Data Importer may by notice belonging to the Customer is carried out by Xxxxxxx acting as Processor, whereby Customer is acting as Controller. Xxxxxxx’x Processing of Customer’s Personal Data Exporterinvolves collection, with effect from transfer, storage, and other processing activities necessary to provide, maintain and update the date set out Services provided by Xxxxxxx to Customer via Bentley’s systems. Any Personal Data Processed in such noticeBentley’s systems when using the Services provided by Xxxxxxx are transferred to and stored on servers located in the USA and operated by Bentley Systems, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection LawsIncorporated.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 3.5.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”);. 6.6.2 3.5.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, Company Data Importer shall attempt to redirect the law enforcement or government agency to request that data directly from CustomerData Exporter. As part of this effort, Company Data Importer may provide CustomerData Exporter’s basic contact information to the government agency. If compelled to disclose CustomerData Importer’s Personal Data to a law enforcement or government agency, Company Data Importer shall give Customer Data Exporter reasonable notice of the demand and cooperate to allow Customer Data Exporter to seek a protective order or other appropriate remedy unless Company Data Importer is legally prohibited from doing so. Company Data Importer shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 3.5.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Applicable Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 3.5.4 If Data Protection Applicable Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 3.5.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice the parties shall cooperate to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Applicable Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this AddendumDPA, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 If, after the date of this AddendumDPA, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum DPA cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”)) ; 6.6.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, Company Noteable shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company Noteable may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company Noteable shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company Noteable is legally prohibited from doing so. Company Noteable shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed regularly to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the details of the transfer and the requirements of the relevant Data Protection Laws. 6.6.5 If either (i) any of the means of legitimizing transfers of Personal Data outside of the EEA or UK set forth in this Addendum cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, then Data Importer may by notice to the Data Exporter, with effect from the date set out in such notice, amend or put in place alternative arrangements in respect of such transfers, as required by Data Protection Laws.