Common use of Duration of Agreement and Protected Data Upon Termination or Expiration Clause in Contracts

Duration of Agreement and Protected Data Upon Termination or Expiration. The Master Agreement commences on the date of signature and, unless otherwise elected by the District, will renew and continue to be in effect annually thereafter. • Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by the District, Vendor will assist the District in exporting all Protected Data previously received back to the District for its own use, prior to deletion, in such formats as may be requested by the District. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note to Vendor: Pursuant to Education Law § 2-d and Section 121.6 of the Commissioner’s Regulations, the District is required to ensure that all contracts with a third-party contractor include the contractor’s Data Security and Privacy Plan. The Contractor must complete the following or provide a plan that materially addresses these requirements. In addition to complying with the terms of the District’s Parents’ Bill of Rights, Vendor shall protect the confidentiality, privacy and security of Protected Data received from the District as set forth below:

Duration of Agreement and Protected Data Upon Termination or Expiration. The Master Agreement commences on when the date of signature and, unless otherwise elected by District begins using the District, will renew Services and continue to be in effect annually thereafterexpires when the district stops using the Services. • Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will will, as soon as reasonably possible, securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by the District, Vendor will assist the District in exporting all Protected Data previously received back to the District for its own use, prior to deletion, in such formats as may be requested by the District. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note By signing below, you agree: • To comply with the terms contained in the Supplemental Information Master Agreement • To comply with the terms of ▇▇▇▇▇▇ Central Schools Parents’ Bill of Rights for Data Privacy and Security(applicable to Vendor: Pursuant Third-Party Contractors subject to New York Education Law § 2-d only) 3/13/22 ▇▇▇▇▇▇ Central School District and Section 121.6 of the Commissioner’s Regulations, the District is required to ensure that all contracts with a third-party contractor include the contractor’s Data Security and Privacy Plan. The Contractor must complete the following or provide a plan that materially addresses these requirements. In addition to complying with the terms of the District’s Parents’ Bill of Rights, Vendor shall protect the confidentiality, privacy and security of Protected Data received from the District agree as set forth belowfollows:

Duration of Agreement and Protected Data Upon Termination or Expiration. ● The Master Agreement commences on the date of signature and[July 1, unless otherwise elected by the District2025] and expires on [June 30, will renew and continue to be in effect annually thereafter. • 2026] ● Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by the District, Vendor will assist the District in exporting all Protected Data previously received back to the District for its own use, prior to deletion, in such formats as may be requested by the District. • ● In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. • ● Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note to VendorName of Provider: Pursuant to Education Law § 2-d and Section 121.6 Discovery Education, Inc Description of the Commissioner’s Regulationspurpose(s) for which Provider will receive/access PII: To provide contracted services Type of PII that Provider will receive/access: Check all that apply: ☐ Student PII ☐ APPR Data Contract Term: Contract Start Date: TBD Contract End Date: Subcontractor Written Agreement Requirement: Provider will not utilize subcontractors without a written contract that requires the subcontractors to adhere to, at a minimum, materially similar data protection obligations imposed on the contractor by State and Federal laws and regulations, and the Contract. (check applicable option) ☐ Provider will not utilize subcontractors. ☐ Provider will utilize subcontractors. Data Transition and Secure Destruction: Upon expiration or termination of the Contract, Provider shall: • Securely delete and destroy data. Challenges to Data Accuracy: Parents, teachers, or principals who seek to challenge the accuracy of PII will do so by contacting the School District. If a correction to data is deemed necessary, the School District is required will notify Provider. Provider agrees to ensure that all contracts with a thirdfacilitate such corrections within 21 days of receiving the School District’s written request. Docusign Envelope ID: 7CC9F0E8-party contractor include 5E72-4DF2-96D9-CC0E26B1987F Docusign Envelope ID: DF7194D6-101A-4019-87B3-5623271F4CB4 Amazon Web Services, United States ▇▇▇▇▇ ▇▇▇▇▇▇ EVP - Global Operations May 1, 2025 Discovery Education maintains ISO 27001 And SOC 2 Type 2 certification. We implement appropriate technical and organizational security measures, such as access controls and encryption, to protect the contractor’s Data Security and Privacy Plan. The Contractor personal Provider must complete the following or provide a plan that materially addresses these its requirements. In addition to complying , including alignment with the terms of NIST Cybersecurity Framework, which is the District’s Parents’ Bill of Rights, Vendor shall protect the confidentiality, standard for educational agency data privacy and security policies in New York state. While this plan is not required to be posted to the School District’s website, Provider should nevertheless ensure that they do not include information that could compromise the security of Protected their data and data systems. Name of Provider: Discovery Education, Inc Address: ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇, ▇▇▇▇▇ ▇▇▇, ▇▇▇▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇ Email/Phone: ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ 1 Outline how you will implement applicable data security and privacy contract requirements over the life of the Contract. The Contractor Customer and Technical Support team is available to work with District administrators and teachers. There are no fees associated with customer and technical support services. Contractor’s support structure includes a defined internal escalation path utilizing a ticket system, which allows a customer to track progress working with any 2 Specify the administrative, operational, and technical safeguards and practices that you have in place to protect PII. The Contractor Customer and Technical Support team is available to work with District administrators and teachers. There are no fees associated with customer and technical support services. Contractor’s support structure includes a defined internal escalation path utilizing a ticket system, which allows a customer to track progress working with any 3 Address the training received by your employees and any subcontractors engaged in the provision of services under the Contract on the Federal and State laws that govern the confidentiality of PII. The Contractor will ensure that its personnel and subcontractors that access the student data are informed of the confidential nature of the student data and are bound by appropriate obligations of confidentiality or are under an appropriate statutory obligation of confidentiality. The Contractor will take all reasonable steps and to ensure the reliability of Vendor’s personnel and subcontractors that 4 Outline contracting processes that ensure that your employees and any subcontractors are bound by written agreement to the requirements of the Contract, at a minimum. The Contractor employees and any subcontractors are bound by the Discovery Education’s Data received from Privacy found here: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/data- %20protection-addendum/ 5 Specify how you will manage any data security and privacy incidents that implicate PII and describe any specific plans you have in place to identify breaches and/or unauthorized disclosures, and to meet your obligations to report incidents to the School District. If District/customer/distributor or Contractor determines that a breach has occurred, when there is a reasonable risk of identity theft or other harm, or where otherwise required by law, Contractor provides any legally required notification to affected parties as promptly as possible, and fully cooperates as needed to ensure compliance with all breach of confidentiality laws. Contractor reports as promptly as possible to District/customers/distributors (or their designees) and 6 Describe how data will be transitioned to the School District as set forth below:when no longer needed by you to meet your contractual obligations, if applicable. Upon termination or expiration of the contract, the Vendor will destroy/delete student data.

Duration of Agreement and Protected Data Upon Termination or Expiration. ● The Master Agreement commences on the date of signature and, unless otherwise elected by the District, will renew 10/1/2020 and continue to be in effect annually thereafterexpires on 6/30/2021 . • ● Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor Seesaw will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor Seesaw or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by the School or District, Vendor Seesaw will assist the School or District in exporting all Protected Data previously received back to the School or District for its own use, prior to deletion, in such formats as may be requested by the School or District. • ● In the event the Master Agreement is assigned to a successor Vendor Seesaw (to the extent authorized by the Master Agreement), the Vendor Seesaw will cooperate with the School or District as necessary to transition Protected Data to the successor Vendor to Seesaw prior to deletion. • ● Neither Vendor Seesaw nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor Seesaw and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the School or District with a certification from an appropriate officer that these requirements have been satisfied in full. Note Parents or eligible students can challenge the accuracy of any Protected Data provided by the School or District to Vendor: Pursuant to Education Law § 2-d and Section 121.6 Seesaw, by contacting the School or District regarding procedures for requesting amendment of education records under the Commissioner’s Regulations, the District is required to ensure that all contracts with a third-party contractor include the contractor’s Data Security Family Educational Rights and Privacy PlanAct (FERPA). The Contractor must complete Teachers or principals may request to challenge the accuracy of data provided to Seesaw by following or provide a plan that materially addresses these requirements. In addition to complying with the terms of appeal process in the District’s Parents’ Bill of Rights, Vendor shall protect the confidentiality, privacy and security of Protected Data received from the District as set forth below:applicable Plan.

Duration of Agreement and Protected Data Upon Termination or Expiration. The Master Agreement commences on the date of signature and, unless otherwise elected by the District, will renew and continue to be in effect annually thereaftersignature. • Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by the District, Vendor will assist the District in exporting all Protected Data previously received back to the District for its own use, prior to deletion, in such formats as may be requested by the District. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note Security and Disaster Recovery ARC digital products adhere to Vendorthe following security and disaster recovery practices: Pursuant • All web-based services and RESTful API calls use TLS 1.2 security. • All personally identifiable information stored in MySQL is encrypted at rest using InnoDB tablespace encryption. • ARC digital products offer access for teachers, school administrators, and district administrators as identified by the district. Users in each of those security groups have access to Education Law § 2only those student records in their scope of responsibility. • For districts using Clever Instant Login or Classlink OneClick Single Sign-d On, the district maintains real-time control of all user credentials. For districts not using one of our supported single sign-on solutions, districts may assign usernames and Section 121.6 passwords up to 128 characters. All passwords are stored using BCrypt encryption. • The TrueNet data center includes biometric door locks coupled with NFC cards. All server cabinets are locked. • Servers at the TrueNet data center have dual power supplies connected to separate power circuits with battery backup. • All data at the TrueNet data center is stored on striped and mirrored hard drives for redundancy. • All digital product data is replicated to multiple database servers behind our firewalls. • All data is backed up daily using Dell RapidRecovery, encrypted, and transferred securely to ARC’s headquarters. • All employees who might require access to secure data are provided training on safe-handling procedures. Privacy The complete privacy policy for ARC digital products can be found online at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy.html. • Data stored in ARC digital products remains the property of the Commissioner’s Regulationsdistrict, the District and is required protected by several policies to ensure that all contracts privacy. • American Reading Company does not share district data with a third-party contractor include the contractor’s Data Security and Privacy Plan. The Contractor must complete the following or provide a plan that materially addresses these requirements. In addition to complying with the terms of the District’s Parents’ Bill of Rights, Vendor shall protect the confidentiality, privacy and security of Protected Data received from the District as set forth below:any third parties unless requested by district administration.

Duration of Agreement and Protected Data Upon Termination or Expiration.  The Master Agreement commences on the date of signature and, unless otherwise elected by the District, will renew and continue to be in effect annually thereafter. •  Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by the District, Vendor will assist the District in exporting all Protected Data previously received back to the District for its own use, prior to deletion, in such formats as may be requested by the District. •  In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. •  Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note to Vendor: Pursuant to Education Law § 2-d and Section 121.6 of the Commissioner’s Regulations, the District is required to ensure that all contracts with a third-party contractor include the contractor’s Data Security and Privacy Plan. The Contractor must complete the following or provide a plan that materially addresses these requirements. In addition to complying with the terms of the District’s Parents’ Bill ▇▇▇▇ of Rights, Vendor shall protect the confidentiality, privacy and security of Protected Data received from the District as set forth below:

Duration of Agreement and Protected Data Upon Termination or Expiration. The Master Agreement commences on the date of signature and, unless otherwise elected agreed upon by the District, will renew parties and continue to be in effect annually thereafterexpires at the end of the agreed-upon term or termination by either of the parties. • Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by the District, Vendor will assist the District in exporting all Protected Data previously received back to the District for its own use, prior to deletion, in such formats as may be requested by the District. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note located within the United States, Canada or Europe. The measures that Vendor (and, if applicable, its subcontractors) will take to Vendorprotect Protected Data include adoption of technologies, safeguards and practices that align with the NIST Cyber security Framework, and safeguards associated with industry standards and best practices including, but not limited to, disk encryption, file encryption, firewalls, and password protection. By signing below, you agree: Pursuant • To comply with the terms contained in the Supplemental Information Master Agreement • To comply with the terms of ▇▇▇▇▇▇ Central Schools Parents’ Bill of Rights for Data Privacy and Security(applicable to Third-Party Contractors subject to New York Education Law § 2-d only) ▇▇▇▇▇▇ Central School District and Section 121.6 of the Commissioner’s Regulations, the District is required to ensure that all contracts with a third-party contractor include the contractor’s Data Security and Privacy Plan. The Contractor must complete the following or provide a plan that materially addresses these requirements. In addition to complying with the terms of the District’s Parents’ Bill of Rights, Vendor shall protect the confidentiality, privacy and security of Protected Data received from the District agree as set forth belowfollows:

Duration of Agreement and Protected Data Upon Termination or Expiration.  The Master Agreement commences on the date of signature andSeptember 1, unless otherwise elected by the District, will renew 2022 and continue to be expires in effect annually thereafteraccordance with its terms. •  Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected DataData within sixty (60) days after expiration or termination of the Master Agreement, provided, however that Vendor shall dispose of Protected Data in its data backups pursuant to Vendor’s then-current data retention and destruction policy and in no event later than thirteen (13) months after the expiration of the Master Agreement and provided further that Contractor may retain Protected Data for so long as necessary for litigation purposes. If requested by the District, Vendor will assist the District in exporting all Protected Data previously received back to the District for its own use, prior to deletion, in such formats as may be requested by the Districta standard or mutually agreeable file format. •  In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. •  Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note ▇▇▇▇▇ sets forth the following Data Security and Privacy Plan with respect to Vendor: Pursuant to Tyler Software and services (“Plan”) in accordance with the requirements of New York Education Law § §2-d and Section 121.6 the implementing regulations set forth in Part 121 of the Commissioner’s Regulations, the District is required to ensure that all contracts with a third-party contractor include the contractor’s Data Security and Privacy Plan. The Contractor must complete the following or provide a plan that materially addresses these requirements. In addition to complying with the terms Regulations of the District’s Parents’ Bill Commissioner of Rights, Vendor Education (“NY Education Privacy Laws”). Capitalized but undefined terms shall protect have the confidentiality, privacy and security of Protected Data received from meaning attributed to them in the District as set forth below:NY Education Privacy Laws.

Duration of Agreement and Protected Data Upon Termination or Expiration. ● The Master Agreement commences on the date of the last signature and, unless otherwise elected by affixed hereto and expires as outlined in the District, will renew attached Vendor’s Data Security and continue to be in effect annually thereafterPrivacy Plan attached as Appendix A. . • ● Upon expiration of the Master Agreement without renewal, or upon termination of the Master Agreement prior to its expiration, Vendor will will, upon written request by the District, securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or any of its subcontractors third-party service providers or other authorized persons or entities to whom it has disclosed Protected Data. In the event District does not make such a request in writing, Edpuzzle will delete all Protected Data upon eighteen (18) months of end-user account inactivity. If requested in writing by the District, Vendor will assist the District in exporting all Protected Data previously received back Student Gradebooks to the District for its own use, prior in an standard exportation format, such as, but not limited to deletion.csv or .json. Notwithstanding the foregoing, in such formats as data backups that are part of Vendor’s disaster recovery storage system may be requested by the District. • In the event the Master Agreement is assigned to a successor Vendor retained for an additional term of six (6) months, provided such backups remain inaccessible to the extent authorized public and are unable to be used by Vendor in the Master Agreement)normal course of business. ● Vendor may use De-identified Data for purposes of research, improvement of Vendor's product or services, and/or development of new products and services. In no event shall Vendor or any of its third-party service providers or assignees re-identify or try to re-identify any De-identified Data or use De-identified Data in combination with other data elements possessed by Vendor or any third-party affiliate, posing risk of re-identification. ● Once the Vendor will cooperate with the District as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither aforementioned data backups are deleted, neither Vendor nor any of its subcontractors third-party service providers or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon written request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide the District with a certification from an appropriate officer that these requirements have been satisfied in full. Note to Vendor: Pursuant to Education Law § 2-d full by Vendor and Section 121.6 of the Commissioner’s Regulations, the District is required to ensure that all contracts with a its third-party contractor include service providers, if any. The technical and organizational measures provided in this Data Privacy and Security Plan and Supplemental Information (hereinafter, “DPSP”) apply to EDpuzzle, Inc., a Delaware corporation (hereinafter, “Edpuzzle”), in the contractorprocessing of Personally Identifiable Information (“PII”) that is the subject matter of the Agreement entered into with Jasper-Troupsburg Central School District (“District”) on even date herewith (the “Agreement”), including any underlying applications, platforms, and infrastructure components operated and managed by Edpuzzle in providing its services. For all aspects not envisaged in the Agreement or this DPSP, Edpuzzle’s Data Security Terms of Service (▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇▇/terms) and Privacy Plan. The Contractor must complete Policy ▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇▇/privacy) shall apply (jointly the following “Terms”), provided such Terms do not contravene the Agreement or provide a plan that materially addresses these requirements. In addition to complying with this DPSP by any means, in which case the terms of provisions foreseen in the District’s Parents’ Bill of Rights, Vendor Agreement and this DPSP shall protect the confidentiality, privacy and security of Protected Data received from the District as set forth below:prevail.