Common use of Processing of Data Clause in Contracts

Processing of Data. 3.1 Customer shall, in its use of the Services, at all times Process Personal Data, and provide instructions for the Processing of Personal Data, in compliance with Applicable Data Protection Laws. Customer shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the Processing of Personal Data in accordance with Customer’s instructions will not cause Zoom to be in breach of Applicable Data Protection Law. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to Zoom by or on behalf of Customer; (ii) the means by which Customer acquired any such Personal Data; and (iii) the instructions it provides to Zoom regarding the Processing of such Personal Data. Customer shall not provide or make available to Zoom any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify Zoom from all claims and losses in connection therewith. 3.2 Zoom shall Process Personal Data only (i) for the purposes set forth in the Agreement and/or Exhibit A; (ii) in accordance with the terms and conditions set forth in this Addendum and any other documented instructions provided by Customer; or (iii) as required by applicable law. Customer hereby instructs Zoom to Process Personal Data in accordance with the foregoing and as part of any Processing initiated by Customer in its use of the Services, using means of processing that are reasonably necessary and proportionate to providing the Services. For the avoidance of doubt, Zoom shall not engage in the Sale of Personal Data. 3.3 The subject matter, nature, purpose, and duration of this Processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this Addendum. 3.4 Following completion of the Services, at Customer’s choice, Zoom shall return or delete the Personal Data, except as required to be retained by law, rule or regulation that is binding upon Zoom or, if the Personal Data is in the possession of an Authorized Subprocessor or Subprocessors, as required to be retained by an Authorized Subprocessor by law, rule or regulation that is binding upon the Subprocessor. If return or destruction is impracticable or prohibited by law, rule or regulation, Zoom shall take measures to block such Personal Data from any further Processing (except to the extent necessary for its continued hosting or Processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control and, where any Authorized Subprocessor continues to possess Personal Data, require the Authorized Subprocessor to take the same measures that would be required of Zoom. If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by Zoom to Customer only upon Customer’s request.

Processing of Data. 3.1 a. The parties acknowledge and agree that Customer may act either as a controller or processor in processing Personal Data and, except as expressly set forth in this DPA or the Agreement, Pendo is a processor. Customer shall, in its use of the Services, at all times Process process Personal Data, and provide instructions Instructions for the Processing processing of Personal Data, in compliance with Applicable the Data Protection LawsPrivacy Laws at all times. Customer shall ensure that its instructions Instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the Processing processing of Personal Data in accordance with Customer’s instructions Instructions will not cause Zoom Pendo to be in breach of Applicable the Data Protection LawPrivacy Laws. Customer warrants it has undertaken due diligence in relation to Pendo’s processing operations, and it is satisfied that Pendo’s processing operations are suitable for the purposes for which the Customer proposes to use the Services and engage Pendo to process Personal Data. b. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to Zoom Pendo by or on behalf of Customer; , (ii) the means by which Customer acquired any such the Personal Data; , and (iii) the instructions Instructions it provides to Zoom regarding the Processing of such Personal DataPendo. Customer shall not provide or make available to Zoom Pendo any Personal Data in violation of either this DPA or the Agreement Agreement, or which is otherwise inappropriate for the nature of the Services, and shall indemnify Zoom Pendo from all claims and losses Losses in connection therewithwith Customer’s breach of applicable Data Privacy Laws including, without limitation, any neglect of proper notice to or legal consent from Data Subjects. Customer shall notify Pendo in the event of any change to the nature of the Personal Data it makes available to Pendo as part of the Agreement. 3.2 Zoom ▇. ▇▇▇▇▇ shall Process process Personal Data only (i) for the purposes set forth in the Agreement and/or Exhibit A; Agreement, (ii) in accordance with the terms and conditions set forth in this Addendum DPA and any other documented instructions Instructions provided by CustomerCustomer (unless required otherwise by EEA or UK law applicable to Pendo, in which case Pendo shall inform Customer of that requirement unless such law prohibits the provision of such information); or and (iii) as required by applicable lawin compliance with the Data Privacy Laws. Customer hereby instructs Zoom Pendo to Process process Personal Data in accordance with the foregoing and as part of any Processing initiated by Customer in its Customer’s use of the Services. d. In relation to any Personal Data that Customer provides or makes available to Pendo, using means or that Pendo processes on Customer's behalf pursuant to the Agreement, the parties acknowledge and agree that Pendo is a processor of processing that are reasonably necessary Personal Data under the GDPR and/or the UK GDPR, the VCDPA, the CPA, the CTDPA, and proportionate the UCPA, and a service provider for the purposes of the CCPA receiving Personal Data from Customer pursuant to providing the ServicesAgreement for a business purpose. For the avoidance of doubt, Zoom Pendo shall not engage sell any such Personal Data nor retain, use or disclose any Personal Data provided by Customer pursuant to the Agreement except as necessary for performing the Services or otherwise as set forth in the Sale Agreement or as permitted by the State Privacy Laws. The terms “service provider,” and “sell” are as defined in Section 1798.140 of Personal Datathe CCPA. Pendo certifies that it understands the restrictions of this section. 3.3 e. The subject matter, nature, purpose, purpose and duration of this Processingprocessing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this AddendumDPA. 3.4 f. Following completion of the Services, at Customer’s choice, Zoom Pendo shall return or delete the Customer’s Personal Data, except as required to be retained by law, rule or regulation that is binding upon Zoom or, if the unless further storage of such Personal Data is in the possession of an Authorized Subprocessor required or Subprocessors, as required to be retained authorized by an Authorized Subprocessor by applicable law, rule or regulation that is binding upon the Subprocessor. If return or destruction is impracticable or prohibited by law, rule or regulation, Zoom Pendo shall take measures to block such Personal Data from any further Processing processing (except to the extent necessary for its continued hosting or Processing processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control and, where any Authorized Subprocessor continues to possess Personal Data, require the Authorized Subprocessor to take the same measures that would be required of Zoomcontrol. If Customer and Zoom Pendo have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data)this DPA, the parties agree that the certification of deletion of Personal Data that is described in Clause 12(18.1(d) and Clause 8.5 of the Standard Contractual Clauses EU SCCs (as applicable) shall be provided by Zoom Pendo to Customer only upon Customer’s request. g. U.S.

Processing of Data. 3.1 Customer 2.1 The rights and obligations of the Controller with respect to this Processing are described herein. Controller shall, in its use of the Services, at all times Process Personal Data, and provide instructions for the Processing of Personal Data, in compliance with Applicable Data Protection Laws. Customer Controller shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the Processing of Personal Data in accordance with CustomerController’s instructions will not cause Zoom Processor to be in breach of Applicable Data Protection Law. Customer Controller is solely responsible for the accuracy, quality, and legality of of (i) the Personal Data provided to Zoom Processor by or on behalf of CustomerController; (ii) the means by which Customer Controller acquired any such Personal Data; and (iii) the instructions it provides to Zoom Processor regarding the Processing of such Personal Data. Customer Controller shall not provide or make available to Zoom Processor any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify Zoom Processor from all claims and losses in connection therewith. 3.2 Zoom 2.2 Processor shall Process Personal Data only (i) for the purposes set forth in the Agreement and/or Exhibit A; (ii) in accordance with the terms and conditions set forth in this Addendum and any other documented instructions provided by CustomerController; or and (iii) as required by applicable lawin compliance with Applicable Data Protection Law. Customer Controller hereby instructs Zoom Processor to Process Personal Data in accordance with the foregoing and as part of any Processing initiated by Customer Controller in its use of the Services, using means of processing that are reasonably necessary and proportionate to providing the Services. For the avoidance of doubt, Zoom shall not engage in the Sale of Personal Data. 3.3 2.3 The subject matter, nature, purpose, and duration of this Processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this Addendum. 3.4 2.4 Following completion of the Services, at CustomerController’s choice, Zoom Processor shall return or delete the Personal Data, except as required to be retained by law, rule or regulation that is binding upon Zoom or, if the Personal Data is in the possession of an Authorized Subprocessor or Subprocessors, as required to be retained by an Authorized Subprocessor by law, rule or regulation that is binding upon the Subprocessor. If return or destruction is impracticable or prohibited by law, rule or regulation, Zoom Processor shall take measures to block such Personal Data from any further Processing (except to the extent necessary for its continued hosting or Processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control and, where any Authorized Subprocessor continues to possess Personal Data, require the Authorized Subprocessor to take the same measures that would be required of ZoomProcessor. If Customer Controller and Zoom Processor have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by Zoom Processor to Customer Controller only upon CustomerController’s request...