Common use of Relationship with the Agreement Clause in Contracts

Relationship with the Agreement. 10.1. The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, exhibit or standard contractual clauses that MindWire and Client may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Personal Data. 10.3. Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting the parties’ obligations under the Agreement, each party agrees that any regulatory penalties incurred by one party (the “Incurring Party”) in relation to the Client Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party under the Agreement. 10.4. In no event shall this DPA benefit or create any right or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to the rights or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs). 10.5. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement. Name Name Signature Signature Title Title Date Date Appendix 1 Security Measures

Relationship with the Agreement. 10.1. a) The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, exhibit or standard contractual clauses that MindWire and Client DPA the parties may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. b) Except as provided for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing processing of Client Customer Personal Data. If there is any conflict between the Standard Contractual Clauses and the Agreement (including this DPA), the Standard Contractual Clauses shall prevail to the extent of that conflict in connection with the processing of Customer Personal Data. 10.3. c) Notwithstanding anything to the contrary in the Agreement or this DPA, the liability of each party and each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to affiliates under this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), DPA shall be subject to any aggregate the exclusions and limitations on of liability set out in the Agreement. Without limiting the parties’ obligations under the Agreement, each party agrees that any regulatory penalties incurred by one party (the “Incurring Party”. d) in relation to the Client Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations Any claims against ▇▇▇▇▇▇ under this DPA or any applicable Data Protection Laws shall count toward and reduce only be brought by the Incurring Party’s liability under Customer entity that is a party to the Agreement as if it were liability to the other party under the Agreement. 10.4against ▇▇▇▇▇▇. In no event shall this DPA benefit or create any right party restrict or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to limit the rights of any data subject or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs)of any competent supervisory authority. 10.5. e) This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Applicable Data Protection Laws. f) This DPA and the Standard Contractual Clauses will terminate simultaneously and automatically upon deletion by ▇▇▇▇▇▇ of the personal data covered by this DPA, in accordance with Section 13 of this DPA. Customer: Apollo Graph, Inc. Signature: Signature: Name: Name: Title: Title: Date Signed: Date Signed: Contact Email: Contact Email: ▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ Data Importer Name Name of the data exporter: Apollo Graph, Inc. Contact details: Legal Department; ▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ Activities relevant to the data transferred: See Annex 1(B) below. Apollo provides a cloud-based, subscription access to Apollo’s graphQL hosted analytical tools and related services, as further described in the Agreement. Signature Signature Title Title Date Date Appendix 1 Security Measuresand date: See DPA signature page Role (Controller/Processor): Processor Categories of data subjects whose personal data is transferred: Users of the Services Categories of personal data transferred: Business Contact Information as defined in the Agreement Sensitive data transferred (if appropriate): Not Applicable Frequency of the transfer: Continuous Nature of the processing: Providing the Services (including support and technical services) as permitted in the Agreement, including User login and authentication, to maintain and display User profiles, and manage access controls and User permissions. Providing routine business communications in accordance with ▇▇▇▇▇▇’s privacy policy located at the URL ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/Apollo-Privacy-Policy.pdf Purpose(s) of the data transfer: Permitted Purposes as set forth in Section 4 of the DPA Duration of the processing: Apollo will retain Customer Personal Data for the term of the Agreement and any period after the termination of expiry of the Agreement during which Apollo is obligated to process Customer Personal Data in accordance with the Agreement.

Relationship with the Agreement. 10.1. The parties Parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, exhibit or standard contractual clauses that MindWire Snowflake and Client Customer may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data... 10.2. Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal Data. Notwithstanding the foregoing, and solely to the extent applicable to any Customer Personal Data comprised of patient, medical or other protected health information regulated by HIPAA or any similar U.S. federal or state health care laws, rules or regulations (“HIPAA Data”), if there is any conflict between this DPA and a business associate agreement between Customer and Snowflake (“BAA”), then the BAA shall prevail solely with respect to such HIPAA Data. 10.3. Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCs, and DPAand any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting the parties’ obligations under the Agreement, each party agrees that any regulatory penalties incurred by one party (the “Incurring Party”) in relation to the Client Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party under the Agreement.the 10.4. In no event shall this DPA benefit or create any right or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to the rights or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs). 10.5DPA. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement. Name Name Signature Signature Title Title Date Date Appendix 1 Exhibit C Snowflake Security MeasuresAddendum

Relationship with the Agreement. 10.1. 12.1 The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, attachment or exhibit or standard contractual clauses that MindWire and Client (including the Model Clauses (as applicable)) the parties may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. 12.2 Except as provided for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal Data. 10.3. 12.3 Notwithstanding anything to the contrary in the Agreement or this DPA, the liability of each party and each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to Affiliates under this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), DPA shall be subject to any aggregate the exclusions and limitations on of liability set out in the Agreement. Without limiting either of the parties’ obligations under the Agreement, each party Customer agrees that any regulatory penalties incurred by one party (the “Incurring Party”) HCL in relation to the Client Customer Personal Data that arise as a result of, or in connection with, the other partyCustomer’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring PartyHCL’s liability under the Agreement as if it were liability to the other party Customer under the Agreement. 10.412.4 Any claims against HCL or its Affiliates under this DPA shall only be brought by the Customer entity that is a party to the Agreement against the HCL entity that is a party to the Agreement. In no event shall this DPA benefit or create any right party restrict or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to limit the rights of any data subject or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs)of any competent supervisory authority. 10.5. 12.5 This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. 12.6 Subject to Section 2.4, this DPA and the Model Clauses will terminate simultaneously and automatically with the termination or expiry of the Agreement. Name Name Signature Signature Title Title Date Date Available upon request Available upon request For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. THE PARTIES HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1 Security Measures1.

Relationship with the Agreement. 10.1. The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, exhibit or standard contractual clauses that MindWire Vendor and Client Customer may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal Data. Notwithstanding the foregoing, and solely to the extent applicable to any Customer Personal Data comprised of patient, medical or other protected health information regulated by HIPAA or any similar U.S. federal or state health care laws, rules or regulations (“HIPAA Data”), if there is any conflict between this DPA and a business associate agreement between Customer and Vendor (“BAA”), then the BAA shall prevail solely with respect to such HIPAA Data. 10.3. Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting the parties’ obligations under the Agreement, each party agrees that any regulatory penalties incurred by one party (the “Incurring Party”) in relation to the Client Customer Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party under the Agreement. 10.4. In no event shall this DPA benefit or create any right or cause of action on behalf of a third party (including a Third-Third- Party Controller), but without prejudice to the rights or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs). 10.5. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement. Name Name Signature Signature Title Title Date Date Appendix 1 Security Measures.

Relationship with the Agreement. 10.1. The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, exhibit or standard contractual clauses that MindWire and Client may have previously entered into in connection with 10.1 Except for the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. Except as provided changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal DataInformation. 10.3. 10.2 Notwithstanding anything to the contrary in the Agreement or this DPA, the liability of each party and each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to Affiliates under this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), DPA shall be subject to any aggregate the exclusions and limitations on of liability set out in the Agreement. Without limiting either of the parties’ obligations under the Agreement, each party Customer agrees that any regulatory penalties incurred by one party (the “Incurring Party”) in relation to the Client Personal Data IDVerifact that arise as a result of, or in connection with, the other partyCustomer’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring PartyIDVerifact’s liability under the Agreement as if it were liability to the other party Customer under the Agreement. 10.410.3 Any claims against IDVerifact or its Affiliates under this DPA shall only be brought by the Customer that is a party to the Agreement against IDVerifact. In no event shall this DPA benefit or create any right party restrict or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to limit the rights of any data subject or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs)of any competent supervisory authority. 10.5. 10.4 This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. 10.5 This DPA will terminate automatically with the termination or expiry of the Agreement, subject to additional provisions in any Addenda attached hereto. Name Name Signature Signature Title Title Company: Signature: Name: Title: Date DateSigned: Appendix 1 Security Measures10.6 For purposes of interpreting this DPA, (a) unless the context otherwise requires, the singular includes the plural, and the plural includes the singular; (b) unless otherwise specifically stated, the words “herein,” “hereof,” and “hereunder” and other words of similar import refer to this DPA as a whole and not to any particular section or paragraph; (c) the words “include” and “including” will not be construed as terms of limitation, and will therefore mean “including but not limited to” and “including without limitation”; (d) unless otherwise specifically stated, the words “writing” or “written” mean preserved or presented in retrievable or reproducible form, whether electronic (including email but excluding voice mail) or hard copy; and (e) the captions and section and paragraph headings used in this DPA are inserted for convenience only and will not affect the meaning or interpretation of this DPA. This DPA may be executed in one or more counterparts, either in original, facsimile or scanned electronic form, each of which so executed shall constitute an original and all of which together shall constitute one and the same agreement. Company: IDVerifact Inc. Signature: Name: ▇▇▇ ▇▇▇▇▇▇▇▇▇ Title: CEO Date Signed: IDVerifact has implemented and shall maintain a commercially reasonable security program in accordance with industry best practices, which shall include technical and organizational measures to ensure an appropriate level of security for Customer Personal Data taking into account the risks presentedby the processing, in particular from the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to Customer Personal Data, and the nature of the Customer Personal Data to be protected having regard to the state of the art and the cost of implementation. IDVerifact’s security programshall include the following measures.

Relationship with the Agreement. 10.1. 9.1 The parties Parties agree that this DPA shall replace and supersede any existing data processing addendum, attachmentattachment or exhibit (including the Standard Contractual Clauses, exhibit or standard contractual clauses as applicable) that MindWire and Client the Parties may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. 9.2 Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Personal Data. 10.3. 9.3 Notwithstanding anything to the contrary in the Agreement or this DPA, each partyParty’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCsStandard Contractual Clauses, and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting either of the partiesParties’ obligations under the Agreementhereunder, each party Party agrees that any regulatory penalties incurred by one party Party (the “Incurring Party”) in relation to the Client Personal Data that arise as a result of, or in connection with, the other partyParty’s failure to comply with its obligations under this DPA hereunder or any applicable Applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party Party under the Agreement. 10.4. 9.4 In no event shall this DPA benefit or create any right party restrict or cause limit the rights of action on behalf any Data Subject or of a third party (including a Third-Party Controller)any competent supervisory authority. Schedule 1 – Description of Processing/Transfer 1. List of Parties Processor: 1. Name: Esko Address: As defined in the Agreement Contact person’s name, but without prejudice position and contact details: As defined in the Agreement Activities relevant to the rights data transferred under the Standard Contractual Clauses: Described in this Schedule 1 Role: Processor or remedies available to Data Subjects under Data Protection Laws or this DPA (including Controller as defined in Section 2.1 of the SCCs).DPA 10.51. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions Name: Customer Address: As defined in the AgreementAgreement Contact person’s name, position and contact details: As defined in the Agreement Activities relevant to the data transferred under the Standard Contractual Clauses: Processor or Controller as defined in Section 2.1 of the DPA Role: Controller 2. Name Name Signature Signature Title Title Date DateCategories of data subjects whose personal data is transferred Appendix 1 Security Measures(A) Prospects, customers, business partners and vendors of Customer (who are natural persons) (B) Employees or contact persons of Customer’s prospects, customers, business partners and vendors (C) Employees, agents, advisors, freelancers of Customer (who are natural persons) (D) Customer’s Users authorized by Customer to use the Services 3. Categories of personal data transferred 4. Sensitive data transferred (if applicable)

Relationship with the Agreement. 10.1. 10.1 The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, annex, exhibit or standard contractual clauses that MindWire Altinity and Client Customer may have previously entered into in connection with the Services. MindWire Altinity may update this DPA from time to time, with such updated version provided posted to ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇, or a successor website designated by MindWire to Client by email noticeAltinity; provided, however, that no such update shall materially diminish the privacy or security of Client Customer Personal Data. 10.2. 10.2 Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal Data. Notwithstanding the foregoing, and solely to the extent applicable to any Customer Personal Data comprised of patient, medical or other protected health information regulated by HIPAA or any similar U.S. federal or state health care laws, rules or regulations (“HIPAA Data”), if there is any conflict between this DPA and a business associate agreement between Customer and Altinity (“BAA”), then the BAA shall prevail solely with respect to such HIPAA Data. 10.3. 10.3 Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting the parties’ obligations under the Agreement, each party agrees that any regulatory penalties incurred by one party (the “Incurring Party”) in relation to the Client Customer Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party under the Agreement. 10.4. 10.4 In no event shall this DPA benefit or create any right or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to the rights or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs). 10.5. 10.5 This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement. Name Name Signature Signature Title Title Date Date Appendix 1 Security Measures.

Relationship with the Agreement. 10.1. 11.1 The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, attachment or exhibit or standard contractual clauses (including the Standard Contractual Clauses (as applicable)) that MindWire Snowflake and Client Customer may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. 11.2 Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the withthe Processing of Client Customer Personal Data. Notwithstanding the foregoing, and solely to the extent applicable to any Customer Personal Data comprised of patient, medical or other protected health information regulated by HIPAA or any similar U.S. federal or state health care laws, rules or regulations (“HIPAA Data”), if there is any conflict between this DPA and a Business Associates Agreement between Customer and Snowflake (“BAA”), then the BAA shall prevail solely with respect to such HIPAA Data. 10.3. 11.3 Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCs, DPA and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting either of the parties’ obligations under the Agreement, each party agrees that any regulatory penalties incurred by the one party (the “Incurring Party”) in relation to the Client Customer Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party under the Agreement. 10.4. 11.4 In no event shall this DPA benefit or create any right party restrict or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to limit the rights of any Data Subject or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs)of any competent supervisory authority. 10.5. 11.5 This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement. Name Name Signature Signature Title Title Date Date For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. THE PARTIES HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1 Security Measures1.

Relationship with the Agreement. 10.1. 9.1 The parties Parties agree that this DPA shall replace and supersede any existing data processing addendum, attachmentattachment or exhibit (including the Standard Contractual Clauses, exhibit or standard contractual clauses as applicable) that MindWire and Client the Parties may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. 9.2 Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Personal Data. 10.3. 9.3 Notwithstanding anything to the contrary in the Agreement or this DPA, each partyParty’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCsStandard Contractual Clauses, and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting either of the partiesParties’ obligations under the Agreementhereunder, each party Party agrees that any regulatory penalties incurred by one party Party (the “Incurring Party”) in relation to the Client Personal Data that arise as a result of, or in connection with, the other partyParty’s failure to comply with its obligations under this DPA hereunder or any applicable Applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party Party under the Agreement. 10.4. 9.4 In no event shall this DPA benefit or create any right party restrict or cause limit the rights of action on behalf any Data Subject or of a third party (including a Third-Party Controller)any competent supervisory authority. Schedule 1 – Description of Processing/Transfer 1. List of Parties Processor: 1. Name: Enfocus Address: As defined in the Agreement Contact person’s name, but without prejudice position and contact details: As defined in the Agreement Activities relevant to the rights data transferred under the Standard Contractual Clauses: Described in this Schedule 1 Role: Processor or remedies available to Data Subjects under Data Protection Laws or this DPA (including Controller as defined in Section 2.1 of the SCCs).DPA 10.51. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions Name: Customer Address: As defined in the AgreementAgreement Contact person’s name, position and contact details: As defined in the Agreement Activities relevant to the data transferred under the Standard Contractual Clauses: Processor or Controller as defined in Section 2.1 of the DPA Role: Controller 2. Name Name Signature Signature Title Title Date DateCategories of data subjects whose personal data is transferred Appendix 1 Security Measures(A) Prospects, customers, business partners and vendors of Customer (who are natural persons) (B) Employees or contact persons of Customer’s prospects, customers, business partners and vendors (C) Employees, agents, advisors, freelancers of Customer (who are natural persons) (D) Customer’s Users authorized by Customer to use the Services 3. Categories of personal data transferred 4. Sensitive data transferred (if applicable)

Relationship with the Agreement. 10.1. 13.1 The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, exhibit attachment or standard contractual clauses that MindWire and Client exhibit(including the Model Clauses (as applicable)) the parties may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. 13.2 Except as provided for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal Data. Notwithstanding the foregoing, and solely to the extent applicable to any patient, medical or other protected health information regulated by HIPAA or any similar U.S. federal or state laws, rules or regulations (“HIPAA Data”), if there is any conflict between this DPA and a Business Associates Agreement between Customer and Cloudwick (“BAA”), then the BAA shall prevail to extent the conflict relates to such HIPAA Data. 10.3. 13.3 Notwithstanding anything to the contrary in the Agreement or this DPA, the liability of each party and each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to Affiliates under this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), DPA shall be subject to any aggregate the limitations on liability set out in the Agreement. Without limiting either of the parties’ obligations under the Agreement, each party Customer agrees that any regulatory penalties incurred by one party (the “Incurring Party”) Cloudwick in relation to the Client Customer Personal Data that arise as a result of, or in connection with, the other partyCustomer’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring PartyCloudwick’s liability under the Agreement as if it were liability to the other party Customer under the Agreement. 10.413.4 Any claims against Cloudwick or its Affiliates under this DPA shall only be brought by the Customer entity that is a party to the Agreement against the Cloudwick entity that is a party to the Agreement. In no event shall this DPA benefit or create any right party restrict or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to limit the rights of any data subject or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs)of any competent supervisory authority. 10.5. 13.5 This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. Name Name Signature Signature Title Title Cloudwick uses its Affiliates and a range of third party Sub-processors to assist it in providing the Services (as described in the Agreement). These Sub-processors as of the Effective Date Date Appendix 1 of this DPA are set out below. Entity Name: Amazon Web Services, Inc. Corporate Location: Seattle, WA – USA The security measures Cloudwick implements to protect Customer Personal Data are set out in Cloudwick's Security MeasuresPolicy found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/legal/securitypolicy (or such successor URL as may be designated by Cloudwick).

Relationship with the Agreement. 10.1. The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, exhibit or standard contractual clauses that MindWire and Client may have previously entered into in connection with Except for the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. Except as provided changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal DataInformation. 10.310.2. Notwithstanding anything to the contrary in the Agreement or this DPA, the liability of each party and each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to Affiliates under this DPA, the SCCs, and any other data protection agreements in connection with the Agreement (if any), DPA shall be subject to any aggregate the exclusions and limitations on of liability set out in the Agreement. Without limiting either of the parties’ obligations under the Agreement, each party Customer agrees that any regulatory penalties incurred by one party (the “Incurring Party”) in relation to the Client Personal Data WSP that arise as a result of, or in connection with, the other partyCustomer’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring PartyWSP’s liability under the Agreement as if it were liability to the other party Customer under the Agreement. 10.410.3. Any claims against WSP or its Affiliates under this DPA shall only be brought by the Customer entity that is a party to the Agreement against the WSP entity that is a party to the Agreement. In no event shall this DPA benefit or create any right party to this DPA restrict or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to limit the rights of any data subject or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs)of any competent supervisory authority. 10.510.4. This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. 10.5. Name Name Signature Signature Title Title Date Date Appendix 1 Security MeasuresThis DPA will run co-terminus with the Agreement and terminate automatically with the termination or expiry of the Agreement, subject to additional provisions in any Addenda attached hereto. SCHEDULE A – SECURITY MEASURES WSP GROUP DATA SECURITY PROGRAM

Relationship with the Agreement. 10.1. 11.1 The parties agree that this DPA shall replace and supersede any existing data processing addendum, attachment, attachment or exhibit or standard contractual clauses (including the Standard Contractual Clauses (as applicable)) that MindWire Snowflake and Client Customer may have previously entered into in connection with the Services. MindWire may update this DPA from time to time, with such updated version provided by MindWire to Client by email notice; provided, however, that no such update shall materially diminish the privacy or security of Client Personal Data. 10.2. 11.2 Except as provided by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict in connection with the Processing of Client Customer Personal Data. Notwithstanding the foregoing, and solely to the extent applicable to any Customer Personal Data comprised of patient, medical or other protected health information regulated by HIPAA or any similar U.S. federal or state health care laws, rules or regulations (“HIPAA Data”), if there is any conflict between this DPA and a business associate agreement between Customer and Snowflake (“BAA”), then the BAA shall prevail solely with respect to such HIPAA Data. 10.3. 11.3 Notwithstanding anything to the contrary in the Agreement or this DPA, each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or relating to this DPA, the SCCsStandard Contractual Clauses, and any other data protection agreements in connection with the Agreement (if any), shall be subject to any aggregate limitations on liability set out in the Agreement. Without limiting either of the parties’ obligations under the Agreement, each party agrees that any regulatory penalties incurred by the one party (the “Incurring Party”) in relation to the Client Customer Personal Data that arise as a result of, or in connection with, the other party’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce the Incurring Party’s liability under the Agreement as if it were liability to the other party under the Agreement. 10.4. 11.4 In no event shall this DPA benefit or create any right party restrict or cause of action on behalf of a third party (including a Third-Party Controller), but without prejudice to limit the rights of any Data Subject or remedies available to Data Subjects under Data Protection Laws or this DPA (including the SCCs)of any competent supervisory authority. 10.5. 11.5 This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement. Name Name Signature Signature Title Title Date Date For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. THE PARTIES HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1 Security Measures1.