Common use of Subprocessing Clause in Contracts

Subprocessing. 5.1 Customer authorises SentinelOne to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. SentinelOne shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new Subprocessor, including details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement. 5.2 With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 Customer authorises SentinelOne to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. SentinelOne shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new Subprocessor, including details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreementthese Terms. 5.2 With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 Customer authorises SentinelOne 6.1 Each Controller Group Member authorizes Processor and each Processor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors (and sub-subprocessors with regards to Subprocessors) in accordance with this section 5 and 6 and, if applicable, any restrictions in the Agreement. SentinelOne shall make available . 6.2 Each Contracted Processor may continue to Customer the current list of Subprocessors use those Contracted Processors already engaged and that are processing Customer Personal Dataplanned to be engaged by the engaging Contracted Processor as at the date of this Addendum, attached as Annex 3. SentinelOne subject to Processor and each Processor Affiliate in each case meeting the obligations set out in section 6.4. 6.3 Processor shall provide Customer give Controller prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer notifies SentinelOne in writing of any objections Controller objects to the proposed appointment, neither Processor nor any Processor Affiliate shall appoint (or disclose any Controller Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Controller Group Member and further provides Controller has been provided with a reasonable written explanation of the steps taken. Processor will use reasonable efforts to make available to Controller a change in the Services or recommend a commercially reasonable justifications change to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Subprocessor; and (ii) where Subprocessor without unreasonably burdening Customer’s concerns cannot be resolved . If, within thirty (30) 60 days from SentinelOne's of receipt of Customer's the notice, notwithstanding anything in the AgreementProcessor is unable to make available such change, Customer may, the Controller may by providing SentinelOne with a written notice to with immediate effect, Processor terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) Services which require the use of the proposed Subprocessor. Processor will refund Customer any prepaid fees covering the remainder of the term of such terminated Agreement following the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on Controller. For the avoidance of doubt, Processor undertakes to fulfil the obligations as required by article 28(2) of the AgreementGDPR. 5.2 6.4 With respect to each Subprocessorrelevant Contracted Processor, SentinelOne Processor or the relevant Processor Affiliate shall (and shall procure that each Contracted Processor shall:): 5.2.1 6.4.1 before the Subprocessor relevant Contracted Processor first Processes Customer processes Controller Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor relevant Contracted Processor is capable of providing the level of protection for Customer Controller Personal Data required by the Agreement; 5.2.2 6.4.2 in accordance with Data Protection Laws, take reasonable steps to ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the two relevant intermediate Subprocessor; and on the other hand, the SubprocessorContracted Processors, is governed by a written contract including terms which offer at least the same level of protection for Customer Controller Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 subject to section 12 and as reasonably determined by the Processor with respect to which approach the relevant Contracted Processor should take in the relevant circumstance, if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOnehand and on behalf of the Controller and the Controller Affiliates, or (b) the Processor and the relevant intermediate SubprocessorContracted Processor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 6.4.4 upon written requests, provide to Customer Controller for review such copies of the relevant Contracted Processors' relevant data protection agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Controller may request from time to time. 5.3 SentinelOne shall 6.5 Processor and each Processor Affiliate shall, in accordance with Applicable Laws, take reasonable steps to ensure that each Subprocessor relevant Contracted Processor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Controller Personal Data carried out by that Subprocessorrelevant Contracted Processor, as if it were party to this Addendum in place of SentinelOneProcessor. 6.6 The Data Processor will list the approved Subprocessors at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/GDPR/Subprocessors-List. The Controller can, at any time, subscribe to be updated if and when the list is updated pursuant to and in accordance with this Addendum.

Subprocessing. 5.1 6.1 Each Customer Group Member authorises SentinelOne JourneyApps and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 JourneyApps shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty sixty (3060) days of receipt of that notice, Customer notifies SentinelOne JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith steps have been taken to address Customer’s the objections regarding the new Subprocessor; raised by any Customer Group Member and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne has been provided with a reasonable written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination explanation of the Agreementsteps taken. 5.2 6.4 With respect to each Subprocessor, SentinelOne JourneyApps or the relevant JourneyApps Affiliate shall: 5.2.1 6.4.1 before the Subprocessor first Processes Customer Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneJourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum DPA and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneJourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 6.4.4 provide to Customer for review such copies of the Contracted Processors' ’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this AddendumDPA) as Customer may request from time to time. 5.3 SentinelOne 6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum DPA in place of SentinelOneJourneyApps.

Subprocessing. 5.1 Customer 6.1 Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement.: 5.2 6.4 With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor Affiliate shall: 5.2.1 6.4.1 before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 6.4.4 provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 Customer authorises SentinelOne to appoint Simplesat may engage Subprocessors in connection with the provision of the Service, provided that: (and permit 1) Simplesat has entered into a written agreement with each Subprocessor appointed containing data protection obligations not less protective than those in this Addendum with respect to the protection of Customer Personal Data to the extent applicable to the nature of the Service provided by such Subprocessor; and (2) Simplesat shall be liable for the acts and omissions of its Subprocessors to the same extent Simplesat would be liable if performing the Service of each Subprocessor directly under the terms of this Addendum. Simplesat’s current list of Subprocessors for the Service is available at ▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇ (“Subprocessor List”), which Customer hereby approves and authorizes. Simplesat may engage additional Subprocessors as Simplesat considers reasonably appropriate for the processing of Customer Personal Data in accordance with this section 5 Addendum, provided that Simplesat shall notify Customer of the addition or replacement of Subprocessors through a mechanism, accessible within the Subprocessor List, by which Customer may subscribe to appoint) notifications of new Subprocessors (the “Subprocessor Notification Mechanism”). If Customer does not subscribe to receive notifications through the Subprocessor Notification Mechanism, Customer shall be deemed to have waived its right to receive notification of new Subprocessors and Customer shall be responsible for periodically checking the Subprocessor List to remain informed of Simplesat’s current list of Subprocessors. Customer may, on reasonable grounds, object to a new Subprocessor by notifying Simplesat in accordance with this section 5 and any restrictions in writing within 10 days of Simplesat updating the AgreementSubprocessor List, giving reasons for Customer's objection. SentinelOne Customer’s failure to object within such 10-day period shall be deemed Customer’s waiver of its right to object to Simplesat’s use of such new Subprocessor added to the Subprocessor List. In the event Customer objects to a new Subprocessor, Simplesat will use reasonable efforts to make available to Customer a change in the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice Service or recommend a commercially reasonable change to Customer’s configuration or use of the appointment of any new Subprocessor, including details of the Processing Service to be undertaken by the Subprocessor. If, within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement. 5.2 With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to avoid Processing of Customer Personal Data carried out by that Subprocessorthe objected to new Subprocessor without unreasonably burdening Customer. If Simplesat is unable to make available such change within a reasonable period of time, which shall not exceed 30 days, Customer may terminate, as if it were party Customer’s sole and exclusive remedy, the portion of the Agreement with respect only to this Addendum in place the Service (or portion thereof) which cannot be provided by Simplesat without the use of SentinelOnethe objected to new Subprocessor by providing written notice to Simplesat.

Subprocessing. 5.1 4.1 Customer authorises specifically authorizes SentinelOne to appoint engage as Subprocessors those entities listed as of the effective date of this DPA at the URL specified in Section 4.2. In addition, and without prejudice to Section 4.4, Customer generally authorizes the engagement as Subprocessors of any other third parties (“New Subprocessors”). 4.2 Information about Subprocessors, including their functions and permit each Subprocessor appointed locations, is available at: ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇-▇▇▇-▇▇▇▇▇▇▇▇▇▇ (as may be updated by SentinelOne from time to time in accordance with this section 5 to appoint) Subprocessors DPA). 4.3 When any New Subprocessor is engaged while this DPA is in accordance with this section 5 and any restrictions in the Agreement. SentinelOne shall make available to Customer the current list of Subprocessors that are processing Customer Personal Dataeffect, attached as Annex 3. SentinelOne shall provide Customer at least thirty days’ prior written notice of the appointment engagement of any new New Subprocessor, including details of the Processing processing to be undertaken by the New Subprocessor. If, within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed that New Subprocessor’s business practices relating inability to data protectionadequately safeguard Customer Data, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new New Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's ’s receipt of Customer's ’s notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees fees for the Solutions attributable to the Subscription Term subscription term (as outlined in the applicable Purchase OrderOrder under the Agreement) following the termination of the Agreement. 5.2 4.4 With respect to each Subprocessor, SentinelOne shall: 5.2.1 4.4.1. before the Subprocessor first Processes processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing performing the level of protection for Customer Personal Data required by obligations subcontracted to it in accordance with the AgreementAgreement (including this DPA); 5.2.2 4.4.2. ensure that the arrangement between on processing of Customer Data by the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same level no less protective of protection for Customer Personal Data as than those set out in this Addendum and meet DPA and, if the requirements processing of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted TransferCustomer Personal Data is subject to European Data Protection Laws, ensure that the Standard Contractual Clauses data protection obligations in this DPA are at all relevant times incorporated into the agreement between imposed on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and 4.4.3. remain fully liable for all obligations subcontracted to, and on the other hand all acts and omissions of, the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 Customer 1. Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. 2. SentinelOne shall make available Vendor and each Vendor Affiliate may continue to Customer use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the current list date of Subprocessors that are processing Customer Personal Datathis Addendum, attached subject to Vendor and each Vendor Affiliate in each case as Annex soon as practicable meeting the obligations set out in section 5.4. 3. SentinelOne Vendor shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially : Neither Vendor nor any Vendor Affiliate shall appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith steps have been taken to address Customer’s the objections regarding the new Subprocessor; raised by any Company Group Member and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne Company has been provided with a reasonable written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination explanation of the Agreementsteps taken. 5.2 4. With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor Affiliate shall: 5.2.1 1. before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Agreement; 5.2.2 2. ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 3. if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s); and 5.2.4 4. provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 5. Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1the obligations, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 To the extent required under Applicable Laws, Customer authorises SentinelOne authorizes CrowdStrike to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Agreement. SentinelOne shall make available . 5.2 CrowdStrike may continue to use those Subprocessors already engaged as of the date of this DPA specified in Exhibit E, subject to CrowdStrike in each case meeting the obligations set out in section 5.5. 5.3 Customer the current agrees to CrowdStrike maintaining and updating its list of Subprocessors that are processing online, for the Falcon Platform and Humio as outlined in Exhibit E. 5.4 CrowdStrike shall provide notice of a proposed new Subprocessor to the Customer, at least 30 days prior to CrowdStrike’s use of the new Subprocessor to Process Customer Personal Data, attached as Annex 3through the applicable CrowdStrike Offering or platform, where Customer may elect to subscribe to such notices. SentinelOne shall provide Customers may sign up for email Subprocessor notifications at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/subprocessor-notification/. During the notice period, Customer prior may object to a change in Subprocessor in writing and CrowdStrike may, in its sole discretion, attempt to resolve Customer’s objection, including providing the Offerings without use of the proposed Subprocessor. If (a) CrowdStrike provides Customer written notice of the appointment of any new Subprocessorthat it will not pursue an alternative, including details of the Processing to be undertaken by the Subprocessor. If, within thirty or (30b) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns an alternative cannot be resolved made available by CrowdStrike to Customer within thirty (30) 90 days from SentinelOne's receipt of Customer's noticeCustomer providing notice of its objection, then in either case, and notwithstanding anything to the contrary in the AgreementAgreement or order, Customer may, by providing SentinelOne with a written notice to with immediate effect, may terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable or order to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Offerings which require the termination use of the Agreementproposed Subprocessor. 5.2 5.5 With respect to each Subprocessor, SentinelOne to the extent required under Applicable Laws, CrowdStrike shall: 5.2.1 before 5.5.1 Before the Subprocessor first Processes Customer Personal DataData (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by Applicable Laws, this DPA and the Agreement; 5.2.2 ensure 5.5.2 Ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; CrowdStrike and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least offers substantially the same level of protection for Customer Personal Data as those set out required by this DPA and Applicable Laws, including Customer’s ability to protect the rights of Data Subjects in this Addendum and meet the requirements of Article 28(3) of the GDPRevent CrowdStrike is insolvent, liquidated or otherwise ceases to exist; 5.2.3 if that arrangement 5.5.3 Apply an adequacy mechanism recognized by Customer’s Supervisory Authority as ensuring an adequate level of data protection under Applicable Laws where Subprocessor’s Processing of Customer Personal Data involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand; (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such 5.5.4 Maintain copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time.. To the extent necessary to protect Confidential Information, CrowdStrike may redact the copies prior to sharing with Customer; and 5.3 SentinelOne shall ensure that each Subprocessor performs its 5.5.5 Notify Customer of Subprocessor’s relevant failure to comply with obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried set out by that Subprocessor, as if it were party to Applicable Laws and this Addendum in place DPA where CrowdStrike has received notice of SentinelOnesuch.

Subprocessing. 5.1 Customer authorises SentinelOne Each Group Member authorizes Supplier and each Supplier Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 Section 4 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the AgreementPrincipal Agreement and this Addendum. SentinelOne shall make available Supplier and each Supplier Affiliate may continue to Customer use those Subprocessors already engaged by Supplier or any Supplier Affiliate as at the current date of this Addendum, subject to Supplier and each Supplier Affiliate meeting the obligations set out in this Section and Supplier providing a list of any such Subprocessors that are processing Customer Personal Data, attached as Annex 3prior to the performance of Services. SentinelOne Supplier shall provide Customer give Us prior written notice of the appointment of any new Subprocessor, including full details of the location and Processing to be undertaken by the Subprocessor prior to or concurrent with the appointment of such Subprocessor. If, within thirty 30 (30thirty) calendar days of receipt of that notice, Customer notifies SentinelOne We notify Supplier in writing of any objections (on reasonable grounds) to the proposed appointment, then: ● Supplier will cancel its plan to use the Subprocessor for the processing of Cloud Software Group Personal Information and further provides commercially reasonable justifications will offer an alternative to provide the Services without such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; ● Supplier will take the corrective steps requested by Us in its objection(s) and proceed to use the Subprocessor to process Cloud Software Group Personal Information; or ● We may choose not to use the Services that would involve the use of such Subprocessor with regard to Personal Information, subject to adjustment of the remuneration for the Services considering the reduced scope of the Services. If none of the above options are reasonably available and all of Our objections have not been resolved to the mutual satisfaction of the Parties within 30 (iithirty) where Customer’s concerns cannot be resolved within thirty (30) calendar days from SentinelOneof the Supplier's receipt of Customer's noticeOur objection, notwithstanding anything either Party may terminate the applicable SOW or Order Form in accordance with the termination rights in the Principal Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement. 5.2 . With respect to each Subprocessor, SentinelOne Supplier or the relevant Supplier Affiliate shall: 5.2.1 : ● before the Subprocessor first Processes Customer begins Processing Personal DataInformation, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data Information required by the Agreement; 5.2.2 this Addendum; ● ensure that the arrangement between on the one hand (a) SentinelOneSupplier or the relevant Supplier Affiliate, or and (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data Information as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate SubprocessorAddendum; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 ● provide to Customer Us for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer We may request from time to time. 5.3 SentinelOne . Supplier and each Supplier Affiliate shall ensure that be responsible for each Subprocessor performs such Subprocessor’s performance of its obligations under sections 2.1and compliance with the terms of the Principal Agreement, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneand Applicable Law.

Subprocessing. 5.1 Customer 6.1 Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) days of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such : Neither Vendor nor any Vendor Affiliate shall appoint (nor disclose any Company Personal Data to) the proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work Subprocessor except with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt prior written consent of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the AgreementCompany. 5.2 6.4 With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor Affiliate shall: 5.2.1 6.4.1 before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 6.4.3 provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 7.1 Dynatrace shall maintain an up-to-date list at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/company/legal/customers/ of all Subprocessors used in the provision of Services who may Process (a) Customer authorises SentinelOne Data (which may contain Customer Personal Data), or (b) other Customer Personal Data received by Dynatrace from Customer through the Services under the Agreement (“Subprocessor List”). At the Effective Date, Customer gives its general authorization to Dynatrace to appoint (and permit each the Subprocessors on the Subprocessor appointed List to assist it in providing the Services by Processing Customer Personal Data in accordance with this section 5 DPA and for purposes of Clause 11 of the Model Clauses. 7.2 Dynatrace shall ensure any Subprocessors appointed to appoint) Subprocessors assist in accordance providing the Services enter into a written agreement with Dynatrace which imposes on the Subprocessor obligations which are substantially the same as those imposed on Dynatrace under this section 5 and DPA. 7.3 Dynatrace remains liable for any restrictions in breach of this DPA that is caused by an act, error or omission of its Subprocessor to the Agreement. SentinelOne extent Dynatrace would have been liable for such act, error or omission had it been caused by Dynatrace. 7.4 Prior to the addition or change of any Subprocessors, Dynatrace shall make available provide notice to Customer Customer, which may include by updating the current list of Subprocessors that are Subprocessor List on the website listed above, not less than 10 days prior to the date on which the Subprocessor shall commence processing Customer Personal Data. Dynatrace will make available a means by which Customer may subscribe to receive notifications of changes to the Subprocessor List (which may include without limitation the provision of an RSS feed). 7.5 If Customer objects to the processing of Customer Personal Data by any newly appointed Subprocessor as described in Section 6.4 (on reasonable grounds), attached as Annex 3it shall inform Dynatrace in writing within 7 days after notice has been provided by Dynatrace setting out the specific reasons for its objection. SentinelOne Customer shall provide Customer prior written notice of the appointment not unreasonably object to any intended change of any new Subprocessor, including details of Subprocessors. In the Processing to be undertaken by the Subprocessor. If, event Customer objects within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially such timeframe on reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices grounds relating to data protectionprotection of Customer Personal Data, then (i) SentinelOne the parties shall work with Customer together in good faith to address Customer’s reasonable objections regarding and thereafter proceed to use the new Subprocessor; and (ii) where Customer’s concerns Subprocessor to perform such Processing. If agreement cannot be resolved reached between the parties to use the new Subprocessor within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination one month of the Agreement. 5.2 With respect to each Subprocessorobjection, SentinelOne shall: 5.2.1 before Dynatrace shall either, at Dynatrace’s option: (a) instruct the Subprocessor first Processes not to process Customer Personal Data, carry out adequate due diligence which may result in a Service feature being suspended and unavailable to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, Customer; or (b) allow Customer to terminate this DPA and the relevant intermediate Subprocessor; Agreement on three months’ notice, and on Dynatrace will promptly refund a prorated portion of any prepaid fees for the other handperiod after such suspension or termination date. If no objection is received by Dynatrace within the time period specified above, Customer shall be deemed to have approved the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) use of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate new Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 Customer ‌ 6.1 Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.‌ 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement.: 5.2 6.4 With respect to each Subprocessor, SentinelOne shall:Vendor or the relevant Vendor Affiliate shall:‌ 5.2.1 6.4.1 before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR;on 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. andrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and‌ 5.2.4 6.4.4 provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 Customer 11.1. The Data Controller authorises SentinelOne the Data Processor to appoint [(and permit each Subprocessor appointed in accordance with this section 5 11 to appoint) )] Subprocessors in accordance with this section 5 11 and any restrictions in the AgreementTerms and Conditions or Privacy Policy. 11.2. SentinelOne The Data Processor may continue to use those Subprocessors already engaged by the Data Processor as at the date of this Addendum and listed in Annex 2, subject to the Data Processor in each case as soon as practicable meeting the obligations set out in section 11.4. 11.3. The Data Processor shall make available to Customer give the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer Data Controller prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty 30 (30thirty) calendar days of receipt of that notice, Customer notifies SentinelOne the Data Controller notifies the Data Processor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then : (ia) SentinelOne the Data Processor shall work with Customer the Data Controller in good faith to address Customer’s objections regarding make available a commercially reasonable change in the new provision of the Services which avoids the use of that proposed Subprocessor; and and (iib) where Customer’s concerns such a change cannot be resolved made within thirty 30 (30thirty) calendar days from SentinelOnethe Data Processor's receipt of Customerthe Data Cotroller's noticenotice (or such longer period as the parties may agree in writing), notwithstanding anything in the Agreement, Customer may, Terms and Conditions or Privacy Policy the Data Controller may by providing SentinelOne with a written notice to the Data Processor with immediate effect, effect terminate the Agreement Terms and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable Conditions to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor. 5.2 11.4. With respect to each Subprocessor, SentinelOne the Data Processor shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, (a) carry out adequate due diligence on each Subprocessor to ensure that the Subprocessor it is capable of providing the level of protection for Customer the Personal Data as is required by this Addendum including without limitation sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the Agreementrequirements of GDPR or equivalent provisions of any Data Protection Law and this Addendum; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) include terms in the relevant intermediate Subprocessor; contract between the Data Processor and on the other hand, the Subprocessor, is governed by a written contract including terms each Subprocessor which offer offer at least the same level of protection for Customer the Personal Data as those set out in this Addendum and meet Upon request, the Data Processor shall provide a copy of its agreements with Subprocessors to the Data Controller (which may be redacted to remove confidential commercial information not relevant to the requirements of Article 28(3) of the GDPRthis Addendum); 5.2.3 (c) if that the arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; Data Processor and on the other hand the Subprocessor, or before the Subprocessor first first Processes Customer the Personal Data Data, procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. Data Controller; and 5.2.4 provide (d) remain fully liable to Customer the Data Controller for review such copies any failure by each Subprocessor to fulfil its obligations in relation to the Processing of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timePersonal Data. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 7.1 Customer authorises SentinelOne agrees that Dynatrace may engage Subprocessors, including members of the Dynatrace Group, to appoint process Customer Data on Customer’s behalf. Dynatrace shall maintain an up-to-date list at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/company/legal/customers/ of all Subprocessors used in the provision of Services who may Process (and permit each a) Customer Data (which may contain Customer Personal Data), or (b) other Customer Personal Data received by Dynatrace from Customer through the Services under the Agreement (“Subprocessor appointed List”). At the Effective Date, Customer gives its general authorization to the appointment of the Subprocessors on the Subprocessor List to assist the Dynatrace Group in providing the Services by Processing Customer Personal Data in accordance with this section 5 DPA. 7.2 Prior to appoint) Subprocessors the addition or change of any Subprocessors, Dynatrace shall provide notice to Customer, which may include by updating the Subprocessor List on the website in accordance with this section 5 and any restrictions in Section 7.1, not less than 30 days prior to the Agreement. SentinelOne date on which the Subprocessor shall make available to Customer the current list of Subprocessors that are commence processing Customer Personal Data. Dynatrace will make available a means by which Customer may subscribe to receive notifications of changes to the Subprocessor List (which may include without limitation the provision of an RSS feed). 7.3 If Customer objects to the processing of Customer Personal Data by any newly appointed Subprocessor as described in Section 7.2 (on reasonable grounds), attached as Annex 3it shall inform Dynatrace in writing within 15 days after notice has been provided by Dynatrace setting out the specific reasons for its objection. SentinelOne Customer shall provide Customer prior written notice of the appointment not unreasonably object to any intended change of any new Subprocessor, including details of Subprocessors. In the Processing to be undertaken by the Subprocessor. If, event Customer objects within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially such timeframe on reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices grounds relating to data protectionprotection of Customer Personal Data, then (i) SentinelOne the parties shall work with Customer together in good faith to address Customer’s reasonable objections regarding and thereafter proceed to use the new Subprocessor; and (ii) where Customer’s concerns Subprocessor to perform such Processing. If agreement cannot be resolved reached between the parties to use the new Subprocessor within thirty twenty (3020) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement. 5.2 With respect to each Subprocessorobjection, SentinelOne shall: 5.2.1 before Dynatrace shall either, at Dynatrace’s option: (a) instruct the Subprocessor first Processes not to process Customer Personal Data, carry out adequate due diligence which may result in a Service feature being suspended and unavailable to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOneCustomer, or (b) allow Customer may immediately to terminate this DPA and the relevant intermediate Agreement on three months’ notice, and Dynatrace will promptly refund a prorated portion of any prepaid fees for the period after such suspension or termination date. If no objection is received by Dynatrace within the time period specified above, Customer shall be deemed to have approved the use of the new Subprocessor; and on the other hand, the Subprocessor, is governed by . 7.4 Dynatrace shall: (i) enter into a written contract including terms which offer agreement with each Subprocessor containing data protection obligations that provide at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet DPA, to the requirements of Article 28(3) extent applicable to the nature of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate service provided by such Subprocessor; and on the other hand the (ii) remain responsible for such Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses ’s compliance with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements obligations of this Addendum) as Customer may request from time DPA and for any acts or omissions of such Subprocessor that cause Dynatrace to time. 5.3 SentinelOne shall ensure that each Subprocessor performs breach any of its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneDPA.

Subprocessing. 5.1 3.1 Customer authorises SentinelOne ▇▇▇▇▇ to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 clause 3 and any restrictions in the Original Agreement. SentinelOne shall make available to Customer . 3.2 To the current list of Subprocessors extent that are processing any Subprocessor appointed by Elige processes Customer Personal DataData then, attached ▇▇▇▇▇ will remain responsible to the Customer for the Subprocessor’s obligations under this DPA. 3.3 Elige may continue to use those Subprocessors already engaged by ▇▇▇▇▇ as Annex 3at the date of this DPA as identified in the Subprocessor list which can be accessed on Elige’s Legal Repository webpage at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇/repository/Elige-Subprocessors.pdf. SentinelOne For the avoidance of doubt, Customer specifically authorises the engagement of ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ as Subprocessors. 3.4 Elige shall provide give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the SubprocessorSubprocessor by updating the Subprocessor list which is available in the Elige Legal Repository. If, within ten (10) days of receipt of that notice via the mechanism set out in this clause 3.3, Customer notifies Elige in writing of any objections (on reasonable grounds) to the proposed appointment Elige shall not appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by Customer and Customer has been provided with a reasonable written explanation of the steps taken. If the objection cannot be resolved by the parties within thirty (30) days of receipt by ▇▇▇▇▇ of that noticethe objection, Customer notifies SentinelOne Elige shall not be in writing breach of any objections the Original Agreement to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns extent that it cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in provide the Agreement, Customer may, by providing SentinelOne Services or otherwise comply with its obligations as a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreementresult. 5.2 3.5 With respect to each Subprocessor, SentinelOne Elige shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 3.5.1 ensure that the arrangement between on the one hand (a) SentinelOneElige, or (b) the relevant intermediate SubprocessorElige Affiliate; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum DPA, in particular in relation to requiring the Subprocessor to implement appropriate technical and organizational measures, and meet the requirements of Article 28(3) of the GDPRData Protection Laws; 5.2.3 3.5.2 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses appropriate safeguards as set out in clause 8.1.1 and clause 8.1.2 are at all relevant times incorporated into the agreement in place between on the one hand (a) SentinelOneElige, or (b) the relevant intermediate Elige Affiliate; and the Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 3.5.3 provide to Customer for review such copies of the Contracted Processors' Elige or Elige Affiliate’s agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this AddendumDPA) as Customer may request from time to time. 5.3 SentinelOne 3.6 Elige shall ensure that each Subprocessor performs its the obligations under sections 2.1, 3, 4clauses 2.2, 6.1, and 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum DPA in place of SentinelOneElige.

Subprocessing. 5.1 To the extent required under Applicable Laws, Customer authorises SentinelOne authorizes CrowdStrike to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. SentinelOne shall make available . 5.2 CrowdStrike may continue to use those Subprocessors already engaged as of the date of this DPA specified in Exhibit E, subject to CrowdStrike in each case meeting the obligations set out in section 5.5. 5.3 Customer the current agrees to CrowdStrike maintaining and updating its list of Subprocessors that are processing online, for the Falcon Platform as outlined in Exhibit E. 5.4 CrowdStrike shall provide notice of a proposed new Subprocessor to the Customer, at least 30 days prior to CrowdStrike’s use of the new Subprocessor to Process Customer Personal Data, attached as Annex 3through the applicable CrowdStrike Offering or platform, where Customer may elect to subscribe to such notices. SentinelOne shall provide Customers may sign up for email Subprocessor notifications at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/subprocessor-notification/. During the notice period, Customer prior may object to a change in Subprocessor in writing and CrowdStrike may, in its sole discretion, attempt to resolve Customer’s objection, including providing the Offerings without use of the proposed Subprocessor. If (a) CrowdStrike provides Customer written notice of the appointment of any new Subprocessorthat it will not pursue an alternative, including details of the Processing to be undertaken by the Subprocessor. If, within thirty or (30b) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns an alternative cannot be resolved made available by CrowdStrike to Customer within thirty (30) 90 days from SentinelOne's receipt of Customer's noticeCustomer providing notice of its objection, then in either case, and notwithstanding anything to the contrary in the AgreementAgreement or order, Customer may, by providing SentinelOne with a written notice to with immediate effect, may terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable or order to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Offerings which require the termination use of the Agreementproposed Subprocessor. 5.2 5.5 With respect to each Subprocessor, SentinelOne to the extent required under Applicable Laws, CrowdStrike shall: 5.2.1 before 5.5.1 Before the Subprocessor first Processes Customer Personal DataData (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by Applicable Laws, this DPA and the Agreement; 5.2.2 ensure 5.5.2 Ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; CrowdStrike and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least offers substantially the same level of protection for Customer Personal Data as those set out required by this DPA and Applicable Laws, including Customer’s ability to protect the rights of Data Subjects in this Addendum and meet the requirements of Article 28(3) of the GDPRevent CrowdStrike is insolvent, liquidated or otherwise ceases to exist; 5.2.3 if that arrangement 5.5.3 Apply an adequacy mechanism recognized by Customer’s Supervisory Authority as ensuring an adequate level of data protection under Applicable Laws where Subprocessor’s Processing of Customer Personal Data involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand; (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such 5.5.4 Maintain copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) and make these available as Customer may request from time to time.. To the extent necessary to protect Confidential Information, CrowdStrike may redact the copies prior to sharing with Customer; and 5.3 SentinelOne shall ensure that each Subprocessor performs its 5.5.5 Notify Customer of Subprocessor’s relevant failure to comply with obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried set out by that Subprocessor, as if it were party to Applicable Laws and this Addendum in place DPA where CrowdStrike has received notice of SentinelOnesuch.

Subprocessing. 5.1 Customer 6.1. Each Company Group Member authorises SentinelOne Vendor and each Vendor A liate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. 6.2. SentinelOne Vendor and each Vendor A liate may continue to use those Subprocessors already engaged by Vendor or any Vendor A liate as at the date of this Addendum, subject to Vendor and each Vendor A liate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3. Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) days one month of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne : 6.3.1. [Vendor shall work with Customer Company in good faith to address Customer’s objections regarding make available a commercially reasonable change in the new provision of the Services which avoids the use of that proposed Subprocessor; and (ii) and 6.3.2. where Customer’s concerns such a change cannot be resolved made within thirty (30) days 3 months from SentinelOneVendor's receipt of CustomerCompany's notice, notwithstanding anything in the Principal Agreement, Customer may, Company may by providing SentinelOne with a written notice to Vendor with immediate effect, e ect terminate the Principal Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor.] 5.2 6.4. With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor A liate shall: 5.2.1 6.4.1. before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement; 5.2.2 6.4.2. ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor A liate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer o er at least the same level of protection for Customer Company Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3. if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor A liate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s) (and Company shall procure that each Company A liate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 6.4.4. provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 6.5. Vendor and each Vendor A liate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 10.1 Customer authorises SentinelOne acknowledges, agrees and authorizes, that Hubilo may engage Sub Processors for certain Processing activities as required from time to appoint (and permit each Subprocessor appointed time on Customer's behalf in accordance with this section 5 8 and subject to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. SentinelOne MSA. 10.2 Hubilo and each Hubilo Affiliate may continue to use those Sub-processors already engaged by Hubilo and each Hubilo Affiliate as at the date of this Addendum, subject to Hubilo and each Hubilo Affiliate in each case as soon as practicable meeting the obligations set out in section 7. 10.3 Hubilo and/or the relevant Hubilo Affiliate shall make available to Customer give the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new SubprocessorSub-processors, including full details of the Processing to be undertaken by the SubprocessorSub-processors within 30 (thirty) days of such appointment. If, within thirty 10 (30ten) days of receipt of that notice, Customer notifies SentinelOne Hubilo and/or the relevant Hubilo Affiliate in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne Hubilo and/or the relevant Hubilo Affiliate shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything make available a commercially reasonable change in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination provision of the AgreementServices which avoids the use of that proposed Sub-processors. 5.2 10.4 With respect to each SubprocessorSub Processor, SentinelOne Hubilo and/or the relevant Hubilo Affiliate shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 i) ensure that the arrangement between on the one hand (a) SentinelOneHubilo, or (b) the relevant intermediate Subprocessor; Hubilo Affiliate, and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 ii) if that arrangement involves a Restricted Transfer, Hubilo shall ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOneHubilo, or (b) the relevant intermediate Subprocessor; Hubilo Affiliate, and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. ; and 5.2.4 iii) provide to Customer for review such copies of Hubilo's or the Contracted Processors' agreements relevant Hubilo Affiliate’s agreements, as applicable, with Subprocessors Sub-processors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 Customer Each Company Group Member authorises SentinelOne Vendor to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Principal Agreement. SentinelOne . 5.2 Vendor may continue to use those Subprocessors already engaged by Vendor as of the date of this Addendum, subject to Vendor in each case as soon as practicable meeting the obligations set out in section 5.4. 5.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) days one week of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially : Vendor shall not appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith steps have been taken to address Customer’s the objections regarding the new Subprocessor; raised by any Company Group Member and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne Company has been provided with a reasonable written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination explanation of the Agreementsteps taken. 5.2 5.4 With respect to each Subprocessor, SentinelOne Vendor shall: 5.2.1 5.4.1 before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement; 5.2.2 5.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 5.4.4 provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 5.5 Vendor shall ensure that each Subprocessor performs its the obligations under sections 2.13.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 5.1. Customer authorises SentinelOne authorizes Zip to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 section. 5.2. Information about Subprocessors, including their functions and any restrictions locations, as of the Addendum Effective Date is set forth in Attachment 3 (as may be updated by Provider from time to time) or such other website address as Provider may provide to customer from time to time (the Agreement“Subprocessor Site”). SentinelOne Customer acknowledges and agrees that Zip may utilize the Subprocessors listed in Attachment 3 and/or on the Subprocessor Site as of the Addendum Effective Date. 5.3. Zip shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide give Customer prior written notice of the appointment of any proposed new SubprocessorSubprocessor after the Addendum Effective Date by updating the Subprocessor Site or other written means, including reasonable details of the Processing to be undertaken by the Subprocessor. If Customer does not object to such change of Subprocessors within fourteen (14) days of receipt of that notice, Customer shall be deemed to have consented to such change. If, within thirty fourteen (3014) days of receipt of that notice, Customer notifies SentinelOne Zip in writing of any objections (on reasonable grounds relating to the protection of Customer Personal Data) to the proposed appointment, and further provides : (a) Zip shall use reasonable efforts to make available a commercially reasonable justifications to such objections based on valid concerns regarding such change in the provision of the Services, which avoids the use of that proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (iib) where Customer’s concerns such a change cannot be resolved within thirty made and failing an amicable resolution between the parties (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything each acting reasonably and in the Agreementgood faith), Customer may, may by providing SentinelOne with a written notice to Zip with immediate effect, effect terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor as its sole and exclusive remedy. 5.2 5.4. With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by Zip shall enter into a written contract including terms which offer at least are substantially similar regarding the same level protection of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR;Data Processing Addendum. 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are 5.5. Zip shall at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide remain liable to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 Subprocessors’ acts and 10.1, as they apply to Processing omissions in respect of Customer Personal Data carried out by that Subprocessor, as to the same extent Zip would be liable if it were party to performing such Processing directly under the terms of this Addendum in place of SentinelOneData Processing Addendum.

Subprocessing. 5.1 3.1 Customer authorises SentinelOne GlobalSign to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 clause 3 and any restrictions in the Original Agreement. SentinelOne shall make available to Customer . 3.2 To the current list of Subprocessors extent that are processing any Subprocessor appointed by GlobalSign processes Customer Personal DataData then, attached GlobalSign will remain responsible to the Customer for the Subprocessor’s obligations under this DPA. 3.3 GlobalSign may continue to use those Subprocessors already engaged by GlobalSign as Annex 3at the date of this DPA as identified in the Subprocessor list which can be accessed on GlobalSign’s Legal Repository webpage at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/en/repository/GlobalSign- Subprocessors.pdf. SentinelOne For the avoidance of doubt, Customer specifically authorises the engagement of GlobalSign Affiliates as Subprocessors. 3.4 GlobalSign shall provide give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the SubprocessorSubprocessor by updating the Subprocessor list which is available in the GlobalSign Legal Repository. If, within ten (10) days of receipt of that notice via the mechanism set out in this clause 3.3, Customer notifies GlobalSign in writing of any objections (on reasonable grounds) to the proposed appointment GlobalSign shall not appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by Customer and Customer has been provided with a reasonable written explanation of the steps taken. If the objection cannot be resolved by the parties within thirty (30) days of receipt by GlobalSign of that noticethe objection, Customer notifies SentinelOne GlobalSign shall not be in writing breach of any objections the Original Agreement to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns extent that it cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in provide the Agreement, Customer may, by providing SentinelOne Services or otherwise comply with its obligations as a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreementresult. 5.2 3.5 With respect to each Subprocessor, SentinelOne GlobalSign shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 3.5.1 ensure that the arrangement between on the one hand (a) SentinelOneGlobalSign, or (b) the relevant intermediate SubprocessorGlobalSign Affiliate; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum DPA, in particular in relation to requiring the Subprocessor to implement appropriate technical and organisational measures, and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 3.5.2 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses appropriate safeguards as set out in clause 8.2 and clause 8.5 of this DPA are at all relevant times incorporated into the agreement in place between on the one hand (a) SentinelOneGlobalSign, or (b) the relevant intermediate GlobalSign Affiliate; and the Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 3.5.3 provide to Customer for review such copies of the Contracted Processors' GlobalSign or GlobalSign Affiliate’s agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this AddendumDPA) as Customer may request from time to time. 5.3 SentinelOne 3.6 GlobalSign shall ensure that each Subprocessor performs its the obligations under sections 2.1, 3, 4clauses 2.2, 6.1, and 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum DPA in place of SentinelOneGlobalSign.

Subprocessing. 5.1 6.1. Customer authorises SentinelOne Bottomline to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions Section 6. 6.2. Bottomline may continue to use those Subprocessors already engaged by Bottomline as at the DPA Effective Date, as such are shown in the Agreement. SentinelOne Subprocessor List on such date as Processing Personal Data on Bottomline’s behalf in connection with the Relevant Services (a copy of which shall make available be provided to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3on request). 6.3. SentinelOne Bottomline shall provide give Customer prior written notice of the appointment of any new Subprocessor, including reasonable details of the Processing to be undertaken by the SubprocessorSubprocessor by way of Bottomline providing Customer with an updated copy of the Subprocessor List via a ‘mailshot’ or similar mass distribution mechanism sent via email to Customer’s normal addressees for system updates. 6.4. If, If within thirty fourteen (3014) days of receipt of that noticenotice given to Customer pursuant to Section 6.3, Customer notifies SentinelOne Bottomline in writing of any objections to the proposed appointmentappointment of any new Subprocessor on reasonable grounds (e.g., and further provides commercially reasonable justifications to such objections based on valid concerns regarding such if a proposed Subprocessor’s business practices relating Processing of Customer Personal Data would cause Customer to data protectionviolate Data Protection Laws), then Bottomline shall either: (ia) SentinelOne shall work with Customer in good faith recommend a commercially reasonable change to address Customer’s objections regarding configuration or use of the new Relevant Services to avoid Processing of Customer Personal Data by the proposed Subprocessor objected to by Customer; and/or (b) use reasonable efforts to make available a commercially reasonable change in the provision of the Relevant Services which avoids the use of that proposed Subprocessor; and (ii. 6.5. Where no changes referenced in Sections 6.4(a) where or 6.4(b) can be made, or any such changes proposed by Bottomline are expressly rejected by the Customer’s concerns cannot be resolved , within the thirty (30) days from SentinelOne's day period following Bottomline’s receipt of Customer's notice’s notice of objections (the “Change Period”), notwithstanding anything in the Agreement, Customer may, either Party may by providing SentinelOne with a written notice to with immediate effectthe other, to be served within fourteen (14) days of the expiration of that Change Period, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable (either in whole or to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following the termination portion of the AgreementRelevant Services which requires the use of the proposed Subprocessor) with immediate effect. 5.2 6.6. If Customer (having not raised an objection to a new Subprocessor) uses the Relevant Services (or the relevant portion thereof) after the expiry of the fourteen (14) day period referred to in Section 6.4, Customer agrees that it shall be deemed to have approved the ongoing use of that Subprocessor. 6.7. With respect to each Subprocessor, SentinelOne Bottomline shall: 5.2.1 (a) before the Subprocessor first Processes Customer Personal DataData (or, as soon as reasonably practicable, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement;this Data Processing Addendum; and 5.2.2 (b) ensure that the arrangement between on Bottomline and the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same an equivalent level of protection for Customer Personal Data as those set out in this Data Processing Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timeincluding those set out in Section 5). 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 The Subprocessors currently engaged by Docmosis and authorized by Customer are listed in Annex 3. The Customer generally authorises SentinelOne Docmosis to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. SentinelOne . 5.2 Docmosis may continue to use those Subprocessors already engaged by Docmosis as at the date of this Addendum, subject to Docmosis in each case as soon as practicable meeting the obligations set out in section 5.4. 5.3 Docmosis shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer notifies SentinelOne Docmosis in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with appointment Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, may by providing SentinelOne with a written notice to Docmosis with immediate effect, effect terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Third Party Subprocessor. 5.2 5.4 With respect to each Subprocessor, SentinelOne Docmosis shall: 5.2.1 5.4.1 before the Subprocessor first Processes Customer Personal DataData (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 5.4.2 ensure that the arrangement between on the one hand (a) SentinelOneDocmosis, or (b) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneDocmosis, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. ; and 5.2.4 5.4.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne 5.5 Docmosis shall ensure that each Subprocessor performs its the obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneDocmosis.

Subprocessing. 5.1 Customer 6.1 Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this DPA, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially : Neither Vendor nor any Vendor Affiliate shall appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith steps have been taken to address Customer’s the objections regarding the new Subprocessor; raised by any Company Group Member and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne Company has been provided with a reasonable written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination explanation of the Agreementsteps taken. 5.2 6.4 With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor Affiliate shall: 5.2.1 6.4.1 before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum DPA and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 6.4.4 provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this AddendumDPA) as Customer Company may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 9 and 10.111, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum DPA in place of SentinelOneVendor.

Subprocessing. 5.1 Customer 11.1. The Data Controller authorises SentinelOne the Data Processor to appoint [(and permit each Subprocessor appointed in accordance with this section 5 11 to appoint) )] Subprocessors in accordance with this section 5 11 and any restrictions in the AgreementTerms and Conditions or Privacy Policy. 11.2. SentinelOne The Data Processor may continue to use those Subprocessors already engaged by the Data Processor as at the date of this Addendum and listed in Annex 2, subject to the Data Processor in each case as soon as practicable meeting the obligations set out in section 11.4. 11.3. The Data Processor shall make available to Customer give the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer Data Controller prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty 30 (30thirty) calendar days of receipt of that notice, Customer the Data Controller notifies SentinelOne the Data Processor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then : (ia) SentinelOne the Data Processor shall work with Customer the Data Controller in good faith to address Customer’s objections regarding make available a commercially reasonable change in the new provision of the Services which avoids the use of that proposed Subprocessor; and and (iib) where Customer’s concerns such a change cannot be resolved made within thirty 30 (30thirty) calendar days from SentinelOnethe Data Processor's receipt of Customerthe Data Cotroller's noticenotice (or such longer period as the parties may agree in writing), notwithstanding anything in the Agreement, Customer may, Terms and Conditions or Privacy Policy the Data Controller may by providing SentinelOne with a written notice to the Data Processor with immediate effect, effect terminate the Agreement Terms and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable Conditions to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor. 5.2 11.4. With respect to each Subprocessor, SentinelOne the Data Processor shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, (a) carry out adequate due diligence on each Subprocessor to ensure that the Subprocessor it is capable of providing the level of protection for Customer the Personal Data as is required by this Addendum including without limitation sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the Agreementrequirements of GDPR or equivalent provisions of any Data Protection Law and this Addendum; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) include terms in the relevant intermediate Subprocessor; contract between the Data Processor and on the other hand, the Subprocessor, is governed by a written contract including terms each Subprocessor which offer at least the same level of protection for Customer the Personal Data as those set out in this Addendum and meet Upon request, the Data Processor shall provide a copy of its agreements with Subprocessors to the Data Controller (which may be redacted to remove confidential commercial information not relevant to the requirements of Article 28(3) of the GDPRthis Addendum); 5.2.3 (c) if that the arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; Data Processor and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer the Personal Data Data, procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. Data Controller; and 5.2.4 provide (d) remain fully liable to Customer the Data Controller for review such copies any failure by each Subprocessor to fulfil its obligations in relation to the Processing of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timePersonal Data. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 3.1 Customer authorises SentinelOne grants Amperity a general authorization to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in subcontract the Agreement. SentinelOne shall make available to Customer the current list Processing of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new Data to a Subprocessor, including details of the Processing to be undertaken by the Subprocessor. If, within thirty those Subprocessors listed in Amperity's website at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/support/subcontractors.html (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement"Subprocessor List"). 5.2 With respect to each Subprocessor, SentinelOne shall3.2 Amperity will: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by enter into a written contract including agreement with each Subprocessor containing data protection terms which offer that provide at least the same level of protection for Customer Personal Data as those set out contained in this Addendum and meet DPA, to the requirements of Article 28(3) extent applicable to the nature of the GDPR;services provided by each Subprocessor; and 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide remain responsible to Customer for review such copies any acts or omissions of the Contracted Processors' agreements with Subprocessors (which may be redacted Subprocessor that cause Amperity to remove confidential commercial information not relevant to the requirements breach any of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1this DPA. 3.3 Prior to the addition of any new Subprocessor, 3Amperity shall provide notice to Customer not less than ten (10) calendar days prior to the date on which the Subprocessor shall commence Processing Customer Personal Data. Amperity provides a subscription form along with the Subprocessor list for Customers to subscribe to receive automatic notifications of changes to the Subprocessor List. Customer acknowledges and agrees that it shall subscribe to Amperity's notice mechanism provided in the Subprocessor List to receive the notices and that Amperity will only provide the corresponding notice to the email address provided in the subscription form. 3.4 Customer may object to Amperity's appointment of any new or replacement Subprocessor promptly in writing within ten (10) calendar days of receipt of the automatic notice in accordance with 3.3 above and on reasonable grounds related to Subprocessor's ability to comply with Applicable Data Protection Law. In such case, 4the Parties shall discuss Customer´s concerns in good faith with a view to achieving a commercially reasonable resolution. If the Parties cannot reach such resolution, 6.1Amperity shall, 7.2at its sole discretion, 8 either not appoint the Subprocessor at issue, or permit Customer to suspend or terminate the applicable Order Form and/or the Agreement without liability to either Party. In the event Customer exercises its right of termination under this Section 3.4, Amperity will refund to Customer a pro rata share of any prepaid unused fees for the remaining and 10.1unexpired portion of the applicable Subscription Term from the date of termination, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOnethe Customer’s exclusive remedy.

Subprocessing. 5.1 Customer authorises SentinelOne acknowledges and agrees that Netlify may utilize the authorized Sub-processors set forth in Schedule 2. 5.2 Netlify shall by email inform the Customer of any changes concerning the addition or replacement of sub-processors, at least ten (10) business days prior to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in such change(s), thereby giving the Agreement. SentinelOne shall make available to Customer the current list of Subprocessors that are processing opportunity to object to such changes. Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new Subprocessor, including details of the Processing may object in writing to be undertaken by the Subprocessor. If, Netlify’s intended change concerning Netlify’s Sub-processors within thirty five (305) business days of receipt of that such notice, . 5.3 If it is not possible for Netlify and Customer notifies SentinelOne in writing of any objections to resolve the proposed appointment, and further provides commercially issue within a reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in time despite both parties’ good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's noticeefforts, notwithstanding anything in the Principal Agreement, Customer may, by providing SentinelOne with may suspend or terminate the Principal Agreement to the extent that it relates to the Services which require the use of the proposed Sub-processor. 5.4 Netlify will enter into a written notice to agreement with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement. 5.2 With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including Sub-processor containing terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum DPA, imposing in particular that each Sub-processor provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of Article 28(3the GDPR. 5.5 Netlify shall remain fully liable to Customer for the performance of its Sub-processor's obligations to the same extent Netlify would be liable if performing the Services directly under the terms of this DPA. 5.6 If Customer and Netlify have entered into Standard Contractual Clauses as described in Section 11 (Transfer mechanisms for data transfers), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Netlify of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Sub-processors that must be provided by Netlify to Customer pursuant to Clause 5(j) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOnemay have commercial information, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating information unrelated to the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review or their equivalent, removed by Netlify beforehand, and that such copies of will be provided by the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may Netlify only upon request from time to timeby Customer. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. Where there is no subprocessing at the date of this addendum, these clauses cover GDPR requirements in the event that subprocessors are required at a future date. 5.1 Customer The Client authorises SentinelOne Oleeo to appoint (and permit each Subprocessor appointed in accordance with this section paragraph 5 to appoint) Subprocessors in accordance with this section paragraph 5 and any restrictions in the Agreementagreement. SentinelOne Oleeo Standdard Terms v27x GC Page 27 of 32 5.2 Where applicable, Oleeo may continue to use those Subprocessors already engaged by Oleeo as at the date of this Schedule, subject to Oleeo as soon as practicable meeting the obligations set out in paragraph 5.4. 5.3 Oleeo shall make available to Customer give the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer Client prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) fourteen days of receipt of that notice, Customer the Client notifies SentinelOne Oleeo in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially Oleeo shall not appoint (or disclose any Client Personal Data to) that proposed Subprocessor until reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith steps have been taken to address Customer’s the objections regarding raised by the new Subprocessor; Client and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne Client has been provided with a reasonable written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination explanation of the Agreementsteps taken. 5.2 5.4 With respect to each Subprocessor, SentinelOne Oleeo shall: 5.2.1 5.4.1 before the Subprocessor first Processes Customer Client Personal DataData (or, where relevant, in accordance with paragraph 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Client Personal Data required by the Agreementagreement; 5.2.2 5.4.2 ensure that the arrangement between on the one hand (a) SentinelOneOleeo, or (b) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which impose substantively the same obligations on the Subprocessor as this Schedule imposes on Oleeo, which offer at least the same level of protection for Customer Client Personal Data as those set out in this Addendum Schedule and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneOleeo, or (b) the relevant intermediate Subprocessor; and on the other hand hand, the SubprocessorSubprocessor or, or before the Subprocessor first Processes Customer Client Personal Data Data, procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. Client; and 5.2.4 5.4.4 provide to Customer the Client for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this AddendumSchedule) as Customer the Client may request from time to time. 5.3 SentinelOne 5.5 Oleeo shall ensure that each Subprocessor performs its the obligations under sections paragraphs 2.1, 3, 4, 6.1, 7.2, 8 9 and 10.1, as they apply to Processing of Customer Client Personal Data carried out by that Subprocessor, as if it were party to this Addendum Schedule in place of SentinelOneOleeo.

Subprocessing. 5.1 Customer authorises SentinelOne 10.1 The Supplier may continue to appoint (and permit each Subprocessor appointed use any subprocessors already engaged by the Supplier in accordance with this section 5 processing Personal Data as part of the Services prior to appoint) Subprocessors in accordance with this section 5 and any restrictions the effective date of the Order. Such subprocessors are listed in the AgreementService Schedule. 10.2 Without prejudice to any other provisions of the Agreement and subject to paragraph 10.3 below, the Supplier shall be permitted to use the Approved Subprocessors to process Personal Data as part of the Services, provided that Zellis will have in place a contract with such subprocessor that offers substantially the same level of protection for Personal Data as set out in this Schedule. SentinelOne This authorisation shall make available constitute the Customer’s prior written consent to subprocessing by the Supplier of the Customer the current list of Subprocessors that are processing Customer Data and Personal Data, attached as Annex 3. SentinelOne . 10.3 The Supplier shall provide the Customer with prior written notice of the appointment of any new Subprocessor, including or alternative subprocessor (which may be by publishing the details of any such subprocessor on the Processing hyperlinked resource and providing the Customer with a mechanism to be undertaken by the Subprocessorobtain notice of that update). If, within thirty within, ten Business Days of the date of such notice: (30a) days of receipt of that notice, the Customer notifies SentinelOne the Supplier in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications (acting reasonably) to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating appointment then the Customer shall be entitled to data protectionnominate an alternative subprocessor. If the Customer nominates an alternative subprocessor, then the Supplier may: (i) SentinelOne charge for any necessary work undertaken as a result of the appointment of such alternative subprocessor (at the Supplier’s prevailing standard rates which shall work be reasonable); (ii) charge for any additional costs incurred by the Supplier in relation to using such alternative subprocessor; and (iii) make amendments to the Services to the extent required as a result of the Supplier using such alternative subprocessor; (b) the Customer has not notified the Supplier in writing of any objections (acting reasonably) then the Customer shall be deemed to have approved the use of such alternative subprocessor, in which case such subprocessor shall become an Approved Subprocessor. 10.4 Where the Supplier engages a subprocessor to process Personal Data, the Supplier shall: (a) remain fully liable to the Customer for the performance of any such subprocessor in accordance with Customer this Schedule; and (b) to the extent that any such subprocessing involves a transfer of Personal Data outside of both the UK and EEA, to a third party Approved Subprocessor in good faith a country outside of both the UK and EEA that is not subject to address Customer’s objections regarding a European Commission or UK government (or other competent authority) binding adequacy decision, the new SubprocessorSupplier will: (i) participate in a valid data transfer mechanism under the DP Law; and (ii) where Customer’s concerns cannot be resolved within thirty take such steps as are required by the DP Law (30) days from SentinelOne's receipt which may include the implementation of Customer's noticethe IDTA, notwithstanding anything in the AgreementStandard Contractual Clauses together with, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent the applicable Purchase OrderUK GDPR applies to the relevant transfer, the UK Addendum, or any successor standard contractual clauses adopted by the ICO) following the termination of the Agreement. 5.2 With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor level of protection afforded to the Personal Data is capable of providing equivalent to the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) DP Law of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that United Kingdom and/or European Union (as applicable) and the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses transfer is otherwise compliant with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timeDP Law. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 Customer authorises SentinelOne ‌ 6.1. Each Company Group Member: i) approves Vendor’s and each Vendor Affiliate’s current Subprocessors; and ii) authorizes Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 authorized Subprocessors to appoint) new Subprocessors in accordance with this section 5 Section 6. 6.2. Vendor and any restrictions in the Agreement. SentinelOne applicable Vendor Affiliate shall make available to Customer the current list of Subprocessors that are processing Customer Personal Datagive Company, attached as Annex 3. SentinelOne shall provide Customer if it subscribes, prior written notice of the appointment of before appointing any new Subprocessor, including details of the Processing to be undertaken by the Subprocessor. Company must subscribe to receive such notices by emailing ▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ with “Subscribe” in the subject line and providing sufficient detail so as to identify this Agreement. If, within thirty fifteen (3015) days of receipt of that such notice, Customer Company notifies SentinelOne Vendor in writing of any reasonable objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding then neither Vendor nor any Vendor Affiliate shall appoint, or disclose any Company Personal Data to, such proposed Subprocessor’s business practices relating . Vendor or the applicable Vendor Affiliate may then develop and disclose to data protectionCompany a written plan to address the objections raised by Company. If Company accepts such plan in writing, then (i) SentinelOne Vendor or the applicable Vendor Affiliate may proceed to appoint the proposed Subprocessor. If Company reasonably objects to such plan as insufficient, the parties shall work with Customer together in good faith to address Customer’s objections regarding either adjust the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's noticeplan, notwithstanding anything or effect a commercially reasonable change in the Agreementprovision of the Services that avoids the use of that proposed Subprocessor. If the forgoing change in the provision of the Services is not commercially reasonable as agreed by the parties, Customer may, by providing SentinelOne with a either party may terminate this Agreement upon written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreementother party. 5.2 6.3. With respect to each Subprocessor, SentinelOne the Vendor or relevant Vendor Affiliate shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to 6.3.1. ensure that the Subprocessor Subcontractor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed bound by a written contract including agreement that offers terms which offer at least the same level of protection for Customer Personal Data as restrictive as those set out in this Addendum Agreement, and meet meets the requirements of Article 28(3) of the GDPRGDPR (“Subprocessor Agreement”); 5.2.3 if that arrangement involves a Restricted Transfer, 6.3.2. ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, an Appropriate Safeguard is in place with any Subprocessor prior to any contemplated Restricted Transfers; or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the ensure that Subprocessor first Processes Customer Personal Data procure that it enters into an agreement with the relevant Company Group Member(s) incorporating the Standard Contractual Clauses with (and Company shall ensure that each relevant Company Affiliate executes such Standard Contractual Clauses) before the CustomerSubprocessor may Process Company Personal Data; and‌ 6.3.3. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors Subprocessor Agreement to Company for review (which copies may be redacted to remove confidential commercial information not relevant to the requirements of this AddendumAgreement) as Customer Company may request from time to time. 5.3 SentinelOne 6.4. Vendor shall ensure remain responsible for its compliance with the obligations of this Agreement and for any acts or omissions of its Subprocessors that each Subprocessor performs cause Vendor to breach any of its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneAgreement.

Subprocessing. 5.1 Customer authorises SentinelOne Master Distributor authorizes TTI Success Insights to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Master Distributor Agreement. SentinelOne . 5.2 TTI Success Insights may continue to use those Subprocessors already engaged by TTI Success Insights as at the date of this Addendum, subject to TTI Success Insights as soon as practicable meeting the obligations set out in section 5.4. 5.3 TTI Success Insights shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Master Distributor prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) ten business days of receipt of that notice, Customer Master Distributor notifies SentinelOne TTI Success Insights in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne : 5.3.1 TTI Success Insights shall work with Customer Master Distributor in good faith to address Customer’s objections regarding make available a commercially reasonable change in the new provision of the Services which avoids the use of that proposed Subprocessor; and (ii) and 5.3.2 where Customer’s concerns such a change cannot be resolved made within thirty (30) ten business days from SentinelOne's TTI Success Insights’ receipt of Customer's Master Distributor’s notice, notwithstanding anything in the Master Distributor Agreement, Customer may, Master Distributor may by providing SentinelOne with a written notice to TTI Success Insights with immediate effect, effect terminate the Master Distributor Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor. 5.2 5.4 With respect to each Subprocessor, SentinelOne TTI Success Insights shall: 5.2.1 5.4.1 before the Subprocessor first Processes Customer Master Distributor Personal DataData (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Master Distributor Personal Data required by the Master Distributor Agreement; 5.2.2 5.4.2 ensure that the arrangement between on the one hand (a) SentinelOne, TTI Success Insights or (b) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Master Distributor Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 5.4.3 if that arrangement involves a Restricted TransferTransfer and to the extent no other means allows for the transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, TTI Success Insights or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Master Distributor Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Master Distributor Agreement; and 5.2.4 5.4.4 provide to Customer Master Distributor for review such copies of the Contracted Processors' ’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Master Distributor may request from time to time. 5.3 SentinelOne 5.5 TTI Success Insights shall ensure that each Subprocessor performs its the obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 8, 10.1, as they apply to Processing of Customer Master Distributor Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneTTI Success Insights.

Subprocessing. 5.1 6.1 Each Customer Group Member authorises SentinelOne Lineup and each Lineup Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 Lineup and each Lineup Affiliate may continue to use those Subprocessors already engaged by Lineup or any Lineup Affiliate as at the date of these Data Processing Terms, subject to Lineup and each Lineup Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 Lineup shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer notifies SentinelOne Lineup in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne : 6.3.1 Lineup shall work with Customer in good faith to address Customer’s objections regarding make available a commercially reasonable change in the new provision of the Services which avoids the use of that proposed Subprocessor; and (ii) and 6.3.2 where Customer’s concerns such a change cannot be resolved made within thirty (30) 180 days from SentinelOneLineup's receipt of Customer's notice, notwithstanding anything in the Principal Agreement, Customer may, may by providing SentinelOne with a written notice to Lineup with immediate effect, effect terminate the Principal Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor. 5.2 6.4 With respect to each Subprocessor, SentinelOne Lineup or the relevant Lineup Affiliate shall: 5.2.1 6.4.1 before the Subprocessor first Processes Customer Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneLineup, or (b) the relevant Lineup Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum these Data Processing Terms and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneLineup, or (b) the relevant Lineup Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 6.4.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendumthese Data Processing Terms) as Customer may request from time to time. 5.3 SentinelOne 6.5 Lineup and each Lineup Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum these Data Processing Terms in place of SentinelOneLineup.

Subprocessing. 5.1 Customer authorises SentinelOne 4.1 Subprocessing for the purpose of this Agreement is to appoint (be understood as meaning processing which relates directly to the Services provided to you. This does not include ancillary services commissioned by us, such as telecommunication services, postal / transport services, cleaning or guarding services. IT services shall constitute a Subprocessing relationship if they are provided for IT systems which are used for the delivery of the Services you have purchased from us. We shall, however, be obliged to make appropriate and permit each Subprocessor appointed legally binding contractual arrangements including technical and organizational measures and take appropriate inspection measures to ensure the data protection and the data security of your data, even in the case of outsourced ancillary services. 4.2 In accordance with the provisions of this section 5 Agreement, you acknowledge and agree that ▇▇▇▇▇▇, or the third parties engaged to appointprovide the Services provided here: ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇.▇▇▇/asset_ mgr/current/202114/Subprocessor%20List_LOr3.pdf (which are hereby designated as subprocessors for the purpose of processing Customer Data) Subprocessors may store or process Customer Data in accordance with this section 5 and any restrictions locations outside the country in which you are located on servers based in the Agreement. SentinelOne United States provided that (a) we shall make available publish notification of any changes to Customer the current list of Subprocessors that are subprocessors processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new Subprocessor, including details of the Processing to be undertaken by the Subprocessor. If, within Data on our website thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of prior to any objections changes to the proposed appointment, subprocessors processing Customer Data and further provides commercially give you an opportunity to review such changes and raise reasonable justifications objection to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessorchanges; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement. 5.2 With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on subprocessors processing Customer Data are subject to the other hand, the Subprocessor, is governed by a written contract including terms which offer at least same data protection obligations or the same level of protection for Customer Personal Data as those set out are contained in this Addendum and meet Agreement in accordance with Article 28 paragraphs 2-4 GDPR. Customer agrees to raise any reasonable objections in writing within ten (10) calendar days of such notification. In the requirements event you reasonably object to the addition of Article 28(3) of a Subprocessor for reasons related to the GDPR; 5.2.3 if that arrangement involves , as permitted in the preceding sentences, and the Parties do not find a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant solution in good faith to the requirements issue in question, then either Party may terminate this Agreement and we will provide a pro-rated refund for any prepaid but unused fees. You confirm that Section 4.2 constitutes general written authorization for the purposes of this Addendum) as Customer may request from time to time. 5.3 SentinelOne GDPR. We shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing remain liable for any processing of Customer Personal Data carried out by subprocessors engaged under the Agreement. Upon your request, we will tell you where Customer Data is located. Notwithstanding anything to the contrary in this Section, if we and you have agreed that SubprocessorCustomer Data will be stored in any particular location, as if it were party to this Addendum we will store such Customer Data in place of SentinelOnethe agreed location.

Subprocessing. 5.1 Customer 6.1 Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty seven (307) days of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially : Neither Vendor nor any Vendor Affiliate shall appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith steps have been taken to address Customer’s the objections regarding the new Subprocessor; raised by any Company Group Member and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne Company has been provided with a reasonable written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination explanation of the Agreementsteps taken. 5.2 6.4 With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor Affiliate shall: 5.2.1 before 6.4.1 Before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 provide 6.4.4 Provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor. 6.6 With respect to Restricted Transfers to a Subprocessor which is not a Vendor Affiliate: 6.6.1 The data exporter and each Subprocessor shall comply with the requirements set out in the UK Data Protection Laws, the EU Data Protection Laws, and, where applicable, the FADP. 6.6.2 If the Restricted Transfer is subject to UK Data Protection Laws, the UK Addendum shall be deemed to be incorporated into and form an integral part of this Addendum. The UK Information Commissioner's Office's Mandatory Clauses shall be deemed completed as follows: Table 1, Table 2 (including the relevant information from this Addendum), Table 3 (inserting “UK Data Protection Laws”), and Table 4 (neither party may terminate the UK Addendum under Section 19).

Subprocessing. 5.1 3.1. Customer authorises SentinelOne Bottomline to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 Section 3 and Bottomline acknowledges that it shall remain liable for any restrictions in the Agreement. SentinelOne shall make available acts or omissions of such Subprocessors with respect to Customer the current list their Processing of Subprocessors that are processing Customer Personal Data. 3.2. Bottomline may continue to use those Subprocessors engaged in the provision of the Services and listed in the Subprocessor List, attached as Annex 3at the Effective Date of the Agreement.‌ 3.3. SentinelOne Bottomline shall provide give Customer prior written notice of the appointment of any new Subprocessor, including reasonable details of the Processing to be undertaken by the Subprocessor, and accordingly provide an updated Subprocessor List from time-to-time, including via a ‘mailshot’ or similar mass distribution mechanism sent via email to Customer’s normal addressees for system updates. 3.4. If, If within thirty fourteen (3014) days of receipt of that noticenotice given to Customer pursuant to Section 3.3 (“New Subprocessor Notice”), Customer notifies SentinelOne Bottomline in writing of any objections to the proposed appointment, appointment of any new Subprocessor and further provides commercially demonstrates to Bottomline’s reasonable justifications to such objections based on valid concerns regarding such satisfaction that the proposed Subprocessor’s business practices relating Processing of Customer Personal Data would cause Customer to data protectionviolate Data Protection Laws, then Bottomline shall either: (ia) SentinelOne shall work with Customer in good faith recommend a commercially reasonable change to address Customer’s objections regarding configuration or use of the new Services to avoid Processing of Customer Personal Data by the proposed Subprocessor objected to by Customer; and/or (b) use reasonable efforts to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and (ii) where . 3.5. Where no changes referenced in Section 3.4 can be made, or any such changes proposed by Bottomline are expressly rejected by the Customer’s concerns cannot be resolved , within the thirty (30) days from SentinelOne's day period following Bottomline’s receipt of Customer's notice’s notice of objections (the “Change Period”), notwithstanding anything in the Agreement, Customer may, either party may by providing SentinelOne with a written notice to the other, to be served within fourteen (14) days of the expiration of that Change Period, terminate the portion of the Services which requires the use of the proposed Subprocessor with immediate effect. 3.6. If Customer (having not raised an objection to a new Subprocessor or served termination notice pursuant to Section 3.5) uses the Services (or the relevant portion thereof) after the expiry of the New Subprocessor Notice or Change Period, terminate Customer agrees that such Subprocessor shall be deemed approved by the Agreement Customer and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable added to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement.Subprocessor List.‌ 5.2 3.7. With respect to each Subprocessor, SentinelOne Bottomline shall: 5.2.1 (a) before the Subprocessor first Processes Customer Personal DataData (or, as soon as reasonably practicable, in accordance with Section 3.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement;these Privacy Terms; and 5.2.2 (b) ensure that the arrangement between on Bottomline and the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same an equivalent level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.these Privacy Terms.‌

Subprocessing. 5.1 6.1. Customer authorises SentinelOne Bottomline to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions Section 6. 6.2. Bottomline may continue to use those Subprocessors already engaged by Bottomline as at the DPA Effective Date, as such are shown in the Agreement. SentinelOne Subprocessor List on such date as Processing Personal Data on Bottomline’s behalf in connection with the Relevant Services (a copy of which shall make available be provided to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3on request). 6.3. SentinelOne Bottomline shall provide give Customer prior written notice of the appointment of any new Subprocessor, including reasonable details of the Processing to be undertaken by the SubprocessorSubprocessor by way of Bottomline providing Customer with an updated copy of the Subprocessor List via a ‘mailshot’ or similar mass distribution mechanism sent via email to Customer’s normal addressees for system updates. 6.4. If, If within thirty fourteen (3014) days of receipt of that noticenotice given to Customer pursuant to Section 6.3, Customer notifies SentinelOne Bottomline in writing of any objections to the proposed appointmentappointment of any new Subprocessor on reasonable grounds (e.g., and further provides commercially reasonable justifications to such objections based on valid concerns regarding such if a proposed Subprocessor’s business practices relating Processing of Customer Personal Data would cause Customer to data protectionviolate Data Protection Laws), then Bottomline shall either: (ia) SentinelOne shall work with Customer in good faith recommend a commercially reasonable change to address Customer’s objections regarding configuration or use of the new Relevant Services to avoid Processing of Customer Personal Data by the proposed Subprocessor objected to by Customer; and/or (b) use reasonable efforts to make available a commercially reasonable change in the provision of the Relevant Services which avoids the use of that proposed Subprocessor; and (ii. Where no changes referenced in Sections 6.4(a) where Customer’s concerns cannot or 6.4(b) can be resolved made within the thirty (30) days from SentinelOne's day period following Bottomline’s receipt of Customer's notice’s notice of objections (the “Change Period”), notwithstanding anything in the Agreement, Customer may, either Party may by providing SentinelOne with a written notice to with immediate effectthe other, to be served within fourteen (14) days of the expiration of that Change Period, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable (either in whole or to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following the termination portion of the AgreementRelevant Services which requires the use of the proposed Subprocessor) with immediate effect. 5.2 6.5. If Customer (having not raised an objection to a new Subprocessor) uses the Relevant Services (or the relevant portion thereof) after the expiry of the fourteen (14) day period referred to in Section 6.4, Customer agrees that it shall be deemed to have approved the ongoing use of that Subprocessor. 6.6. With respect to each Subprocessor, SentinelOne Bottomline shall: 5.2.1 (a) before the Subprocessor first Processes Customer Personal DataData (or, as soon as reasonably practicable, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement;this Data Processing Addendum; and 5.2.2 (b) ensure that the arrangement between on Bottomline and the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same an equivalent level of protection for Customer Personal Data as those set out in this Data Processing Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timeincluding those set out in Section 5). 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 6.1 Each Customer authorises SentinelOne Group Member authorizes Liferay and each Liferay Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 Section 6 to appoint) Subprocessors in accordance with this section 5 Section 6 and subject to any restrictions in the Agreement. 6.2 Liferay and each Liferay Affiliate may continue to use a Subprocessor already engaged by Liferay or any Liferay Affiliate as at the effective date of this Addendum, subject to Liferay and each Liferay Affiliate meeting the obligations set out in Section 6.4 as soon as practicable. SentinelOne shall make Liferay makes available to Customer the current a list of all Subprocessors that are processing used for the Processing of Personal Data under this Addendum at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇/legal/cloud-services-data (or, for any Services not explicitly listed under this link, in the document outlining the agreed scope of the Services) and also available upon request to ▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇. Liferay shall update the list on its website of any Subprocessor to be appointed at least twenty (20) days prior to the date on which the Subprocessor shall commence Processing Personal Data and will notify Customer of such change specifying the location of the Subprocessor and type of Processing of Customer Personal Data, attached as Annex 3. SentinelOne Data conducted by such Subprocessor via email notification to the email address associated with the applicable Customer account. 6.3 Liferay shall provide give Customer prior written notice of the appointment of any new Subprocessor, including details of the Processing to be undertaken by the SubprocessorSubprocessor as described in Section 6.2. If, within thirty ten (3010) calendar days of receipt of that notice, Customer notifies SentinelOne Liferay in writing of any objections (on reasonable grounds) to the proposed appointment, appointment neither Liferay nor any Liferay Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and further provides Customer has been provided with a reasonable written explanation of the steps taken. Where Liferay cannot address the objections in a commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved manner within a thirty (30) days from SentinelOneLiferay's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, may either (i) decide to use the Services as proposed by providing SentinelOne with a Liferay or (ii) by written notice to Liferay with immediate effect, effect terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Subprocessor and SentinelOne shall receive a prorated refund to Customer all of any prepaid Fees for the Solutions attributable to the Subscription Term (unused Services as outlined in the applicable Purchase Order) following the termination of the Agreementeffective date of such termination. 5.2 6.4 With respect to each Subprocessor, SentinelOne Liferay or the relevant Liferay Affiliate shall: 5.2.1 (i) before the Subprocessor first Processes Customer Personal DataData (or, where relevant, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure (ii) undertake that the arrangement between between, on the one hand hand, (a) SentinelOneLiferay, or (b) the relevant Liferay Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least substantially the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 if (iii) intentionally omitted. (iv) where that arrangement involves a Restricted TransferTransfer from the EEA or UK, ensure that the Standard Contractual Clauses relevant SCC are at all relevant times incorporated into the agreement between between, on the one hand , (a) SentinelOne, Liferay or (b) the relevant Liferay Affiliate, or (c) the relevant intermediate Subprocessor; and Subprocessor entering into the SCCas a “data exporter(s)” and, on the other hand the Subprocessorhand, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. as “data importer(s)” as set forth in section 12.3 below; and 5.2.4 (v) upon request by Customer, provide to Customer for review such copies information about any Subprocessor in form of a summary or copy of the Contracted Processors' agreements applicable contractual terms with Subprocessors such Subprocessor (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time), if required by Applicable Laws. 5.3 SentinelOne shall ensure 6.5 Liferay and each Liferay Affiliate ensures that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneLiferay. Liferay and the relevant Affiliate shall be liable for the acts and omissions of its Subprocessors to the same extent Liferay or the relevant Liferay Affiliate would be liable if performing the Services of each Subprocessor directly under the terms of this Addendum, save as otherwise set forth in the Agreement.

Subprocessing. 5.1 Customer 6.1 Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this DPA, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially : Neither Vendor nor any Vendor Affiliate shall appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith steps have been taken to address Customer’s the objections regarding the new Subprocessor; raised by any Company Group Member and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne Company has been provided with a reasonable written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination explanation of the Agreementsteps taken. 5.2 6.4 With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor Affiliate shall: 5.2.1 6.4.1 before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum DPA and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 6.4.4 provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this AddendumDPA) as Customer Company may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 9 and 10.111.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum DPA in place of SentinelOneVendor.

Subprocessing. 5.1 6.1 Each Customer authorises SentinelOne Group Member authorizes Liferay and each Liferay Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 Section 6 to appoint) Subprocessors in accordance with this section 5 Section 6 and any restrictions in the Agreement. 6.2 Liferay and each Liferay Affiliate may continue to use those Subprocessors already engaged by Liferay or any Liferay Affiliate as at the effective date of this Addendum, subject to Liferay and each Liferay Affiliate in each case as soon as practicable meeting the obligations set out in Section 6.4. SentinelOne shall make Liferay makes available to Customer the current a list of all Subprocessors that are processing used for the Processing of Personal Data under this Addendum at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇/legal/cloud-services-data and also available upon request to ▇▇▇▇-▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇. Liferay shall update the list on its website of any Sub-Processor to be appointed at least thirsty (30) days prior to the date on which the Sub-Processor shall commence Processing Personal Data and will notify Customer Personal Data, attached as Annex 3. SentinelOne of such change via email notification to the email address associated with the applicable Customer account and/or notification within the application. 6.3 Liferay shall provide give Customer prior written notice of the appointment of any new Subprocessor, including details of the Processing to be undertaken by the SubprocessorSubprocessor as described in Section 6.2. If, within thirty ten (3010) calendar days of receipt of that notice, Customer notifies SentinelOne Liferay in writing of any objections (on reasonable grounds) to the proposed appointment, appointment neither Liferay nor any Liferay Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and further provides Customer has been provided with a reasonable written explanation of the steps taken. Where Liferay cannot address the objections in a commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved manner within a thirty (30) days from SentinelOneLiferay's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, may either (i) decide to use the Services as proposed by providing SentinelOne with a Liferay or (ii) by written notice to Liferay with immediate effect, effect terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Subprocessor and SentinelOne shall receive a pro-rated refund to Customer all of any prepaid Fees for the Solutions attributable to the Subscription Term (unused Services as outlined in the applicable Purchase Order) following the termination of the Agreementeffective date of such termination. 5.2 6.4 With respect to each Subprocessor, SentinelOne Liferay or the relevant Liferay Affiliate shall: 5.2.1 (i) before the Subprocessor first Processes Customer Personal DataData (or, where relevant, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure (ii) undertake that the arrangement between on the one hand (a) SentinelOneLiferay, or (b) the relevant Liferay Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 (iii) if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneLiferay, or (b) the relevant Liferay Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co- operates with their population and execution); and 5.2.4 (iv) upon request by Customer provide to Customer for review such copies information about any Subprocessor in form of a summary or copy of the Contracted Processors' agreements applicable contractual terms with such Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time), if required by Applicable Laws. 5.3 SentinelOne shall ensure 6.5 Liferay and each Liferay Affiliate procures that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneLiferay. Liferay and the relevant Affiliate shall be liable for the acts and omissions of its Subprocessors to the same extent Liferay or the relevant Liferay Affiliate would be liable if performing the Services of each Subprocessor directly under the terms of this Addendum, save as otherwise set forth in the Agreement.

Subprocessing. 5.1 Customer ‌ 6.1 Each Tata Communications Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 Section 6 to appoint) Subprocessors in accordance with this section 5 Section 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in Section 6.4.‌ 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Tata Communications prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty ten (3010) business days of receipt of that notice, Customer Tata Communications notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne : 6.3.1 Vendor shall work with Customer Tata Communications in good faith to address Customer’s objections regarding make available a commercially reasonable change in the new provision of the Services which avoids the use of that proposed Subprocessor; and (ii) and 6.3.2 where Customer’s concerns such a change cannot be resolved made within thirty ten (3010) business days from SentinelOneVendor's receipt of Customer's Tata Communications' notice, notwithstanding anything in the Principal Agreement, Customer may, Tata Communications may by providing SentinelOne with a written notice to Vendor with immediate effect, effect terminate the Principal Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following Services which require the termination use of the Agreementproposed Subprocessor. 5.2 6.4 With respect to each Subprocessor, SentinelOne shall:Vendor or the relevant Vendor Affiliate shall:‌ 5.2.1 6.4.1 before the Subprocessor first Processes Customer Tata Communications Personal DataData (or, where relevant, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Tata Communications Personal Data required by this Addendum and the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Tata Communications Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Tata Communications Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. andrelevant Tata Communications Group Member(s) (and Tata Communications shall procure that each Tata Communications Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and‌ 5.2.4 6.4.4 provide to Customer Tata Communications for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Tata Communications may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Tata Communications Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 ‌ The following provisions are without prejudice to the content of Clause 9(a) SCC option 2 and Clause 9(b) SCC: 8.1 Carrot has Customer’s and Customer authorises SentinelOne Affiliates’ general authorization for the engagement of sub- processor(s) with respect to appoint Customer Personal Data from an agreed list. Customer herewith agrees also on behalf of its Customer Affiliates to the sub-processors as set out in Exhibit C. 8.2 Carrot may provide a website or provide another written notice that lists all sub-processors to access Customer Personal Data as well as the limited or ancillary services they perform. Carrot shall not authorize any new sub-processor except where Carrot has provided Customer with at least two (2) weeks’ prior notice by electronic means or via email and permit each Subprocessor appointed the opportunity to object to such sub-processor in accordance with this section 5 the aforementioned Clause to appoint) Subprocessors in accordance with this section 5 and any restrictions in access Customer Personal Data.‌ 8.3 In the Agreement. SentinelOne shall case that Customer objects to the sub-processing, Carrot will, at its discretion, use reasonable endeavors to make available to the Customer a change in the current list of Subprocessors that are Services, or will recommend a commercially reasonable change to the Services to prevent the applicable sub-processor from processing the Customer Personal Data. If Carrot determines, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new Subprocessorat its discretion, including details of the Processing to be undertaken by the Subprocessor. Ifthat such a change is not viable, within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then Carrot can choose to (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding either not engage the new Subprocessor; and sub-processor, or (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term or any related service agreement with two (as outlined in the applicable Purchase Order2) following months prior written notice. Until the termination of the Agreement or any related service agreement, Carrot may suspend the portion of the Services which is affected by the objection of Customer. Customer shall not be entitled to a pro-rata refund of the remuneration for the Services, unless the objection is based on justified reasons of non-compliance with applicable data protection law. 8.4 Any sub-processor is obliged before initiating the processing, to commit itself by way of written contract to comply with, in substance, the same data protection obligations as the ones under the Data Processing Agreement. 5.2 With respect 8.5 Where a sub-processor refuses to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required be bound by the same data protection obligations as the ones under the Data Processing Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the Customer may consent to such other handterms whereby such consent shall not be unreasonably withheld if, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) upon request of the GDPR; 5.2.3 if that arrangement involves a Restricted TransferCustomer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses Carrot can demonstrate sub-processor’s compliance with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timeApplicable Law. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 6.1. Customer authorises SentinelOne Bottomline to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions Section 6. 6.2. Bottomline may continue to use those Subprocessors already engaged by Bottomline as at the DPA Effective Date, as such are shown in the Agreement. SentinelOne Subprocessor List on such date as Processing Personal Data on Bottomline’s behalf in connection with the Relevant Services (a copy of which shall make available be provided to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3on request).‌ 6.3. SentinelOne Bottomline shall provide give Customer prior written notice of the appointment of any new Subprocessor, including reasonable details of the Processing to be undertaken by the SubprocessorSubprocessor by way of Bottomline providing Customer with an updated copy of the Subprocessor List via a ‘mailshot’ or similar mass distribution mechanism sent via email to Customer’s normal addressees for system updates.‌ 6.4. If, If within thirty fourteen (3014) days of receipt of that noticenotice given to Customer pursuant to Section 6.3, Customer notifies SentinelOne Bottomline in writing of any objections to the proposed appointmentappointment of any new Subprocessor on reasonable grounds (e.g., and further provides commercially reasonable justifications to such objections based on valid concerns regarding such if a proposed Subprocessor’s business practices relating Processing of Customer Personal Data would cause Customer to data protectionviolate Data Protection Laws), then Bottomline shall either:‌ (ia) SentinelOne shall work with Customer in good faith recommend a commercially reasonable change to address Customer’s objections regarding configuration or use of the new SubprocessorRelevant Services to avoid Processing of Customer Personal Data by the proposed Subprocessor objected to by Customer; and and/or‌ (iib) where Customer’s concerns cannot use reasonable efforts to make available a commercially reasonable change in the provision of the Relevant Services which avoids the use of that proposed Subprocessor.‌ Where no changes referenced in Sections 6.4(a) or 6.4(b) can be resolved made within the thirty (30) days from SentinelOne's day period following Bottomline’s receipt of Customer's notice’s notice of objections (the “Change Period”), notwithstanding anything in the Agreement, Customer may, either Party may by providing SentinelOne with a written notice to with immediate effectthe other, to be served within fourteen (14) days of the expiration of that Change Period, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable (either in whole or to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following the termination portion of the AgreementRelevant Services which requires the use of the proposed Subprocessor) with immediate effect. 5.2 6.5. If Customer (having not raised an objection to a new Subprocessor) uses the Relevant Services (or the relevant portion thereof) after the expiry of the fourteen (14) day period referred to in Section 6.4, Customer agrees that it shall be deemed to have approved the ongoing use of that Subprocessor. 6.6. With respect to each Subprocessor, SentinelOne Bottomline shall: 5.2.1 (a) before the Subprocessor first Processes Customer Personal DataData (or, as soon as reasonably practicable, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement;this Data Processing Addendum; and 5.2.2 (b) ensure that the arrangement between on Bottomline and the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same an equivalent level of protection for Customer Personal Data as those set out in this Data Processing Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timeincluding those set out in Section 5). 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 6.1. Customer authorises SentinelOne Bottomline to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 Section 6 and Bottomline acknowledges that it shall remain liable for any restrictions in the Agreement. SentinelOne shall make available acts or omissions of such Subprocessors with respect to Customer the current list their Processing of Subprocessors that are processing Customer Personal Data. 6.2. Bottomline may continue to use those Subprocessors already engaged by Bottomline as at the DPA Effective Date, attached as Annex 3such are shown in the Subprocessor List on such date as Processing Personal Data on Bottomline’s behalf in connection with the Relevant Services (a copy of which shall be provided to Customer on request). 6.3. SentinelOne Bottomline shall provide give Customer prior written notice of the appointment of any new Subprocessor, including reasonable details of the Processing to be undertaken by the SubprocessorSubprocessor by way of Bottomline providing Customer with an updated copy of the Subprocessor List via a ‘mailshot’ or similar mass distribution mechanism sent via email to Customer’s normal addressees for system updates. 6.4. If, If within thirty fourteen (3014) days of receipt of that noticenotice given to Customer pursuant to Section 6.3, Customer notifies SentinelOne Bottomline in writing of any objections to the proposed appointmentappointment of any new Subprocessor on reasonable grounds (e.g., and further provides commercially reasonable justifications to such objections based on valid concerns regarding such if a proposed Subprocessor’s business practices relating Processing of Customer Personal Data would cause Customer to data protectionviolate Data Protection Laws), then Bottomline shall either: (ia) SentinelOne shall work with Customer in good faith recommend a commercially reasonable change to address Customer’s objections regarding configuration or use of the new Relevant Services to avoid Processing of Customer Personal Data by the proposed Subprocessor objected to by Customer; and/or (b) use reasonable efforts to make available a commercially reasonable change in the provision of the Relevant Services which avoids the use of that proposed Subprocessor; and (ii. 6.5. Where no changes referenced in Sections 6.4(a) where or 6.4(b) can be made, or any such changes proposed by Bottomline are expressly rejected by the Customer’s concerns cannot be resolved , within the thirty (30) days from SentinelOne's day period following Bottomline’s receipt of Customer's notice’s notice of objections (the “Change Period”), notwithstanding anything in the Agreement, Customer may, either Party may by providing SentinelOne with a written notice to with immediate effectthe other, to be served within fourteen (14) days of the expiration of that Change Period, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable (either in whole or to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following the termination portion of the AgreementRelevant Services which requires the use of the proposed Subprocessor) with immediate effect. 5.2 6.6. If Customer (having not raised an objection to a new Subprocessor) uses the Relevant Services (or the relevant portion thereof) after the expiry of the fourteen (14) day period referred to in Section 6.4, Customer agrees that it shall be deemed to have approved the ongoing use of that Subprocessor. 6.7. With respect to each Subprocessor, SentinelOne Bottomline shall: 5.2.1 (a) before the Subprocessor first Processes Customer Personal DataData (or, as soon as reasonably practicable, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement;this Data Processing Addendum; and 5.2.2 (b) ensure that the arrangement between on Bottomline and the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same an equivalent level of protection for Customer Personal Data as those set out in this Data Processing Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timeincluding those set out in Section 5). 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.

Subprocessing. 5.1 6.1. Customer authorises SentinelOne authorizes Dubsado and each Dubsado Affiliate to appoint (and permit each Subprocessor Sub- processor appointed in accordance with this section 5 6 to appoint) Subprocessors Sub-processors in accordance with this section 5 6 and any restrictions in the Principal Agreement. 6.2. SentinelOne shall make available Dubsado and each Dubsado Affiliate may continue to Customer use those Sub-processors already engaged by Dubsado or any Dubsado Affiliate as at the current date of this Addendum, subject to Dubsado and each Dubsado Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3. Dubsado maintains a list of Subprocessors that are processing sub-processors on its Privacy Policy web page, located at http:// ▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇-▇▇▇▇/ 6.3.1 Customer Personal Datashall subscribe, attached as Annex 3. SentinelOne and if Customer subscribers, Dubsado shall provide Customer prior written notice of the appointment details of any new Subprocessor, including details of the Processing changes in Sub-processors at least fourteen (14) calendar days prior to be undertaken by the Subprocessor. If, any such change. 6.3.2 If within thirty seven (307) calendar days of receipt of that notice, Customer notifies SentinelOne Dubsado in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne : 6.3.2.1 Dubsado shall work with Customer in good faith to address Customer’s objections regarding make available a commercially reasonable change in the new Subprocessorprovision of the Services which avoids the use of that proposed Sub-processor with Customer Personal Data; and (ii) and 6.3.2.2 where Customer’s concerns such a change cannot be resolved made within thirty (30) 30 days from SentinelOne's Dubsado’s receipt of Customer's notice, notwithstanding anything in the Principal Agreement, Customer may, may by providing SentinelOne with a written notice to Dubsado with immediate effect, effect terminate the Principal Agreement and SentinelOne shall refund (without prejudice to any fees incurred by Customer all prepaid Fees for the Solutions attributable prior to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement.termination) 5.2 6.4. With respect to each SubprocessorSub-processor, SentinelOne Dubsado or the relevant Dubsado Affiliate shall: 5.2.1 6.4.1. before the Subprocessor Sub-processor first Processes Customer Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor Sub-processor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement; 5.2.2 6.4.2. ensure that the arrangement between on the one hand (a) SentinelOneDubsado, or (b) the relevant Dubsado Affiliate, or (c) the relevant intermediate SubprocessorSub-processor; and on the other hand, hand the SubprocessorSub-processor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR;; and 5.2.3 if 6.4.3. If that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneDubsado, or (b) the relevant intermediate Subprocessor; and on the other hand the SubprocessorDubsado Affiliate, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.or

Subprocessing. 5.1 Customer authorises SentinelOne 6.1 Each Controller Group Member authorizes Processor and each Processor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors (and sub- subprocessors with regards to Subprocessors) in accordance with this section 5 and 6 and, if applicable, any restrictions in the Agreement. SentinelOne shall make available . 6.2 Each Contracted Processor may continue to Customer the current list of Subprocessors use those Contracted Processors already engaged and that are processing Customer Personal Dataplanned to be engaged by the engaging Contracted Processor as at the date of this Addendum, attached as Annex 3. SentinelOne subject to Processor and each Processor Affiliate in each case meeting the obligations set out in section 6.4. 6.3 Processor shall provide Customer give Controller prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) 30 days of receipt of that notice, Customer notifies SentinelOne in writing of any objections Controller objects to the proposed appointment, neither Processor nor any Processor Affiliate shall appoint (or disclose any Controller Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Controller Group Member and further provides Controller has been provided with a reasonable written explanation of the steps taken. Processor will use reasonable efforts to make available to Controller a change in the Services or recommend a commercially reasonable justifications change to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Subprocessor; and (ii) where Subprocessor without unreasonably burdening Customer’s concerns cannot be resolved . If, within thirty (30) 60 days from SentinelOne's of receipt of Customer's the notice, notwithstanding anything in the AgreementProcessor is unable to make available such change, Customer may, the Controller may by providing SentinelOne with a written notice to with immediate effect, Processor terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) Services which require the use of the proposed Subprocessor. Processor will refund Customer any prepaid fees covering the remainder of the term of such terminated Agreement following the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on Controller. For the avoidance of doubt, Processor undertakes to fulfil the obligations as required by article 28(2) of the AgreementGDPR. 5.2 6.4 With respect to each Subprocessorrelevant Contracted Processor, SentinelOne Processor or the relevant Processor Affiliate shall (and shall procure that each Contracted Processor shall:): 5.2.1 6.4.1 before the Subprocessor relevant Contracted Processor first Processes Customer processes Controller Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor relevant Contracted Processor is capable of providing the level of protection for Customer Controller Personal Data required by the Agreement; 5.2.2 6.4.2 in accordance with Data Protection Laws, take reasonable steps to ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the two relevant intermediate Subprocessor; and on the other hand, the SubprocessorContracted Processors, is governed by a written contract including terms which offer at least the same level of protection for Customer Controller Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 subject to section 12 and as reasonably determined by the Processor with respect to which approach the relevant Contracted Processor should take in the relevant circumstance, if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOnehand and on behalf of the Controller and the Controller Affiliates, or (b) the Processor and the relevant intermediate SubprocessorContracted Processor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 6.4.4 upon written requests, provide to Customer Controller for review such copies of the relevant Contracted Processors' relevant data protection agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Controller may request from time to time. 5.3 SentinelOne shall 6.5 Processor and each Processor Affiliate shall, in accordance with Applicable Laws, take reasonable steps to ensure that each Subprocessor relevant Contracted Processor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Controller Personal Data carried out by that Subprocessorrelevant Contracted Processor, as if it were party to this Addendum in place of SentinelOneProcessor. 6.6 The Data Processor will list the approved Subprocessors at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/GDPR/Subprocessors-List. The Controller can, at any time, subscribe to be updated if and when the list is updated pursuant to and in accordance with this Addendum.

Subprocessing. 5.1 Customer 6.1 Each Company Group Member authorises SentinelOne Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 5 6 to appoint) Subprocessors in accordance with this section 5 6 and any restrictions in the Principal Agreement. SentinelOne . 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Vendor or any Vendor Affiliate as at the date of this Addendum, subject to Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 Vendor shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) days of receipt of that notice, Customer If Company notifies SentinelOne Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such : Neither Vendor nor any Vendor Affiliate shall appoint (nor disclose any Company Personal Data to) the proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work Subprocessor except with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt prior written consent of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the AgreementCompany. 5.2 6.4 With respect to each Subprocessor, SentinelOne Vendor or the relevant Vendor Affiliate shall: 5.2.1 6.4.1 before the Subprocessor first Processes Customer Company Personal DataData (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing can provide the level of protection for Customer Company Personal Data required by the Principal Agreement; 5.2.2 6.4.2 ensure that the arrangement between on the one hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this Addendum and meet the requirements of Article article 28(3) of the GDPR; 5.2.3 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand (a) SentinelOneVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 5.2.4 6.4.4 provide to Customer Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer Company may request from time to time. 5.3 SentinelOne 6.5 Vendor and each Vendor Affiliate shall ensure that each Subprocessor performs its the obligations under sections 2.1, 33.1, 4, 6.15, 7.27.1, 8 8.2, 9 and 10.111.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOneVendor.

Subprocessing. 5.1 6.1. Customer authorises SentinelOne Bottomline to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 Section 6 and Bottomline acknowledges that it shall remain liable for any restrictions in the Agreement. SentinelOne shall make available acts or omissions of such Subprocessors with respect to Customer the current list their Processing of Subprocessors that are processing Customer Personal Data. 6.2. Bottomline may continue to use those Subprocessors already engaged by Bottomline as at the DPA Effective Date, attached as Annex 3such are shown in the Subprocessor List on such date as Processing Personal Data on Bottomline’s behalf in connection with the Relevant Services (a copy of which shall be provided to Customer on request). 6.3. SentinelOne Bottomline shall provide give Customer prior written notice of the appointment of any new Subprocessor, including reasonable details of the Processing to be undertaken by the SubprocessorSubprocessor by way of Bottomline providing Customer with an updated copy of the Subprocessor List via a ‘mailshot’ or similar mass distribution mechanism sent via email to Customer’s normal addressees for system updates. 6.4. If, If within thirty fourteen (3014) days of receipt of that noticenotice given to Customer pursuant to Section 6.3, Customer notifies SentinelOne Bottomline in writing of any objections to the proposed appointmentappointment of any new Subprocessor on reasonable grounds (e.g., and further provides commercially reasonable justifications to such objections based on valid concerns regarding such if a proposed Subprocessor’s business practices relating Processing of Customer Personal Data would cause Customer to data protectionviolate Data Protection Laws), then Bottomline shall either: (ia) SentinelOne shall work with Customer in good faith recommend a commercially reasonable change to address Customer’s objections regarding configuration or use of the new Relevant Services to avoid Processing of Customer Personal Data by the proposed Subprocessor objected to by Customer; and/or (b) use reasonable efforts to make available a commercially reasonable change in the provision of the Relevant Services which avoids the use of that proposed Subprocessor; and (ii. 6.5. Where no changes referenced in Sections 6.4(a) where or 6.4(b) can be made, or any such changes proposed by Bottomline are expressly rejected by the Customer’s concerns cannot be resolved , within the thirty (30) days from SentinelOne's day period following Bottomline’s receipt of Customer's notice’s notice of objections (the “Change Period”), notwithstanding anything in the Agreement, Customer may, either Party may by providing SentinelOne with a written notice to with immediate effectthe other, to be served within fourteen (14) days of the expiration of that Change Period, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable (either in whole or to the Subscription Term (as outlined in extent that it relates to the applicable Purchase Order) following the termination portion of the AgreementRelevant Services which requires the use of the proposed Subprocessor) with immediate effect. 5.2 6.6. If Customer (having not raised an objection to a new Subprocessor) uses the Relevant Services (or the relevant portion thereof) after the expiry of the fourteen (14) day period referred to in Section 6.4, Customer agrees that it shall be deemed to have approved the ongoing use of that Subprocessor. 6.7. With respect to each Subprocessor, SentinelOne Bottomline shall: 5.2.1 (a) before the Subprocessor first Processes Customer Personal DataData (or, as soon as reasonably practicable, in accordance with Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement;this Data Processing Addendum; and 5.2.2 (b) ensure that the arrangement between on Bottomline and the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same an equivalent level of protection for Customer Personal as required by the Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the Customer. and 5.2.4 provide to Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to timeProtection Laws. 5.3 SentinelOne shall ensure that each Subprocessor performs its obligations under sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this Addendum in place of SentinelOne.