Data Processing Agreement

Effective date: April 8, 2024

This Data Processing Agreement (the “Agreement”) is entered into by and between the Client, as specified in the applicable Service Order or Account (the “Controller”), and the entity defined as “CoSupport” in the Terms of Services (the “Processor”). The specific legal entity acting as Processor shall be the one identified in the applicable Service Order or agreement.

This Agreement is a part of Terms of Services (as defined below). Capitalized terms used but not defined in this Agreement have the meaning given to them in the Terms of Services.

This Agreement applies where and only to the extent that the Processor processes Personal Data on behalf of the Controller in the course of providing the Services and such Personal Data (as defined below) is subject to Applicable Data Protection Laws (as defined below) of the appropriate jurisdiction, including the State of California, the European Union, the European Economic Area and/or its member states, Switzerland and/or the United Kingdom. The Parties agree to comply with the terms and conditions in this Agreement in connection with such Personal Data.

1. DEFINITIONS

Unless defined in the Terms of Services, all capitalized terms used in this Agreement shall have the meanings given them below:

1.1. Applicable Data Protection Law means any applicable privacy and data protection laws and regulations. With respect to Personal Data from Europe, “Applicable Data Protection Law” shall include, but not be limited to General Data Protection Regulation (Regulation (EU) 2016/679) laws and binding regulations of the European Union, European Economic Area (“EEA”) and/or their member states, and/or Switzerland and/or the United Kingdom, applicable to the Processing of Personal Data under this Agreement. With respect to Personal Data from California residents, “Applicable Data Protection Law” shall include, but not be limited to the California Consumer Privacy Act of 2018 (“CCPA”).

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8 – Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

15. LIST OF EXHIBITS

Exhibit A: Standard Contractual Clauses

Exhibit B: UK Addendum to the EU Standard Contractual Clauses