Common use of DESCRIPTION OF PROCESSING AND TRANSFERS Clause in Contracts

DESCRIPTION OF PROCESSING AND TRANSFERS. Categories of data subjects: Employees, agents, advisors, consultants, and contractors of the Controller (who are natural persons). Users, Affiliates and other participants or persons authorized by the Controller to access or use the Services in accordance with the terms of the Agreement. Prospects, customers, clients, contacts, associates and vendors of the Controller (who are natural persons) and individuals with whom those end users communicate with by email and/or other messaging media. Employees or contact persons of Controller’s prospects, customers, clients, business associates and vendors. Suppliers, vendors and service providers of the Controller. Other individuals to the extent identifiable in the context of emails of their attachments or in archiving content. Categories of Personal Data: The Controller submits Personal Data to the Services, the nature and extent of which is determined and managed by the Controller. The Personal Data may include but is not limited to: ● Names, titles, contact details, phone numbers, and email addresses of users of the Services. ● Unique identifiers such as username, account number or password. ● Personal Data derived from a user’s use of the Services such as records and business intelligence information. ● Personal Data within emails and messaging content which identifies or may reasonably be used to identify data subjects. ● Meta data including sent, to, from, date, time, subject, which may include Personal Data. ● Data concerning business affiliations, titles, positions, social media, and profession. ● File attachments that may contain Personal Data. ● Survey, feedback and assessment messages. ● Information offered by users as part of support enquiries or for Customer service. ● Other data added by the Controller from time to time Sensitive Data: No sensitive data will be processed or transferred and shall not be contained in the content of or attachments to, emails. Controller agrees that it shall not transfer, supply, or upload any sensitive data or special categories of data to the Services. Frequency of the Processing and Transfer (whether Customer Data is transferred on a one-off or continuous basis): When Controller is using the Services, the processing is on a continuous basis for the duration of the Agreement. Nature of the Processing: • Personal Data will be processed to the extent necessary to provide the Services in accordance with the Agreement and the Controller’s instructions. • Processing operations include but are not limited to parsing of emails that Controller links and/or uploads to the Services. These operations relate to all aspects of Personal Data processed. • Technical support, problem diagnosis and error correction to ensure the proper operation of the Services and to identify, analyze, and resolve technical issues generally in the provision of the Services and specifically in answer to a controller query. This operation may relate to all aspects of Personal Data processed but will be limited to metadata where possible. • Virus, anti-spam, malware, and security operations in accordance with the Services provided and Agreement. • URL scanning for the purposes of providing targeted threat protection and similar activities. This operation relates to attachments and links in emails and relates to any personal data within those attachments or links which could include all categories of Personal Data. Purpose(s) of the Data Transfer and further processing: The Controller transfers email data so that it can be processed or “parsed” in ways that enable the Controller to gain business information and insights. Upon receipt by the Services or Software, some Personal Data may be transferred to Sub-Processors that provide services to the Processor as part of the Services provided by the Processor to the Controller. Period for which the Personal Data will be retained: As specified in the Agreement, subject to Section 14 of the DPA. For Transfers to Sub-Processors, specify subject matter, nature and duration of the processing: The Sub-Processor list (Exhibit C, Annex III) specifies the Personal Data processed by each Sub-Processor and the services provided by each Sub-processor. ■ The Services are hosted by Amazon Web Services (AWS). The AWS hosting is continuous and sub-processing occurs for so long as the Services account is active. This sub-processing is therefore continuous. ■ Email addresses only are sub-processed for the Services by Clearout for purposes of verifying that the email address is valid. This verification consists of a single query and is not continuous with the Services.

DESCRIPTION OF PROCESSING AND TRANSFERS. Categories of data subjectsData Subjects: Employees, agents, advisors, consultants, and contractors freelancers of the Controller (who are natural persons). Users, Affiliates and other participants or persons authorized authorised by the Controller to access or use the Services Service in accordance with the terms of the Agreement. Prospects, customers, clients, contacts, associates and vendors Clients of the Controller (who are natural persons) and individuals with whom those end users communicate with by email and/or other messaging media. Employees or contact persons of Controller’s prospects, customers, clients, business associates and vendors. Suppliers, vendors and service providers of the Controller. Other individuals to the extent identifiable in the context of emails of their attachments or in archiving content. Categories of Personal Data: The Controller submits may submit Personal Data to the ServicesService, the nature and extent of which is determined and managed controlled by the Controller. The Personal Data may include includes but is not limited to: ● Names, titles, contact • Personal details, phone numbersfirst name and surname, email addresses, telephone number and email addresses company name of users of the ServicesService. ● • Unique identifiers such as username, account number or password. ● • Personal Data derived from a user’s use of the Services Service such as records and business intelligence information. ● • Personal Data within emails email and messaging content which identifies or may reasonably be used to identify data subjectsindividuals. ● • Meta data including sent, to, from, date, time, subject, which may include Personal Data. ● Data concerning business affiliations, titles, positions, social media, and profession• Geolocation based upon IP address. ● • Financial data required for invoicing. • Consumption data. • File attachments that may contain Personal Data. ● • Survey, feedback and assessment messages. ● • Information offered by users of the Service as part of support enquiries or for Customer serviceenquiries. ● • Other data added by the Controller from time to time time. Sensitive Data: No sensitive data will be processed or transferred and shall not be contained in the content of or attachments to, emails. Controller agrees that it shall not transfer, supply, or upload any sensitive data or special categories of data to the Services. Frequency The frequency of the Processing processing and Transfer transfer (e.g. whether Customer Data the data is transferred on a one-off or continuous basis): When Controller is using the Services, the processing is on a continuous Continuous basis for the duration of the Agreement. Nature of the Processingprocessing: • Personal Data will be processed to the extent necessary to provide the Services in accordance with the Agreement and the Controller’s instructions. • Processing operations include but are not limited to parsing of emails that Controller links and/or uploads to the Services. These operations relate to all aspects of Personal Data processed. to: • Technical support, problem diagnosis and error correction to ensure the proper operation of the Services and to identify, analyze, and resolve technical issues generally in the provision of the Services and specifically in answer to a controller query. This operation may relate to all aspects of Personal Data processed but will be limited to metadata where possible. • Virus, anti-spam, malware, and security operations in accordance with the Services provided and Agreement. • URL scanning obtaining users suggestions for the purposes of providing targeted threat protection and similar activities. This operation relates to attachments and links in emails and relates to any personal data within those attachments or links which could include all categories of Personal Dataimproving Customers’ products. Purpose(s) of the Data Transfer data transfer and further processing: The Controller transfers email data so that it can be processed or “parsed” in ways that enable the Controller to gain business information and insights. Upon receipt by the Services or Software, some Personal Data may be is transferred to Subsub-Processors that contractors who need to process some of the Personal Data in order to provide their services to the Processor as part of the Services Service provided by the Processor to the Controller. Period The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period: As specified Unless agreed otherwise in writing, for the duration of the Agreement, subject to Section clause 14 of the DPA. For Transfers transfers to Sub-Processors(Sub-) processors, also specify subject matter, nature and duration of the processing: The Sub-Processor processor list (Exhibit C, Annex III) specifies published at: ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/gdpr/subprocessors/ sets out the Personal Data processed by each Sub-Processor processor and the services provided by each Sub-processor. ■ The Services are hosted by Amazon Web Services (AWS). The AWS hosting is continuous and sub-processing occurs for so long as the Services account is active. This sub-processing is therefore continuous. ■ Email addresses only are sub-processed for the Services by Clearout for purposes of verifying that the email address is valid. This verification consists of a single query and is not continuous with the Services.

DESCRIPTION OF PROCESSING AND TRANSFERS. Categories of data subjects: Employees, agents, advisors, consultants, and contractors of the Controller (who are natural persons). Users, Affiliates and other participants or persons authorized by the Controller to access or use the Services in accordance with the terms of the Agreement. Prospects, customers, clients, contacts, associates and vendors of the Controller (who are natural persons) and individuals with whom those end users communicate with by email and/or other messaging media. Employees or contact persons of Controller’s prospects, customers, clients, business associates and vendors. Suppliers, vendors and service providers of the Controller. Other individuals to the extent identifiable in the context of emails of their attachments or in archiving content. Categories of Personal Data: The Controller submits Personal Data to the Services, the nature and extent of which is determined and managed by the Controller. The Personal Data may include but is not limited to: ● Names, titles, contact details, phone numbers, and email addresses of users of the Services. ● Unique identifiers such as username, account number or password. ● Personal Data derived from a user’s use of the Services such as records and business intelligence information. ● Personal Data within emails and messaging content which identifies or may reasonably be used to identify identify, data subjects. ● Meta data including sent, to, from, date, time, subject, which may include Personal Data. ● Data concerning business affiliations, titles, positions, social media, and profession. ● File attachments that may contain Personal Data. ● Survey, feedback and assessment messages. ● Information offered by users as part of support enquiries or for Customer service. ● Other data added by the Controller from time to time Sensitive Data: No sensitive data will be processed or transferred and The Controller shall not be contained in the content of or attachments to, emails. Controller agrees that it shall not transfer, supply, or upload comply with its obligations with respect to any sensitive data that it transfers to the Services for processing. The Processor does not monitor, surveil, or special categories review Parsed Data, including any sensitive data contained therein. The Processor will review Parsed Data only at Controller's request for purposes of Customer support/service, and the Controller agrees not to share or disclose any sensitive data to the ServicesProcessor for purposes of obtaining such support/service. Frequency of the Processing and Transfer (whether Customer Data is transferred on a one-off or continuous basis): When Controller is using the Services, the processing is on a continuous basis for the duration of the Agreement. Nature of the Processing: • Personal Data will be processed to the extent necessary to provide the Services in accordance with the Agreement and the Controller’s instructions. • Processing operations include but are not limited to parsing of emails that Controller links and/or uploads to the Services. These operations relate to all aspects of Personal Data processed. • Technical support, problem diagnosis and error correction to ensure the proper operation of the Services and to identify, analyze, and resolve technical issues generally in the provision of the Services and specifically in answer to a controller query. This operation may relate to all aspects of Personal Data processed but will be limited to metadata where possible. • Virus, anti-spam, malware, and security operations in accordance with the Services provided and Agreement. • URL scanning for the purposes of providing targeted threat protection and similar activities. This operation relates to attachments and links in emails and relates to any personal data within those attachments or links which could include all categories of Personal Data. Purpose(s) of the Data Transfer and further processing: The Controller transfers email data so that it can be processed or “parsed” in ways that enable the Controller to gain business information and insights. Upon receipt by the Services or Software, some Personal Data may be transferred to Sub-Processors that provide services to the Processor as part of the Services provided by the Processor to the Controller. Period for which the Personal Data will be retained: As specified in the Agreement, subject to Section 14 of the DPA. For Transfers to Sub-Processors, specify subject matter, nature and duration of the processing: The Sub-Processor list (Exhibit C, Annex III) specifies the Personal Data processed by each Sub-Processor and the services provided by each Sub-processor. ■ The Services are hosted by Amazon Web Services (AWS). The AWS hosting is continuous and sub-processing occurs for so long as the Services account is active. This sub-processing is therefore continuous. ■ Email addresses only are sub-processed for the Services by Clearout for purposes of verifying that the email address is valid. This verification consists of a single query and is not continuous with the Services.