Common use of Special Categories of Personal Data Clause in Contracts

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: Email Address: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Title: Chief Financial Officer Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxx Xxx Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx 00000 Signature: Date: 5/14/2019 Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Title: Chief Financial Officer Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxxx Xxx Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx 00000 Signature: Email Address: Date:

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: Email Address: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Xxxxxxx Xxxxx Title: Chief Financial Officer Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxx Xxx Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx 00000 Signature: Date: 5/14/2019 Feb-12-2020 Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Xxxxxxx Xxxxx Title: Chief Financial Officer Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxxx Xxx Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx 00000 Signature: Email Address: Date:

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: Email Address: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Xxxxx Xxxxxxx Title: Chief Financial Officer Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxx Xxx Xxxxxx Xxx., Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx XX 00000 Signature: Date: 5/14/2019 May 17, 2021 Email Address: Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Xxxxx Xxxxxxx Title: Chief Financial Officer Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxxx Xxx Xxx., Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx XX 00000 Signature: Date: May 17, 2021 Email Address: Date:Signature Certificate Document Ref.: UUUGD-QNN6U-2RQKS-ZDDEO Document signed by: Document completed by all parties on: 17 May 2021 16:22:09 UTC Signed with XxxxxXxx.xxx PandaDoc is the document platform that boosts your company's revenue by accelerating the way it transacts.

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: Email Address: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Xxxxxx Xxxxxxx Title: Chief Financial Technology Officer - SharpSpring Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxx 000 XX 0xx Xxx Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx 00000 Signature: 5/16/2018 Date: 5/14/2019 Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxx Xxxxxxxx Xxxxxx Xxxxxxx Title: Chief Financial Technology Officer - SharpSpring Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxxx 000 XX 0xx Xxx Xxxxx 000 Xxxxxxxxxxx, Xxxxxxx 00000 Signature: Email Address: Date:5/16/2018