Common use of Special Categories of Personal Data Clause in Contracts

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxxxx Xxxxxxx Title: Chief Technology Officer - SharpSpring Address: 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx 00000 Signature: 5/16/2018 Date: Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxxxx Xxxxxxx Title: Chief Technology Officer - SharpSpring Address: 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx 00000 Signature: 5/16/2018

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: Email Address: On behalf of Service Provider: Name: Xxxxxx Xxxxxxx Xxxxx Title: Chief Technology Financial Officer - SharpSpring Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxx Xxx Xxxxx 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx 00000 Signature: 5/16/2018 Date: Feb-12-2020 Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxxxx Xxxxxxx Xxxxx Title: Chief Technology Financial Officer - SharpSpring Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxxx Xxx Xxxxx 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx 00000 Signature: 5/16/2018Email Address: Date:

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: Email Address: On behalf of Service Provider: Name: Xxxxxx Xxxxxxx Xxxx Xxxxxxxx Title: Chief Technology Financial Officer - SharpSpring Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxx Xxx Xxxxx 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx 00000 Signature: 5/16/2018 Date: 5/14/2019 Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxxxx Xxxxxxx Xxxx Xxxxxxxx Title: Chief Technology Financial Officer - SharpSpring Address: SharpSpring 0000 Xxxxxxxxxxx Xxxxxx Xxx Xxxxx 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx 00000 Signature: 5/16/2018Email Address: Date:

Special Categories of Personal Data. (if appropriate) The Processing concerns the following special categories of Personal data: None. Categories of Data Subjects The Personal Data transferred concern the following categories of Data Subjects: Visitors of Customer’s website. Country of Processing United States Customer’s instructions with respect to the Processing All activities necessary to provide information about potential leads to the extent permitted by Applicable Law. List of Subprocessors Used by Service Provider xxxxx://xxxxxxxxxxx.xxx/legal/subprocessors On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxxxx Xxxxx Xxxxxxx Title: Chief Technology Financial Officer - SharpSpring Address: 0000 Xxxxxxxxxxx Xxxxxx Xxx., Xxxxx 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx XX 00000 Signature: 5/16/2018 Date: May 17, 2021 Email Address: Schedule 2 This Schedule forms part of this GDPR Addendum and must be completed and signed by the parties Description of the Technical and Organizational Security Measures implemented by Service Provider: Data at Rest is protected by both disk encryption and application encryption. The database platform stores the data encrypted via SHA256 on top of which the physical disk arrays, which host the data, use a cipher of AES256 to store the data encrypted at rest. Organizational policies which classify and emphasize the need to protect customer data have been implemented according to conventional auditing standards. Security Policies such as Least Privilege, Segregation of Duties and Information Classification policies have been implemented which limit the access and availability of customer data to essential personnel only. A robust data retention and restore framework has been implemented and undergoes regularly scheduled internal review, auditing and testing to verify customer data integrity and security. On behalf of Customer: Name: Title: Address: Signature: Date: On behalf of Service Provider: Name: Xxxxxx Xxxxx Xxxxxxx Title: Chief Technology Financial Officer - SharpSpring Address: 0000 Xxxxxxxxxxx Xxxxxx Xxx., Xxxxx 000 XX 0xx Xxx Xxxxxxxxxxx, Xxxxxxx XX 00000 Signature: 5/16/2018Date: May 17, 2021 Email Address: Signature Certificate Document Ref.: UUUGD-QNN6U-2RQKS-ZDDEO Document signed by: Document completed by all parties on: 17 May 2021 16:22:09 UTC Signed with XxxxxXxx.xxx PandaDoc is the document platform that boosts your company's revenue by accelerating the way it transacts.