Compute Service Terms

LAST UPDATED: FEBRUARY 21, 2025

Provider and Customer are entering into a transaction on the CEX Exchange Platform whereby Customer has agreed to purchase, and Provider has agreed to provide, certain Compute Services for a set term and price, as reflected in a mutually agreed upon Order Form (a “Compute Service Transaction”). These Compute Service Terms (these “Terms”) govern the provision of such Compute Services by Provider and the use of such Compute Services by Customer. These Terms, together with the applicable Order Form, comprise a single legally binding contract between Customer and Provider (this “Agreement”) with respect to such Compute Service Transaction.

Provider and Customer may be referred to collectively as the “Parties” or individually as a “Party”. Any capitalized term not defined in this Agreement shall have the meaning ascribed to it in the Order Form or the CEX Exchange Platform Terms of Service. For the avoidance of doubt, CEX is not a party to this Agreement.

NOTICE ON PROHIBITED USE AND RESTRICTED PERSONS

THE COMPUTE SERVICES ARE NOT OFFERED TO AND MAY NOT BE USED BY: PERSONS OR ENTITIES WHO RESIDE IN, ARE CITIZENS OF, ARE LOCATED IN, ARE INCORPORATED IN, OR HAVE A REGISTERED OFFICE IN ANY RESTRICTED TERRITORY, AS DEFINED BELOW (EACH SUCH PERSON OR ENTITY FROM A RESTRICTED TERRITORY, A “RESTRICTED PERSON”).

BY USING THE COMPUTE SERVICES, YOU REPRESENT THAT YOU ARE NOT A RESTRICTED PERSON AND ARE NOT A PERSON OR ENTITY WHO IS RESIDENT IN, A CITIZEN OF, IS LOCATED IN, IS INCORPORATED IN, OR HAS A REGISTERED OFFICE IN ANY RESTRICTED TERRITORY, AS DEFINED BELOW.

1. AGREEMENT TO TERMS AND CONDITIONS.

This Agreement is effective, and you agree to be bound by the then-current terms of this Agreement, on the Order Form Effective Date specified on the applicable Order Form (“Effective Date”). The individual accepting the Bid on behalf of Customer (“You”) represents and warrants that You have the authority to accept this Agreement on Customer’s behalf and Customer has the authority to enter into the terms and conditions of this Agreement and fulfill the obligations herein.

2. DEFINITIONS.

1. 1. “Authorized Users” means employees or contractors authorized by Customer to use the Compute Services on its behalf.
   2. “Business Days” refers to any day on which commercial banks are open for conducting business in the United States. This typically includes, but is not limited to, Monday through Friday and excludes weekends (Saturday and Sunday) and national, statutory, public, or bank holidays. Any reference to days, unless specified as calendar days, will be assumed to be Business Days.
   3. “Customer” is a CEX Registered User that purchases Compute from another Registered User through the CEX Services.
   4. “Documentation” means the documentation relating to the Compute Services if and as provided by Provider to Customer (including any revised versions thereof), which may be updated from time to time upon notice to Customer.
   5. “Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), inventions, copyrights, trade secrets, know-how, data and database rights, mask work rights, and any other intellectual property rights recognized in any country or jurisdiction in the world.
   6. “Order Form” means an order form that sets forth the applicable Compute Services to be provided by Provider and purchased by Customer pursuant to this Agreement.
   7. “Provider” is a CEX Registered User who is granting a license to its Compute to another Registered User through the CEX Services.
   8. “Restricted Territories” means any country or jurisdiction to which the United States embargoes goods or imposes similar sanctions, which includes as of the date last updated Cuba, Iran, North Korea, Syria, Belarus, Russia, and the Crimea, Luhansk, Donetsk, Zaporizhzhia, and Kherson regions of Ukraine.
   9. “User(s)” means any person that accesses the Customer’s account.

3. DELIVERY AND ACCESS.

1. Agreement to Provide Compute Services. Provider agrees to provide Customer with the Compute Services described on the Order Form.
2. Delivery.
3. 1. Delivery. The standard delivery time of Compute (“Delivery”) is at 12:00 pm (Noon) Pacific Time on the Commencement Date listed on the Order Form; however, Provider will not be in breach of the Agreement as long as it delivers Compute to the Customer within two (2) Business Days after the Commencement Date.
   2. Late Delivery. If Delivery takes place after 12:30pm Pacific Time on the Commencement Date, then the purchase price will be adjusted as follows:
   3. 1. The Compute purchase price will be adjusted proportional to the number of hours the Delivery is delayed, rounded to the nearest whole hour.
      2. CEX will regenerate an updated Order Form reflecting the adjustments to the Commencement Date, term, and price. The Order Form will not be renegotiated between the Parties.
      3. The termination date of the contract will not be modified or extended due to late Delivery or re-provisioning by the Provider.
      4. Commission Payments to be paid by Provider to CEX will not be reduced due to delays to Delivery or re-provisioning. Provider will credit payments proportionally to the Customer’s account on CEX in amount equal to the number of hours Delivery is delayed. For example purposes only, if the Delivery occurs two (2) Business Days late, but a total of ninety-six (96) hours late on a thirty (30) day term, Provider will credit to Customer an amount equal to 96/720 = 13.3% of the total contract value.
3. API Usage and Keys. In order to access the Compute Services, Customer may be given an API Key & Secret (the “Authentication Keys”). The Authentication Keys constitute Provider’s Confidential Information. Customer is solely responsible for the security of the Authentication Keys, is required to take appropriate measures to safeguard the Authentication Keys and shall be responsible for any unauthorized access to the Authentication Keys or Customer’s account. Provider may revoke the Authentication Keys at any time, if it reasonably suspects violation of these security requirements, in its sole discretion.
4. Customer Technical Requirements. Customer will maintain the minimum technical requirements set forth in the Order Form and will promptly notify Provider of any changes. Customer will further maintain all network connection requirements needed for it to use the Compute Services, including maintaining secure internet connections and complying with all SSL protocol requirements.

4. LICENSE; RIGHTS AND RESPONSIBILITIES.

1. Compute Services. Subject to the terms and conditions of this Agreement, Provider hereby grants Customer a worldwide, non-exclusive, non-transferable, non-sublicensable license to access and use the Compute Services during the Term.
2. Use Restrictions. Customer will not and will not permit any person or entity (including, without limitation, Authorized Users) to, directly or indirectly: (i) copy, modify or create any derivative work of any portion of the Compute Services or the Documentation; (ii) reverse engineer, decompile, decode, or disassemble or otherwise attempt to derive or gain improper access to any software component of the Compute Services, in whole or in part; (iii) except as expressly allowed in Section 6 and 7 below, frame, mirror, sell, resell, market, sublicense, publish, distribute, reproduce, assign, transfer, rent, lease or loan any portion of the Compute Services to any other person or entity, or otherwise allow any person or entity to use the Compute Services for any purpose other than for the benefit of Customer in accordance with this Agreement; (iv) use the Compute Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Rights or other right of any person or entity, or that violates any applicable law; (v) interfere with, or disrupt the integrity or performance of, the Compute Services or any data or content contained in or transmitted by the Compute Services; or (vi) access or search the Compute Services (or download any data or content contained therein or transmitted thereby) through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers or any other similar data mining tools) other than software or Compute Services features provided by Provider for use expressly for such purposes.
3. Authorized Users. Customer may permit Authorized Users to use the Compute Services in accordance with the Documentation and the terms of this Agreement, provided that Customer is responsible for all acts or omissions by its Authorized Users in connection with their use of the Compute Services and their compliance with the terms and conditions of this Agreement, including, without limitation, with Customer’s obligations and the restrictions set forth in Sections 4(b) and (d). Customer will, and will require all Authorized Users to secure user names and passwords, hardware and software used to access the Compute Services in accordance with customary security protocols, verify the trustworthiness of users before providing Authorized Users with access, and will immediately notify Provider if Customer knows or reasonably suspects that any user name and/or password has been compromised.
4. Acceptable Use. Customer may not use or in the course of the use of the Compute Services: (i) to conduct load tests, penetration tests or similar activities without Provider’s prior written consent; (ii) for crypto-mining activities or other practices resulting in excessive resource utilization; (iii) to store or process sensitive data, including but not limited to government identification, payment information, children’s information or health data; (v) for benchmarking or similar competitive purposes; (v) to engage in a way that infringes, violates, dilutes or misappropriates the intellectual property or other rights of any third party; (vi) in violation of any law, statute, ordinance or regulation; or (vii) to engage in any offensive, indecent, inappropriate or objectionable conduct. Customer may access the Compute Services only through the interfaces and protocols provided or authorized by Provider.
5. Customer Materials. “Customer Materials” means information and materials provided or made accessible to Provider by or on behalf of Customer for the purpose of receiving or using the Compute Services, including personal data of consumers and other information collected through the Compute Services. Customer will: (i) provide Provider with the Customer Materials in the form and format requested by Provider, or as otherwise required to access and use the Compute Services; (ii) be responsible for all Customer Materials; (iii) ensure compliance with all laws, rules, and regulations applicable to its use of the Compute Services; and (iv) obtain all waivers, consents and other rights necessary for Provider to use the Customer Materials to provide the Compute Services to Customer. Customer will be responsible for its own data backup and preservation and maintaining the security of its Customer Materials.
6. Further Acts. Customer will provide information, make available personnel, and take other such actions as requested by Provider that is reasonably necessary for delivery of the Compute Services, including any applicable cloud service account information. Customer will also cooperate with Provider in establishing login and authentication control mechanisms or other procedures for verifying that only designated employees of Customer have access to the Compute Services. Customer acknowledges that failure to reasonably cooperate with Provider may result in additional fees due to Provider.
7. Third-Party Services. Certain features and functionalities within the Compute Services may allow Customer and its Authorized Users to interface or interact with, access and/or use compatible third-party services, products, technology and content (collectively, “Third-Party Services”). Provider does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Compute Services or Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto. Customer is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Customer to use the Third-Party Services in connection with the Compute Services. To the maximum extent permitted by applicable law, Provider does not provide any warranties, guaranties or indemnification regarding any Third-Party Services, whether or not such products or services are designated by Provider as “certified,” “validated” or otherwise. Provider does not have any responsibility or liability for any exchange of data or other interaction occurring directly between Customer or its Users and any provider of a Third-Party Service. If the availability of all or a portion of the Compute Services depends on the corresponding availability of Third-Party Services, Provider will not be liable to Customer if changes in Third-Party Services cause the unavailability of all or a portion of the Compute Services. However, Provider will use commercially reasonable efforts to update the Compute Services to ensure continued interoperation with Third-Party Services. Further, Customer acknowledges and agrees that if it gives a Third-Party Service access to its Provider account, Customer shall serve as the controller of such information and the provider of the Third-Party Service serves as the processor for purposes of those data laws and regulations that apply to Customer. In no case are such providers of Third-Party Services Provider’s subcontractors. Customer further acknowledges and agrees that (i) in order to use the Compute Services, it may be required to accept end user license agreements or other agreements directly with third party providers of software or services (e.g., EULAs for hardware drivers); and (ii) the software and services covered by such agreements are “Third Party Services” for purposes of this Agreement and are not included as part of the “Compute Services”.
8. Data Protection. Customer is solely responsible and liable for all activities that are affiliated or associated with its account, including without limitation: (i) the processing of all Customer Materials; (ii) any data processed by any Authorized User arising from or related to the Compute Services; (iii) and any data displayed, disclosed, generated, and/or published arising from or related to an Authorized User’s use of the Compute Services. To the extent that a Provider processes personal data, then each Party will comply with the Data Processing Addendum attached as Exhibit B, the terms of which are incorporated by reference.
9. Monitoring Use. Provider reserves the right, but has no obligation, to monitor the use of the Compute Services and Customer Materials and make modifications to the features and functionality of the Compute Services and documentation during the Term to (i) respond to any applicable law, regulation, legal process or governmental request; (ii) enforce this Agreement, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security or technical issues; (iv) respond to user support requests; or (v) protect the rights, property or safety of Provider, Provider’s users and the public. Provider may immediately suspend, throttle or terminate access to the Compute Services if (1) Provider reasonably believes that a user or Customer is in breach of this Agreement; (2) a user or Customer engages in excessive utilization of the Compute Services which affects, or could reasonably likely (in Provider’s opinion) affect, system availability or performance, (3) if Provider in good faith suspects that any third party has gained unauthorized access to the Compute Services using a credential issued by Provider to Customer or its Users, or (4) if Provider is requested by law, court order, or a regulatory or government body to suspend the Compute Services.
10. Usage of Analytical Data. Customer expressly grants Provider the right to process Customer Materials: (i) as necessary to provide the Compute Services (including by disclosing such Customer Materials to third parties that support the provision of the Compute Services); (ii) as otherwise expressly permitted by this Agreement; or (iii) as required by law, regulation, court order, subpoena, or governmental authority. Customer is responsible for obtaining all necessary rights and consents (including such rights and consents for all Users) for Provider to process covered user data for the purposes of providing the Compute Services and for meeting Provider’s obligations under this Agreement. In addition, Provider may use data concerning Customer’s or its Users’ use of the Compute Services in a de-identified, aggregated and/or anonymous manner (“Usage Information”), including but not limited to compiling statistical and performance information related to the operation of the Compute Services, determining usage trends, performing analytics, improving the Compute Services, promoting and marketing the effectiveness of the Compute Services, or for any other ordinary business purpose, provided that such uses shall relate to Provider’s obligations to provide the Compute Services to Customer and its Users. Customer agrees that Provider may make Usage Information publicly available, provided that (i) such information does not incorporate any Customer Materials and (ii) such use does not identify Customer or any Users either directly or indirectly. Provider retains all intellectual property rights in Usage Information. Provider shall have no obligation or liability in connection with any use of Customer Materials which is anonymized or otherwise de-personalized, unless, and to the extent, restricted by applicable law.

5. INTELLECTUAL PROPERTY RIGHTS.

1. 1. Provider. Subject to the licenses granted to Customer in Section 4(a), Provider (and its licensors, where applicable) retains ownership of, and all intellectual property rights relating to, the Compute Services, as may be modified from time to time pursuant to Section 15(d), and all data derived from the Compute Services excluding the Customer Materials and Compute Services Output (both as defined below).
   2. Customer. Customer has and retains ownership of the Customer Materials and any Compute Services Output, and any intellectual property rights therein. As used in this Agreement, “Compute Services Output” means all data, information and materials generated by the Compute Services solely based on the Customer Materials but excluding Usage Information and the Compute Services. Customer hereby grants Provider a non-exclusive, worldwide, sublicensable, royalty-free right and license to use, reproduce, copy, modify, distribute, publicly display, publicly perform, and transmit the Customer Materials during the Term, in connection with the operation and provision of the Compute Services.
   3. Feedback. Customer may provide Provider with suggestions, comments, feedback with regard to the Compute Services (collectively, “Feedback”). Customer hereby grants Provider irrevocably assigns to the Provider a perpetual, irrevocable, royalty-free and fully-paid up license to use and exploit and allow others to use and exploit all Feedback in connection with Provider’s business purposes, including, without limitation, the testing, development, maintenance and improvement of the Compute Services. For clarity, Feedback is not considered Confidential Information (as defined below).
   4. Open Source Software. Customer acknowledges and agrees that the Compute Services are provided with, or facilitated by, certain open source software. The use of such open source software is subject to the applicable open source license terms. By using the Compute Services, Customer agrees to comply with and be bound by these such terms, and acknowledges that the term “Compute Services” as used in this Agreement does not include such open source software.

6. TRANSFER OF COMPUTE SERVICES.

1. 1. Transfer of Compute Services. The Compute Services governed by this Agreement may be transferred only by Customer and only as follows: (i) after the Service Commencement Date; (ii) solely through the CEX Services to a CEX Registered User; and (iii) in the means, manner, and quantity permitted by the CEX Services at the time of proposed transfer, and subject to any conditions set forth in the applicable Order Form. Following the transfer of Compute Services to a subsequent customer (as effected through the CEX Services).
   2. Credits and Claims. If Customer is entitled to any Credit (as defined in Exhibit A) in connection with the SLA or any claims arising from or related to this Agreement, any such credits or claims will remain with the customer who was the Party to this Agreement at the time that the claims arose.
   3. Transfer Fees. The transfer of Compute Services is subject to fees as set forth on the CEX Fee Page.

7. FEES. In exchange for the Compute Services, Customer shall pay to Provider the fees set forth in the Order Form and the CEX Fee Page (“Fees”), subject to Provider’s payment of CEX fees. Provider will not charge Customer for any Fees not set forth in the Order Form, including charges for data ingress or egress. Customer is responsible for payment of Taxes on any Fees for Compute.

8. CONFIDENTIALITY. Neither Party will disclose any information to any third party that is marked as “confidential” or “proprietary” or should otherwise reasonably be considered to be confidential or proprietary (“Confidential Information”) without the express written consent of the other Party, other than (i) in confidence, to its employees or contractors as necessary with respect to this Agreement or (ii) pursuant to an order or requirement of a court, administrative agency or other governmental body (provided that the party receiving such Confidential Information provides reasonable written notice to the other Party to allow the other party to seek a protective order or otherwise contest the disclosure). In addition, neither Party will use any Confidential Information other than in the performance of obligations or exercise or enforcement of rights under this Agreement. Confidential Information excludes any information: (1) generally available to or known to the public absent breach of this Agreement, (2) previously known to the receiving party, (3) independently developed by the receiving party outside the scope of this Agreement, or (4) disclosed by a third party absent breach of its confidentiality obligations or applicable laws or regulations. The terms of this Section 8 will not limit Provider’s rights under this Agreement.

9. REPRESENTATIONS AND WARRANTIES; DISCLAIMER.

1. 1. Mutual Representations. Each Party represents and warrants to the other Party that: (i) it has full power and authority to enter into this Agreement; and (ii) the execution, delivery and performance of this Agreement by it have been duly authorized by all necessary actions and do not violate its organizational documents.
   2. Disclaimer. THE COMPUTE SERVICES ARE PROVIDED ON AN “AS IS” BASIS, AND PROVIDER MAKES NO WARRANTIES OR REPRESENTATIONS TO CUSTOMER OR TO ANY OTHER PARTY REGARDING THE COMPUTE SERVICES OR ANY OTHER SERVICES OR MATERIALS PROVIDED HEREUNDER.

10. TERM AND TERMINATION.

1. 1. Term. This Agreement shall commence on the Effective Date and will remain in effect as specified on the applicable Order Form (the “Term”) unless terminated as expressly permitted by this Agreement.
   2. Termination for Breach. Either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach. Further, Provider may immediately terminate this Agreement (i) for Customer’s breach of Sections 5(b) or 5(d) of this Agreement, (ii) if Provider determines that Customer is a Restricted Person or located in a Restricted Territory, or (iii) if providing the Compute Services to Customer would cause Provider to violate applicable law.
   3. Termination in the Event of Bankruptcy. Provider may at its sole discretion terminate this Agreement, or alternatively suspend the Compute Services, if (i) a receiver or administrator is appointed for Customer or its property; (ii) Customer makes a general assignment for the benefit of its creditors; (iii) Customer commences, or has commenced against it, proceedings under any bankruptcy, insolvency or debtor’s relief law which are not dismissed within sixty (60) Days; and (iv) Customer is liquidated or dissolved; (v) Customer ceases to do business or otherwise terminates its business operations.
   4. Suspension. Provider may immediately suspend Customer’s access to the Compute Services for suspected or actual violation of Sections 5(b) or 5(d)of this Agreement in its sole discretion. In addition, Provider may temporarily suspend access to the Compute Services during planned downtime for upgrades and maintenance, as further described in the SLA attached as Exhibit A. Provider shall not be liable to Customer, its Users, or any other third party for any such modification, suspension, termination or discontinuation of Customer’s rights to access and use the Compute Services, and Customer shall remain liable for the payment of all Fees.
   5. Survival. This Section 10(e) and Sections 1, 2, 4, 5, 6, 8, 9, 10(f), 11, 12, 13, 14, and 15 survive any termination or expiration of this Agreement.
   6. Effect of Termination. Upon expiration or termination of this Agreement: (i) the rights granted pursuant to Section 4(a) and Section 8 will terminate; and (ii) Customer will return or destroy, at Provider’s sole option, all Provider Confidential Information in its possession or control, including permanent removal of such Provider Confidential Information (consistent with customary industry practice for data destruction) from any storage devices or other hosting environments that are in Customer’s possession or under Customer’s control, and at Provider’s request, certify in writing to Provider that the Provider Confidential Information has been returned, destroyed or, in the case of electronic communications, deleted. No expiration or termination will affect Customer’s obligation to pay all Fees that may have become due or otherwise accrued through the effective date of expiration or termination, or entitle Customer to any refund.

11. LIMITATION OF LIABILITY.

1. Limitation of Liability. EXCEPT FOR (I) ANY INFRINGEMENT OR MISAPPROPRIATION BY ONE PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, (II) FRAUD OR WILLFUL MISCONDUCT BY EITHER PARTY, OR (III) BREACH OF CUSTOMER’S PAYMENT OBLIGATIONS, NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF INCOME, DATA, PROFITS, REVENUE OR BUSINESS INTERRUPTION, OR THE COST OF COVER OR SUBSTITUTE SERVICES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE PROVISION OF THE COMPUTE SERVICES, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED ON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WHETHER OR NOT SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
2. Total Liability. IN NO EVENT WILL THE TOTAL CUMULATIVE LIABILITY OF EITHER PARTY (“THE LIABLE PARTY”) TO THE OTHER PARTY ARISING FROM ALL CLAIMS UNDER OR RELATED TO THIS AGREEMENT, EXCEED THE FEES ACTUALLY PAID BY CUSTOMER TO PROVIDER IN THE SIX (6) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO THE APPLICABLE CLAIM MADE UNDER OR RELATED TO THIS AGREEMENT, LESS ALL AMOUNTS PAID BY THE LIABLE PARTY TO THE OTHER PARTY FOR ALL PAST CLAIMS OF ANY KIND MADE UNDER OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE LEGAL OR EQUITABLE THEORY ON WHICH THE CLAIM OR LIABILITY IS BASED, AND WHETHER OR NOT THE LIABLE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.

12. INDEMNIFICATION.

1. Indemnification by Provider. Subject to Section 12(b), Provider will defend Customer against any claim, suit or proceeding brought by a third-party (“Claims”) alleging that Customer’s use of the Compute Services infringes or misappropriates such third party’s Intellectual Property Rights, and will indemnify and hold harmless Customer against any damages and costs awarded against Customer or agreed in settlement by Provider (including reasonable attorneys’ fees) resulting from such Claim.
2. Exclusions. Provider’s obligations under Section 12(a) will not apply if the underlying Claim arises from or as a result of: (i) Customer’s breach of this Agreement, negligence, willful misconduct or fraud; (ii) any Customer Materials; (iii) Customer’s failure to use any enhancements, modifications, or updates to the Compute Services that have been provided by Provider; (iv) modifications to the Compute Services by anyone other than Provider; or (v) combinations of the Compute Services with software, data or materials not provided by Provider.
3. Indemnification by Customer. Customer will defend, indemnify and hold harmless Provider from and against any damages and liabilities (including court costs and reasonable attorneys’ fees) awarded in a final judgment against Provider, and amounts agreed to in settlement with respect to each of the foregoing, to the extent arising from a Claim against Provider that: (i) the Customer Materials or its use by Provider in accordance with this Agreement infringes, misappropriates or violates a third-party’s Intellectual Property Rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation; (ii) is based on Customer’s or an Authorized User’s use of the Compute Services or Documentation to the extent such use was not in accordance with this Agreement; (iii) is based on the manufacture, sale, distribution or marketing of any Customer’s products or services; or (iv) is based on a breach of Section 4(b) by Customer.

13. GOVERNING LAW AND FORUM CHOICE. This Agreement and any action related thereto will be governed by the Federal Arbitration Act, federal arbitration law, and the laws of the State of Delaware, without regard to its conflict of laws provisions. Except as otherwise expressly set forth in Section 14 “Dispute Resolution,” the exclusive jurisdiction for all disputes that the Parties are not required to arbitrate will be the state and federal courts located in the Santa Clara County, California, and the Parties each waive any objection to jurisdiction and venue in such courts.

14. DISPUTE RESOLUTION.

1. 1. Mandatory Arbitration of Disputes. All disputes under or relating to this Agreement shall be resolved by mandatory binding arbitration. The arbitration proceeding shall be administered by the American Arbitration Association (“AAA”) or such other administrator, as mutually agreed upon by the parties in writing. Arbitration shall be conducted in accordance with the AAA Commercial Arbitration Rules. If there is any inconsistency between the terms of this Agreement and any such rules, the terms and procedures of this Agreement shall control. A single arbitrator will resolve the dispute and shall be selected by mutual agreement of the parties. If the parties are unable to agree to an arbitrator, the AAA shall select and appoint the arbitrator. The arbitration shall be conducted in the county of the Customer’s principal place of business, and the parties irrevocably consent to such venue. All statutes of limitation applicable to any dispute shall apply to any arbitration proceeding. All discovery activities shall be expressly limited to matters directly relevant to the dispute being arbitrated and subject to limitation by the arbitrator to a level commensurate with the amount in controversy and complexity of the issues involved. Judgment upon any award rendered in arbitration may be entered in any court having jurisdiction.
   2. Arbitration Costs. Payment of all filing, administration and arbitrator fees will be governed by the AAA Rules, and Provider won’t seek to recover the administration and arbitrator fees Provider is responsible for paying, unless the arbitrator finds Customer’s dispute frivolous. If Provider prevails in arbitration, Provider will pay all of its attorneys’ fees and costs and won’t seek to recover them from Customer. If Customer prevails in arbitration, Customer will be entitled to an award of attorneys’ fees and expenses to the extent provided under applicable law.
   3. Class Action Waiver. THE PARTIES AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, if the Parties’ dispute is resolved through arbitration, the arbitrator may not consolidate another person’s claims with your claims, and may not otherwise preside over any form of a representative or class proceeding. If this specific provision is found to be unenforceable, then the entirety of this Dispute Resolution section shall be null and void.
   4. Severability. With the exception of any of the provisions in Section 14(c) of these Agreement (“Class Action Waiver”), if an arbitrator or court of competent jurisdiction decides that any part of these Agreement is invalid or unenforceable, the other parts of these Agreement will still apply.

15. GENERAL.

1. Entire Agreement. This Agreement, including its exhibits, is the complete and exclusive agreement between the Parties with respect to its subject matter and supersedes any and all prior or contemporaneous agreements, communications and understandings, both written and oral, with respect to its subject matter. This Agreement may be amended or modified only by a written document executed by duly authorized representatives of the Parties. Further, if CEX updates its Compute Service Terms such amendments will be deemed made to this Agreement if and as specified by CEX. For clarity, modifications to this Agreement will not retroactively apply to active Order Forms unless CEX specifies that modifications will become effective to then-current Order Forms if required to address compliance with applicable law or regulations.
2. Assignment. Neither Party may assign or transfer this Agreement, by operation of law or otherwise, without the other Party’s prior written consent. Any attempt to assign or transfer this Agreement without such consent will be void. Notwithstanding the foregoing: (i) Customer may transfer this Agreement as provided in Section 6(a) and (ii)Provider may assign or transfer this Agreement to a third party that succeeds to all or substantially all of Provider’s business and assets relating to the subject matter of this Agreement, whether by sale, merger, operation of law or otherwise. Subject to the foregoing, this Agreement is binding upon and will inure to the benefit of each of the Parties and their respective successors and permitted assigns.
3. Force Majeure. Neither Party will be liable in damages or have the right to terminate this Agreement for any delay or default in performing hereunder (except for failure to timely pay) if such delay or default is caused by conditions beyond its reasonable control including acts of God, epidemics and pandemics, third-party failures, government acts or restrictions, acts of terrorism, wars or insurrections, supply shortages, internet outages, and labor disputes.
4. Notices. The Parties agree to contract and communicate electronically. Accordingly, any notices or other communications provided under this Agreement will be given via the email included on the applicable Order Form. For notices made by email, the date of receipt will be deemed the date on which such notice is transmitted. Provider may provide all business and product-related communications (e.g., release notes for product updates, privacy policy updates, critical security updates, and information on critical bugs and outages) to Customer by email, posting on the Compute Services and/or other electronic means. Provider may rely and act on all information and instructions provided by Customer’s Users.
5. Relationship of the Parties. Nothing in this Agreement will be construed to create a partnership, joint venture or agency relationship between the Parties. Neither Party will have the power to bind the other or to incur obligations on the other’s behalf without such other Party’s prior written consent.
6. Waiver. Either Party’s failure to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. No waiver of any provision of this Agreement will be effective unless it is in writing and signed by the Party granting the waiver.
7. Severability. If any provision of this Agreement is held invalid, illegal or unenforceable, that provision will be enforced to the maximum extent permitted by law, given the fundamental intentions of the Parties, and the remaining provisions of this Agreement will remain in full force and effect.
8. Export Regulation. Without limitation, Customer will comply with all applicable export, sanctions and foreign corruption laws and regulations of the United States (“Trade Laws”) to ensure that the Compute Services are not: (i) exported or re-exported directly or indirectly in violation of Trade Laws; or (ii) used for any purposes prohibited by the Trade Laws. Customer shall also comply with all Office of Foreign Assets Control (“OFAC”) sanctions administered by the United States.
9. Anti-Corruption. Customer acknowledges and agrees that it has not received or been offered any illegal bribe, kickback, payment, gift or thing of value from any Provider employees, agent or representative in connection with this Agreement, other than reasonable gifts and entertainment provided in the ordinary course of business. Customer will promptly notify Provider if it offers or receives any such improper payment or transfer in connection with this Agreement.
10. U.S. Government End Users.
11. 1. Commercial Products. The Compute Services were developed solely at private expense and are “commercial products”, “commercial items”, or “commercial computer software” as defined in the Federal Acquisition Regulation 2.101 and other relevant government procurement regulations including agency supplements. Any use, duplication, or disclosure of the Compute Services by or on behalf of the U.S. government is subject to restrictions as set forth in this Agreement as consistent with federal law and regulations. If these terms fail to meet the U.S. Government’s needs or are inconsistent in any respect with federal law, Customer will immediately discontinue its use of the Compute Services.
    2. Data and Software Rights. Provider provides the Compute Services for federal government end use solely in accordance with the following: Government technical data and software rights related to the Compute Services include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If a U.S. government agency has a need for rights not conveyed under this Agreement, then it must negotiate with Provider to determine if there are acceptable terms for transferring such rights, and a mutually acceptable written addendum specifically conveying such rights must be included in any applicable contract or agreement.

EXHIBIT A

Service Level Agreement

In connection with the Compute Services, Provider will endeavor to provide Customer with necessary support and access to support personnel as described below.

1. Customer Support:

Provider will provide support to Customer to answer questions regarding the use of the Compute Services. Provider will use commercially reasonable efforts to diagnose problems and to create error corrections, fixes or workarounds with respect to errors in the Compute Services reported by Customer to Provider; provided that (i) Customer must provide all information reasonably requested by Provider, and (ii) Provider is able to reproduce the reported error based on the information that Customer provides to Provider.

1. Support Hours & Contacts: Provider will use commercially reasonable efforts to provide reasonable technical support to Customer via the contact information provided in the Order Form.
2. Severity Levels and Response Times:

1. Availability:

Provider shall use reasonable efforts to ensure that the Uptime SLA Percentage, exclusive of Scheduled Downtime and downtime caused by Outside Factors, measured on a daily basis, averages at least 99.5% (“Uptime SLA Percentage”). For the purpose of determining Uptime SLA Percentage, the following formula will be used: Uptime SLA Percentage = (Possible Available Uptime – Unscheduled Downtime) / (Possible Available Uptime) x 100%.

1. 1. Definitions:
   2. 1. “Outside Factors” means circumstances beyond Provider’s control, including: Customer modifications, Force Majeure events, general internet outages, failure of Customer’s software, infrastructure or connectivity, user error, computer or telecommunications failures and delays, delays or unavailability due to Provider or Customer third-party providers, and network intrusions or denial-of-service attacks.
      2. “Possible Available Uptime” means possible hours of Availability in the month (based on Standard Compute Services Availability Hours) minus any Scheduled Downtime and downtime caused by Outside Factors during the month.
      3. “Scheduled Downtime” means time scheduled by Provider from time to time as reasonably necessary for Compute Services maintenance, updating, or repair, with at least 1 week prior written notice by Provider, in each case not more than six (6) hours per week. For clarity, any downtime beyond six (6) hours per week will be considered Unscheduled Downtime for the purposes of this SLA.
      4. “Standard Compute Services Availability Hours” means every day, 24 hours per day, but not including Scheduled Downtime.
      5. “Unscheduled Downtime” means any time during Standard Compute Services Availability Hours when the Compute Services is not Available, other than Scheduled Downtime and downtime caused by Outside Factors.
   2. Credit: In the event that Provider fails to fulfill its Uptime SLA Percentage, Provider will provide Customer a credit for the percentage of the Compute purchased by Customer to Provider for the period of time for which the Customer has experienced Unscheduled Downtime as set forth below (“Credit”). Customer can redeem its Credit by entering into a future Transaction for compute services with Provider via the CEX Services. For the avoidance of doubt, Credit cannot be redeemed for a refund of Fees and Credits have no cash value. Provider’s failure to fulfill its Uptime SLA Percentage will not alter or extend the Term or Termination Date.

For illustrative purposes only, if Customer purchased sixty (60) days of Compute with certain minimum specifications and Provider’s Uptime SLA Percentage was 93.0%, Provider will provide Customer with a Credit for 15 days of Compute with the same minimum specifications, redeemable by Customer through the CEX Services.

c. Sole Remedy. Except in the event of a Chronic Service Level Failure, Provider’s provision of the Credits described above constitutes Provider’s sole liability and entire obligation, and Customer’s exclusive remedy, for any failure to comply with its obligations under this Exhibit A.

3. Chronic Service Level Failures

1. Chronic Service Level Failure: “Chronic Service Level Failure” means a failure to meet the agreed-upon Service Levels in the following manners:
2. 1. Service Availability: Service Availability falls below 90% in any given month.
   2. Repeated Failures: Provider fails to meet the response time for Critical or High-priority issues in three (3) consecutive months or in any four (4) months within a twelve 12) month period.
   3. Extended Downtime: Service Availability is less than 99% in three (3) consecutive months or in any four (4) months within a twelve (12) month period.
   4. Chronic Failures: Any combination of the above failures occurring in three (3) consecutive months or in any four (4) months within a twelve (12) month period.
2. In the event of a Chronic Service Level Failure, Customer: (a) will be entitled to a refund for all fees paid during the applicable period; (b) has the right to terminate the Agreement immediately upon written notice to Provider if it gives such notice within thirty (30) days of the occurrence of the last event constituting a Chronic Service Level Failure; and (c) may seek other remedies available to it under law or equity, subject to the other terms of this Agreement.

Exhibit B

Data Processing Addendum

This Data Processing Addendum (including its Attachments) (“Addendum”) forms part of and is subject to the terms and conditions of the Compute Service Agreement (the “Agreement”) by and between Customer and Provider.

1. Subject Matter and Duration.
2. • 1.1 Subject Matter. This Addendum reflects the Parties’ commitment to abide by Data Protection Laws concerning the Processing of Customer Personal Data in connection with Provider’s execution of the Agreement. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Agreement. If and to the extent language in this Addendum or any of its Attachments conflicts with the Agreement, this Addendum shall control.
   • 1.2. Duration and Survival. This Addendum will become legally binding upon the Effective Date. Provider will Process Customer Personal Data until the relationship terminates as specified in the Agreement.
2. Definitions. For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.
3. 1. 2.1 “Customer Personal Data” means Customer Materials that are Personal Data Processed by Provider on behalf of Customer.
   2. 2.2. “Data Protection Laws” means the applicable privacy and data protection laws, rules and regulations to which the Customer Personal Data are subject. “Data Protection Laws” may include, but are not limited to, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act) (“CCPA”); the EU General Data Protection Regulation 2016/679 (“GDPR”) and its respective national implementing legislations; the Swiss Federal Act on Data Protection; the United Kingdom General Data Protection Regulation; the United Kingdom Data Protection Act 2018; and the Virginia Consumer Data Protection Act (in each case, as amended, adopted, or superseded from time to time).
   3. 2.3. “Personal Data” has the meaning assigned to the term “personal data” or “personal information” under applicable Data Protection Laws.
   4. 2.4. “Process” or “Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
   5. 2.5. “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data attributable to Provider.
   6. 2.6. “Subprocessor(s)” means Provider’s authorized vendors and third-party service providers that Process Customer Personal Data.
3. Processing Terms for Customer Personal Data.
4. • 3.1. Documented Instructions. Provider shall Process Customer Personal Data to provide the Compute Services in accordance with the Agreement, this Addendum, any applicable Order Form, and any instructions agreed upon by the parties. Provider will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
   • 3.2. Authorization to Use Subprocessors. Customer hereby authorizes Provider to engage Subprocessors. Customer acknowledges that Subprocessors may further engage vendors.
   • 3.3. Subprocessor Compliance. Provider shall (i) enter into a written agreement with Subprocessors that imposes on such Subprocessors data protection requirements for Customer Personal Data that are consistent with this Addendum; and (ii) remain responsible to Customer for Provider’s Subprocessors’ failure to perform their obligations with respect to the Processing of Customer Personal Data.
   • 3.4. Right to Object to Subprocessors. Where required by Data Protection Laws, Provider will notify Customer via email prior to engaging any new Subprocessors that Process Customer Personal Data and allow Customer ten (10) days to object. If Customer has legitimate objections to the appointment of any new Subprocessor, the Parties will work together in good faith to resolve the grounds for the objection.
   • 3.5. Confidentiality. Any person authorized to Process Customer Personal Data must be subject to a duty of confidentiality, contractually agree to maintain the confidentiality of such information, or be under an appropriate statutory obligation of confidentiality.
   • 3.6. Personal Data Inquiries and Requests. Where required by Data Protection Laws, Provider agrees to provide reasonable assistance and comply with reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws. If a request that explicitly references and solely relates to Customer is sent directly to Provider, Provider may instruct the individual to contact Customer.
   • 3.7. Data Protection Assessment, Data Protection Impact Assessment, and Prior Consultation. Where required by Data Protection Laws, Provider agrees to provide reasonable assistance and information to Customer where, in Customer’s judgement, the type of Processing performed by Provider requires a data protection assessment, data protection impact assessment, and/or prior consultation with the relevant data protection authorities.
   • 3.8. Demonstrable Compliance. Provider agrees to provide information reasonably necessary to demonstrate compliance with this Addendum upon Customer’s reasonable request.
   • 3.9. California Specific Terms. To the extent that Provider’s Processing of Customer Personal Data is subject to the CCPA, this Section shall also apply. Customer discloses or otherwise makes available Customer Personal Data to Provider for the limited and specific purpose of Provider providing the Compute Services to Customer in accordance with the Agreement and this Addendum. Provider shall: (i) comply with its applicable obligations under the CCPA; (ii) provide the same level of protection as required under the CCPA; (iii) notify Customer if it can no longer meet its obligations under the CCPA; (iv) not “sell” or “share” (as such terms are defined by the CCPA) Customer Personal Data; (v) not retain, use, or disclose Customer Personal Data for any purpose (including any commercial purpose) other than to provide the Compute Services under the Agreement or as otherwise permitted under the CCPA; (vi) not retain, use, or disclose Customer Personal Data outside of the direct business relationship between Customer and Provider; and (vii) unless otherwise permitted by the CCPA, not combine Customer Personal Data with Personal Data that Provider (a) receives from, or on behalf of, another person, or (b) collects from its own, independent consumer interaction. Customer may: (1) take reasonable and appropriate steps agreed upon by the parties to help ensure that Provider Processes Customer Personal Data in a manner consistent with Customer’s CCPA obligations; and (2) upon notice, take reasonable and appropriate steps agreed upon by the parties to stop and remediate unauthorized Processing of Customer Personal Data by Provider.
4. Information Security Program. Provider shall implement and maintain reasonable administrative, technical, and physical safeguards designed to protect Customer Personal Data.
5. Security Incidents. Upon becoming aware of a Security Incident, Provider agrees to provide written notice without undue delay to Customer. Where possible, such notice will include all available details required under Data Protection Laws for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
6. Cross-Border Transfers of Customer Personal Data.
7. • 6.1. Cross-Border Transfers of Customer Personal Data. Customer authorizes Provider and its Subprocessors to transfer Customer Personal Data across international borders, including from the European Economic Area, Switzerland, and/or the United Kingdom to the United States.
   • 6.2. EEA, Swiss, and UK Standard Contractual Clauses. If Customer Personal Data originating in the European Economic Area, Switzerland, and/or the United Kingdom is transferred by Customer to Provider in a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws, the parties agree that the transfer shall be governed by Module Two’s obligations in the Annex to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Standard Contractual Clauses”) as supplemented by Attachment A attached hereto, the terms of which are incorporated herein by reference. Each Party’s execution of the Agreement shall be considered a signature to the Standard Contractual Clauses to the extent that the Standard Contractual Clauses apply hereunder.
7. Audits and Assessments. Where Data Protection Laws afford Customer an audit or assessment right, Customer (or its appointed representative) may carry out an audit or assessment of Provider’s policies, procedures, and records relevant to the Processing of Customer Personal Data. Any audit or assessment must be: (i) conducted during Provider’s regular business hours; (ii) with reasonable advance notice to Provider; (iii) carried out in a manner that prevents unnecessary disruption to Provider’s operations; and (iv) subject to reasonable confidentiality procedures. In addition, any audit or assessment shall be limited to once per year, unless an audit or assessment is carried out at the direction of a government authority having proper jurisdiction.
8. Return or Deletion of Customer Personal Data. At the expiry or termination of the Agreement, Provider will delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with Provider’s data retention schedule), except where Provider is required to retain copies under applicable laws, in which case Provider will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.
9. Processing Details.
10. • 9.1. Subject Matter. The subject matter of the Processing is the Compute Services pursuant to the Agreement.
    • 9.2. Duration. The Processing will continue until the expiration or termination of the Agreement.
    • 9.3. Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Agreement.
    • 9.4. Nature and Purpose of the Processing. The purpose of the Processing of Customer Personal Data by Provider is the performance of the Compute Services.
    • 9.5. Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Agreement.

ATTACHMENT A TO THE DATA PROCESSING ADDENDUM

This Attachment A forms part of the Addendum and supplements the Standard Contractual Clauses. Capitalized terms not defined in this Attachment A have the meaning set forth in the Addendum.

The Parties agree that the following terms shall supplement the Standard Contractual Clauses:

1. Supplemental Terms. The Parties agree that: (i) a new Clause 1(e) is added the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses also apply mutatis mutandis to the Parties’ processing of personal data that is subject to the Swiss Federal Act on Data Protection. Where applicable, references to EU Member State law or EU supervisory authorities shall be modified to include the appropriate reference under Swiss law as it relates to transfers of personal data that are subject to the Swiss Federal Act on Data Protection.”; (ii) a new Clause 1(f) is added to the Standard Contractual Clauses which shall read: “To the extent applicable hereunder, these Clauses, as supplemented by Annex III, also apply mutatis mutandis to the Parties’ processing of personal data that is subject to UK Data Protection Laws (as defined in Annex III).”; (iii) the optional text in Clause 7 is deleted; (iv) Option 1 in Clause 9 is struck and Option 2 is kept, and data importer must notify data exporter of any new subprocessors in accordance with Section 3.4 of the Addendum; (v) the optional text in Clause 11 is deleted; and (vi) in Clauses 17 and 18, the governing law and the competent courts are those of Ireland (for EEA transfers), Switzerland (for Swiss transfers), or England and Wales (for UK transfers).

2. Annex I. Annex I to the Standard Contractual Clauses shall read as follows:

A. List of Parties

Data Exporter: Customer.

Address: As set forth in the Notices section of the Agreement.

Contact person’s name, position, and contact details: As set forth in the Notices section of the Agreement.

Activities relevant to the data transferred under these Clauses: The Compute Services.

Role: Controller.

Data Importer: Provider.

Address: As set forth in the Notices section of the Agreement.

Contact person’s name, position, and contact details: As set forth in the Notices section of the Agreement.

Activities relevant to the data transferred under these Clauses: The Compute Services.

Role: Processor.

B. Description of the Transfer:

Categories of data subjects whose personal data is transferred: The categories of data subjects whose personal data is transferred under the Clauses.

Categories of personal data transferred: The categories of personal data transferred under the Clauses.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: To the Parties’ knowledge, no sensitive data is transferred.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Personal data is transferred in accordance with the standard functionality of the Compute Services, or as otherwise agreed upon by the Parties.

Nature of the processing: The Compute Services.

Purpose(s) of the data transfer and further processing: The Compute Services.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Data importer will retain personal data in accordance with the Addendum.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: For the subject matter, nature, and duration as identified above.

C. Competent Supervisory Authority: The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the Parties consistent with the conditions set forth in Clause 13.

3. Annex II. Annex II of the Standard Contractual Clauses shall read as follows:

Data importer shall implement and maintain technical and organisational measures designed to protect personal data in accordance with the Addendum.

Pursuant to Clause 10(b), data importer will provide data exporter assistance with data subject requests in accordance with the Addendum.

4. Annex III. A new Annex III shall be added to the Standard Contractual Clauses and shall read as follows:

The UK Information Commissioner’s Office International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (“UK Addendum”) is incorporated herein by reference.

Table 1: The start date in Table 1 is the effective date of the Addendum. All other information required by Table 1 is set forth in Annex I, Section A of the Clauses.

Table 2: The UK Addendum forms part of the version of the Approved EU SCCs which this UK Addendum is appended to including the Appendix Information, effective as of the effective date of the Addendum.

Table 3: The information required by Table 3 is set forth in Annex I and II to the Clauses.

Table 4: The Parties agree that Importer may end the UK Addendum as set out in Section 19.