Applicable Data Protection Laws

Capitalized terms used but not defined herein have the meanings ascribed to them in the DPA or the Agreement, as applicable.

If and solely to the extent required under laws applicable to 15Five as a result of 15Five’s Processing of a Customer’s Customer Personal Data in connection with the Services, solely with respect to such Customer, 15Five hereby agrees to comply with the applicable Data Protection Laws set forth herein.

European Economic Area:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”).

European Union regulations and EEA Member State laws, other than GDPR, requiring a contract governing the processing of personal data, identical to or substantially similar to the requirements specified in Article 28 of the GDPR.

United Kingdom:

The UK Data Protection Act 2018, as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR”).  15Five’s obligations to Customer under the DPA are only those express obligations imposed by the UK GDPR on a Data Processor for the benefit of a Data Controller (each, as defined under the UK GDPR).  Pursuant to 15Five’s obligations under UK GDPR, the definition of “Model Clauses” in the DPA will be deleted in its entirety and replaced with the following in lieu thereof:

Model Clauses” means the EC Standard Contractual Clauses for Processors as published in the Decision of the European Commission of February 5, 2010 (Decision 2010/87/EC) set out .

State of California, United States:

California Civil Code Sec. 1798.100, et seq. (also known as the California Consumer Privacy Act of 2018) (“CCPA”).  15Five’s obligations to Customer under the DPA are those that the CCPA requires that a Business have in place with a Service Provider (each, as defined under CCPA).  Pursuant to 15Five’s obligations under CCPA, a new Section 2.18 shall be added to the DPA to read as follows:

2.18  15Five will not collect, sell, retain, disclose or use the Personal Information of the Consumer for any purpose other than pursuant to the Agreement, or as otherwise permitted by CCPA.  The Company certifies that it understands and will comply with the restrictions set forth in this Section 2.18.

The terms used in the applicable provisions of the DPA shall be replaced as follows: “Personal Data” shall mean “Personal Information”; “Controller” shall mean “Business”; “Processor” shall mean “Service Provider”; and “Data Subject” shall mean “Consumer”.