Stylo Data Processing Addendum

This Data Processing Addendum (the “Addendum”) is incorporated into and forms part of the Terms of Service (together with any Order Form or account registration on the Services, the “Agreement”) between Stylo, Inc. (“Stylo”) and the entity or individual who entered into the Agreement (“Customer”) pursuant to which Stylo provides the services whereby Customer Personal Data will be subject to automated and manual Processing operations by Stylo to provide Customer with the artificial intelligence services with respect to Customer’ customer support function (the “Services”). The following obligations apply in respect of the provision of the Services to Customer only to the extent required by Data Protection Laws with regard to the relevant Customer Personal Data, if applicable. 

References to the Agreement will be construed as including this Addendum. Except as expressly modified below, the terms of the Agreement shall remain in full force and effect. 

1. Definitions

Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement. For the purposes of the Addendum:

“CCPA” means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and any regulations promulgated thereunder, in each case, as amended from time to time.

“Controller” means an entity that determines the purposes and means of the Processing of Personal Data.

“Customer Personal Data” means any Personal Data contained in Customer Data and described under Section 2 of this Addendum, in respect of which the Customer is the Controller.

“Data Protection Laws” means the data privacy and security laws and regulations of any jurisdiction applicable to the Processing of Customer Personal Data, including, in each case to the extent applicable, European Data Protection Laws and the CCPA.

“Data Subject” means the identified or identifiable natural person who is the subject of Personal Data.

“European Data Protection Laws” means, in each case to the extent applicable: (1) GDPR and/or any corresponding national laws, rules and regulations; (2) with respect to the United Kingdom, the GDPR as it forms part of the law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, and the Data Protection Act 2018, and any applicable national legislation that replaces the foregoing or that relates to data and privacy and is enacted as a consequence of the United Kingdom leaving the European Union (the “UK GDPR”); (3) with respect to Switzerland, the Swiss Federal Act on Data Protection of 19 June 1992, as revised, and its corresponding ordinances (“Swiss FADP”); and (4) any other laws, rules, and regulations applicable to the EEA and its Member States relating to the processing of Personal Data that is already in force or that will come into force during the term of this Addendum.

“EEA” means the European Economic Area. 

“Europe” means, collectively, the EEA, Switzerland, and the United Kingdom.

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

“Personal Data” means information that constitutes “personal information,” “personal data,” “personally identifiable information,” or similar term under Data Protection Laws.

“Process” means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, alignment, combination, restriction, erasure, destruction or disclosure by transmission, dissemination or otherwise making available.

“Processor” means an entity that Processes Personal Data on behalf of a Controller.

“SCCs” means: (i) where GDPR or the Swiss FADP applies, Module Two (Transfer controller to processor) of the standard contractual clauses approved by the European Commission’s implementing decision (C(2021)914) of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to GDPR (available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914&qid=1688587744942), as supplemented or modified herein (“EU SCCs”); and (ii) where the UK GDPR applies, the EU SCCs and the template addendum issued by the Information Commissioner’s Office of the United Kingdom and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022 (available at: https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf), as it may be revised from time to time by the Information Commissioner’s Office (“UK Addendum”).

“Security Incident” means a breach of Stylo’s security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data in Stylo’s possession, custody, or control.  “Security Incident” does not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems.

“Services” means the services that Stylo has agreed to provide to Customer under the Agreement.

“Sub-processor” means any Processor appointed by Stylo to Process Customer Personal Data on behalf of Customer under the Agreement.

“Supervisory Authority” means an independent competent public authority established or recognized under Data Protection Laws.

2. Details of the Processing

   1. Categories of Data Subjects. This Addendum applies to the Processing of Customer Personal Data as set forth under the heading Data Subjects on Exhibit A attached hereto.

   2. Categories of Personal Data. Customer Personal Data includes Personal Data, the extent of which is determined and controlled by the Customer in its sole discretion, that passes to or from Customer, such as listed under the heading Categories of Personal Data on Exhibit A attached hereto.

   3. Subject-Matter, Nature and Purpose of the Processing. Customer Personal Data will be Processed by Stylo solely for purposes provided under the heading Purpose of Processing on Exhibit A attached hereto. 

   4. Duration of the Processing. Customer Personal Data will be Processed for the duration provided under the heading Duration of Processing on Exhibit A attached hereto.

3. Processing of Customer Personal Data

   1. The parties acknowledge and agree that, in connection with the Agreement, Customer is the Controller of Customer Personal Data and Stylo is the Processor of that data. Stylo will only Process Customer Personal Data as a Processor on behalf of and in accordance with the Customer’s prior written instructions (including as set out in this Addendum and the Agreement) and for no other purpose. Stylo is hereby instructed to Process Customer Personal Data: (i) to the extent necessary to enable Stylo to provide the Services in accordance with the Agreement; (ii) to perform its obligations and exercise its rights under the Agreement and this Addendum; (iii) for Stylo’s use as set forth in the “CUSTOMER DATA” Section of the Agreement; and (iv) as necessary to prevent or address technical problems with the Services.

   2. Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. If Stylo cannot Process Customer Personal Data in accordance with Customer’s instructions due to a legal requirement under any applicable Data Protection Laws, Stylo will (i) promptly notify the Customer of such inability, providing a reasonable level of detail as to the instructions with which it cannot comply and the reasons why it cannot comply, to the greatest extent permitted by applicable law; and (ii) cease all Processing of the affected Customer Personal Data (other than merely storing and maintaining the security of the affected Customer Personal Data) until such time as the Customer issues new instructions with which Stylo is able to comply. If this provision is invoked, Stylo will not be liable to the Customer under the Agreement for failure to perform the Services until such time as the Customer issues new instructions. Stylo will immediately inform Customer if, in its opinion, an instruction from Customer infringes the Data Protection Laws.

   3. Each of Customer and Stylo will comply with their respective obligations under the Data Protection Laws. Customer shall ensure that Customer has obtained (or will obtain prior to any Processing by Stylo) all consents and lawful rights and provided all disclosures and notices, in each case as required by applicable law necessary for Stylo and its Sub-processors to Process Customer Personal Data in accordance with this Addendum, the Agreement, and applicable Data Protection Laws. Customer shall notify Stylo of any changes in, or revocation of, the permission to use, disclose, or otherwise Process Customer Personal Data that would impact Stylo’s ability to comply with this Addendum, the Agreement, or Data Protection Laws. 

   4. Customer agrees that it will not use the Services to make an automated decision about a Data Subject that produces legal or similar significant effects concerning the Data Subject. Customer acknowledges and agrees that Stylo will not be responsible under the Agreement or this Addendum for any liabilities that arise due to Customer’s breach of this Section.

   5. Stylo is reliant on the Customer for direction as to the extent to which Stylo is entitled to Process Customer Personal Data on behalf of Customer in performance of the Services. Consequently, Stylo will not be liable under the Agreement for any claim brought by a Data Subject arising from any action or omission by Stylo, to the extent that such action or omission resulted directly or indirectly from any of the following: Stylo’s Processing of such Data Subject’s Personal Data in accordance with this Addendum, Customer’s instructions, or Customer’s failure to comply with its obligations under Data Protection Laws.

   6. Customer authorizes Stylo to Process Customer Personal Data in the United States of America or anywhere Stylo or its Sub-processors maintain facilities. Customer is responsible for ensuring that its use of the Services complies with any cross-border data transfer restrictions of Data Protection Laws. If Customer transfers Customer Personal Data to Stylo that is subject to European Data Protection Laws, and such transfer is not subject to an alternative adequate transfer mechanism under European Data Protection Laws or otherwise exempt from cross-border transfer restrictions, then Customer (as “data exporter”) and Stylo (as “data importer”) agree that the applicable terms of the SCCs shall apply to and govern such transfer and are hereby incorporated herein by reference.  In furtherance of the foregoing, the parties agree that: (a) the execution of this Addendum shall constitute execution of the applicable SCCs as of the Agreement Effective Date; (b) the relevant selections, terms, and modifications set forth in this Section 3.6 shall apply, as applicable; and (c) the SCCs shall automatically terminate once the Customer Personal Data transfer governed thereby becomes lawful under European Data Protection Laws in the absence of such SCCs on any other basis. Each of Customer and Stylo commits to comply with its obligations under the applicable SCCs with respect to the transfer of Customer Personal Data. If there is any conflict between this Addendum or the Agreement and the SCCs, the SCCs will control.

      1. With respect to Customer Personal Data that is protected by GDPR, the EU SCCs incorporated herein will apply. The parties agree to the following selections in Sections I-IV of the EU SCCs: (a) the parties select Option 2 in Clause 9(a) and the specified time period shall be the notification time period set forth in Section 6.2 of this Addendum; (b) the optional language in Clause 11(a) is omitted; (c) the parties select Option 1 in Clause 17 and the governing law of the Republic of Ireland will apply; and (d) in Clause 18(b), the parties select the courts of the Republic of Ireland. The name, address, contact details, activities relevant to the transfer, and role of the parties set forth in the Agreement and this Addendum shall be used to complete Annex I.A. of the EU SCCs.  The information set forth in Exhibit A to this Addendum shall be used to complete Annex I.B. of the EU SCCs.  The competent supervisory authority in Annex I.C. shall be the supervisory authority determined in accordance with Clause 13 of the EU SCCs, unless otherwise set forth in Sections 3.6.1.2 or 3.6.1.3 below. If such determination is not clear, then the competent supervisory authority shall be the Irish Data Protection Authority.  The technical and organizational measures in Annex II of the EU SCCs shall be the measures set forth in Exhibit B to this Addendum. 

      2. With respect to Customer Personal Data that is protected by the Swiss FADP, the following modifications shall apply to the EU SCCs to the extent that the Swiss FADP applies to Customer’s Processing when making that transfer: (a) the term “member state” as used in the EU SCCs shall not be interpreted in such a way as to exclude Data Subjects in Switzerland from suing for their rights in their place of habitual residence in accordance with Clause 18(c) of the EU SCCs; (b) the EU SCCs shall also protect the data of legal entities until the entry into force of the revised Swiss FADP; (c) references to the GDPR or other governing law contained in the EU SCCs shall also be interpreted to include the Swiss FADP; and (d) the parties agree that the supervisory authority as indicated in Annex I.C of the EU SCCs shall be the Swiss Federal Data Protection and Information Commissioner. 

      3. With respect to Customer Personal Data that is protected by the UK GDPR, the UK Addendum is incorporated herein and will apply to and modify the EU SCCs solely to the extent that UK GDPR applies to Customer’s Processing when making the transfer. The information required to be set forth in “Part 1: Tables” of the UK Addendum shall be completed using the information set forth in Annex I.A. of the EU SCCs and this Addendum, and either party may end the UK Addendum in accordance with section 19 thereof. 

      4. If the SCCs do not apply to the transfer of Customer Personal Data that is protected by Data Protection Laws, then Customer and Stylo will cooperate in good faith to implement appropriate safeguards for the transfer of such Customer Personal Data. 

      5. In accordance with Clause 2 of the EU SCCs, the parties wish to supplement the EU SCCs with business-related clauses, which shall neither be interpreted nor applied in such a way as to contradict the EU SCCs (whether directly or indirectly) or to prejudice the fundamental rights and freedoms of Data Subjects. Stylo and Customer therefore agree that the applicable terms of the Agreement and this Addendum shall apply if, and to the extent that, they are permitted under the EU SCCs, including without limitation the following:

         1. Instructions. The instructions described in Clause 8.1 are set forth in Section 3.1 of this Addendum.

         2. Protection of Confidentiality. In the event a Data Subject requests a copy of the SCCs or this Addendum under Clause 8.3, Customer shall make all redactions reasonably necessary to protect business secrets or other confidential information of Stylo.

         3. Deletion or Return. Deletion or return of Customer Personal Data by Stylo under the SCCs shall be governed by Section 10 of this Addendum. Certification of deletion of Customer Personal Data under Clause 8.5 or Clause 16(d) will be provided by Stylo upon the written request of Customer.

         4. Onward Transfers. Stylo shall be deemed in compliance with Clause 8.8 to the extent such onward transfers occur in accordance with Article 44 of the GDPR.

         5. Audits and Certifications. Any information requests or audits provided for in Clause 8.9 shall be fulfilled in accordance with Section 11 of this Addendum.

         6. Liability. The relevant terms of the Agreement which govern indemnification or limitation of liability shall apply to Stylo’s liability under Clauses 12(a), 12(d), and 12(f).

         7. Termination. The relevant terms of the Agreement which govern termination shall apply to a termination pursuant to Clauses 14(f) or 16.

4. Confidentiality

   1. Stylo will ensure that any person whom Stylo authorizes to Process Customer Personal Data on its behalf is subject to confidentiality obligations in respect of that Customer Personal Data.

5. Security Measures

   1. Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Stylo will implement appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, in accordance with the security standards in Exhibit B (the “Security Measures”).

   2. Customer agrees that, without limitation of Stylo’s obligations under this Section 5, Customer is solely responsible for its use of the Services, including: (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Customer Personal Data; and (b) securing any account authentication credentials, systems, and devices Customer uses to access or connect to the Services, where applicable.  Without limiting Stylo’s obligations hereunder, Customer is responsible for reviewing the information made available by Stylo relating to data security and making an independent determination as to whether the Services meet Customer’s requirements and legal obligations under Data Protection Laws.

6. Appointment of Sub-Processors

   1. Subject to the requirements of this Section 6, Customer generally authorizes Stylo to appoint Sub-processors (including Stylo’s affiliates) to perform specific services on Stylo’s behalf which may require such Sub-processors to Process Customer Personal Data. Customer authorizes the Sub-processors set forth on the Sub-processor Page as of the Agreement Effective Date. 

   2. If Stylo engages a new third-party Sub-processor to Process any Customer Personal Data, it will, at least ten (10) days before the new third-party Sub-processor Processes any Customer Personal Data, inform Customer of the engagement by adding such Sub-processor to the Sub-processor Page, which is deemed sufficient notice. “Sub-processor Page” means the following web page: https://www.askstylo.com/resources/stylo-sub-processors. Customer may reasonably object to such new third-party Sub-processor (excluding Stylo’s affiliates) that would cause Customer to be non-compliant with its obligations under applicable Data Protection Laws, provided Customer notifies Stylo in writing explaining the non-compliance within the 10-day notice period. Stylo may address the objection (such as by finding a suitable work around) or allow Customer to terminate the Agreement for the affected Stylo Service. If Stylo allows Customer to terminate the Agreement, Customer has ten (10) days following Stylo’s determination to notify Stylo of Customer’s election to terminate the Agreement effective upon written notice to Stylo. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new third-party Sub-processor. 

   3. Stylo will enter into a binding written agreement with each Sub-processor that imposes on the Sub-processor data protection obligations not less protective than those that apply to Stylo under this Addendum.

   4. Stylo shall remain fully liable to Customer for the performance of its Sub-processors.

7. Data Subject Rights

   1. Stylo will, taking into account the nature of the Processing of Customer Personal Data and the functionality of the Services, provide reasonable assistance to Customer by appropriate technical and organizational measures, insofar as this is possible, as necessary for Customer to fulfill its obligations under Data Protection Laws to respond to requests by Data Subjects to exercise their rights under Data Protection Laws. Stylo reserves the right to charge Customer on a time and materials basis in the event that Stylo considers that such assistance is onerous, complex, frequent, or time consuming. If Stylo receives a request from a Data Subject under any Data Protection Laws with respect to Customer Personal Data, Stylo will advise the Data Subject to submit the request to Customer and Customer will be responsible for responding to any such request.

8. Security Incidents

   1. Upon becoming aware of a confirmed Security Incident, Stylo will: (i) notify the Customer of the Security Incident without undue delay after becoming aware of any Security Incident affecting any Customer Personal Data; and (ii) take reasonable steps to identify the cause of such Security Incident, minimize harm, and prevent a recurrence. Stylo will take reasonable steps to provide the Customer with information available to Stylo that Customer may reasonably require to comply with its obligations under Data Protection Laws. Stylo’s notification of or response to a Security Incident under this Section 8 will not be construed as an acknowledgement by Stylo of any fault or liability with respect to the Security Incident. 

9. Assessments; Prior Consultations

   1. Stylo will, at the Customer’s written request, provide the Customer with reasonable assistance to facilitate: (i) the carrying out of data protection impact assessments and transfer impact assessments if the Customer is required to do so under the Data Protection Laws; and (ii) consultation with Supervisory Authorities, if the Customer is required to engage in consultation under the Data Protection Laws, in each case solely to the extent that such assistance is necessary and relates to the Processing by Stylo of the Customer Personal Data, taking into account the nature of the Processing and the information available to Stylo. Stylo reserves the right to charge Customer on a time and materials basis in the event that Stylo considers that such assistance is onerous, complex, frequent, or time consuming.

10. Deletion of Customer Personal Data

    1. Stylo will delete Customer Personal Data as soon as reasonably practical upon the termination or expiration of the Agreement upon Customer’s written request, except as required by applicable law. If Stylo retains Customer Personal Data pursuant to applicable law, Stylo agrees that all such Customer Personal Data will continue to be protected in accordance with this Addendum. For clarity, the obligations under this Section shall not serve to limit Stylo’s use of Customer Data set forth in the “CUSTOMER DATA” Section of the Agreement nor shall such obligations apply to Training Data; provided that Stylo takes all reasonable steps to anonymize such Training Data and ensure that such Training Data is incapable of re-identification under any circumstances. “Training Data” means the body of initial messages sent by Customer’s customers which are used by Stylo to inform its artificial intelligence services.

11. Relevant Records; Audit Rights

    1. Review of Information and Records. Upon Customer’s reasonable written request, Stylo will make available to Customer all information in Stylo’s possession reasonably necessary to demonstrate Stylo's compliance with Data Protection Laws and Stylo’s obligations set out in this Addendum, provided Stylo is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party. Such information will be made available to Customer no more than once per calendar year and subject to the confidentiality obligations of the Agreement or a mutually agreed non-disclosure agreement.

    2. Audits. At the request of Customer, during the term of the Agreement, if available, Stylo will provide a copy of its most recent SOC Type II report or similar industry certification or any successor standards (“Report”) for information security management. If Stylo’s Report is not dated within a year of such request by Customer or otherwise not available, or if Customer requires information for its compliance with Data Protection Laws in addition to the information provided by the Report or under Section 11.1, at Customer’s sole expense and to the extent Customer is unable to access the additional information on its own, Stylo will allow for, cooperate with, and contribute to reasonable assessments and audits, including inspections, by Customer or an auditor mandated by Customer (“Mandated Auditor”), provided that (a) Customer provides Stylo with reasonable advance written notice including the anticipated date of the audit, the proposed scope of the audit, and the identity of any Mandated Auditor, which shall not be a competitor of Stylo; (b) Stylo approves the Mandated Auditor in writing, with such approval not to be unreasonably withheld; (c) the audit is conducted during normal business hours and in a manner that does not have any adverse impact on Stylo's normal business operations; (d) Customer or any Mandated Auditor complies with Stylo’s standard safety, confidentiality, and security policies or procedures in conducting any such audits; (e) any records, data, or information accessed by Customer or any Mandated Auditor in the performance of any such audit, or any results of any such audit, will be deemed to be the Confidential Information of Stylo and subject to a nondisclosure agreement to be provided by Stylo; and (f) Customer may initiate such audit not more than once per calendar year unless otherwise required by a Supervisory Authority or Data Protection Laws.

    3. Results of Audits. Customer will promptly notify Stylo of any non-compliance discovered during the course of an audit and provide Stylo any reports generated in connection with any audit under this Section, unless prohibited by Data Protection Laws or otherwise instructed by a Supervisory Authority. Customer may use the audit reports solely for the purposes of meeting Customer’s audit requirements under Data Protection Laws to confirm that Stylo’s Processing of Customer Personal Data complies with this Addendum.

12. Processing Subject to the CCPA

    1. For purposes of this Section 12, the terms “business”, “business purpose”, “commercial purpose”, “consumer”, “personal information”, “sell”, “share”, and “service provider” shall have the meaning given to them in the CCPA. Personal information shall mean any personal information (as defined in the CCPA) contained in Customer Personal Data. Each of the Customer and Stylo will comply with its obligations under the CCPA and provide the same level of privacy protection to personal information as is required by the CCPA. Customer shall ensure that it has all consents and lawful rights and has provided all consumer disclosures that are required under the CCPA for Stylo and its Sub-processors to use the personal information of consumers in connection with performing the Services. 

    2. Stylo represents and warrants to Customer that it is acting solely as a service provider in connection with this Addendum with respect to the personal information of consumers. 

    3. Customer represents and warrants to Stylo that it is acting as a business in connection with this Addendum with respect to personal information of consumers, and that it is disclosing and making available to Stylo such personal information pursuant to the limited business purposes set forth in the Agreement and this Addendum. 

    4. With respect to Customer’s customers, Stylo shall not (i) sell or share the personal information of such consumers; (ii) retain, use or disclose such personal information (X) for any purpose, including any commercial purpose, other than for the limited and specified purposes set forth in the Agreement and this Addendum, or (Y) outside of the direct business relationship between Stylo and Customer; or (iii) combine the personal information received from, or on behalf of, Customer with personal information received from or on behalf of any third party, or collected from Stylo’s own interaction with consumers, except to perform any business purpose permitted by the CCPA. Stylo certifies that it understands and will comply with the restrictions in this paragraph.

    5. Customer has the right to take reasonable and appropriate steps to help ensure that Stylo uses the personal information transferred in a manner consistent with Customer’s obligations under the CCPA by exercising Customer’s audit rights in Section 11. Stylo will notify Customer if it makes a determination that Stylo can no longer meet its obligations under the CCPA. If Stylo notifies Customer of unauthorized use of personal information, including under the foregoing sentence, Customer will have the right to take reasonable and appropriate steps to stop and remediate such unauthorized use by limiting the personal information shared with Stylo, terminating the portion of the Agreement relevant to such unauthorized use, or such other steps mutually agreed between the parties in writing.

13. Limitation of Liability

    1. Each party’s liability towards the other party under, in connection with or arising from this Addendum will be limited in accordance with the provisions of the Agreement. Notwithstanding the foregoing, to the maximum extent permitted by applicable law, except for fraud and gross negligence, neither party is liable to the other party for any special, incidental, indirect, punitive or consequential damages, including lost profits, related to, in connection with or arising from this Addendum, whether under theory of contract, tort (including negligence), strict liability or otherwise, whether or not the party was or should have been aware of, or was advised of, the possibility of such damages.

14. General Provisions

    1. With regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and the Agreement, the provisions of this Addendum shall prevail.

    2. This Addendum will, notwithstanding the expiration or termination of the Agreement, remain in effect until, and automatically expire upon, Stylo’s deletion or return of all Customer Personal Data. 

    3. Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (a) amended as necessary to ensure its validity and enforceability, while preserving the intent of the provision as closely as possible; or, if this is not possible, (b) construed in a manner as if the invalid or unenforceable part had never been contained therein.

    4. Unless otherwise expressly stated herein, the parties will provide notices under this Addendum in accordance with the Agreement, provided that all such notices may be sent via email.

    5. This Addendum will be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.