Schedule 4: Region-Specific Terms

A. CALIFORNIA

1. Definitions. CCPA and other capitalized terms not defined in this Schedule are defined in the DPA.

1.1.  “business purpose”, “commercial purpose”, “personal information”, “sell”, “service provider” and “share” have the meanings given in the CCPA.

1.2.  The definition of “Data Subject” includes “consumer” as defined under the CCPA.

1.3.  The definition of “Controller” includes “business” as defined under the CCPA.

1.4.  The definition of “Processor” includes “service provider” as defined under the CCPA.

2. Obligations.

2.1.  Customer is providing the Customer Personal Data to Provider under the Agreement for the limited and specific business purposes of providing the Cloud Service as described in Schedule 1 (Subject Matter and Details of Processing) to this DPA and otherwise performing under the Agreement.

2.2.  Provider will comply with its applicable obligations under the CCPA and provide the same level of privacy protection to Customer Personal Data as is required by the CCPA.

2.3.  Provider acknowledges that Customer has the right to: (i) take reasonable and appropriate steps under Section 9 (Audits) of this DPA to help to ensure that Provider’s use of Customer Personal Data is consistent with Customer’s obligations under the CCPA, (ii) receive from Provider notice and assistance under Section 7 (Data Subject Requests) of this DPA regarding consumers’ requests to exercise rights under the CCPA and (iii) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Data.

2.4.  Provider will notify Customer promptly after it makes a determination that it can no longer meet its obligations under the CCPA.

2.5.  Provider will not retain, use or disclose Customer Personal Data: (i) for any purpose, including a commercial purpose, other than the business purposes described in Section 2.1 of this Section A (California) of Schedule 4 or (ii) outside of the direct business relationship between Provider with Customer, except, in either case, where and to the extent permitted by the CCPA.

2.6.  Provider will not sell or share Customer Personal Data received under the Agreement.

2.7.  Provider will not combine Customer Personal Data with other personal information except to the extent a service provider is permitted to do so by the CCPA.