1. Introduction

This Data Protection Addendum (“Addendum”) is entered into by and between June Inc., a Delaware corporation (“June”), and Customer effective as of the later date of each party’s signature below. This Addendum applies to June’s Processing of Customer Personal Data under the agreement executed between June and Customer for June’s provision of the Services (the “Agreement”).

2. Definitions

For purposes of this Addendum, the terms below have the meanings set forth below. Capitalized terms that are used but not defined in this Addendum have the meanings given in the Agreement.

2.1. “Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.

2.2. “CCPA” means the California Consumer Privacy Act of 2018, as amended from time to time.

2.3. “Customer Personal Data” means any Customer Data (as defined in the Agreement) that is Personal Data. For purposes of this Addendum, Customer Personal Data does not include personal information of employees or other representatives of Customer with whom June has a direct business relationship.

2.4. “Data Protection Laws” means, with respect to a party, all privacy, data protection and information security-related laws and regulations applicable to such party’s Processing of Personal Data, including, where applicable, EU Data Protection Law and the CCPA.

2.5. “Data Subject” means the identified or identifiable natural person who is the subject of Personal Data.

2.6. “EU Data Protection Law” means European Union Regulation 2016/679 (“GDPR”) and any national legislation implementing GDPR, as amended from time to time.

2.7. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.8. “Personal Data” means “personal data”, “personal information”, “personally identifiable information” or similar information defined in and governed by Data Protection Laws.

2.9. “Security Incident” means any confirmed unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data being Processed by June. Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.

2.10. “Subprocessor” means any third party authorized by June or its Affiliates to Process any Customer Personal Data.

2.11. “Third Party Subprocessor” means any Subprocessor who is not an Affiliate of June.

3. General; Termination

3.1. This Addendum forms part of the Agreement and except as expressly set forth in this Addendum, the Agreement remains unchanged and in full force and effect. If there is any conflict between this Addendum and the Agreement, this Addendum shall govern.

3.2. Any liabilities arising under this Addendum are subject to the limitations of liability in the Agreement.

3.3. This Addendum will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.